I agree.
Until OpenSSL adds a ECDSA_SIG_set0 there is a way, for example:
rv = PKCS11_ecdsa_sign(dgst, dlen, sigret, &siglen, key);
nLen = siglen / 2;
if (rv > 0) {
sig = ECDSA_SIG_new();
if (sig) {
#if OPENSSL_VERSION_NUMBER >= 0x10100000L
/*
* OpenSSL 1.1 does not have a way to allocate r and s
* in ECDSA_SIG as it is now hidden.
* Will us dummy ASN1 so r and s are allocated then
* use ECDSA_SIG_get0 to get access to r and s
* can then update r annd s
*/
const unsigned char *a;
unsigned char dasn1[8] =
{0x30, 0x06, 0x02, 0x01, 0x00, 0x02, 0x01,
0x00};
BIGNUM *r;
BIGNUM *s;
a = dasn1;
d2i_ECDSA_SIG(&sig, &a, 8);
ECDSA_SIG_get0(&r, &s, sig);
BN_bin2bn(&sigret[0], nLen, r);
BN_bin2bn(&sigret[nLen], nLen, s);
#else
BN_bin2bn(&sigret[0], nLen, sig->r);
BN_bin2bn(&sigret[nLen], nLen, sig->s);
#endif
}
}
return sig;
On 1/29/2016 3:59 AM, Aleksey Sanin via RT wrote:
Hello,
At the moment, there is no way to set r/s in the ECDSA_SIG structure
manually to verify the signature encoded into a different format.
Would be great to add a simple function:
void ECDSA_SIG_set0(const ECDSA_SIG*, BIGNUM *, BIGNUM *)
to set these values similar to other XXX_set0() functions.
Thanks,
--
Douglas E. Engert <[email protected]>
_______________________________________________
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
