On Thu, Mar 06, 2008, Alvarez, Daniel wrote:

> Hi all:
>
>
> I am trying to sign files with my own program and have followed almost the
> same steps as the pkeyutl application included in the OpenSSL distribution.
> When I try to sign 'large' files, the pkeyutl tool is not able to sign it
> producing a zero size output signature.
>
> I have debugged the application and it comes that the input buffer is never
> hashed. Thus, the ecda_do_sign function in ecs_ossl.c always returns
>
> ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ECDSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
>
> when the input buffer is longer than the expected digest size.
>
> I don't know if it's already being solved but I thought about changing the
> way pkeyutl signs to:
>
> EVP_SignInit
> EVP_SignUpdate
> EVP_SignFinal
>
> scheme instead of the existing EVP_PKEY_sign call.
>


The pkeutil program is meant to do that and provide a command line utility to
allow pre-digested data to be input.

If you want to digest and sign (the usual scheme for bulk data) use the dgst
utility instead.

Steve.
--
Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and freelance consultant.
Homepage: http://www.drh-consultancy.demon.co.uk
__________________________________________________ ____________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majordomo@openssl.org