Friday, 15 June 2012

c++ - SSL signature verrification cross language issue -



c++ - SSL signature verrification cross language issue -

i have next code in c websocket server application have. code performs ssl signature verification on message given public key. code works fine in c application, started writing on c++.the issue encountered same code, below, in both applications, without change, both times receiving same input data, 1 compiled c++ yields ssl error bad signature.

here code:

int verifymessagesignature(const char* decoded_message, int pos, unsigned char* signature, char* publickey) { ssl_library_init(); ssl_load_error_strings(); err_load_bio_strings(); // openssl_add_all_algorithms() if (!publickey) { printf("publickey null\n"); } bio* keybio = bio_new_mem_buf(publickey, -1); if(!keybio) { printf("failed created bio\n"); printerror(err_get_error()); } bio_set_mem_eof_return(keybio, 0); rsa* rsa = pem_read_bio_rsa_pubkey(keybio, null, null, null); if (!rsa) { printf("error in pem_read_bio_rsa_pubkey\n"); printerror(err_get_error()); } evp_md_ctx *mdctx = null; if (!(mdctx = evp_md_ctx_create())) { printf("error in ctx\n"); printerror(err_get_error()); } evp_pkey* pk = evp_pkey_new(); if (evp_pkey_set1_rsa(pk, rsa) != 1) { printf("err in evp_pkey_set1_rsa\n"); printerror(err_get_error()); } if (evp_digestverifyinit(mdctx, null, evp_sha1(), null, pk) != 1) { printf("error in evp_digestverifyinit\n"); printerror(err_get_error()); } if (evp_digestverifyupdate(mdctx, decoded_message, pos) != 1) { printf("error in evp_digestverifyupdate\n"); printerror(err_get_error()); } if (evp_digestverifyfinal(mdctx, signature, 512) == 1) { /* success */ printf("successful verification!\n"); } else { /* failure */ printf("unsuccessful verification!\n"); printerror(err_get_error()); bio_free_all(keybio); rsa_free(rsa); evp_pkey_free(pk); evp_md_ctx_destroy(mdctx); err_free_strings(); homecoming 1; } bio_free_all(keybio); rsa_free(rsa); evp_pkey_free(pk); evp_md_ctx_destroy(mdctx); err_free_strings(); homecoming 0;

}

this code works fine in c. verifies signature in tests, whilst same code, same input info (keys, messages, etc..) in c++ yields bad signature.

i compiling under ubuntu, using gcc , g++ (latest)

what causing issue?

solved. issue was using std::string pass decoded message around, somehow fucking up. switched c++ code utilize char* strings section , fine now.

thanks replies, hope else finds useful.

edit: ps: using function generating decoded message itself. usage of std::string there causing issue.

c++ c ssl openssl

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)