自学教程：C++ ECDSA_verify函数代码示例

void test_ecdsa_openssl() {    const secp256k1_ge_consts_t *c = secp256k1_ge_consts;    secp256k1_num_t key, msg;    secp256k1_num_init(&msg);    unsigned char message[32];    secp256k1_rand256_test(message);    secp256k1_num_set_bin(&msg, message, 32);    secp256k1_num_init(&key);    random_num_order_test(&key);    secp256k1_gej_t qj;    secp256k1_ecmult_gen(&qj, &key);    secp256k1_ge_t q;    secp256k1_ge_set_gej(&q, &qj);    EC_KEY *ec_key = get_openssl_key(&key);    assert(ec_key);    unsigned char signature[80];    int sigsize = 80;    assert(ECDSA_sign(0, message, sizeof(message), signature, &sigsize, ec_key));    secp256k1_ecdsa_sig_t sig;    secp256k1_ecdsa_sig_init(&sig);    assert(secp256k1_ecdsa_sig_parse(&sig, signature, sigsize));    assert(secp256k1_ecdsa_sig_verify(&sig, &q, &msg));    secp256k1_num_inc(&sig.r);    assert(!secp256k1_ecdsa_sig_verify(&sig, &q, &msg));    random_sign(&sig, &key, &msg, NULL);    sigsize = 80;    assert(secp256k1_ecdsa_sig_serialize(signature, &sigsize, &sig));    assert(ECDSA_verify(0, message, sizeof(message), signature, sigsize, ec_key) == 1);    secp256k1_ecdsa_sig_free(&sig);    EC_KEY_free(ec_key);    secp256k1_num_free(&key);    secp256k1_num_free(&msg);}

void test_ecdsa_openssl(void) {    secp256k1_scalar_t key, msg;    unsigned char message[32];    secp256k1_rand256_test(message);    secp256k1_scalar_set_b32(&msg, message, NULL);    random_scalar_order_test(&key);    secp256k1_gej_t qj;    secp256k1_ecmult_gen(&qj, &key);    secp256k1_ge_t q;    secp256k1_ge_set_gej(&q, &qj);    EC_KEY *ec_key = get_openssl_key(&key);    CHECK(ec_key);    unsigned char signature[80];    unsigned int sigsize = 80;    CHECK(ECDSA_sign(0, message, sizeof(message), signature, &sigsize, ec_key));    secp256k1_ecdsa_sig_t sig;    CHECK(secp256k1_ecdsa_sig_parse(&sig, signature, sigsize));    CHECK(secp256k1_ecdsa_sig_verify(&sig, &q, &msg));    secp256k1_scalar_t one;    secp256k1_scalar_set_int(&one, 1);    secp256k1_scalar_t msg2;    secp256k1_scalar_add(&msg2, &msg, &one);    CHECK(!secp256k1_ecdsa_sig_verify(&sig, &q, &msg2));    random_sign(&sig, &key, &msg, NULL);    int secp_sigsize = 80;    CHECK(secp256k1_ecdsa_sig_serialize(signature, &secp_sigsize, &sig));    CHECK(ECDSA_verify(0, message, sizeof(message), signature, secp_sigsize, ec_key) == 1);    EC_KEY_free(ec_key);}

bool CKey::Sign(uint256 hash, std::vector<unsigned char>& vchSig){    vchSig.clear();    ECDSA_SIG *sig = ECDSA_do_sign((unsigned char*)&hash, sizeof(hash), pkey);    if (sig==NULL)        return false;    const EC_GROUP *group = EC_KEY_get0_group(pkey);    CBigNum order, halforder;    EC_GROUP_get_order(group, &order, NULL);    BN_rshift1(&halforder, &order);    // enforce low S values, by negating the value (modulo the order) if above order/2.    if (BN_cmp(sig->s, &halforder) > 0) {        BN_sub(sig->s, &order, sig->s);    }    unsigned int nSize = ECDSA_size(pkey);    vchSig.resize(nSize); // Make sure it is big enough    unsigned char *pos = &vchSig[0];    nSize = i2d_ECDSA_SIG(sig, &pos);    ECDSA_SIG_free(sig);    vchSig.resize(nSize); // Shrink to fit actual size    // Testing our new signature    if (ECDSA_verify(0, (unsigned char*)&hash, sizeof(hash), &vchSig[0], vchSig.size(), pkey) != 1) {        vchSig.clear();        return false;    }    return true;}

