[EMAIL PROTECTED] wrote:
>
> I am trying to sign data using DSA. My code fails on
> EVP_SignFinal(). It fails on line 92 in p_sign.c . I think there
> is something wrong with the way I created EVP_MD_CTX structure
> for EVP_SignInit(). Any help is appreciated. Here is my code
>
> #include <openssl/evp.h>
> #include <openssl/dsa.h>
> #include <openssl/err.h>
> #include <stdio.h>
>
> int main(int argc, char* argv[])
> {
> EVP_MD_CTX ctx;
> char data[]="this is junk";
> unsigned char signature[4096]={'\0'};
> unsigned int signature_len;
> DSA *dsa;
> EVP_PKEY *pkey = NULL;
> int status;
>
> dsa = DSA_generate_parameters(512, NULL, 0, NULL, NULL, NULL, NULL);
>
> if( !dsa && !DSA_generate_key(dsa) )
> {
> printf("Can't generate DSA keys\n");
> return 0;
> }
>
> pkey = EVP_PKEY_new();
> EVP_PKEY_assign(pkey, EVP_PKEY_DSA, (char*)dsa);
>
> EVP_SignInit(&ctx, EVP_sha1()); /*something wrong here that causes
> EVP_SignFinal to fail*/
> EVP_SignUpdate(&ctx, data, strlen(data));
>
> status = EVP_SignFinal(&ctx, signature, &signature_len, pkey);
>
> printf("%x\n",signature);
> if(!status)
> {
> ERR_print_errors_fp(stderr);
> exit (1);
> }
> }
>
You need to use EVP_dss1() for the digest which is SHA1 with DSS for
singing. Check out:
http://www.openssl.org/docs/crypto/EVP_SignInit.html
http://www.openssl.org/docs/crypto/EVP_DigestInit.html
Steve.
--
Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/
Personal Email: [EMAIL PROTECTED]
Senior crypto engineer, Celo Communications: http://www.celocom.com/
Core developer of the OpenSSL project: http://www.openssl.org/
Business Email: [EMAIL PROTECTED] PGP key: via homepage.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
