Add ECDSA signature R and S to X509 structure

Ken Goldman kgoldman at us.ibm.com
Fri Aug 16 19:56:58 UTC 2019


I have an ECDSA signature supplied to me as R and S byte arrays and 
lengths (from an HSM).

How do I add them to the X509 structure?

Is there an API, a set of calls, or do you have any hints?

~~

For RSA, I simply filled in the ASN1_BIT_STRING length, data, and flags, 
but an RSA signature is a simply BIT_STRING.

For ECDSA, the BIT_STRING is a SEQUENCE of two INTEGERs.

I could construct the SEQUENCE DER manually and then add it as with RSA, 
but that seems like a hack.  Is there a better way?

Is there a better way for RSA?  I suspect that peering inside the 
ASN1_BIT_STRING will break for openssl 1.1.



More information about the openssl-users mailing list