[openssl-dev] Low priority feature request: EVP_SIG object

Bill Cox waywardgeek at gmail.com
Thu Jun 30 15:25:43 UTC 2016


This is low priority, IMO, but it would help with my current task.

I happen to be updating my token binding library at work to use the new
more compact HTTP headers.  We write the X, Y, R, and S values,
length-prefixed, for ECDSA-P256, and the modulus and exponent for RSA.  My
previous code uses the EVP API, but I see no simple way to convert an EVP
signature, which is a byte array, to the values I need.  If there were an
EVP_SIG object that could let me access the lower-level SIG objects, then I
could get these values with less difficulty.  As it is, unless I've missed
some existing API (likely - I'll blame my poor header scanning skills on
low vision), it looks like my choices are:

A) Don't use the EVP API, and drop to the older lower-level algorithm
specific APIs.
B) Decode the DER-encoded byte arrays returned by the EVP interface.

I'm leaning towards B, but it feels like a hack.  With this approach I can
more easily switch to a new EVP_SIG API if it becomes available down the
road.

Thanks,
Bill
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20160630/545c1126/attachment-0001.html>


More information about the openssl-dev mailing list