本文整理匯總了C++中ECDSA_SIG_new函數的典型用法代碼示例。如果您正苦於以下問題:C++ ECDSA_SIG_new函數的具體用法?C++ ECDSA_SIG_new怎麽用?C++ ECDSA_SIG_new使用的例子?那麽, 這裏精選的函數代碼示例或許可以為您提供幫助。
在下文中一共展示了ECDSA_SIG_new函數的15個代碼示例,這些例子默認根據受歡迎程度排序。您可以為喜歡或者感覺有用的代碼點讚,您的評價將有助於係統推薦出更棒的C++代碼示例。
示例1: ECDSA_verify
/* returns
* 1: correct signature
* 0: incorrect signature
* -1: error
*/
int
ECDSA_verify(int type, const unsigned char *dgst, int dgst_len,
const unsigned char *sigbuf, int sig_len, EC_KEY *eckey)
{
ECDSA_SIG *s;
unsigned char *der = NULL;
const unsigned char *p = sigbuf;
int derlen = -1;
int ret = -1;
s = ECDSA_SIG_new();
if (s == NULL)
return (ret);
if (d2i_ECDSA_SIG(&s, &p, sig_len) == NULL)
goto err;
/* Ensure signature uses DER and doesn't have trailing garbage */
derlen = i2d_ECDSA_SIG(s, &der);
if (derlen != sig_len || memcmp(sigbuf, der, derlen))
goto err;
ret = ECDSA_do_verify(dgst, dgst_len, s, eckey);
err:
freezero(der, derlen);
ECDSA_SIG_free(s);
return (ret);
}
示例2: ECDSA_SIG_new
bool CKey::Verify(uint256 hash, const std::vector<unsigned char>& vchSig)
{
if (vchSig.empty())
return false;
// New versions of OpenSSL will reject non-canonical DER signatures. de/re-serialize first.
unsigned char *norm_der = NULL;
ECDSA_SIG *norm_sig = ECDSA_SIG_new();
const unsigned char* sigptr = &vchSig[0];
assert(norm_sig);
if (d2i_ECDSA_SIG(&norm_sig, &sigptr, vchSig.size()) == NULL)
{
/* As of OpenSSL 1.0.0p d2i_ECDSA_SIG frees and nulls the pointer on
* error. But OpenSSL's own use of this function redundantly frees the
* result. As ECDSA_SIG_free(NULL) is a no-op, and in the absence of a
* clear contract for the function behaving the same way is more
* conservative.
*/
ECDSA_SIG_free(norm_sig);
return false;
}
int derlen = i2d_ECDSA_SIG(norm_sig, &norm_der);
ECDSA_SIG_free(norm_sig);
if (derlen <= 0)
return false;
// -1 = error, 0 = bad sig, 1 = good
bool ret = ECDSA_verify(0, (unsigned char*)&hash, sizeof(hash), norm_der, derlen, pkey) == 1;
OPENSSL_free(norm_der);
return ret;
}
示例3: ECDSA_get_ex_data
static ECDSA_SIG *pkcs11_ecdsa_sign(const unsigned char *dgst, int dgst_len,
const BIGNUM *inv, const BIGNUM *rp,
EC_KEY *ecdsa) {
struct pkcs11_key_data *pkd = NULL;
CK_MECHANISM mech = {
CKM_ECDSA, NULL_PTR, 0
};
CK_ULONG tlen = 0;
CK_RV rv;
#if OPENSSL_VERSION_NUMBER < 0x10100000L
pkd = ECDSA_get_ex_data(ecdsa, pkcs11_ecdsa_key_idx);
#else
pkd = EC_KEY_get_ex_data(ecdsa, pkcs11_ecdsa_key_idx);
#endif
if((pkd != NULL) &&
((rv = pkd->funcs->C_SignInit(pkd->session, &mech, pkd->key)) == CKR_OK)) {
CK_BYTE_PTR buf = NULL;
ECDSA_SIG *rval;
BIGNUM *r, *s;
int nlen;
/* Make a call to C_Sign to find out the size of the signature */
rv = pkd->funcs->C_Sign(pkd->session, (CK_BYTE *)dgst, dgst_len, NULL, &tlen);
if (rv != CKR_OK) {
return NULL;
}
if ((buf = malloc(tlen)) == NULL) {
return NULL;
}
rv = pkd->funcs->C_Sign(pkd->session, (CK_BYTE *)dgst, dgst_len, buf, &tlen);
if (rv != CKR_OK) {
free(buf);
return NULL;
}
if ((rval = ECDSA_SIG_new()) != NULL) {
/*
* ECDSA signature is 2 large integers of same size returned
* concatenated by PKCS#11, we separate them to create an
* ECDSA_SIG for OpenSSL.
