Hi Thomas, Thank you very much, Understood.
I created a new branch with the change I created two versions: 1. one more c++ style ( https://github.com/christiangda/LicenseValidator/blob/c988c226e3e998aebe840386525a364273f41807/src/License.cpp#L80 ) 2. with the change you proposed ( https://github.com/christiangda/LicenseValidator/blob/c591e2174ad049f7e773092202bf627ec5862210/src/License.cpp#L79 ) and now in both versions, I have a new and similar error: ``` Failed to verify license 008C96F901000000:error:02000068:rsa routines:ossl_rsa_verify:bad signature:crypto/rsa/rsa_sign.c:426: 008C96F901000000:error:1C880004:Provider routines:rsa_verify:RSA lib:providers/implementations/signature/rsa_sig.c:785: License key is invalid ``` Do you have any idea of how to solve this new error? any guidance? On Mon, Jun 10, 2024 at 11:52 PM Thomas Dwyer III via openssl-users < openssl-users@openssl.org> wrote: > if (EVP_PKEY_verify(ctx, licenseSignature, sizeof(licenseSignature), > licenseContent, sizeof(licenseContent)) <= 0) > > > The sizeof operator is not doing what you think it's doing. It's computing > the sizes of the pointers (typically 4 or 8 bytes depending on your > architecture) and not the sizes of your signature & signed content. You > need to pass additional size_t values to your verifyLicense() function so > that EVP_PKEY_verify() can know what those lengths really are. It's > impossible to determine this from just a char* pointer. > > > Tom.III > > > On 6/10/24 13:15, Christian F. Gonzalez Di Antonio wrote: > > I posted this on > https://stackoverflow.com/questions/78604338/why-do-i-get-the-following-error-wrong-signature-length-when-i-try-to-validate > <https://urldefense.com/v3/__https://stackoverflow.com/questions/78604338/why-do-i-get-the-following-error-wrong-signature-length-when-i-try-to-validate__;!!ACWV5N9M2RV99hQ!NbxXgIkXi0CHG7PAehmOM_k1dXimFAfepGUTqIqQlJDfvxHviaWiNf3Cq45qlpW8zwSBX6jMtdkdlo7VlGpofDCM$> > > I'm writing an c++ program LicenseValidator -> > https://github.com/christiangda/LicenseValidator > <https://urldefense.com/v3/__https://github.com/christiangda/LicenseValidator__;!!ACWV5N9M2RV99hQ!NbxXgIkXi0CHG7PAehmOM_k1dXimFAfepGUTqIqQlJDfvxHviaWiNf3Cq45qlpW8zwSBX6jMtdkdlo7VlA9bse82$> > to > validate a hypothetical program license using OpenSSL 3.1 Library > <https://urldefense.com/v3/__https://wiki.openssl.org/index.php/OpenSSL_3.0__;!!ACWV5N9M2RV99hQ!NbxXgIkXi0CHG7PAehmOM_k1dXimFAfepGUTqIqQlJDfvxHviaWiNf3Cq45qlpW8zwSBX6jMtdkdlo7VlL35ykQZ$>, > and when I tried to validate the licensed content I got the following error: > > Failed to verify license > 008C1AF901000000:error:02000077:rsa routines:ossl_rsa_verify:wrong signature > length:crypto/rsa/rsa_sign.c:338: > 008C1AF901000000:error:1C880004:Provider routines:rsa_verify:RSA > lib:providers/implementations/signature/rsa_sig.c:785: > > I would appreciate any help or guidance on what I am doing wrong. > > I am not at all an expert in the c/c++ programming language and this is > the first time I have tried to use the OpenSSL library. > > Of course, I've used GitHub Copilot, gemini, and chatgpt to write and > understand the repository code. The chalenge is about the examples I found > on internet, the majority of them are about OpenSSL v1 and the v3 is very > different, so was hard to understand the migration. > > The README.md > <https://urldefense.com/v3/__https://github.com/christiangda/LicenseValidator/blob/main/README.md__;!!ACWV5N9M2RV99hQ!NbxXgIkXi0CHG7PAehmOM_k1dXimFAfepGUTqIqQlJDfvxHviaWiNf3Cq45qlpW8zwSBX6jMtdkdlo7VlB0fGmIT$> > file > has the instructions to create all the necessary keys, etc, references I > used and the instructions to compile it using cmake. > > The core function is LicenseValidator/src/License.cpp > <https://urldefense.com/v3/__https://github.com/christiangda/LicenseValidator/blob/82f5501ab2e5bf2d91dc4298245b36fde2efd66b/src/License.cpp*L79__;Iw!!ACWV5N9M2RV99hQ!NbxXgIkXi0CHG7PAehmOM_k1dXimFAfepGUTqIqQlJDfvxHviaWiNf3Cq45qlpW8zwSBX6jMtdkdlo7VlOpxxmDb$> > : > > bool verifyLicense(const unsigned char *licenseContent, const unsigned char > *licenseSignature, const std::string pubkey){ > EVP_PKEY *pkey = loadRsaPemPubKey(pubkey); > if (pkey == NULL) > { > std::cerr << "Failed to load public key" << std::endl; > ERR_print_errors_fp(stdout); > return false; > } > > EVP_PKEY_CTX *ctx = EVP_PKEY_CTX_new(pkey, NULL); > if (ctx == NULL) > { > std::cerr << "Failed to create EVP_PKEY_CTX" << std::endl; > EVP_PKEY_free(pkey); > ERR_print_errors_fp(stdout); > return false; > } > > if (EVP_PKEY_verify_init(ctx) <= 0) > { > std::cerr << "Failed to initialize EVP_PKEY_CTX" << std::endl; > EVP_PKEY_CTX_free(ctx); > EVP_PKEY_free(pkey); > ERR_print_errors_fp(stdout); > return false; > } > > // PKCS1 padding scheme > if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_PADDING) <= 0< > /span>) > { > std::cerr << "Failed to set RSA padding" << std::endl; > EVP_PKEY_CTX_free(ctx); > EVP_PKEY_free(pkey); > ERR_print_errors_fp(stdout); > return false; > } > > // SHA256 digest > if (EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256()) < > ;= 0) > { > std::cerr << "Failed to set signature MD" << std::endl; > EVP_PKEY_CTX_free(ctx); > EVP_PKEY_free(pkey); > ERR_print_errors_fp(stdout); > return false; > } > > if (EVP_PKEY_verify(ctx, licenseSignature, sizeof(licens > eSignature), licenseContent, sizeof(licenseContent)) <= 0) > { > std::cerr << "Failed to verify license" << std::endl; > EVP_PKEY_CTX_free(ctx); > EVP_PKEY_free(pkey); > ERR_print_errors_fp(stdout); > return false; > } > > EVP_PKEY_CTX_free(ctx); > EVP_PKEY_free(pkey); > > return true; > } > > Some guidance about how to solve the error I got. > > -- > Saludos, > Christian > > > -- Saludos, Christian
