Verify a DER signature
(self, hash, sig)
| 426 | return new_sig.raw |
| 427 | |
| 428 | def verify(self, hash, sig): # pylint: disable=redefined-builtin |
| 429 | """Verify a DER signature""" |
| 430 | if not sig: |
| 431 | return False |
| 432 | |
| 433 | # New versions of OpenSSL will reject non-canonical DER signatures. de/re-serialize first. |
| 434 | norm_sig = ctypes.c_void_p(0) |
| 435 | _ssl.d2i_ECDSA_SIG(ctypes.byref(norm_sig), ctypes.byref(ctypes.c_char_p(sig)), len(sig)) |
| 436 | |
| 437 | # Newer versions of OpenSSL (>3.0.0?) seem to fail here, leaving a null |
| 438 | # pointer in norm_sig |
| 439 | if not norm_sig: |
| 440 | return False |
| 441 | |
| 442 | # Older versions (<3.0.0?) seem to fail here, with a empty derlen |
| 443 | derlen = _ssl.i2d_ECDSA_SIG(norm_sig, 0) |
| 444 | if derlen == 0: |
| 445 | _ssl.ECDSA_SIG_free(norm_sig) |
| 446 | return False |
| 447 | |
| 448 | norm_der = ctypes.create_string_buffer(derlen) |
| 449 | _ssl.i2d_ECDSA_SIG(norm_sig, ctypes.byref(ctypes.pointer(norm_der))) |
| 450 | _ssl.ECDSA_SIG_free(norm_sig) |
| 451 | |
| 452 | # -1 = error, 0 = bad sig, 1 = good |
| 453 | return _ssl.ECDSA_verify(0, hash, len(hash), norm_der, derlen, self.k) == 1 |
| 454 | |
| 455 | def set_compressed(self, compressed): |
| 456 | if compressed: |