*/
nlen = tlen / 2;
#if OPENSSL_VERSION_NUMBER >= 0x10100000L
ECDSA_SIG_get0(&r, &s, rval);
#else
r = rval->r;
s = rval->s;
#endif
BN_bin2bn(&buf[0], nlen, r);
BN_bin2bn(&buf[nlen], nlen, s);
}
free(buf);
return rval;
} else {
return NULL;
}
}
示例4: verification
int verification(
const unsigned char m[SHORTHASH_BYTES],const unsigned long long mlen,
const unsigned char sm[SIGNATURE_BYTES],const unsigned long long smlen,
const unsigned char pk[PUBLICKEY_BYTES],const unsigned long long pklen
)
{
unsigned char h[20];
EC_GROUP *group;
EC_KEY *k;
EC_POINT *kxy;
BIGNUM *kx;
BIGNUM *ky;
ECDSA_SIG *rs;
int len;
if (smlen != SIGNATURE_BYTES) return -1;
if (mlen > SHORTHASH_BYTES) return -1;
SHA1(m,mlen,h);
group = EC_GROUP_new_by_curve_name(NID);
if (!group) return -1;
kx = BN_new(); if (!kx) return -1;
ky = BN_new(); if (!ky) { BN_free(kx); return -1; }
kxy = EC_POINT_new(group); if (!kxy) { BN_free(ky); BN_free(kx); return -1; }
k = EC_KEY_new(); if (!k) { EC_POINT_free(kxy); BN_free(ky); BN_free(kx); return -1; }
rs = ECDSA_SIG_new(); if (!rs) { EC_KEY_free(k); EC_POINT_free(kxy); BN_free(ky); BN_free(kx); return -1; }
if (!EC_KEY_set_group(k,group)) goto error;
if (!BN_bin2bn(pk,PRIME_BYTES,kx)) goto error; pk += PRIME_BYTES;
if (!BN_bin2bn(pk,PRIME_BYTES,ky)) goto error;
#ifdef PRIME_FIELD
if (!EC_POINT_set_affine_coordinates_GFp(group,kxy,kx,ky,0)) goto error;
#else
if (!EC_POINT_set_affine_coordinates_GF2m(group,kxy,kx,ky,0)) goto error;
#endif
if (!EC_KEY_set_public_key(k,kxy)) goto error;
if (!BN_bin2bn(sm,PRIME_BYTES,rs->r)) goto error; sm += PRIME_BYTES;
if (!BN_bin2bn(sm,PRIME_BYTES,rs->s)) goto error;
len = ECDSA_do_verify(h,20,rs,k);
ECDSA_SIG_free(rs);
EC_KEY_free(k);
EC_POINT_free(kxy);
BN_free(ky);
BN_free(kx);
if (len == 1) return 0;
if (len == 0) return -100;
return -1;
error:
ECDSA_SIG_free(rs);
EC_KEY_free(k);
EC_POINT_free(kxy);
BN_free(ky);
BN_free(kx);
return -1;
}
示例5: FC_THROW_EXCEPTION
public_key::public_key( const compact_signature& c, const fc::sha256& digest, bool check_canonical )
{
int nV = c.data[0];
if (nV<27 || nV>=35)
FC_THROW_EXCEPTION( exception, "unable to reconstruct public key from signature" );
ECDSA_SIG *sig = ECDSA_SIG_new();
BN_bin2bn(&c.data[1],32,sig->r);
BN_bin2bn(&c.data[33],32,sig->s);
if( check_canonical )
{
FC_ASSERT( is_canonical( c ), "signature is not canonical" );
}
my->_key = EC_KEY_new_by_curve_name(NID_secp256k1);
if (nV >= 31)
{
EC_KEY_set_conv_form( my->_key, POINT_CONVERSION_COMPRESSED );
nV -= 4;
// fprintf( stderr, "compressed\n" );
}
if (detail::public_key_impl::ECDSA_SIG_recover_key_GFp(my->_key, sig, (unsigned char*)&digest, sizeof(digest), nV - 27, 0) == 1)
{
ECDSA_SIG_free(sig);
return;
}
ECDSA_SIG_free(sig);
FC_THROW_EXCEPTION( exception, "unable to reconstruct public key from signature" );
}
示例6: ECDSA_SIG_new
// reconstruct public key from a compact signature
// This is only slightly more CPU intensive than just verifying it.
