Re: EVP_dss1 replacement? (was: OpenSSL 1.1.0)
On Wed, Jun 29, 2016 at 04:15:39AM +0200, Christian Seiler wrote:
> On 06/11/2016 02:30 PM, Kurt Roeckx wrote:
> > There is an upstream wiki page for this at:
> > https://wiki.openssl.org/index.php/1.1_API_Changes
> >
> > If things aren't clear, you have questions, are there are missing
> > access functions please contact us.
>
> I'm currently packaging a piece of software (open-isns, [1]) that uses
> libcrypto functions internally. While trying to make sure that it will
> compile against OpenSSL 1.1 (and hence be binNMU-able), most of the
> things were straight-forward (opaque structures now requiring getters),
> but I have encountered the following issue that doesn't appear to be
> completely trivial to me: the software uses DSA+SHA1 as its signature
> algoritm [2], and effectively boils down to the following code to
> generate signatures:
>
> md_ctx = EVP_MD_CTX_new();
> EVP_SignInit(md_ctx, EVP_dss1());
> EVP_DigestUpdate(md_ctx, /* stuff */);
> EVP_SignFinal(md_ctx, signature, &sig_len, pkey);
> EVP_MD_CTX_free(md_ctx);
>
> (Verification is analogous with VerifyInit/VerifyFinal.)
>
> The problem is that EVP_dss1() doesn't exist anymore in OpenSSL 1.1. If
> I understand the man page correctly, EVP_dss1 is a hack in really old
> OpenSSL versions (how old btw.?) to support SHA1 signatures with DSA,
> because back then the hash algorithms were tied to the public key
> algorithms.
>
> So is it correct to simply replace EVP_dss1() with EVP_sha1() in the
> above code and it will still produce DSA signatures? Or do I have to do
> something else to achieve the same results?
I'm not sure why they were removed at this time and not just
replaced by a #define.
Using EVP_sha1() is the correct replacement for EVP_dss1(),
as the manpage says.
Kurt
Reply to: