Refactring FIPS_escda_sign() for OpenSSL 3.0.0
Kory Hamzeh
kory at avatarci.com
Thu Oct 28 21:46:22 UTC 2021
Hi Matt,
I am making the changes that you suggested, I think I can get the X and Y by using
EVP_PKEY_get_bn_param() with OSSL_PKEY_PARAM_EC_PUB_X and _PUB_Y.
What I cannot figure out is how to get R and S. If I had an ECDSA_SIG, I would call ECDSA_SIG_get0_r() and _s().
Are there EVP_PKEY params for R and S?
Thanks,
Kory
> On Oct 27, 2021, at 11:04 AM, Kory Hamzeh <kory at avatarci.com> wrote:
>
>
> Hi,
>
> I am upgrading some 3RD party code which performs FIPS ECDSA AVS testing for FIPS 140-2 certification. The code uses FIPS_escda_sign(), which in Openssl-fips-2.0.5 is define as:
>
> ECDSA_SIG * FIPS_ecdsa_sign(EC_KEY *key,
> const unsigned char *msg, size_t msglen
> , const EVP_MD *mhash)
>
>
> The full code is here:
>
> https://github.com/majek/openssl/blob/master/fips/ecdsa/fips_ecdsavs.c
>
> I have read through all of the ECDSA sign man pages, and I cannot find a functions that is close to accepting some of the same parameter. I could use some help please. I have very little experience with ECDSA.
>
> Thanks,
> Kory
>
>
>
More information about the openssl-users
mailing list