On Mon, 14 Mar 2022 at 04:52, Tomas Mraz <tomas@xxxxxxxxxxx> wrote:
The DSA_SIG_* functions are not deprecated including the i2d and d2i
functions. So you can use d2i_DSA_SIG to decode the DER produced by the
EVP_DigestSign() and then obtain the r and s values from the DSA_SIG.
Thank you, that works! For some reason it had escaped my notice that the DSA_SIG_* functions are not deprecated.
By
the way, the reason I need to get the 'r' and 's' values from the DSA
signature is that I am encoding them one after the other as 160-bit
unsigned integers, in network byte order, as required by SSH and
described in section 6.6 of RFC 4253 (dss_signature_blob)[1]. To do this
encoding I am calling BN_bn2bin() twice to write 'r' followed by 's' at
the appropriate locations in a 40-byte buffer. By any chance, does
OpenSSL 3.0 provide any support for encoding a DSA signature like this
from a DSA_SIG (i.e. without having to extract 'r' and 's' first and
then use BN_bn2bin())?
Richard