/* * Verify a signature. */bool libecdsaauth_verify(libecdsaauth_key_t *key, unsigned char *blob, size_t len, unsigned char *sig, size_t siglen){	if (1 != ECDSA_verify(0, blob, len, sig, siglen, key->eckey))		return false;	return true;}

boolPolicyManager::verifySha256WithEcdsaSignature  (const Blob& signature, const SignedBlob& signedBlob, const Blob& publicKeyDer){  // Set signedPortionDigest to the digest of the signed portion of the signedBlob.  uint8_t signedPortionDigest[SHA256_DIGEST_LENGTH];  ndn_digestSha256    (signedBlob.signedBuf(), signedBlob.signedSize(), signedPortionDigest);  // Verify the signedPortionDigest.  // Use a temporary pointer since d2i updates it.  const uint8_t *derPointer = publicKeyDer.buf();  EC_KEY *ecPublicKey = d2i_EC_PUBKEY(NULL, &derPointer, publicKeyDer.size());  if (!ecPublicKey)    throw UnrecognizedKeyFormatException      ("Error decoding public key in d2i_EC_PUBKEY");  int success = ECDSA_verify    (NID_sha256, signedPortionDigest, sizeof(signedPortionDigest),     (uint8_t *)signature.buf(),signature.size(), ecPublicKey);  // Free the public key before checking for success.  EC_KEY_free(ecPublicKey);  // ECDSA_verify returns 1 for a valid signature.  return (success == 1);}

bool CBEcdsaVerify(uint8_t * signature, uint8_t sigLen, uint8_t * hash, uint8_t * pubKey, uint8_t keyLen){	EC_KEY * key = EC_KEY_new_by_curve_name(NID_secp256k1);	o2i_ECPublicKey(&key, (const unsigned char **)&pubKey, keyLen);	int res = ECDSA_verify(0, hash, 32, signature, sigLen, key);	EC_KEY_free(key);	return res == 1;}

static void benchmark_verify_openssl(void* arg) {    int i;    benchmark_verify_t* data = (benchmark_verify_t*)arg;    for (i = 0; i < 20000; i++) {        data->sig[data->siglen - 1] ^= (i & 0xFF);        data->sig[data->siglen - 2] ^= ((i >> 8) & 0xFF);        data->sig[data->siglen - 3] ^= ((i >> 16) & 0xFF);        {            EC_KEY *pkey = EC_KEY_new();            const unsigned char *pubkey = &data->pubkey[0];            int result;            CHECK(pkey != NULL);            result = EC_KEY_set_group(pkey, data->ec_group);            CHECK(result);            result = (o2i_ECPublicKey(&pkey, &pubkey, data->pubkeylen)) != NULL;            CHECK(result);            result = ECDSA_verify(0, &data->msg[0], sizeof(data->msg), &data->sig[0], data->siglen, pkey) == (i == 0);            CHECK(result);            EC_KEY_free(pkey);        }        data->sig[data->siglen - 1] ^= (i & 0xFF);        data->sig[data->siglen - 2] ^= ((i >> 8) & 0xFF);        data->sig[data->siglen - 3] ^= ((i >> 16) & 0xFF);    }}

intverify_u2f_user(Key *key, u_char *dgst, size_t dgstlen, u_char *sig, size_t siglen){	int ret;	EC_KEY *ec;	unsigned char *pk;	// TODO: validate that the given key is in the key files.	// We are privileged in this function so it should be easy.	// TODO: replace a lot of stuff here with constants	pk = malloc(sizeof(unsigned char) * (u2f_pubkey_len+26));	memcpy(pk, pubkeyprefix, 26);	memcpy(pk+26, key->u2f_pubkey, u2f_pubkey_len);	if ((ec = d2i_EC_PUBKEY(NULL, &pk, u2f_pubkey_len+26)) == NULL)		fatal("d2i_EC_PUBKEY() failed");	debug("pubkey loaded, yay");	if ((ret = ECDSA_verify(0, dgst, dgstlen, sig, siglen, ec)) == -1)		fatal("ECDSA_verify failed");	debug("ret = %d", ret);	if (ret == 1)		debug("sig verified!");	EC_KEY_free(ec);	return ret == 1;}

