OpenSSL occasionally generates wrong signature

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

OpenSSL occasionally generates wrong signature

Dmitry
Hello!

I have a C++ programme, ECDSA key pair and some string to sign. The programme generates signature and saves it into a file (signature.bin). Then I check the validity of the signature via the following command:

openssl dgst -verify ec_public.pem -signature signature.bin ToSign.txt

the problem is that my programme sometimes generates wrong signature. 16 times out of 21 the signature produced is invalid and the above command outputs:
Error Verifying Data

while in the remaining 5 occurrences it outputs:
Verified OK

Do you have any ideas of how it can be possible? What am I doing wrong?


Here is the programme:

SSL_library_init();
OPENSSL_config(nullptr);
SSL_load_error_strings();
OpenSSL_add_all_algorithms();
ERR_load_BIO_strings();
CRYPTO_set_id_callback(ThreadIdFunction);
CRYPTO_set_locking_callback(LockingFunction);

const TString pk = "-----BEGIN EC PRIVATE KEY-----\n"
                       "MHcCAQEEIG90zmo1o3NWNFa8wp2z4rdQXGSN8xAP/OATLpwlgi+1oAoGCCqGSM49\n"
                       "AwEHoUQDQgAE5TwpzBhjUWZoOf629GfwGG5WlRJD7TSuz+ZTHUaiK5mj2qgxBOPk\n"
                       "eqOrTYXsiPwnaWe23zHjIM8NOhAm1BiGgA==\n"
                       "-----END EC PRIVATE KEY-----\n";

const TString ToSign = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJhc2RmIn0";

EVP_MD_CTX *Ctx    = EVP_MD_CTX_create();
BIO *       Bio    = BIO_new_mem_buf(pk.data(), pk.size());
EVP_PKEY *  EVPKey = PEM_read_bio_PrivateKey(Bio, nullptr, nullptr, nullptr);

EVP_DigestSignInit(Ctx, nullptr, EVP_sha256(), nullptr, EVPKey);
EVP_DigestSignUpdate(Ctx, ToSign.data(), ToSign.size());
size_t SignatureLength;
EVP_DigestSignFinal(Ctx, nullptr, &SignatureLength);

TString Result;
Result.resize(SignatureLength);
EVP_DigestSignFinal(Ctx, reinterpret_cast<unsigned char *>(const_cast<char *>(Result.data())), &SignatureLength);

// Saving to file...

Thank you in advance

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: OpenSSL occasionally generates wrong signature

OpenSSL - User mailing list
On 16/10/2018 16:39, Dmitry wrote:

> Hello!
>
> I have a C++ programme, ECDSA key pair and some string to sign. The
> programme generates signature and saves it into a file
> (signature.bin). Then I check the validity of the signature via the
> following command:
>
> openssl dgst -verify ec_public.pem -signature signature.bin ToSign.txt
>
> the problem is that *my programme sometimes generates wrong
> signature*. 16 times out of 21 the signature produced is invalid and
> the above command outputs:
> Error Verifying Data
>
> while in the remaining 5 occurrences it outputs:
> Verified OK
>
> Do you have any ideas of how it can be possible? What am I doing wrong?
>
>
> Here is the programme:
>
> SSL_library_init();
> OPENSSL_config(nullptr);
> SSL_load_error_strings();
> OpenSSL_add_all_algorithms();
> ERR_load_BIO_strings();
> CRYPTO_set_id_callback(ThreadIdFunction);
> CRYPTO_set_locking_callback(LockingFunction);
>
> const TString pk = "-----BEGIN EC PRIVATE KEY-----\n"
>  "MHcCAQEEIG90zmo1o3NWNFa8wp2z4rdQXGSN8xAP/OATLpwlgi+1oAoGCCqGSM49\n"
>  "AwEHoUQDQgAE5TwpzBhjUWZoOf629GfwGG5WlRJD7TSuz+ZTHUaiK5mj2qgxBOPk\n"
>  "eqOrTYXsiPwnaWe23zHjIM8NOhAm1BiGgA==\n"
>                      "-----END EC PRIVATE KEY-----\n";
>
> const TString ToSign =
> "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJhc2RmIn0";
>
> EVP_MD_CTX *Ctx    = EVP_MD_CTX_create();
> BIO *       Bio    = BIO_new_mem_buf(pk.data(), pk.size());
> EVP_PKEY *  EVPKey = PEM_read_bio_PrivateKey(Bio, nullptr, nullptr,
> nullptr);
>
> EVP_DigestSignInit(Ctx, nullptr, EVP_sha256(), nullptr, EVPKey);
> EVP_DigestSignUpdate(Ctx, ToSign.data(), ToSign.size());
> size_t SignatureLength;
> EVP_DigestSignFinal(Ctx, nullptr, &SignatureLength);
>
> TString Result;
^^^^^^^ You are treating binary data as a string.
Chances are the TString class will truncate at the first byte with
the value zero, and/or do some other text-specific thing that is bad
for binary data.

> Result.resize(SignatureLength);
> EVP_DigestSignFinal(Ctx, reinterpret_cast<unsigned char
> *>(const_cast<char *>(Result.data())), &SignatureLength);
>
> // Saving to file...
>

Enjoy

Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S.  https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark.  Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: OpenSSL occasionally generates wrong signature

Dmitry
Thank you for the hint, but it looks like the problem is somewhere else

I rewrote the piece of code in such a way:
    char *Result = new char [SignatureLength];
    EVP_DigestSignFinal(Ctx, reinterpret_cast<unsigned char *>(Result), &SignatureLength);
    
    TFile SignatureBin = {"/home/gc/signature.bin", ...};
    SignatureBin.Write(Result, SignatureLength);

but the problem still persists.

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: OpenSSL occasionally generates wrong signature

Dmitry
Looks like there is some problem in higher-level EVP_ functions.

I completely rewrote the example using lower-level ECDSA_do_sign and it started to work always.

Here is the code:
   EVP_MD_CTX *Ctx = EVP_MD_CTX_create();
   EVP_DigestInit(Ctx, EVP_sha256());
   EVP_DigestUpdate(Ctx, dt.data(), dt.size());
   QByteArray Digest;
   Digest.resize(EVP_MAX_MD_SIZE);
   unsigned int Len;
   EVP_DigestFinal(Ctx, reinterpret_cast<unsigned char *>(Digest.data()), &Len);
   Digest.resize(Len);

   BIO *   Bio   = BIO_new_mem_buf(pk.data(), pk.size());
   EC_KEY *ECKey = PEM_read_bio_ECPrivateKey(Bio, nullptr, nullptr, nullptr);
   ECDSA_SIG *Signature = ECDSA_do_sign(reinterpret_cast<unsigned char *>(Digest.data()), Digest.size(), ECKey);

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users