[openssl-users] i2d and d2i fucntions

Rajeswari K raji.kotamraju at gmail.com
Tue Feb 17 11:44:16 UTC 2015


Hello Dave,

What you said is right. Have checked ecs_ossl.c and implemented similar way
to truncate the digest based on the order.

Now, handshake is successful even for TLS1.2.

Thanks alot.

Rajeswari.

On Mon, Feb 16, 2015 at 11:53 PM, Dave Thompson <dthompson at prinpay.com>
wrote:

> > From: openssl-users On Behalf Of Rajeswari K
> > Sent: Friday, February 13, 2015 23:50
> > Hello Dave,
> > Based on your input, have stopped calling i2d_ECDSA_SIG()
> > and used BN_bn2bin() to overcome the der headers.
> > And now, my verification is working fine.
>
> ECDSA_verify in ecs_vrf.c only uses i2d to *check* that the
> input was canonical, to block certain possible attacks. It's
> the d2i that parsed the signature, and the internal form
> (ECDSA_SIG structure) is used for the actual verification.
>
> > Is there any function at openssl, to get the HASH used for
> > the digest at ECDSA_verify()?
> > I see that, for ECDSA_verify(), first argument is type. But
> > when its calling the function pointer, ECDSA_verify() is not
> > passing the type of the hash.
> > So, would like to get the hash type from digest data.
>
> ECDSA (and DSA) signatures do not care about the hash
> algorithm, only the length of the hash *value*. Notice
> that ECDSA_verify does not pass type to ECDSA_do_verify,
> which does the actual dispatch to a possible engine.
> (This differs from RSA, at least PKCS#1 as used by SSL/TLS,
> where the hash algorithm identifier is included in padding.)
>
> > I can understand that for TLS1.2, openssl uses SHA512.
> > But the same information i would like to get from digest data.
> > Is there any way to get this? Please share.
>
> For the ServerKeyExchange message (the case you said
> you cared about) in TLS1.2, it appears OpenSSL server uses
> the client's preference as stated in the sigalgs extension,
> except in 1.0.2 a new SuiteB option forces SuiteB choices.
> If the client offers all current hashes for ECDSA in strength
> order, which is very reasonable, SHA512 will be the choice.
>
>
>
> _______________________________________________
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20150217/3dcbe06f/attachment.html>


More information about the openssl-users mailing list