Add ECDSA signature R and S to X509 structure
kgoldman at us.ibm.com
Fri Aug 16 19:56:58 UTC 2019
I have an ECDSA signature supplied to me as R and S byte arrays and
lengths (from an HSM).
How do I add them to the X509 structure?
Is there an API, a set of calls, or do you have any hints?
For RSA, I simply filled in the ASN1_BIT_STRING length, data, and flags,
but an RSA signature is a simply BIT_STRING.
For ECDSA, the BIT_STRING is a SEQUENCE of two INTEGERs.
I could construct the SEQUENCE DER manually and then add it as with RSA,
but that seems like a hack. Is there a better way?
Is there a better way for RSA? I suspect that peering inside the
ASN1_BIT_STRING will break for openssl 1.1.
More information about the openssl-users