// If this function succeeds, the recovered public key is guaranteed to be valid
// (the signature is a valid signature of the given data for that key)
bool CKey::SetCompactSignature(uint256 hash, const std::vector<unsigned char>& vchSig)
{
if (vchSig.size() != 65)
return false;
int nV = vchSig[0];
if (nV<27 || nV>=35)
return false;
ECDSA_SIG *sig = ECDSA_SIG_new();
BN_bin2bn(&vchSig[1],32,sig->r);
BN_bin2bn(&vchSig[33],32,sig->s);
EC_KEY_free(pkey);
pkey = EC_KEY_new_by_curve_name(NID_secp256k1);
if (nV >= 31)
{
SetCompressedPubKey();
nV -= 4;
}
if (ECDSA_SIG_recover_key_GFp(pkey, sig, (unsigned char*)&hash, sizeof(hash), nV - 27, 0) == 1)
{
fSet = true;
ECDSA_SIG_free(sig);
return true;
}
return false;
}
示例7: pkcs11_get_ex_data_ec
/**
* ECDSA signing method (replaces ossl_ecdsa_sign_sig)
*
* @param dgst hash value to sign
* @param dlen length of the hash value
* @param kinv precomputed inverse k (from the sign_setup method)
* @param rp precomputed rp (from the sign_setup method)
* @param ec private EC signing key
* @return pointer to a ECDSA_SIG structure or NULL if an error occurred
*/
static ECDSA_SIG *pkcs11_ecdsa_sign_sig(const unsigned char *dgst, int dlen,
const BIGNUM *kinv, const BIGNUM *rp, EC_KEY *ec)
{
unsigned char sigret[512]; /* HACK for now */
ECDSA_SIG *sig;
PKCS11_KEY *key;
unsigned int siglen;
BIGNUM *r, *s, *order;
(void)kinv; /* Precomputed values are not used for PKCS#11 */
(void)rp; /* Precomputed values are not used for PKCS#11 */
key = pkcs11_get_ex_data_ec(ec);
if (check_key_fork(key) < 0) {
sign_sig_fn orig_sign_sig;
#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
const EC_KEY_METHOD *meth = EC_KEY_OpenSSL();
EC_KEY_METHOD_get_sign((EC_KEY_METHOD *)meth,
NULL, NULL, &orig_sign_sig);
#else
const ECDSA_METHOD *meth = ECDSA_OpenSSL();
orig_sign_sig = meth->ecdsa_do_sign;
#endif
return orig_sign_sig(dgst, dlen, kinv, rp, ec);
}
/* Truncate digest if its byte size is longer than needed */
order = BN_new();
if (order) {
const EC_GROUP *group = EC_KEY_get0_group(ec);
if (group && EC_GROUP_get_order(group, order, NULL)) {
int klen = BN_num_bits(order);
if (klen < 8*dlen)
dlen = (klen+7)/8;
}
BN_free(order);
}
siglen = sizeof sigret;
if (pkcs11_ecdsa_sign(dgst, dlen, sigret, &siglen, key) <= 0)
return NULL;
r = BN_bin2bn(sigret, siglen/2, NULL);
s = BN_bin2bn(sigret + siglen/2, siglen/2, NULL);
sig = ECDSA_SIG_new();
if (sig == NULL)
return NULL;
#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
ECDSA_SIG_set0(sig, r, s);
#else
BN_free(sig->r);
sig->r = r;
BN_free(sig->s);
sig->s = s;
#endif
return sig;
}
示例8: ecdsa_sign_write
/*!
* \brief Finish the signing and write out the ECDSA signature.
