I have code which successfully signs
and verifies documents on Redhat9, but
fails on Solaris 8. Specifically, the failure
is reported in DSA_verify(). Errors strings
are as follows:
error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
wrong tag
error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error
nested asn1 error
This seems to point to the encoding/decoding of the
public key used in the verification. Here are the essentials
of the code used to generate, encode, decode, and
use the public key. The error checks don't indicate
any problems until the verify step. For what it's worth,
this is 32-bit compiled. Also, FWIW, I've seeded the PRNG
sufficiently before the key generation step and the
signing step, according to RAND_status().
genkeys() {
DSA *dsa;
unsigned char encodedPubKey[MAX];
int pubLen, genstat;
dsa = DSA_generate_parameters(...);
/* error check*/
genStat = DSA_generate_key(dsa);
/* error check */
pubLen = i2d_DSA_PUBKEY(dsa, &encodedPubKey);
/* error check */
}
verify(const unsigned char *encodedKeyPtr, long encodedKeyLen, ...) {
DSA *pPubKey;
int vStat;
pPubKey =DSA_new();
/* error check */
pPubKey = d2i_DSA_PUBKEY(&pPubKey,
&encodedKeyPtr, encodedKeyLen);
/* error check */
vStat = DSA_verify(..., pPubKey);
/* error check */
}
Any help appreciated.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
