Hi,

I am writing a program to do pairwise consistency checks using EVP API's for 
RSA and
ECDSA keys. The private and public keys are obtained from a PKCS12 file.
I've based my program on the sample code provided at -
https://wiki.openssl.org/index.php/EVP_Signing_and_Verifying
Version of openssl used is OpenSSL 1.0.2n/FIPS v2.0.16

The code works well for RSA based keys. However, with ECDSA the 
EVP_VerifyDigestFinal
Function always return 0.   The Man page seem to indicate a return value of 0 
doesn't
Indicate of any serious error, but says verification is a failure.

The questions are -


1.      Why does EVP_DigestVerifyFinal fail for ECDSA keys ? Is it a known 
problem ?

2.      If I need to use ECDSA_sign and ECDSA_verify call,  I need to convert 
the EVP_PKEY

Structure to EC_KEY.  I do find a supporting API - EVP_PKEY_set1_EC_KEY. 
However,

This seems true for Only private keys.  Is there any function that would accept

EVP_PKEYs (private/public) and generate a single EC_KEY structure so that

ECDSA_sign/ECDSA_verify can be used ?

Thanks
Kumar

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Reply via email to