Hi Dmitry and all,
i found your post "ECC signature validation failure" in mail-archive. You
solved your problem with ECDSA_verify(). Here is your code:
So I try to do:
ERR_load_EC_strings();
X509 *x = NULL; int type = 0; EVP_PKEY *key = NULL; int len = 0; EC_KEY *ec
= NULL; int ret = 0; char *er;
d2i_X509(&x, (const unsigned char**)&pCert->pbCertEncoded,
pCert->cbCertEncoded);
key = X509_PUBKEY_get(x->cert_info->key);
ec = EVP_PKEY_get1_EC_KEY(key);
if(ec){
ECDSA_SIG *sig = ECDSA_SIG_new();
sig->r = BN_bin2bn(pbSignature,dwSigLen/2,NULL);
sig->s = BN_bin2bn(pbSignature + dwSigLen/2,dwSigLen/2,NULL);
er = ERR_error_string(ERR_get_error(),NULL);
ret = ECDSA_do_verify(pbyHash,dwHashLen,sig,ec);
}
Now it is return 0. But signature must be valid.
I want ask you that in the line:
d2i_X509(&x, (const unsigned char**)&pCert->pbCertEncoded,
pCert->cbCertEncoded);
do you have to convert certificate x509? which form did you converted
(DER?) and which function did you use? I have read d2i_X509.pod but it
don't say that if can i apply direct this function to a x509 certificate or
i have convert it before use function d2i_X509()?
I need help, thanks.
Nguyen.
