How did I break this signature library?

Sage Gerard sage at
Tue Jun 29 21:02:10 UTC 2021


I recently resubscribed so I'm unsure if this post was emailed back out
to members.

If you saw it and the question was bad, please let me know what I can
simplify or clarify.

Thank you.

On 6/27/21 11:44 PM, Sage Gerard wrote:
> Hi all,
> Context:
> I compile this small EVP program into a dynamic library, in which
> libcrypto is statically linked. A nearby Racket program needs this
> dynamic library for a foreign function interface. I do things in an odd
> order, but I am able to create and verify signatures with this setup.
> Let's say the library's output signature is in file.sha1.sig, and the
> signature was created using the unencoded SHA-1 digest in file.sha1. I
> would compare verification output using my host 1.1.1f binary using:
> $ <file.sha1 openssl pkeyutl -sign -verify -pubin -inkey public.pem
> -sigfile file.sha1.sig
> Signature verification fails, so I made a mistake. I'm confused because
> the program still (broadly) follows the wiki, and it verifies its own
> valid-looking signatures successfully.
> Can the library and binary disagree because of different OpenSSL
> versions? If not, what did I do to make them produce different output
> for the same CHF and keypair?
> --
> ~slg

More information about the openssl-users mailing list