* \see rsa_sign_write
*/
static int ecdsa_sign_write(const knot_dnssec_sign_context_t *context,
uint8_t *signature, size_t signature_size)
{
assert(context);
assert(signature);
size_t output_size = ecdsa_sign_size(context->key);
if (output_size != signature_size) {
return KNOT_DNSSEC_EUNEXPECTED_SIGNATURE_SIZE;
}
// create raw signature
uint8_t *raw_signature = NULL;
size_t raw_size = 0;
int result = sign_alloc_and_write(context, &raw_signature, &raw_size);
if (result != KNOT_EOK) {
return result;
}
// decode signature
ECDSA_SIG *decoded = ECDSA_SIG_new();
if (!decoded) {
free(raw_signature);
return KNOT_ENOMEM;
}
const uint8_t *decode_scan = raw_signature;
if (!d2i_ECDSA_SIG(&decoded, &decode_scan, (long)raw_size)) {
ECDSA_SIG_free(decoded);
free(raw_signature);
return KNOT_DNSSEC_EDECODE_RAW_SIGNATURE;
}
free(raw_signature);
// convert to format defined by RFC 6605 (EC DSA for DNSSEC)
// R and S parameters are encoded in halves of the output signature
uint8_t *signature_r;
uint8_t *signature_s;
size_t param_size = output_size / 2;
memset(signature, '\0', output_size);
signature_r = signature + param_size - BN_num_bytes(decoded->r);
signature_s = signature + 2 * param_size - BN_num_bytes(decoded->s);
BN_bn2bin(decoded->r, signature_r);
BN_bn2bin(decoded->s, signature_s);
ECDSA_SIG_free(decoded);
return KNOT_EOK;
}
示例9: ECDSA_SIG_new
bool CECKey::Recover(const uint256 &hash, const unsigned char *p64, int rec)
{
if (rec<0 || rec>=3)
return false;
ECDSA_SIG *sig = ECDSA_SIG_new();
BN_bin2bn(&p64[0], 32, sig->r);
BN_bin2bn(&p64[32], 32, sig->s);
bool ret = ECDSA_SIG_recover_key_GFp(pkey, sig, (unsigned char*)&hash, sizeof(hash), rec, 0) == 1;
ECDSA_SIG_free(sig);
return ret;
}
示例10: el_verify_license_key
int el_verify_license_key(el_context_t ctxt,
const char *licenseKey, const char *name)
{
// TODO: change this back to use C99 variable length arrays once Visual C++
// can deal with it (2013 still can't)
ECDSA_SIG *signature = NULL;
uint8_t *signatureData = NULL;
uint8_t *digest = NULL;
if (!licenseKey || !strlen(licenseKey) || !name || !strlen(name))
return 0;
// TODO: blocked keys checking
int signatureLength = el_base32_decode_buffer_size(strlen(licenseKey));
signatureData = malloc(signatureLength);
signatureLength = el_base32_decode(licenseKey, signatureData, signatureLength);
// Check length of signature before verifying
if (signatureLength != ctxt->digestLength * 2)
{
free(signatureData);
return 0;
}
signature = ECDSA_SIG_new();
if (!signature)
{
free(signatureData);
return 0;
}
size_t partLen = signatureLength / 2;
signature->r = BN_bin2bn(signatureData, partLen, signature->r);
signature->s = BN_bin2bn(signatureData + partLen, partLen, signature->s);
if (!signature->r || !signature->s)
{
free(signatureData);
ECDSA_SIG_free(signature);
return 0;
}
digest = malloc(ctxt->digestLength);
el_compute_digest(name, digest, ctxt->digestLength);
int result = ECDSA_do_verify(digest, ctxt->digestLength, signature, ctxt->ecKey) == 1;
free(signatureData);
free(digest);
ECDSA_SIG_free(signature);
return result;
}
示例11: vchSig
// Credit: https://github.com/ppcoin/ppcoin/pull/101/files
bool CKey::Verify(uint256 hash, const std::vector<unsigned char>& vchSigParam)
{
// Prevent the problem described here:
// https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2015-July/009697.html
// by removing the extra length bytes
std::vector<unsigned char> vchSig(vchSigParam.begin(), vchSigParam.end());
if (vchSig.size() > 1 && vchSig[1] & 0x80)
{
unsigned char nLengthBytes = vchSig[1] & 0x7f;
if (vchSig.size() < 2 + nLengthBytes)
return false;
if (nLengthBytes > 4)
{
unsigned char nExtraBytes = nLengthBytes - 4;
for (unsigned char i = 0; i < nExtraBytes; i++)
if (vchSig[2 + i])
return false;
vchSig.erase(vchSig.begin() + 2, vchSig.begin() + 2 + nExtraBytes);
vchSig[1] = 0x80 | (nLengthBytes - nExtraBytes);
}
}
if (vchSig.empty())
return false;
// New versions of OpenSSL will reject non-canonical DER signatures. de/re-serialize first.
