On Thu, Mar 06, 2008, Alvarez, Daniel wrote:

> Hi all:
> I am trying to sign files with my own program and have followed almost the
> same steps as the pkeyutl application included in the OpenSSL distribution.
> When I try to sign 'large' files, the pkeyutl tool is not able to sign it
> producing a zero size output signature.
> I have debugged the application and it comes that the input buffer is never
> hashed. Thus, the ecda_do_sign function in ecs_ossl.c always returns
> when the input buffer is longer than the expected digest size.
> I don't know if it's already being solved but I thought about changing the
> way pkeyutl signs to:
> EVP_SignInit
> EVP_SignUpdate
> EVP_SignFinal
> scheme instead of the existing EVP_PKEY_sign call.

The pkeutil program is meant to do that and provide a command line utility to
allow pre-digested data to be input.

If you want to digest and sign (the usual scheme for bulk data) use the dgst
utility instead.

Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and freelance consultant.
Homepage: http://www.drh-consultancy.demon.co.uk
__________________________________________________ ____________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majordomo@openssl.org