------=_Part_7223_30403135.1206281321994
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

Hi Dmitry and all,

i found your post "ECC signature validation failure" in mail-archive. You
solved your problem with ECDSA_verify(). Here is your code:

So I try to do:

ERR_load_EC_strings();
X509 *x = NULL; int type = 0; EVP_PKEY *key = NULL; int len = 0; EC_KEY *ec
= NULL; int ret = 0; char *er;
d2i_X509(&x, (const unsigned char**)&pCert->pbCertEncoded,
pCert->cbCertEncoded);
key = X509_PUBKEY_get(x->cert_info->key);
ec = EVP_PKEY_get1_EC_KEY(key);
if(ec){
ECDSA_SIG *sig = ECDSA_SIG_new();
sig->r = BN_bin2bn(pbSignature,dwSigLen/2,NULL);
sig->s = BN_bin2bn(pbSignature + dwSigLen/2,dwSigLen/2,NULL);
er = ERR_error_string(ERR_get_error(),NULL);
ret = ECDSA_do_verify(pbyHash,dwHashLen,sig,ec);
}
Now it is return 0. But signature must be valid.


I want ask you that in the line:

d2i_X509(&x, (const unsigned char**)&pCert->pbCertEncoded,
pCert->cbCertEncoded);

do you have to convert certificate x509? which form did you converted
(DER?) and which function did you use? I have read d2i_X509.pod but it
don't say that if can i apply direct this function to a x509 certificate or
i have convert it before use function d2i_X509()?


I need help, thanks.
Nguyen.

------=_Part_7223_30403135.1206281321994
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

Hi Dmitry and all,

i found your post
"ECC signature validation failure" in mail-archive. You solved your problem with ECDSA_verify(). Here is your code:

So I try to do:

ERR_load_EC_strings();
X509 *x = NULL; int type = 0; EVP_PKEY *key = NULL; int len = 0; EC_KEY *ec

= NULL; int ret = 0; char *er;
d2i_X509(&x, (const unsigned char**)&pCert->pbCertEncoded,
pCert->cbCertEncoded);
key = X509_PUBKEY_get(x->cert_info->key);
ec = EVP_PKEY_get1_EC_KEY(key);

if(ec){
        ECDSA_SIG *sig = ECDSA_SIG_new();
        sig->r = BN_bin2bn(pbSignature,dwSigLen/2,NULL);
        sig->s = BN_bin2bn(pbSignature + dwSigLen/2,dwSigLen/2,NULL);
        er = ERR_error_string(ERR_get_error(),NULL);

        ret = ECDSA_do_verify(pbyHash,dwHashLen,sig,ec);
 }

Now it is return 0. But signature must be valid.


I want ask you that in the line:

d2i_X509(&x, (const unsigned char**)&pCert->pbCertEncoded, pCert->cbCertEncoded);


do you have to convert certificate x509? which form did you converted (DER?)  and which function did you use? I have read d2i_X509.pod but it don't say  that if can i apply direct this function to a x509 certificate or i have convert it before use function d2i_X509()?



I need help, thanks.
Nguyen.
 


------=_Part_7223_30403135.1206281321994--
__________________________________________________ ____________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majordomo@openssl.org