unsigned char *norm_der = NULL;
ECDSA_SIG *norm_sig = ECDSA_SIG_new();
const unsigned char* sigptr = &vchSig[0];
assert(norm_sig);
if (d2i_ECDSA_SIG(&norm_sig, &sigptr, vchSig.size()) == NULL)
{
/* As of OpenSSL 1.0.0p d2i_ECDSA_SIG frees and nulls the pointer on
* error. But OpenSSL's own use of this function redundantly frees the
* result. As ECDSA_SIG_free(NULL) is a no-op, and in the absence of a
* clear contract for the function behaving the same way is more
* conservative.
*/
ECDSA_SIG_free(norm_sig);
return false;
}
int derlen = i2d_ECDSA_SIG(norm_sig, &norm_der);
ECDSA_SIG_free(norm_sig);
if (derlen <= 0)
return false;
// -1 = error, 0 = bad sig, 1 = good
bool ret = ECDSA_verify(0, (unsigned char*)&hash, sizeof(hash), norm_der, derlen, pkey) == 1;
OPENSSL_free(norm_der);
return ret;
}
示例12: PKCS11err
/**
* ECDSA signing method (replaces ossl_ecdsa_sign_sig)
*
* @param dgst hash value to sign
* @param dlen length of the hash value
* @param kinv precomputed inverse k (from the sign_setup method)
* @param rp precomputed rp (from the sign_setup method)
* @param ec private EC signing key
* @return pointer to a ECDSA_SIG structure or NULL if an error occurred
*/
static ECDSA_SIG *pkcs11_ecdsa_sign_sig(const unsigned char *dgst, int dlen,
const BIGNUM *kinv, const BIGNUM *rp, EC_KEY *ec)
{
unsigned char sigret[512]; /* HACK for now */
ECDSA_SIG *sig;
PKCS11_KEY *key;
unsigned int siglen;
BIGNUM *r, *s, *order;
(void)kinv; /* Precomputed values are not used for PKCS#11 */
(void)rp; /* Precomputed values are not used for PKCS#11 */
#if OPENSSL_VERSION_NUMBER >= 0x10100000L
key = (PKCS11_KEY *)EC_KEY_get_ex_data(ec, ec_ex_index);
#else
key = (PKCS11_KEY *)ECDSA_get_ex_data(ec, ec_ex_index);
#endif
if (key == NULL) {
PKCS11err(PKCS11_F_PKCS11_EC_KEY_SIGN, PKCS11_ALIEN_KEY);
return NULL;
}
/* TODO: Add an atfork check */
/* Truncate digest if its byte size is longer than needed */
order = BN_new();
if (order) {
const EC_GROUP *group = EC_KEY_get0_group(ec);
if (group && EC_GROUP_get_order(group, order, NULL)) {
int klen = BN_num_bits(order);
if (klen < 8*dlen)
dlen = (klen+7)/8;
}
BN_free(order);
}
siglen = sizeof sigret;
if (pkcs11_ecdsa_sign(dgst, dlen, sigret, &siglen, key) <= 0)
return NULL;
sig = ECDSA_SIG_new();
if (sig == NULL)
return NULL;
#if OPENSSL_VERSION_NUMBER >= 0x10100000L
ECDSA_SIG_get0(&r, &s, sig);
#else
r = sig->r;
s = sig->s;
#endif
BN_bin2bn(sigret, siglen/2, r);
BN_bin2bn(sigret + siglen/2, siglen/2, s);
return sig;
}
示例13: pkcs11_ecdsa_do_sign
static ECDSA_SIG * pkcs11_ecdsa_do_sign(const unsigned char *dgst, int dlen,
const BIGNUM *inv, const BIGNUM *r, EC_KEY * ec)
{
unsigned char sigret[512]; /* HACK for now */
ECDSA_SIG * sig = NULL;
PKCS11_KEY * key = NULL;
unsigned int siglen;
int nLen = 48; /* HACK */
int rv;
#if OPENSSL_VERSION_NUMBER >= 0x10100000L
key = (PKCS11_KEY *) EC_KEY_get_ex_data(ec, ec_key_ex_index);
#else
key = (PKCS11_KEY *) ECDSA_get_ex_data(ec, ecdsa_ex_index);
#endif
if (key == NULL)
return NULL;
siglen = sizeof(sigret);
rv = PKCS11_ecdsa_sign(dgst, dlen, sigret, &siglen, key);
nLen = siglen / 2;
if (rv > 0) {
sig = ECDSA_SIG_new();
if (sig) {
#if OPENSSL_VERSION_NUMBER >= 0x10100000L
/*
* OpenSSL 1.1 does not have a way to allocate r and s
* in ECDSA_SIG as it is now hidden.
