Re: Add ECDSA signature R and S to X509 structure
This thread actually has some code on it for doing this: https://www.mail-archive.com/openssl-users@openssl.org/msg86672.html Bill On Mon, Aug 26, 2019 at 9:46 AM Ken Goldman wrote: > > On 8/17/2019 5:35 AM, Billy Brumley wrote: > > Hey Ken, > > > >> I have an ECDSA signature supplied to me as R and S byte arrays and > >> lengths (from an HSM). > >> > >> How do I add them to the X509 structure? > >> > >> Is there an API, a set of calls, or do you have any hints? > > > > You might be looking for ECDSA_SIG_set0: > > > > https://www.openssl.org/docs/man1.1.0/man3/ECDSA_SIG_set0.html > > > > You might find some snippets in ecdsatest.c. > > > > Hope it helps, > > I think so. This seems to work. Does it make sense? Is there a better way? > > - convert R and S, bin to bignum > - use ECDSA_SIG_set0 to create an ECDSA_SIG > - use i2d to convert the ECDSA_SIG to DER > - memcpy the DER into X509->signature->data > >
Re: Add ECDSA signature R and S to X509 structure
On 8/17/2019 5:35 AM, Billy Brumley wrote: Hey Ken, I have an ECDSA signature supplied to me as R and S byte arrays and lengths (from an HSM). How do I add them to the X509 structure? Is there an API, a set of calls, or do you have any hints? You might be looking for ECDSA_SIG_set0: https://www.openssl.org/docs/man1.1.0/man3/ECDSA_SIG_set0.html You might find some snippets in ecdsatest.c. Hope it helps, I think so. This seems to work. Does it make sense? Is there a better way? - convert R and S, bin to bignum - use ECDSA_SIG_set0 to create an ECDSA_SIG - use i2d to convert the ECDSA_SIG to DER - memcpy the DER into X509->signature->data
Re: Add ECDSA signature R and S to X509 structure
Hey Ken, > I have an ECDSA signature supplied to me as R and S byte arrays and > lengths (from an HSM). > > How do I add them to the X509 structure? > > Is there an API, a set of calls, or do you have any hints? You might be looking for ECDSA_SIG_set0: https://www.openssl.org/docs/man1.1.0/man3/ECDSA_SIG_set0.html You might find some snippets in ecdsatest.c. Hope it helps, BBB
Add ECDSA signature R and S to X509 structure
I have an ECDSA signature supplied to me as R and S byte arrays and lengths (from an HSM). How do I add them to the X509 structure? Is there an API, a set of calls, or do you have any hints? ~~ For RSA, I simply filled in the ASN1_BIT_STRING length, data, and flags, but an RSA signature is a simply BIT_STRING. For ECDSA, the BIT_STRING is a SEQUENCE of two INTEGERs. I could construct the SEQUENCE DER manually and then add it as with RSA, but that seems like a hack. Is there a better way? Is there a better way for RSA? I suspect that peering inside the ASN1_BIT_STRING will break for openssl 1.1.