bool CKey::Verify(uint256 hash, const std::vector<unsigned char>& vchSig){    if (vchSig.empty())        return false;    // New versions of OpenSSL will reject non-canonical DER signatures. de/re-serialize first.    unsigned char *norm_der = NULL;    ECDSA_SIG *norm_sig = ECDSA_SIG_new();    const unsigned char* sigptr = &vchSig[0];    assert(norm_sig);    if (d2i_ECDSA_SIG(&norm_sig, &sigptr, vchSig.size()) == NULL)    {        /* As of OpenSSL 1.0.0p d2i_ECDSA_SIG frees and nulls the pointer on        * error. But OpenSSL's own use of this function redundantly frees the        * result. As ECDSA_SIG_free(NULL) is a no-op, and in the absence of a        * clear contract for the function behaving the same way is more        * conservative.        */        ECDSA_SIG_free(norm_sig);        return false;    }    int derlen = i2d_ECDSA_SIG(norm_sig, &norm_der);    ECDSA_SIG_free(norm_sig);    if (derlen <= 0)        return false;    // -1 = error, 0 = bad sig, 1 = good    bool ret = ECDSA_verify(0, (unsigned char*)&hash, sizeof(hash), norm_der, derlen, pkey) == 1;    OPENSSL_free(norm_der);    return ret;}

bool key_verify(struct key *k, const void *data, size_t datalen,                const void *sig, size_t siglen) {  int res;  res = ECDSA_verify(0, data, datalen, sig, siglen, k->key);  return res == 1;}

bool CKey::Verify(uint256 hash, const std::vector<unsigned char>& vchSig){    // -1 = error, 0 = bad sig, 1 = good    if (ECDSA_verify(0, (unsigned char*)&hash, sizeof(hash), &vchSig[0], vchSig.size(), pkey) != 1)        return false;    return true;}

	bool CKey::Verify(uint1024 hash, const std::vector<unsigned char>& vchSig, int nBits)	{		bool fSuccess = false;		if(nBits == 256)		{			uint256 hash256 = hash.getuint256();			fSuccess = ECDSA_verify(0, (unsigned char*)&hash256, sizeof(hash256), &vchSig[0], vchSig.size(), pkey);		}		else if(nBits == 512)		{			uint512 hash512 = hash.getuint512();			fSuccess = ECDSA_verify(0, (unsigned char*)&hash512, sizeof(hash512), &vchSig[0], vchSig.size(), pkey);		}		else			fSuccess = ECDSA_verify(0, (unsigned char*)&hash, sizeof(hash), &vchSig[0], vchSig.size(), pkey);					return fSuccess;	}

static int mech_step_response(sasl_session_t *p, char *message, size_t len, char **out, size_t *out_len){	ecdsa_session_t *s = p->mechdata;	if (!ECDSA_verify(0, s->challenge, CHALLENGE_LENGTH, (const unsigned char *)message, len, s->pubkey))		return ASASL_FAIL;	return ASASL_DONE;}

		bool elliptic_curve_key::verify(hash_digest hash, const data_chunk& signature)		{			BITCOIN_ASSERT(key_ != nullptr);			// SSL likes a reversed hash			std::reverse(hash.begin(), hash.end());			// -1 = error, 0 = bad sig, 1 = good			if (ECDSA_verify(0, hash.data(), hash.size(),				signature.data(), signature.size(), key_) == 1)				return true;			return false;		}

