DSA signatures in OpenSSL 3.0
Tomas Mraz
tomas at openssl.org
Mon Mar 14 14:03:01 UTC 2022
On Mon, 2022-03-14 at 08:58 -0300, Richard Dymond wrote:
> On Mon, 14 Mar 2022 at 04:52, Tomas Mraz <tomas at openssl.org> wrote:
> > The DSA_SIG_* functions are not deprecated including the i2d and
> > d2i
> > functions. So you can use d2i_DSA_SIG to decode the DER produced by
> > the
> > EVP_DigestSign() and then obtain the r and s values from the
> > DSA_SIG.
> >
>
>
> Thank you, that works! For some reason it had escaped my notice that
> that the DSA_SIG_* functions are not deprecated.
>
> By the way, the reason I need to get the 'r' and 's' values from the
> DSA signature is that I am encoding them one after the other as 160-
> bit unsigned integers, in network byte order, as required by SSH and
> described in section 6.6 of RFC 4253 (dss_signature_blob)[1]. To do
> this encoding I am calling BN_bn2bin() twice to write 'r' followed by
> 's' at the appropriate locations in a 40-byte buffer. By any chance,
> does OpenSSL 3.0 provide any support for encoding a DSA signature
> like this from a DSA_SIG (i.e. without having to extract 'r' and 's'
> first and then use BN_bn2bin())?
No, there is no such function. However there is not much overhead in
doing the two BN_bn2bin calls (should those be BN_bn2binpad actually?)
once you already have a DSA_SIG object.
> Richard
>
> [1] https://datatracker.ietf.org/doc/html/rfc4253#section-6.6
--
Tomáš Mráz, OpenSSL
More information about the openssl-users
mailing list