[openssl-users] i2d and d2i fucntions

Dave Thompson dthompson at prinpay.com
Mon Feb 16 18:23:46 UTC 2015

> From: openssl-users On Behalf Of Rajeswari K
> Sent: Friday, February 13, 2015 23:50
> Hello Dave,
> Based on your input, have stopped calling i2d_ECDSA_SIG() 
> and used BN_bn2bin() to overcome the der headers. 
> And now, my verification is working fine.

ECDSA_verify in ecs_vrf.c only uses i2d to *check* that the 
input was canonical, to block certain possible attacks. It's 
the d2i that parsed the signature, and the internal form 
(ECDSA_SIG structure) is used for the actual verification.

> Is there any function at openssl, to get the HASH used for 
> the digest at ECDSA_verify()?
> I see that, for ECDSA_verify(), first argument is type. But 
> when its calling the function pointer, ECDSA_verify() is not 
> passing the type of the hash. 
> So, would like to get the hash type from digest data. 

ECDSA (and DSA) signatures do not care about the hash 
algorithm, only the length of the hash *value*. Notice 
that ECDSA_verify does not pass type to ECDSA_do_verify, 
which does the actual dispatch to a possible engine.
(This differs from RSA, at least PKCS#1 as used by SSL/TLS, 
where the hash algorithm identifier is included in padding.)

> I can understand that for TLS1.2, openssl uses SHA512. 
> But the same information i would like to get from digest data. 
> Is there any way to get this? Please share. 

For the ServerKeyExchange message (the case you said 
you cared about) in TLS1.2, it appears OpenSSL server uses 
the client's preference as stated in the sigalgs extension,
except in 1.0.2 a new SuiteB option forces SuiteB choices.
If the client offers all current hashes for ECDSA in strength 
order, which is very reasonable, SHA512 will be the choice.

More information about the openssl-users mailing list