Re: [openssl-users] OpenSSL occasionally generates wrong signature
Looks like there is some problem in higher-level EVP_ functions. I completely rewrote the example using lower-level ECDSA_do_sign and it started to work always. Here is the code: EVP_MD_CTX *Ctx = EVP_MD_CTX_create(); EVP_DigestInit(Ctx, EVP_sha256()); EVP_DigestUpdate(Ctx, dt.data(), dt.size()); QByteArray Digest; Digest.resize(EVP_MAX_MD_SIZE); unsigned int Len; EVP_DigestFinal(Ctx, reinterpret_cast(Digest.data()), &Len); Digest.resize(Len); BIO * Bio = BIO_new_mem_buf(pk.data(), pk.size()); EC_KEY *ECKey = PEM_read_bio_ECPrivateKey(Bio, nullptr, nullptr, nullptr); ECDSA_SIG *Signature = ECDSA_do_sign(reinterpret_cast(Digest.data()), Digest.size(), ECKey); -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] OpenSSL occasionally generates wrong signature
Thank you for the hint, but it looks like the problem is somewhere else
I rewrote the piece of code in such a way:
char *Result = new char [SignatureLength];
EVP_DigestSignFinal(Ctx, reinterpret_cast(Result),
&SignatureLength);
TFile SignatureBin = {"/home/gc/signature.bin", ...};
SignatureBin.Write(Result, SignatureLength);
but the problem still persists.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] OpenSSL occasionally generates wrong signature
On 16/10/2018 16:39, Dmitry wrote: Hello! I have a C++ programme, ECDSA key pair and some string to sign. The programme generates signature and saves it into a file (signature.bin). Then I check the validity of the signature via the following command: openssl dgst -verify ec_public.pem -signature signature.bin ToSign.txt the problem is that *my programme sometimes generates wrong signature*. 16 times out of 21 the signature produced is invalid and the above command outputs: Error Verifying Data while in the remaining 5 occurrences it outputs: Verified OK Do you have any ideas of how it can be possible? What am I doing wrong? Here is the programme: SSL_library_init(); OPENSSL_config(nullptr); SSL_load_error_strings(); OpenSSL_add_all_algorithms(); ERR_load_BIO_strings(); CRYPTO_set_id_callback(ThreadIdFunction); CRYPTO_set_locking_callback(LockingFunction); const TString pk = "-BEGIN EC PRIVATE KEY-\n" "MHcCAQEEIG90zmo1o3NWNFa8wp2z4rdQXGSN8xAP/OATLpwlgi+1oAoGCCqGSM49\n" "AwEHoUQDQgAE5TwpzBhjUWZoOf629GfwGG5WlRJD7TSuz+ZTHUaiK5mj2qgxBOPk\n" "eqOrTYXsiPwnaWe23zHjIM8NOhAm1BiGgA==\n" "-END EC PRIVATE KEY-\n"; const TString ToSign = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJhc2RmIn0"; EVP_MD_CTX *Ctx = EVP_MD_CTX_create(); BIO * Bio = BIO_new_mem_buf(pk.data(), pk.size()); EVP_PKEY * EVPKey = PEM_read_bio_PrivateKey(Bio, nullptr, nullptr, nullptr); EVP_DigestSignInit(Ctx, nullptr, EVP_sha256(), nullptr, EVPKey); EVP_DigestSignUpdate(Ctx, ToSign.data(), ToSign.size()); size_t SignatureLength; EVP_DigestSignFinal(Ctx, nullptr, &SignatureLength); TString Result; ^^^ You are treating binary data as a string. Chances are the TString class will truncate at the first byte with the value zero, and/or do some other text-specific thing that is bad for binary data. Result.resize(SignatureLength); EVP_DigestSignFinal(Ctx, reinterpret_cast*>(const_cast(Result.data())), &SignatureLength); // Saving to file... Enjoy Jakob -- Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10 This public discussion message is non-binding and may contain errors. WiseMo - Remote Service Management for PCs, Phones and Embedded -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[openssl-users] OpenSSL occasionally generates wrong signature
Hello! I have a C++ programme, ECDSA key pair and some string to sign. The programme generates signature and saves it into a file (signature.bin). Then I check the validity of the signature via the following command: openssl dgst -verify ec_public.pem -signature signature.bin ToSign.txt the problem is that *my programme sometimes generates wrong signature*. 16 times out of 21 the signature produced is invalid and the above command outputs: Error Verifying Data while in the remaining 5 occurrences it outputs: Verified OK Do you have any ideas of how it can be possible? What am I doing wrong? Here is the programme: SSL_library_init(); OPENSSL_config(nullptr); SSL_load_error_strings(); OpenSSL_add_all_algorithms(); ERR_load_BIO_strings(); CRYPTO_set_id_callback(ThreadIdFunction); CRYPTO_set_locking_callback(LockingFunction); const TString pk = "-BEGIN EC PRIVATE KEY-\n" "MHcCAQEEIG90zmo1o3NWNFa8wp2z4rdQXGSN8xAP/OATLpwlgi+1oAoGCCqGSM49\n" "AwEHoUQDQgAE5TwpzBhjUWZoOf629GfwGG5WlRJD7TSuz+ZTHUaiK5mj2qgxBOPk\n" "eqOrTYXsiPwnaWe23zHjIM8NOhAm1BiGgA==\n" "-END EC PRIVATE KEY-\n"; const TString ToSign = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJhc2RmIn0"; EVP_MD_CTX *Ctx= EVP_MD_CTX_create(); BIO * Bio= BIO_new_mem_buf(pk.data(), pk.size()); EVP_PKEY * EVPKey = PEM_read_bio_PrivateKey(Bio, nullptr, nullptr, nullptr); EVP_DigestSignInit(Ctx, nullptr, EVP_sha256(), nullptr, EVPKey); EVP_DigestSignUpdate(Ctx, ToSign.data(), ToSign.size()); size_t SignatureLength; EVP_DigestSignFinal(Ctx, nullptr, &SignatureLength); TString Result; Result.resize(SignatureLength); EVP_DigestSignFinal(Ctx, reinterpret_cast(const_cast(Result.data())), &SignatureLength); // Saving to file... Thank you in advance -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
