I call a EVP-based verify function (that works), I then call a
HSM/dynamic/OpenSC/pkcs11-based sign function ( works too ) , but then a
second call to my verify functions complains with
ecc_ssl_gen_EC_KEY EC_KEY_generate_key FAIL error:2D06D075:FIPS
routines:fips_pkey_signature_test:test failure
Makes sense, thanks. However, at EVP_DigestSignFinal(mdctx, sig_der,
sig_len)
I get
rc: 0 error:2606C043:engine routines:ENGINE_FREE_UTIL:passed a null
parameter
( I had had this before ). Parms for EVP_DigestSignFinal seem OK.
--
View this message in context:
Well , now this one:
HSM_Sign EVP_DigestSignFinal FAIL rc: 0 error:25066067:DSO support
routines:DLFCN_LOAD:could not load the shared library.
However I have a separate test app that does not exhibit this [ the test app
just does one signing, using HSM ].
--
View this message in context:
I would like to use default implementations for some ECC operations but the
OpenSC pkcs11 engine for other ECDSA operations.
At a high level I have a Sign() a Verify() in one app on a server - the
Sign() needs to be done via a HSM using PKCS11 interface, using EVP
functions. Keys for these
I dug into source - it's in DER format so a sleezy hacked function is this: (
I use curve NID_X9_62_prime256v1 )
ECDSA_SIG * sig
BIGNUM * r;
BIGNUM * s;
/* A correct DER-encoded signature has the following form:
0x30: a header
I had been using the lower level ECDSA_do_sign for EC signing but had to
migrate to EVP functions.
If I get signature from EVP_DigestSignFinal(), what format is the signature,
and how can I extract the 'real' bytes? I'd expect 32 bytes each for r and
s. I need the 'real bytes' for