This is low priority, IMO, but it would help with my current task. I happen to be updating my token binding library at work to use the new more compact HTTP headers. We write the X, Y, R, and S values, length-prefixed, for ECDSA-P256, and the modulus and exponent for RSA. My previous code uses the EVP API, but I see no simple way to convert an EVP signature, which is a byte array, to the values I need. If there were an EVP_SIG object that could let me access the lower-level SIG objects, then I could get these values with less difficulty. As it is, unless I've missed some existing API (likely - I'll blame my poor header scanning skills on low vision), it looks like my choices are:
A) Don't use the EVP API, and drop to the older lower-level algorithm specific APIs. B) Decode the DER-encoded byte arrays returned by the EVP interface. I'm leaning towards B, but it feels like a hack. With this approach I can more easily switch to a new EVP_SIG API if it becomes available down the road. Thanks, Bill
-- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