void openssl_ec_crypt(){	BIO *berr;	EC_KEY *key1, *key2;	unsigned int sig_len;	int clen, len1, len2;	EC_builtin_curve *curves;	EC_GROUP *group1, *group2;	const EC_KEY *key3, *key4;	const EC_GROUP *group3, *group4;	const EC_POINT *pubkey1, *pubkey2;	unsigned char shareKey1[COMM_LEN], shareKey2[COMM_LEN];	unsigned char *signature, cont[COMM_LEN] = "123456";	key1 = EC_KEY_new();	key2 = EC_KEY_new();	clen = EC_get_builtin_curves(NULL, 0);	curves = (EC_builtin_curve *) malloc(sizeof(EC_builtin_curve) * clen);	EC_get_builtin_curves(curves, clen);	group1 = EC_GROUP_new_by_curve_name(curves[25].nid);	group2 = EC_GROUP_new_by_curve_name(curves[25].nid);	group3 = group1;	group4 = group2;	EC_KEY_set_group(key1, group3);	EC_KEY_set_group(key2, group4);	EC_KEY_generate_key(key1);	EC_KEY_generate_key(key2);	EC_KEY_check_key(key1);	key3 = key1;	key4 = key2;	printf("/nECDSA_size: %d/n", ECDSA_size(key3));	signature = (unsigned char *)malloc(ECDSA_size(key3));	ERR_load_crypto_strings();	berr = BIO_new(BIO_s_file());	BIO_set_fp(berr, stdout, BIO_NOCLOSE);	ECDSA_sign(0, cont, 8, signature, &sig_len, key1);	ECDSA_verify(0, cont, 8, signature, sig_len, key1);	pubkey1 = EC_KEY_get0_public_key(key1);	pubkey2 = EC_KEY_get0_public_key(key2);	len1 = ECDH_compute_key(shareKey1, COMM_LEN, pubkey2, key1, NULL);	len2 = ECDH_compute_key(shareKey2, COMM_LEN, pubkey1, key1, NULL);	if (len1 != len2 || memcmp(shareKey1, shareKey2, len1) != 0) {		printf("ECDH_compute_key err!/n");		return;	}	BIO_free(berr);	EC_KEY_free(key1);	EC_KEY_free(key2);	free(signature);	free(curves);}

// Credit: https://github.com/ppcoin/ppcoin/pull/101/filesbool CKey::Verify(uint256 hash, const std::vector<unsigned char>& vchSigParam){    // Prevent the problem described here:    // https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2015-July/009697.html    // by removing the extra length bytes    std::vector<unsigned char> vchSig(vchSigParam.begin(), vchSigParam.end());    if (vchSig.size() > 1 && vchSig[1] & 0x80)    {        unsigned char nLengthBytes = vchSig[1] & 0x7f;        if (vchSig.size() < 2 + nLengthBytes)            return false;        if (nLengthBytes > 4)        {            unsigned char nExtraBytes = nLengthBytes - 4;            for (unsigned char i = 0; i < nExtraBytes; i++)                if (vchSig[2 + i])                    return false;            vchSig.erase(vchSig.begin() + 2, vchSig.begin() + 2 + nExtraBytes);            vchSig[1] = 0x80 | (nLengthBytes - nExtraBytes);        }    }    if (vchSig.empty())        return false;    // New versions of OpenSSL will reject non-canonical DER signatures. de/re-serialize first.    unsigned char *norm_der = NULL;    ECDSA_SIG *norm_sig = ECDSA_SIG_new();    const unsigned char* sigptr = &vchSig[0];    assert(norm_sig);    if (d2i_ECDSA_SIG(&norm_sig, &sigptr, vchSig.size()) == NULL)    {        /* As of OpenSSL 1.0.0p d2i_ECDSA_SIG frees and nulls the pointer on         * error. But OpenSSL's own use of this function redundantly frees the         * result. As ECDSA_SIG_free(NULL) is a no-op, and in the absence of a         * clear contract for the function behaving the same way is more         * conservative.         */        ECDSA_SIG_free(norm_sig);        return false;    }    int derlen = i2d_ECDSA_SIG(norm_sig, &norm_der);    ECDSA_SIG_free(norm_sig);    if (derlen <= 0)        return false;    // -1 = error, 0 = bad sig, 1 = good    bool ret = ECDSA_verify(0, (unsigned char*)&hash, sizeof(hash), norm_der, derlen, pkey) == 1;    OPENSSL_free(norm_der);    return ret;}

static int pkey_ec_verify(EVP_PKEY_CTX *ctx, const uint8_t *sig, size_t siglen,                          const uint8_t *tbs, size_t tbslen) {  int type;  EC_PKEY_CTX *dctx = ctx->data;  EC_KEY *ec = ctx->pkey->pkey.ec;  type = NID_sha1;  if (dctx->md) {    type = EVP_MD_type(dctx->md);  }  return ECDSA_verify(type, tbs, tbslen, sig, siglen, ec);}

