DSA signatures in OpenSSL 3.0
Richard Dymond
rjdymond at gmail.com
Fri Mar 11 19:21:28 UTC 2022
Hi
I recently migrated an application from OpenSSL 1.1.1 to OpenSSL 3.0, and
I'm wondering how best to handle DSA signatures - specifically, the 'r' and
's' values - in OpenSSL 3.0.
In OpenSSL 1.1.1, it was pretty easy:
DSA_do_sign() - gets you a DSA_SIG
DSA_SIG_get0() - gets you the 'r' and 's' values from the DSA_SIG
This still works in OpenSSL 3.0, but the DSA_* functions are deprecated,
and so to avoid that I'm doing this instead:
EVP_DIgestSign() - gets you a DER-encoded signature blob
BN_bin2bn() - grabs 'r' or 's' from the signature blob, so long as you
point it at the right place in the blob
Which seems very cumbersome, and requires intimate knowledge of the layout
of the signature blob.
Is there a better way to get the 'r' and 's' values from a DSA signature in
OpenSSL 3.0 without using deprecated functions?
Thanks.
Richard
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20220311/9fd64996/attachment.htm>
More information about the openssl-users
mailing list