Helios Nguyen wrote:
> Hi everyone,
>
> i have problem with ECDSA_do_sign() and ECDSA_do_verify().
>
> After sign with ECDSA_do_sign() i got signatur. I used d2i_ECDSA_SIG()
> to decode this signature and verify it. is that true?
>
> But there is a error: Segmentation fault (core dumped) when i do
> d2i_ECDSA_SIG() . I have no ideal about this error. Any hints from you?
>
> Thanks in advance.
> Nguyen.
>


Why do you use d2i_ECDSA_SIG() on the struct from ECDSA_do_sign()? To
verify the signature you can just pass the output ECDSA_SIG * from
ECDSA_do_sign() to ECDSA_do_verify().

There is some sample code in the ecdsa man page which seems to indicate
as much. A careful look at the function prototypes would also point you
to your errors (compiler warnings too).


> Here is my code:
>
> unsigned int olen, sig_len;
> unsigned char *digest, *sig_buf;
> int ires;
>
> EC_KEY *ecprivkey=NULL;
> EVP_PKEY *pkey;
> EC_KEY* hpubkey;
> ECDSA_SIG *ret;
>
> OpenSSL_add_all_algorithms();
> ERR_load_crypto_strings();
> ERR_load_EC_strings();
>
> /*Get public key from file to verify*/
> FILE *fp = fopen("/var/www/210308eccert.pem", "r");
> X509 *cert = PEM_read_X509(fp, NULL, NULL, NULL);
> pkey=X509_get_pubkey(cert);
> hpubkey = EVP_PKEY_get1_EC_KEY(pkey);
> if (!hpubkey) {printf("can't get public\n ");}
>
> /*file to compute digest string*/
> FILE *f=fopen("/var/www/test_dgst.txt","r");
>
> process_file(f,&olen);
> if (!digest)
> {
> fclose(f);
> printf("error by compute digest\n");
> }
>
> print_hex(digest,olen);
> printf("\n");
>
> /*private key file to sign on digest string */
> FILE *fpkey=fopen("/var/www/210308keyec.pem","r");
>
> ecprivkey= PEM_read_ECPrivateKey(fpkey, NULL, NULL, NULL);
> /*sign digest string and return poniter ret to ECDSA_SIG*/
> ret = ECDSA_do_sign(digest, sizeof digest, ecprivkey);
>
> if (ret=NULL){printf("sign error\n");}
>
> /*decodes a DER encoded ECDSA signature*/
> ECDSA_SIG *s = ECDSA_SIG_new();
> if (s==NULL) {printf("ECDSA_SIG_new error\n");}
> s=d2i_ECDSA_SIG(&ret, &sig_buf, sig_len);
> if (s==NULL){ printf("convert error\n");}
>
> /*verify signature with public key*/
> ires=ECDSA_do_verify(digest, sizeof digest, s, hpubkey);
>
> printf("vaue of ires %d\n",ires);
>
> and here is error:
> nguyen@ubuntu:~/OpenSSl$ ./test
> c9c300ff35fca10408ff2500a2040800000000ff
> Segmentation fault (core dumped)


-jb
--
I used to think I was indecisive, but now I'm not so sure.
__________________________________________________ ____________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majordomo@openssl.org