In addition to the misplaced paren already noted, and also a surplus paren,
which I'll assume were typos since they wouldn't have compiled, your test program won't ever succeed, because you aren't verifying the same data you signed. You memset ver_data to all zero bytes, and then use strlen(ver_data) bytes of it, which is always no bytes at all. However, this wouldn't cause the error you show, it would cause "not verified" i.e. EVP_VerifyFinal returns 0 with no error queue. All of the places I can see dsa_do_verify sets that error look like "should never happen" cases, unless there is something wrong with your (public)key structure. And the command you showed (dsa -pubout) should have generated a valid publickey file. I suggest first ruling out your code. Put some example data in a file and do: openssl pkeyutl -sign -inkey id_dsa -in data -out signature openssl pkeyutl -verify -pubin -inkey id_dsa_pub -in data -sigfile signature If that gives an error, there's something wrong with your key somehow, or maybe but very very unlikely something wrong within openssl. If this keypair can be discarded - or you generate a test one that can be discarded and shows the problem - post both key files (priv and pub). If not, do openssl dsa -in id_dsa -text and openssl dsa -pubin -in id_dsa_pub -text and check the size of P which is likely 1+128 bytes, verify the size of Q is much less and msot likely 1+20 bytes, that G and pub are the size of P or slightly less, that all of those values are the same pubkey=privkey, and that priv in privkey only is the size of Q or slightly less. If pkeyutl works, something is wrong in the part of the code you omitted. If you can reproduce the problem with code not too much larger than you showed here, post the exact code and sample data. Aside: your variable name dsa_privkey_len is misleading. DSA_size(key) is the max size of a DSA signature using that key, which is very much less than the size of the modulus and a little more than twice the size of the subgroup, which in turn is twice the 'strength' of a properly sized key (and DSA-1024/160, which AFAIK ssh-keygen still uses, is proper). This is unlike RSA, where the signature size is the same as the modulus size, or even ECDSA, where it is again a little more than twice the size of the subgroup, but here the subgroup size is very near the underlying group size. [dsa_]sig_size or _max would be clearer to the human reader. But it makes no difference to the computer. From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Aastha Mehta Sent: Tuesday, December 03, 2013 05:36 To: openssl-users@openssl.org Subject: *** Spam *** Problem with DSA signing/verification Hello, I wrote a simple code to sign and verify using DSA keys, but I am facing some problem with verification and I cannot figure it out. This is the error I get: error:0A071003:dsa routines:DSA_do_verify:BN lib I know the error comes from EVP_VerifyFinal, but I don't exactly know why. My code for signing and verification looks as follows: do_sign(EVP_PKEY *k, char *data, unsigned int data_len, char *signature, unsigned int *sig_len) { EVP_MD_CTX *ctx = EVP_MD_CTX_create(); if (EVP_SignInit(ctx, EVP_sha256() == 1) && EVP_SignUpdate(ctx, data, data_len) == 1) && EVP_SignFinal(ctx, (unsigned char *)signature, sig_len, k) == 1) { -- cleanup --- return success; } -- print error -- -- cleanup -- return failure; } do_verify(EVP_PKEY *k, char *data, unsigned int data_len, char *signature, unsigned int sig_len) { EVP_MD_CTX *ctx = EVP_MD_CTX_create(); if (EVP_VerifyInit(ctx, EVP_sha256()) == 1 && EVP_VerifyUpdate(ctx, data, data_len) == 1) { int ret = EVP_VerifyFinal(ctx, (unsigned char *)signature, sig_len, k); --- cleanup -- if (ret > 0) return success; else { -- print error -- -- cleanup -- return failure; } } -- cleanup -- return failure; } I generated dsa keypair using ssh-keygen. And to get the DSA public key in PEM format, I used the following command: openssl dsa -in id_dsa -pubout > id_dsa_pem.pub I read in the keys and have a buffer of arbitrary content to be signed and verified. To test I use the following code snippet: int dsa_privkey_len = DSA_size(dsa_priv); char *sig = malloc(dsa_privkey_len); int sig_len = 0; do_sign(dsa_priv, data, strlen(data), sig, &sig_len); char *ver_data = malloc(1024); memset(ver_data, 0, 1024); do_verify(dsa_pub, ver_data, strlen(data), sig, sig_len); Could someone help me debug the issue? I am using openssl-1.0.1e. Please let me know if any other information is required. Thanks and regards, Aastha.