static BOOL SATOSHI_SCRIPT_checksig(SATOSHI_OP_STACK_t * s, const unsigned char * message, uint32_t cbMessage){	BOOL rc = FALSE;			if(NULL == message || cbMessage == 0) return FALSE;		SATOSHI_OP_STACK_DATA_t * pubkey = NULL, * sig = NULL;	pubkey = SATOSHI_OP_STACK_pop(s);		sig = SATOSHI_OP_STACK_pop(s);			if(NULL == pubkey || NULL == sig)	{		if(NULL != pubkey) SATOSHI_OP_STACK_DATA_free(pubkey);		if(NULL != sig) SATOSHI_OP_STACK_DATA_free(sig);		return FALSE;	}		// verify sig	EC_KEY * p_key = EC_KEY_new_by_curve_name(NID_secp256k1);	BN_CTX * ctx = BN_CTX_new();	assert(NULL != p_key && NULL != ctx);	const EC_GROUP * G = EC_KEY_get0_group(p_key);	EC_POINT * Q = EC_POINT_new(G);	EC_POINT_oct2point(G, Q, pubkey->data, pubkey->cb, ctx);	EC_KEY_set_public_key(p_key, Q);		rc = ECDSA_verify(0, message, cbMessage, sig->data, sig->cb, p_key);	if(rc != 1)	{		if(-1 == rc)		{			// openssl error.			ERR_print_errors_fp(stderr);				}		rc = 0;	}		if(rc)	{		SATOSHI_OP_STACK_push_boolean(s, rc, sizeof(BOOL));			}		EC_KEY_free(p_key);	BN_CTX_free(ctx);		SATOSHI_OP_STACK_DATA_free(pubkey);	SATOSHI_OP_STACK_DATA_free(sig);	return rc;}

bool CKey::Verify(uint256 hash, const std::vector<unsigned char>& vchSigParam){    // Fix invalid signature with crafted length by removing extra length bytes    std::vector<unsigned char> vchSig(vchSigParam.begin(), vchSigParam.end());    if (vchSig.size() > 1 && vchSig[1] & 0x80)    {        unsigned char nLengthBytes = vchSig[1] & 0x7f;        if (vchSig.size() < 2 + nLengthBytes)   // Avoid invalid memory access on crafted signature            return false;        if (nLengthBytes > 4)        {            unsigned char nExtraBytes = nLengthBytes - 4;            for (unsigned char i = 0; i < nExtraBytes; i++)                if (vchSig[2 + i])                    return false;            vchSig.erase(vchSig.begin() + 2, vchSig.begin() + 2 + nExtraBytes);            vchSig[1] = 0x80 | (nLengthBytes - nExtraBytes);        }    }    if (vchSig.empty())        return false;    // New versions of OpenSSL will reject non-canonical DER signatures. De/re-serialize first.    unsigned char *norm_der = NULL;    ECDSA_SIG *norm_sig = ECDSA_SIG_new();    const unsigned char* sigptr = &vchSig[0];    assert(norm_sig);    if (d2i_ECDSA_SIG(&norm_sig, &sigptr, vchSig.size()) == NULL)    {        /* As of OpenSSL 1.0.0p d2i_ECDSA_SIG frees and nulls the pointer on error.         * But OpenSSL's own use of this function redundantly frees the result.         * As ECDSA_SIG_free(NULL) is a no-op, and in the absence of a clear contract for the function behaving the same way is more conservative. */        ECDSA_SIG_free(norm_sig);        return false;    }    int derlen = i2d_ECDSA_SIG(norm_sig, &norm_der);    ECDSA_SIG_free(norm_sig);    if (derlen <= 0)        return false;    // -1 = error, 0 = bad sig, 1 = good    bool ret = ECDSA_verify(0, (unsigned char*)&hash, sizeof(hash), norm_der, derlen, pkey) == 1;    OPENSSL_free(norm_der);    return ret;}

