[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

EVP_dss1 replacement? (was: OpenSSL 1.1.0)

On 06/11/2016 02:30 PM, Kurt Roeckx wrote:
> There is an upstream wiki page for this at:
> https://wiki.openssl.org/index.php/1.1_API_Changes
> If things aren't clear, you have questions, are there are missing
> access functions please contact us.

I'm currently packaging a piece of software (open-isns, [1]) that uses
libcrypto functions internally. While trying to make sure that it will
compile against OpenSSL 1.1 (and hence be binNMU-able), most of the
things were straight-forward (opaque structures now requiring getters),
but I have encountered the following issue that doesn't appear to be
completely trivial to me: the software uses DSA+SHA1 as its signature
algoritm [2], and effectively boils down to the following code to
generate signatures:

md_ctx = EVP_MD_CTX_new();
EVP_SignInit(md_ctx, EVP_dss1());
EVP_DigestUpdate(md_ctx, /* stuff */);
EVP_SignFinal(md_ctx, signature, &sig_len, pkey);

(Verification is analogous with VerifyInit/VerifyFinal.)

The problem is that EVP_dss1() doesn't exist anymore in OpenSSL 1.1. If
I understand the man page correctly, EVP_dss1 is a hack in really old
OpenSSL versions (how old btw.?) to support SHA1 signatures with DSA,
because back then the hash algorithms were tied to the public key

So is it correct to simply replace EVP_dss1() with EVP_sha1() in the
above code and it will still produce DSA signatures? Or do I have to do
something else to achieve the same results?


[1] ITP: https://bugs.debian.org/799061
[2] This is demanded by the iSNS protocol, RFC 4171. I know that one
    would want to use other algorithms today.

Reply to: