Hello,
I wrote a simple code to sign and verify using DSA keys, but I am facing
some problem with verification and I cannot figure it out. This is the
error I get:
error:0A071003:dsa routines:DSA_do_verify:BN lib
I know the error comes from EVP_VerifyFinal, but I don't exactly know why.
My code for signing and verification looks as follows:
do_sign(EVP_PKEY *k, char *data, unsigned int data_len, char *signature,
unsigned int *sig_len)
{
EVP_MD_CTX *ctx = EVP_MD_CTX_create();
if (EVP_SignInit(ctx, EVP_sha256() == 1) && EVP_SignUpdate(ctx, data,
data_len) == 1) &&
EVP_SignFinal(ctx, (unsigned char *)signature, sig_len, k) == 1) {
-- cleanup ---
return success;
}
-- print error --
-- cleanup --
return failure;
}
do_verify(EVP_PKEY *k, char *data, unsigned int data_len, char *signature,
unsigned int sig_len)
{
EVP_MD_CTX *ctx = EVP_MD_CTX_create();
if (EVP_VerifyInit(ctx, EVP_sha256()) == 1 && EVP_VerifyUpdate(ctx, data,
data_len) == 1) {
int ret = EVP_VerifyFinal(ctx, (unsigned char *)signature, sig_len, k);
--- cleanup --
if (ret > 0)
return success;
else {
-- print error --
-- cleanup --
return failure;
}
}
-- cleanup --
return failure;
}
I generated dsa keypair using ssh-keygen. And to get the DSA public key in
PEM format, I used the following command:
openssl dsa -in id_dsa -pubout > id_dsa_pem.pub
I read in the keys and have a buffer of arbitrary content to be signed and
verified. To test I use the following code snippet:
int dsa_privkey_len = DSA_size(dsa_priv);
char *sig = malloc(dsa_privkey_len);
int sig_len = 0;
do_sign(dsa_priv, data, strlen(data), sig, &sig_len);
char *ver_data = malloc(1024);
memset(ver_data, 0, 1024);
do_verify(dsa_pub, ver_data, strlen(data), sig, sig_len);
Could someone help me debug the issue? I am using openssl-1.0.1e. Please
let me know if any other information is required.
Thanks and regards,
Aastha.