TEST_F(KeymasterTest, SignData_EC_Success) {    uint8_t* key_blob;    size_t key_blob_length;    UniqueReadOnlyBlob testKey(TEST_SIGN_EC_KEY_1, sizeof(TEST_SIGN_EC_KEY_1));    ASSERT_TRUE(testKey.get() != NULL);    ASSERT_EQ(0,            sDevice->import_keypair(sDevice, testKey.get(), testKey.length(),                    &key_blob, &key_blob_length))            << "Should successfully import an EC key";    UniqueKey key(&sDevice, key_blob, key_blob_length);    keymaster_ec_sign_params_t params = {            .digest_type = DIGEST_NONE,    };    uint8_t* sig;    size_t sig_length;    UniqueReadOnlyBlob testData(TEST_SIGN_DATA_1, sizeof(TEST_SIGN_DATA_1));    ASSERT_TRUE(testData.get() != NULL);    ASSERT_EQ(0,            sDevice->sign_data(sDevice, &params, key_blob, key_blob_length,                    testData.get(), testData.length(),                    &sig, &sig_length))            << "Should sign data successfully";    UniqueBlob sig_blob(sig, sig_length);    uint8_t* x509_data;    size_t x509_data_length;    ASSERT_EQ(0,            sDevice->get_keypair_public(sDevice, key_blob, key_blob_length,                    &x509_data, &x509_data_length))            << "Should be able to retrieve RSA public key successfully";    UniqueBlob x509_blob(x509_data, x509_data_length);    const unsigned char *tmp = static_cast<const unsigned char*>(x509_blob.get());    Unique_EVP_PKEY expected(d2i_PUBKEY((EVP_PKEY**) NULL, &tmp,            static_cast<long>(x509_blob.length())));    Unique_EC_KEY ecKey(EVP_PKEY_get1_EC_KEY(expected.get()));    ASSERT_EQ(1, ECDSA_verify(0, testData.get(), testData.length(), sig_blob.get(), sig_blob.length(), ecKey.get()))            << "Signature should verify";}

bool CKey::Verify(uint256 hash, const std::vector<unsigned char>& vchSig){    // New versions of OpenSSL will reject non-canonical DER signatures. de/re-serialize first.    unsigned char *norm_der = NULL;    ECDSA_SIG *norm_sig = ECDSA_SIG_new();    const unsigned char* sigptr = &vchSig[0];    d2i_ECDSA_SIG(&norm_sig, &sigptr, vchSig.size());    int derlen = i2d_ECDSA_SIG(norm_sig, &norm_der);    ECDSA_SIG_free(norm_sig);    if (derlen <= 0)        return false;    // -1 = error, 0 = bad sig, 1 = good    bool ret = ECDSA_verify(0, (unsigned char*)&hash, sizeof(hash), norm_der, derlen, pkey) == 1;    OPENSSL_free(norm_der);    return ret;}

static int s2n_ecdsa_verify(const struct s2n_pkey *pub, struct s2n_hash_state *digest, struct s2n_blob *signature){    const s2n_ecdsa_public_key *key = &pub->key.ecdsa_key;    notnull_check(key->ec_key);    uint8_t digest_length;    GUARD(s2n_hash_digest_size(digest->alg, &digest_length));    lte_check(digest_length, S2N_MAX_DIGEST_LEN);    uint8_t digest_out[S2N_MAX_DIGEST_LEN];    GUARD(s2n_hash_digest(digest, digest_out, digest_length));        /* ECDSA_verify ignores the first parameter */    GUARD_OSSL(ECDSA_verify(0, digest_out, digest_length, signature->data, signature->size, key->ec_key), S2N_ERR_VERIFY_SIGNATURE);    GUARD(s2n_hash_reset(digest));        return 0;}

int VNEcdsa_ORG_Verify( const VNAsymCryptCtx_t * ctx,	const unsigned char * signText, int length,	const struct vn_iovec * plainText ){	int ret = 0;	VNEcdsa_ORG_Ctx_t * orgCtx = VN_CONTAINER_OF( ctx, VNEcdsa_ORG_Ctx_t, mCtx );	assert( VN_TYPE_VNEcdsaSign_ORG == ctx->mType );	ret = ECDSA_verify( 0, plainText->i.iov_base, plainText->i.iov_len,		signText, length, orgCtx->mEcKey );	if( 1 != ret )	{		char buff[ 1024 ] = { 0 };		printf( "ECDSA_sign %d, %s/n", ret, ERR_error_string( ERR_get_error(), buff ) );	}	return 1 == ret ? 0 : -1;}

