[openssl-users] OpenSSL occasionally generates wrong signature

Dmitry dimanne at gmail.com
Tue Oct 16 14:39:49 UTC 2018 

Hello!

I have a C++ programme, ECDSA key pair and some string to sign. The
programme generates signature and saves it into a file (signature.bin).
Then I check the validity of the signature via the following command:

openssl dgst -verify ec_public.pem -signature signature.bin ToSign.txt

the problem is that *my programme sometimes generates wrong signature*. 16
times out of 21 the signature produced is invalid and the above command
outputs:
Error Verifying Data

while in the remaining 5 occurrences it outputs:
Verified OK

Do you have any ideas of how it can be possible? What am I doing wrong?


Here is the programme:

SSL_library_init();
OPENSSL_config(nullptr);
SSL_load_error_strings();
OpenSSL_add_all_algorithms();
ERR_load_BIO_strings();
CRYPTO_set_id_callback(ThreadIdFunction);
CRYPTO_set_locking_callback(LockingFunction);

const TString pk = "-----BEGIN EC PRIVATE KEY-----\n"

 "MHcCAQEEIG90zmo1o3NWNFa8wp2z4rdQXGSN8xAP/OATLpwlgi+1oAoGCCqGSM49\n"

 "AwEHoUQDQgAE5TwpzBhjUWZoOf629GfwGG5WlRJD7TSuz+ZTHUaiK5mj2qgxBOPk\n"
                       "eqOrTYXsiPwnaWe23zHjIM8NOhAm1BiGgA==\n"
                       "-----END EC PRIVATE KEY-----\n";

const TString ToSign =
"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJhc2RmIn0";

EVP_MD_CTX *Ctx    = EVP_MD_CTX_create();
BIO *       Bio    = BIO_new_mem_buf(pk.data(), pk.size());
EVP_PKEY *  EVPKey = PEM_read_bio_PrivateKey(Bio, nullptr, nullptr,
nullptr);

EVP_DigestSignInit(Ctx, nullptr, EVP_sha256(), nullptr, EVPKey);
EVP_DigestSignUpdate(Ctx, ToSign.data(), ToSign.size());
size_t SignatureLength;
EVP_DigestSignFinal(Ctx, nullptr, &SignatureLength);

TString Result;
Result.resize(SignatureLength);
EVP_DigestSignFinal(Ctx, reinterpret_cast<unsigned char *>(const_cast<char
*>(Result.data())), &SignatureLength);

// Saving to file...

Thank you in advance
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20181016/821bb7e2/attachment-0001.html>

More information about the openssl-users mailing list