[openssl-users] i2d and d2i fucntions

Rajeswari K raji.kotamraju at gmail.com
Fri Feb 13 14:47:40 UTC 2015


Hello Openssl Team,

Currently am seeing an issue as follows.

We would like to use our internal verification logics for the key exchange
message received at SSL client.

As part of this, we have registered with our function pointers.

ECDSA_verify() is now calling our registered function to perform signature
verification.

As part of signature verification, we first take lenght_of_signature
received and compare with double the size of number_of_bytes from curve
parameter.

Have converted the ECDSA_SIG to unsigned char * using the function
i2d_ECDSA_SIG().

Length returned by i2d_ECDSA_SIG() is 103.

Whereas, the number_of_bytes value from curve parameter is 48.

Our verification failing as (103 != 2*48).

Can you please share do we need to skip any number of bytes from the
sig_buf converted via i2d_ECDSA_SIG()?

Or, am i missing anything in this context?


Thanks,
Rajeswari.

On Fri, Feb 13, 2015 at 4:48 AM, Rajeswari K <raji.kotamraju at gmail.com>
wrote:

> Hello Dave,
>
> Am really thankful to you. I am unaware that i2d_EC_PUBKEY() or i2d_xxxxx
> function will move the pointer to after the encoded data. Due to which am
> seeing unexpected data.
>
> Based on your reply, i tried to print the data from the memory address
> which i allocated. Now the data is exactly same as what i inputted through
> d2i_PUBKEY().
>
> This resolves my current issue. Once again, thanks alot.
>
> Rajeswari.
>
> On Fri, Feb 13, 2015 at 2:36 AM, Dave Thompson <dthompson at prinpay.com>
> wrote:
>
>> > From: openssl-users On Behalf Of Rajeswari K
>> > Sent: Thursday, February 12, 2015 00:40
>>
>> > I have a query on d2i_PUBKEY() and i2d_PUBKEY().
>>
>> > i have a EC public key in form of character buffer.
>> > Have inputted this character buffer to d2i_PUBKEY() and got EVP_PKEY
>> format EC key.
>>
>> To be exact, a byte (or even more exact octet) buffer. In C
>> (and C++ and ObjC) it's type 'char[]' or better 'unsigned char[]',
>> but the values do not and often cannot represent *characters&.
>>
>> > Now i tried to input this EVP_PKEY to i2d_PUBKEY() to compare will i get
>> > exactly same data which i gave as input to d2i_PUBKEY().
>>
>> > But i see that the outputs are completely different.
>>
>> > i2d_PUBKEY() is leaving lots of 0's at the o/p buffer.
>>
>> > 0
>> > 0   0   0   0   0   0   0   0   0   0   0   0   0   0   0   0
>> > 0   0   0   0   0   0   0   0   0   0   0   0   0   0   0   0
>> > FD  1   10  DF  AB  12  34  CD  0   6F  0   0   0   0   1   83
>> > F   8B  AF  D8  D  ................................................
>>
>> You must be doing something wrong. Probably the most common is,
>> are you looking at the beginning of the buffer? Remember that after
>> calling i2d_whatever, the pointer you give it is moved to point
>> *after* the encoded data, at unused and often junk memory.
>>
>> If that's not it, reduce your code to the minimum that shows the
>> problem, post it, and identify the version and build you are using.
>>
>> > My goal is, to get complete EC public key in form of asn1 der
>> > encoded from EC_KEY structure.
>>
>> > I tried to use i2d_EC_PUBKEY() and i20_ECPublickey(). <snip>
>>
>> Note that PUBKEY is the X.509 SPKI format: it contains an
>> AlgorithmIdentifier identifying the algorithm and the curve,
>> *and* the public key value (a point) embedded in a bitstring,
>> all combined into an ASN.1 structure and DER encoded.
>>
>> i2o_ECPublicKey (letter o not zero) uses a special non-ASN1
>> non-DER encoding that contains *only* the point.
>>
>>
>> _______________________________________________
>> openssl-users mailing list
>> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20150213/36ed1a40/attachment.html>


More information about the openssl-users mailing list