Hello openssl-users, I have an issue with update of ECDSA digests in our environment. We have our own digest functions for init, update and final where we registered with these functions for NID_sha1, NID_sha256, NID_sha384 and NID_sha512. These digests were updated at openssl, via ENGINE_set_digests() function. After update, i see that all RSA cerificate based ciphers are working fine with both TLS1.0 and TLS1.2. And, i added the ECDSA algorithm with openssl function EVP_add_digest(EVP_ecdsa()); But, for me ECDSA cert based cipher suites are not working. These are landing to following errors. digital envelope routines:EVP_SignFinal:wrong public key type : crypto/evp/p_sign .c:139: SSL routines:SSL3_SEND_SERVER_KEY_EXCHANGE:EVP lib: ssl/s3_srvr.c:2012 Then i tried following Tried to set only NID_ecdsa_with_SHA1 with our init, update and final function and tried to update to openssl via ENGINE_set_digests(). But, now seems to be since i updated NID_ecdsa_with_SHA1 with our sha1 functions, whole TLS1.0 handshakes stopped working with "decrypt error or bac mac record" errors. Based on this, seems to be there is a basic thing am missing while configuring ECDSA based digests. Can you please help me on this configuration? How can we differentiate between ECDSA digests to RSA digests? Because both usually lands on to same SHA1, SHA256 etc functions. I tried one more thing that, along with NID_sha1, NID_sha256, NID_sha384, NID_sha512 i tried to define NID_ecdsa_with_SHA1, NID_ecdsa_with_SHA256, NID_ecdsa_with_SHA384 and NID_ecdsa_with_SHA512 with respective settings. But, with this setting also landing to same above error of "wrong public key type". I need your inputs on this issue. Thanks, Rajeswari. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20150424/f83cd40d/attachment.html>
