Hi Jim,
Thank you. You are absolutely correct. What is a my stupid. I didn't look
carefully ecdsa stuff.
Nguyen.
On Tue, Mar 25, 2008 at 4:29 PM, jimmy bahuleyan <[EMAIL PROTECTED]>
wrote:
> Helios Nguyen wrote:
> > Hi everyone,
> >
> > i have problem with ECDSA_do_sign() and ECDSA_do_verify().
> >
> > After sign with ECDSA_do_sign() i got signatur. I used d2i_ECDSA_SIG()
> > to decode this signature and verify it. is that true?
> >
> > But there is a error: Segmentation fault (core dumped) when i do
> > d2i_ECDSA_SIG() . I have no ideal about this error. Any hints from you?
> >
> > Thanks in advance.
> > Nguyen.
> >
>
> Why do you use d2i_ECDSA_SIG() on the struct from ECDSA_do_sign()? To
> verify the signature you can just pass the output ECDSA_SIG * from
> ECDSA_do_sign() to ECDSA_do_verify().
>
> There is some sample code in the ecdsa man page which seems to indicate
> as much. A careful look at the function prototypes would also point you
> to your errors (compiler warnings too).
>
>
> > Here is my code:
> >
> > unsigned int olen, sig_len;
> > unsigned char *digest, *sig_buf;
> > int ires;
> >
> > EC_KEY *ecprivkey=NULL;
> > EVP_PKEY *pkey;
> > EC_KEY* hpubkey;
> > ECDSA_SIG *ret;
> >
> > OpenSSL_add_all_algorithms();
> > ERR_load_crypto_strings();
> > ERR_load_EC_strings();
> >
> > /*Get public key from file to verify*/
> > FILE *fp = fopen("/var/www/210308eccert.pem", "r");
> > X509 *cert = PEM_read_X509(fp, NULL, NULL, NULL);
> > pkey=X509_get_pubkey(cert);
> > hpubkey = EVP_PKEY_get1_EC_KEY(pkey);
> > if (!hpubkey) {printf("can't get public\n ");}
> >
> > /*file to compute digest string*/
> > FILE *f=fopen("/var/www/test_dgst.txt","r");
> >
> > process_file(f,&olen);
> > if (!digest)
> > {
> > fclose(f);
> > printf("error by compute digest\n");
> > }
> >
> > print_hex(digest,olen);
> > printf("\n");
> >
> > /*private key file to sign on digest string */
> > FILE *fpkey=fopen("/var/www/210308keyec.pem","r");
> >
> > ecprivkey= PEM_read_ECPrivateKey(fpkey, NULL, NULL, NULL);
> > /*sign digest string and return poniter ret to ECDSA_SIG*/
> > ret = ECDSA_do_sign(digest, sizeof digest, ecprivkey);
> >
> > if (ret=NULL){printf("sign error\n");}
> >
> > /*decodes a DER encoded ECDSA signature*/
> > ECDSA_SIG *s = ECDSA_SIG_new();
> > if (s==NULL) {printf("ECDSA_SIG_new error\n");}
> > s=d2i_ECDSA_SIG(&ret, &sig_buf, sig_len);
> > if (s==NULL){ printf("convert error\n");}
> >
> > /*verify signature with public key*/
> > ires=ECDSA_do_verify(digest, sizeof digest, s, hpubkey);
> >
> > printf("vaue of ires %d\n",ires);
> >
> > and here is error:
> > [EMAIL PROTECTED]:~/OpenSSl$ ./test
> > c9c300ff35fca10408ff2500a2040800000000ff
> > Segmentation fault (core dumped)
>
> -jb
> --
> I used to think I was indecisive, but now I'm not so sure.
> ______________________________________________________________________
> OpenSSL Project http://www.openssl.org
> User Support Mailing List openssl-users@openssl.org
> Automated List Manager [EMAIL PROTECTED]
>
