Re: DSA signatures in OpenSSL 3.0

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, 2022-03-11 at 15:21 -0400, Richard Dymond wrote:
> Hi
> 
> I recently migrated an application from OpenSSL 1.1.1 to OpenSSL 3.0,
> and I'm wondering how best to handle DSA signatures - specifically,
> the 'r' and 's' values - in OpenSSL 3.0.
> 
> In OpenSSL 1.1.1, it was pretty easy:
> 
> DSA_do_sign() - gets you a DSA_SIG
> DSA_SIG_get0() - gets you the 'r' and 's' values from the DSA_SIG
> 
> This still works in OpenSSL 3.0, but the DSA_* functions are
> deprecated, and so to avoid that I'm doing this instead:
> 
> EVP_DIgestSign() - gets you a DER-encoded signature blob
> BN_bin2bn() - grabs 'r' or 's' from the signature blob, so long as
> you point it at the right place in the blob
> 
> Which seems very cumbersome, and requires intimate knowledge of the
> layout of the signature blob.
> 
> Is there a better way to get the 'r' and 's' values from a DSA
> signature in OpenSSL 3.0 without using deprecated functions?

The DSA_SIG_* functions are not deprecated including the i2d and d2i
functions. So you can use d2i_DSA_SIG to decode the DER produced by the
EVP_DigestSign() and then obtain the r and s values from the DSA_SIG.

-- 
Tomáš Mráz, OpenSSL





[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux