When using EVP_DigestSign and EVP_DigestVerify functions, errstr cannot decode a failed verification error under RSA.
To duplicate, create a signature with EVP_DigestSign. Tamper with the signature: sig[0] ^= 0x1. Then run it through EVP_DigestVerify. In the case of OpenSSL 1.0.1: $ ./t-rsa.exe Testing RSA functions with EVP_DigestSign and EVP_DigestVerify Signature: 9023EF59A4ED046E... Tampering with signature... EVP_DigestVerifyFinal failed, return code 0, error 0x407006ad $ openssl errstr 0x407006ad error:407006AD:lib(64):func(1792):reason(1709) $ /usr/local/ssl/darwin/bin/openssl errstr 0x407006ad error:407006AD:lib(64):func(1792):reason(1709) _______________________________________________ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
