------=_Part_21399_23095140.1206538858410
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

Hi Jim,
Thank you. You are absolutely correct. What is a my stupid. I didn't look
carefully ecdsa stuff.
Nguyen.

On Tue, Mar 25, 2008 at 4:29 PM, jimmy bahuleyan
wrote:

> Helios Nguyen wrote:
> > Hi everyone,
> >
> > i have problem with ECDSA_do_sign() and ECDSA_do_verify().
> >
> > After sign with ECDSA_do_sign() i got signatur. I used d2i_ECDSA_SIG()
> > to decode this signature and verify it. is that true?
> >
> > But there is a error: Segmentation fault (core dumped) when i do
> > d2i_ECDSA_SIG() . I have no ideal about this error. Any hints from you?
> >
> > Thanks in advance.
> > Nguyen.
> >

>
> Why do you use d2i_ECDSA_SIG() on the struct from ECDSA_do_sign()? To
> verify the signature you can just pass the output ECDSA_SIG * from
> ECDSA_do_sign() to ECDSA_do_verify().
>
> There is some sample code in the ecdsa man page which seems to indicate
> as much. A careful look at the function prototypes would also point you
> to your errors (compiler warnings too).
>
>
> > Here is my code:
> >
> > unsigned int olen, sig_len;
> > unsigned char *digest, *sig_buf;
> > int ires;
> >
> > EC_KEY *ecprivkey=NULL;
> > EVP_PKEY *pkey;
> > EC_KEY* hpubkey;
> > ECDSA_SIG *ret;
> >
> > OpenSSL_add_all_algorithms();
> > ERR_load_crypto_strings();
> > ERR_load_EC_strings();
> >
> > /*Get public key from file to verify*/
> > FILE *fp = fopen("/var/www/210308eccert.pem", "r");
> > X509 *cert = PEM_read_X509(fp, NULL, NULL, NULL);
> > pkey=X509_get_pubkey(cert);
> > hpubkey = EVP_PKEY_get1_EC_KEY(pkey);
> > if (!hpubkey) {printf("can't get public\n ");}
> >
> > /*file to compute digest string*/
> > FILE *f=fopen("/var/www/test_dgst.txt","r");
> >
> > process_file(f,&olen);
> > if (!digest)
> > {
> > fclose(f);
> > printf("error by compute digest\n");
> > }
> >
> > print_hex(digest,olen);
> > printf("\n");
> >
> > /*private key file to sign on digest string */
> > FILE *fpkey=fopen("/var/www/210308keyec.pem","r");
> >
> > ecprivkey= PEM_read_ECPrivateKey(fpkey, NULL, NULL, NULL);
> > /*sign digest string and return poniter ret to ECDSA_SIG*/
> > ret = ECDSA_do_sign(digest, sizeof digest, ecprivkey);
> >
> > if (ret=NULL){printf("sign error\n");}
> >
> > /*decodes a DER encoded ECDSA signature*/
> > ECDSA_SIG *s = ECDSA_SIG_new();
> > if (s==NULL) {printf("ECDSA_SIG_new error\n");}
> > s=d2i_ECDSA_SIG(&ret, &sig_buf, sig_len);
> > if (s==NULL){ printf("convert error\n");}
> >
> > /*verify signature with public key*/
> > ires=ECDSA_do_verify(digest, sizeof digest, s, hpubkey);
> >
> > printf("vaue of ires %d\n",ires);
> >
> > and here is error:
> > nguyen@ubuntu:~/OpenSSl$ ./test
> > c9c300ff35fca10408ff2500a2040800000000ff
> > Segmentation fault (core dumped)

>
> -jb
> --
> I used to think I was indecisive, but now I'm not so sure.
> __________________________________________________ ____________________
> OpenSSL Project http://www.openssl.org
> User Support Mailing List openssl-users@openssl.org
> Automated List Manager majordomo@openssl.org
>


------=_Part_21399_23095140.1206538858410
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

Hi Jim,
Thank you. You are absolutely correct. What is a my stupid. I didn't look carefully ecdsa stuff.
Nguyen.

On Tue, Mar 25, 2008 at 4:29 PM, jimmy bahuleyan <jimmy.cancer@gmail.com> wrote:

Helios Nguyen wrote:

> Hi everyone,

>

> i have problem with ECDSA_do_sign() and ECDSA_do_verify().

>

> After sign with ECDSA_do_sign() i got signatur. I used d2i_ECDSA_SIG()

> to decode this signature and verify it. is that true?

>

> But there is a error: Segmentation fault (core dumped) when i do

> d2i_ECDSA_SIG() . I have no ideal about this error. Any hints from you?

>

> Thanks in advance.

> Nguyen.

>



Why do you use d2i_ECDSA_SIG() on the struct from ECDSA_do_sign()? To

verify the signature you can just pass the output ECDSA_SIG * from

ECDSA_do_sign() to ECDSA_do_verify().



There is some sample code in the ecdsa man page which seems to indicate

as much. A careful look at the function prototypes would also point you

to your errors (compiler warnings too).





> Here is my code:

>

> unsigned int olen, sig_len;

> unsigned char *digest, *sig_buf;

> int ires;

>

> EC_KEY *ecprivkey=NULL;

> EVP_PKEY *pkey;

> EC_KEY* hpubkey;

> ECDSA_SIG *ret;

>

> OpenSSL_add_all_algorithms();

> ERR_load_crypto_strings();

> ERR_load_EC_strings();

>

> /*Get public key from file to verify*/

> FILE *fp = fopen("/var/www/210308eccert.pem", "r");

> X509 *cert = PEM_read_X509(fp, NULL, NULL, NULL);

> pkey=X509_get_pubkey(cert);

> hpubkey = EVP_PKEY_get1_EC_KEY(pkey);

> if (!hpubkey) {printf("can't get public\n ");}

>

> /*file to compute digest string*/

> FILE *f=fopen("/var/www/test_dgst.txt","r");

>

> process_file(f,&olen);

> if (!digest)

> {

>     fclose(f);

>     printf("error by compute digest\n");

> }

>

> print_hex(digest,olen);

> printf("\n");

>

> /*private key file to sign on digest string */

> FILE *fpkey=fopen("/var/www/210308keyec.pem","r");

>

> ecprivkey= PEM_read_ECPrivateKey(fpkey, NULL, NULL, NULL);

> /*sign digest string and return poniter ret to ECDSA_SIG*/

> ret = ECDSA_do_sign(digest, sizeof digest, ecprivkey);

>

> if (ret=NULL){printf("sign error\n");}

>

> /*decodes a DER encoded ECDSA signature*/

> ECDSA_SIG *s = ECDSA_SIG_new();

> if (s==NULL) {printf("ECDSA_SIG_new error\n");}

> s=d2i_ECDSA_SIG(&ret, &sig_buf, sig_len);

> if (s==NULL){ printf("convert error\n");}

>

> /*verify signature with public key*/

> ires=ECDSA_do_verify(digest, sizeof digest, s, hpubkey);

>

> printf("vaue of ires %d\n",ires);

>

> and here is error:

> nguyen@ubuntu:~/OpenSSl$ ./test

> c9c300ff35fca10408ff2500a2040800000000ff

> Segmentation fault (core dumped)



-jb

--

I used to think I was indecisive, but now I'm not so sure.

__________________________________________________ ____________________

OpenSSL Project                                 http://www.openssl.org

User Support Mailing List                    penssl-users@openssl.org">openssl-users@openssl.org

Automated List Manager                           majordomo@openssl.org




------=_Part_21399_23095140.1206538858410--
__________________________________________________ ____________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majordomo@openssl.org