"Dr. Stephen Henson" <st...@openssl.org> writes: [...]
> I'd suggest you try OpenSSL 1.0.0 and the EVP interface instead. Wouldn't it make sense for the truncation to be done in ECDSA_do_sign(), as it is in dsa_do_sign()? For the OP's question surely using the EVP interface isn't possible, is it? AFAI for EVP one needs an EVP_MD, and there's no appropriate EVP_MD for ECDSA and SHA256. (Indeed, if one believes the manpages there's no EVP_MD at all for ECDSA, but presumably now that EVP_sha1() can be used for DSA as well as RSA, it's been extended to ECDSA too?) Or were you proposing the OP create an EVP_MD and use that---is that how one should proceed in this kind of situation? Or is the EVP_sha1() pattern to be extended, so that one specifies (For signing and verification) just the digest and the key determines the signing/verification type? I note that this fails, suggesting that (AFAIU, anyway) the correct truncation isn't being done (I presume "openssl req" is using the recommended way to do things): brs% ./openssl ecparam -name secp128r1 -out ecparam.pem brs% ./openssl req -newkey ec:ecparam.pem -x509 -nodes -keyout key.pem -subj /CN=foo Generating a 128 bit EC private key writing new private key to 'key.pem' ----- 3084462792:error:2A065065:lib(42):ECDSA_do_sign:data too large for key size:ecs_ossl.c:265: [...] ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org