Re: problem by d2i_ECDSA_SIG

Tue, 25 Mar 2008 08:30:27 -0700 

Helios Nguyen wrote:

Hi everyone,

i have problem with ECDSA_do_sign() and ECDSA_do_verify().
After sign with ECDSA_do_sign() i got signatur. I used d2i_ECDSA_SIG() to decode this signature and verify it. is that true?
But there is a error: Segmentation fault (core dumped) when i do d2i_ECDSA_SIG() . I have no ideal about this error. Any hints from you? 

Thanks in advance.
Nguyen.
Why do you use d2i_ECDSA_SIG() on the struct from ECDSA_do_sign()? To verify the signature you can just pass the output ECDSA_SIG * from ECDSA_do_sign() to ECDSA_do_verify().
There is some sample code in the ecdsa man page which seems to indicate as much. A careful look at the function prototypes would also point you to your errors (compiler warnings too). 



Here is my code:

unsigned int olen, sig_len;
unsigned char *digest, *sig_buf;
int ires;

EC_KEY *ecprivkey=NULL;
EVP_PKEY *pkey;
EC_KEY* hpubkey;
ECDSA_SIG *ret;

OpenSSL_add_all_algorithms();
ERR_load_crypto_strings();
ERR_load_EC_strings();

/*Get public key from file to verify*/
FILE *fp = fopen("/var/www/210308eccert.pem", "r");
X509 *cert = PEM_read_X509(fp, NULL, NULL, NULL);
pkey=X509_get_pubkey(cert);
hpubkey = EVP_PKEY_get1_EC_KEY(pkey);
if (!hpubkey) {printf("can't get public\n ");}

/*file to compute digest string*/
FILE *f=fopen("/var/www/test_dgst.txt","r");

process_file(f,&olen);
if (!digest)
{
    fclose(f);
    printf("error by compute digest\n");
}

print_hex(digest,olen);
printf("\n");

/*private key file to sign on digest string */
FILE *fpkey=fopen("/var/www/210308keyec.pem","r");

ecprivkey= PEM_read_ECPrivateKey(fpkey, NULL, NULL, NULL);
/*sign digest string and return poniter ret to ECDSA_SIG*/
ret = ECDSA_do_sign(digest, sizeof digest, ecprivkey);

if (ret=NULL){printf("sign error\n");}

/*decodes a DER encoded ECDSA signature*/
ECDSA_SIG *s = ECDSA_SIG_new();
if (s==NULL) {printf("ECDSA_SIG_new error\n");}
s=d2i_ECDSA_SIG(&ret, &sig_buf, sig_len);
if (s==NULL){ printf("convert error\n");}

/*verify signature with public key*/
ires=ECDSA_do_verify(digest, sizeof digest, s, hpubkey);
printf("vaue of ires %d\n",ires); 

and here is error:
[EMAIL PROTECTED]:~/OpenSSl$ ./test
c9c300ff35fca10408ff2500a2040800000000ff
Segmentation fault (core dumped)


-jb
--
I used to think I was indecisive, but now I'm not so sure.
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to