* Will us dummy ASN1 so r and s are allocated then
* use ECDSA_SIG_get0 to get access to r and s
* can then update r annd s
*/
const unsigned char *a;
unsigned char dasn1[8] =
{0x30, 0x06, 0x02, 0x01, 0x00, 0x02, 0x01, 0x00};
BIGNUM *r;
BIGNUM *s;
a = dasn1;
d2i_ECDSA_SIG(&sig, &a, 8);
ECDSA_SIG_get0(&r, &s, sig);
BN_bin2bn(&sigret[0], nLen, r);
BN_bin2bn(&sigret[nLen], nLen, s);
#else
BN_bin2bn(&sigret[0], nLen, sig->r);
BN_bin2bn(&sigret[nLen], nLen, sig->s);
#endif
}
}
return sig;
}
示例14: opensslecdsa_verify
static isc_result_t
opensslecdsa_verify(dst_context_t *dctx, const isc_region_t *sig) {
isc_result_t ret;
dst_key_t *key = dctx->key;
int status;
unsigned char *cp = sig->base;
ECDSA_SIG *ecdsasig = NULL;
EVP_MD_CTX *evp_md_ctx = dctx->ctxdata.evp_md_ctx;
EVP_PKEY *pkey = key->keydata.pkey;
EC_KEY *eckey = EVP_PKEY_get1_EC_KEY(pkey);
unsigned int dgstlen, siglen;
unsigned char digest[EVP_MAX_MD_SIZE];
REQUIRE(key->key_alg == DST_ALG_ECDSA256 ||
key->key_alg == DST_ALG_ECDSA384);
if (eckey == NULL)
return (ISC_R_FAILURE);
if (key->key_alg == DST_ALG_ECDSA256)
siglen = DNS_SIG_ECDSA256SIZE;
else
siglen = DNS_SIG_ECDSA384SIZE;
if (sig->length != siglen)
return (DST_R_VERIFYFAILURE);
if (!EVP_DigestFinal_ex(evp_md_ctx, digest, &dgstlen))
DST_RET (ISC_R_FAILURE);
ecdsasig = ECDSA_SIG_new();
if (ecdsasig == NULL)
DST_RET (ISC_R_NOMEMORY);
ecdsasig->r = BN_bin2bn(cp, siglen / 2, NULL);
cp += siglen / 2;
ecdsasig->s = BN_bin2bn(cp, siglen / 2, NULL);
/* cp += siglen / 2; */
status = ECDSA_do_verify(digest, dgstlen, ecdsasig, eckey);
if (status != 1)
DST_RET (dst__openssl_toresult(DST_R_VERIFYFAILURE));
ret = ISC_R_SUCCESS;
err:
if (ecdsasig != NULL)
ECDSA_SIG_free(ecdsasig);
if (eckey != NULL)
EC_KEY_free(eckey);
return (ret);
}
示例15: ECDSA_verify
/* returns
* 1: correct signature
* 0: incorrect signature
* -1: error
*/
int ECDSA_verify(int type, const unsigned char *dgst, int dgst_len,
const unsigned char *sigbuf, int sig_len, EC_KEY *eckey)
{
ECDSA_SIG *s;
int ret=-1;
s = ECDSA_SIG_new();
if (s == NULL) return(ret);
if (d2i_ECDSA_SIG(&s, &sigbuf, sig_len) == NULL) goto err;
ret=ECDSA_do_verify(dgst, dgst_len, s, eckey);
err:
ECDSA_SIG_free(s);
return(ret);
}