RE: Error returned from EVP_VerifyFinal()

Fri, 05 Jun 2009 17:23:14 -0700 

>       From: owner-openssl-us...@openssl.org On Behalf Of Don M
>       Sent: Friday, 05 June, 2009 02:37

>       I try to write a program to verify a signature, all results of 
> openssl(0.9.8.h) function calls are fine except the last one
>              result = EVP_VerifyFinal(md_ctx, sig, sig_size, evp_pkey);
>       the result is -1, which means it's an error. Any idea what did I do
wrong? 
> see the codes below.

When you get an error return from openssl, other than an I/O-related 
error from the SSL routines (and maybe direct BIO, I don't do that),
call ERR_get_error to get the detailed code number, 
and ERR_error_string with that number to get a decoded string.
Sometimes there are multiple codes so repeat until you get zero.
Your case is: 0A071065:dsa routines:DSA_do_verify:missing parameters
See below.

>       int verify_s signature (char *buf, int buf_size, char *sig, int
sig_size)
>       {
>           int result = -1;
>           EVP_PKEY *evp_pkey = NULL;
>           DSA *dsa_key = NULL;
>           EVP_MD_CTX *md_ctx = NULL; 
>            if ((evp_pkey = EVP_PKEY_new()) == NULL)
>                   goto cleanup;
>            if ((dsa_key = DSA_new()) == NULL)
>             goto cleanup;
>               if((dsa_key->pub_key = BN_bin2bn(public_key,
PUBLIC_KEY_LENGTH, 0)) == NULL)
>             goto cleanup;
>               result = EVP_PKEY_set1_DSA(evp_pkey, dsa_key);
>               if (result != 1)
>               goto cleanup;
<snip rest>

A DSA public key includes the 'parameters' (group, subgroup, and 
generator, labelled P, Q, G) as well as the public value (Y).
These are sometimes transported separately, because multiple users 
can (and sometimes want to) share the same parameters, using 
different Y (and private X) values. An X509 cert for DSA has 
the parameters in the AlgorithmIdentifier portion of the 
SubjectPublicKeyInfo rather than the bit-string portion. 
But both/all are needed. 

EVP_PKEY_set1/assign* doesn't check the (per-algorithm) key; 
at least for RSA and DSA it couldn't fully because openssl uses 
the same structs for public and private keys, only with different 
contents, and EVP doesn't know which one it's supposed to be.



______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           majord...@openssl.org

Reply via email to