static int pkey_ec_verify(EVP_PKEY_CTX *ctx,	const unsigned char *sig, size_t siglen,	const unsigned char *dgst, size_t dgstlen){	int ret, type;	EC_PKEY_CTX *dctx = ctx->data;	EC_KEY *ec_key = ctx->pkey->pkey.ec;	if (dctx->md)		type = EVP_MD_type(dctx->md);	else		type = NID_sha1;	if (dctx->sign_type == NID_sm2sign)		ret = SM2_verify(type, dgst, dgstlen, sig, siglen, ec_key);	else		ret = ECDSA_verify(type, dgst, dgstlen, sig, siglen, ec_key);	return ret;}

STDMETHODIMP CBECC::DSAVerify(VARIANT varData, VARIANT varSig, VARIANT_BOOL *retVal){	if(m_pECC == NULL)return E_NOTIMPL;	if (!EC_KEY_check_key((EC_KEY*)m_pECC))		return E_NOTIMPL;	CBVarPtr varPtrData, varPtrSig;	HRESULT hr = varPtrData.Attach(varData);	if(FAILED(hr))return hr;	hr = varPtrSig.Attach(varSig);	if(FAILED(hr))return hr;	int n = ECDSA_verify(0, varPtrData.m_pData, varPtrData.m_nSize, varPtrSig.m_pData, varPtrSig.m_nSize, (EC_KEY*)m_pECC);	if (n == -1)		return E_INVALIDARG;	*retVal = n ? VARIANT_TRUE : VARIANT_FALSE;	return S_OK;}

static int verify_ec(EVP_PKEY* pkey, keymaster_ec_sign_params_t* sign_params,                     const uint8_t* signedData, const size_t signedDataLength,                     const uint8_t* signature, const size_t signatureLength) {    if (sign_params->digest_type != DIGEST_NONE) {        ALOGW("Cannot handle digest type %d", sign_params->digest_type);        return -1;    }    Unique_EC_KEY eckey(EVP_PKEY_get1_EC_KEY(pkey));    if (eckey.get() == NULL) {        logOpenSSLError("openssl_verify_ec");        return -1;    }    if (ECDSA_verify(0, signedData, signedDataLength, signature, signatureLength, eckey.get()) <=        0) {        logOpenSSLError("openssl_verify_ec");        return -1;    }    return 0;}

ERL_NIF_TERM ucrypto_ec_verify_nif(ErlNifEnv *env, int argc, const ERL_NIF_TERM argv[]){    struct ec_key_handle *handle = NULL;    ErlNifBinary data;    ErlNifBinary signature;    if (! enif_get_resource(env, argv[0], ec_key_resource, (void **)&handle))        return enif_make_badarg(env);    if (! enif_inspect_iolist_as_binary(env, argv[1], &data))        return enif_make_badarg(env);    if (! enif_inspect_iolist_as_binary(env, argv[2], &signature))        return enif_make_badarg(env);    if (! handle->key)        return enif_make_tuple2(env, ATOM_ERROR, ATOM_UNINITIALIZED_KEY);    if (1 == ECDSA_verify(0, data.data, data.size, signature.data, signature.size, handle->key))        return ATOM_TRUE;    return ATOM_FALSE;}

static int pkey_ec_verify(EVP_PKEY_CTX *ctx,                          const unsigned char *sig, size_t siglen,                          const unsigned char *tbs, size_t tbslen){    int ret, type;    EC_PKEY_CTX *dctx = ctx->data;    EC_KEY *ec = ctx->pkey->pkey.ec;    if (dctx->md)        type = EVP_MD_type(dctx->md);    else        type = NID_sha1;#ifndef OPENSSL_NO_SM2    if (dctx->ec_scheme == NID_sm_scheme)        ret = SM2_verify(NID_undef, tbs, tbslen, sig, siglen, ec);    else#endif    ret = ECDSA_verify(type, tbs, tbslen, sig, siglen, ec);    return ret;}