[openssl-dev] [openssl.org #4280] OpenSSL 1.1.0 pre 2: feature request: ECDSA_SIG_set0(const ECDSA_SIG*, BIGNUM *, BIGNUM *) is needed
Douglas E Engert
deengert at gmail.com
Fri Jan 29 13:18:53 UTC 2016
I agree.
Until OpenSSL adds a ECDSA_SIG_set0 there is a way, for example:
rv = PKCS11_ecdsa_sign(dgst, dlen, sigret, &siglen, key);
nLen = siglen / 2;
if (rv > 0) {
sig = ECDSA_SIG_new();
if (sig) {
#if OPENSSL_VERSION_NUMBER >= 0x10100000L
/*
* OpenSSL 1.1 does not have a way to allocate r and s
* in ECDSA_SIG as it is now hidden.
* Will us dummy ASN1 so r and s are allocated then
* use ECDSA_SIG_get0 to get access to r and s
* can then update r annd s
*/
const unsigned char *a;
unsigned char dasn1[8] =
{0x30, 0x06, 0x02, 0x01, 0x00, 0x02, 0x01, 0x00};
BIGNUM *r;
BIGNUM *s;
a = dasn1;
d2i_ECDSA_SIG(&sig, &a, 8);
ECDSA_SIG_get0(&r, &s, sig);
BN_bin2bn(&sigret[0], nLen, r);
BN_bin2bn(&sigret[nLen], nLen, s);
#else
BN_bin2bn(&sigret[0], nLen, sig->r);
BN_bin2bn(&sigret[nLen], nLen, sig->s);
#endif
}
}
return sig;
On 1/29/2016 3:59 AM, Aleksey Sanin via RT wrote:
> Hello,
>
> At the moment, there is no way to set r/s in the ECDSA_SIG structure
> manually to verify the signature encoded into a different format.
> Would be great to add a simple function:
>
> void ECDSA_SIG_set0(const ECDSA_SIG*, BIGNUM *, BIGNUM *)
>
> to set these values similar to other XXX_set0() functions.
>
> Thanks,
>
--
Douglas E. Engert <DEEngert at gmail.com>
More information about the openssl-dev
mailing list