Refactring FIPS_escda_sign() for OpenSSL 3.0.0
Matt Caswell
matt at openssl.org
Fri Oct 29 14:12:22 UTC 2021
On 28/10/2021 22:46, Kory Hamzeh wrote:
> Hi Matt,
>
> I am making the changes that you suggested, I think I can get the X and Y by using
>
> EVP_PKEY_get_bn_param() with OSSL_PKEY_PARAM_EC_PUB_X and _PUB_Y.
Yes. Correct.
> What I cannot figure out is how to get R and S. If I had an ECDSA_SIG, I would call ECDSA_SIG_get0_r() and _s().
>
> Are there EVP_PKEY params for R and S?
>
An ECDSA signature is just a DER encoded ECDSA_SIG structure. Therefore
take the resulting signature and call d2i_ECDSA_SIG. This will enable
you to access r and s.
Matt
> Thanks,
> Kory
>
>
>
>> On Oct 27, 2021, at 11:04 AM, Kory Hamzeh <kory at avatarci.com> wrote:
>>
>>
>> Hi,
>>
>> I am upgrading some 3RD party code which performs FIPS ECDSA AVS testing for FIPS 140-2 certification. The code uses FIPS_escda_sign(), which in Openssl-fips-2.0.5 is define as:
>>
>> ECDSA_SIG * FIPS_ecdsa_sign(EC_KEY *key,
>> const unsigned char *msg, size_t msglen
>> , const EVP_MD *mhash)
>>
>>
>> The full code is here:
>>
>> https://github.com/majek/openssl/blob/master/fips/ecdsa/fips_ecdsavs.c
>>
>> I have read through all of the ECDSA sign man pages, and I cannot find a functions that is close to accepting some of the same parameter. I could use some help please. I have very little experience with ECDSA.
>>
>> Thanks,
>> Kory
>>
>>
>>
>
More information about the openssl-users
mailing list