Re: Problem with DSA signing/verification

[Matt Caswell]

On 4 December 2013 22:38, Dave Thompson  wrote:
> In addition to the misplaced paren already noted, and also a surplus paren,
>
> which I’ll assume were typos since they wouldn’t have compiled,
>

I think it could compile (unless there is another surplus paren I
haven't seen?):

EVP_SignInit(ctx, EVP_sha256() == 1)

As EVP_sha_256() is not equal to 1, this is the same as

EVP_SignInit(ctx, 0)

So effectively a NULL digest is being passed. This should fail
although the OP omitted to show the actual code for printing the error
in this case. In any case the return value from the OP's do_sign
method is not being checked.




> your test program won’t ever succeed, because you aren’t verifying
>
> the same data you signed. You memset ver_data to all zero bytes,
>
> and then use strlen(ver_data) bytes of it, which is always no bytes at all.
>

Actually ver_data is memset is set to zero bytes and then strlen(data)
is calculate (not ver_data)...but it amounts to the same thing. The OP
needs to pass the original data to be verified.



>
>
> However, this wouldn’t cause the error you show, it would cause “not
> verified”
>
> i.e. EVP_VerifyFinal returns 0 with no error queue.
>
>
>
> All of the places I can see dsa_do_verify sets that error look like
>
> “should never happen” cases, unless there is something wrong with
>
> your (public)key structure. And the command you showed (dsa –pubout)
>
> should have generated a valid publickey file.
>

Well looking at the code where this error is raised:

/* XXX: surely this is wrong - if ret is 0, it just didn't verify;
   there is no error in BN. Test should be ret == -1 (Ben) */
if (ret != 1) DSAerr(DSA_F_DSA_DO_VERIFY,ERR_R_BN_LIB);

Reading the code suggests there is a bug in OpenSSL - helpfully
pointed out in a comment!! :-)

This looks like not an error at all. Just a verify failure.

Matt
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

RE(5); ppatterson =

[翔 芦]

http://nepotists.co.uk/g5-inf.htm  










___
From: 翔 芦 12/5/2013 12:22:09 AM

  

re: lists

[翔 芦]

http://nepotists.co.uk/g5-inf.htm  










___
From: 翔 芦 12/5/2013 12:22:09 AM

  

RE: Problem with DSA signing/verification

[Dave Thompson]

In addition to the misplaced paren already noted, and also a surplus paren, 

which I'll assume were typos since they wouldn't have compiled,

your test program won't ever succeed, because you aren't verifying 

the same data you signed. You memset ver_data to all zero bytes, 

and then use strlen(ver_data) bytes of it, which is always no bytes at all.

 

However, this wouldn't cause the error you show, it would cause "not
verified"

i.e. EVP_VerifyFinal returns 0 with no error queue.

 

All of the places I can see dsa_do_verify sets that error look like 

"should never happen" cases, unless there is something wrong with 

your (public)key structure. And the command you showed (dsa -pubout) 

should have generated a valid publickey file.

 

I suggest first ruling out your code. Put some example data in a file and
do:

openssl pkeyutl -sign -inkey id_dsa -in data -out signature

openssl pkeyutl -verify -pubin -inkey id_dsa_pub -in data -sigfile signature

 

If that gives an error, there's something wrong with your key somehow,

or maybe but very very unlikely something wrong within openssl.

If this keypair can be discarded - or you generate a test one that can be 

discarded and shows the problem - post both key files (priv and pub).

If not, do openssl dsa -in id_dsa -text 

and openssl dsa -pubin -in id_dsa_pub -text 

and check the size of P which is likely 1+128 bytes, verify the size of Q 

is much less and msot likely 1+20 bytes, that G and pub are the size of P 

or slightly less, that all of those values are the same pubkey=privkey, 

and that priv in privkey only is the size of Q or slightly less.

 

If pkeyutl works, something is wrong in the part of the code you omitted.

If you can reproduce the problem with code not too much larger than 

you showed here, post the exact code and sample data.

 

Aside: your variable name dsa_privkey_len is misleading. DSA_size(key) 

is the max size of a DSA signature using that key, which is very much less 

than the size of the modulus and a little more than twice the size of the 

subgroup, which in turn is twice the 'strength' of a properly sized key 

(and DSA-1024/160, which AFAIK ssh-keygen still uses, is proper). 

This is unlike RSA, where the signature size is the same as the modulus 

size, or even ECDSA, where it is again a little more than twice the size 

of the subgroup, but here the subgroup size is very near the underlying 

group size. [dsa_]sig_size or _max would be clearer to the human reader. 

But it makes no difference to the computer.

 

From: owner-openssl-us...@openssl.org
[mailto:owner-openssl-us...@openssl.org] On Behalf Of Aastha Mehta
Sent: Tuesday, December 03, 2013 05:36
To: openssl-users@openssl.org
Subject: *** Spam *** Problem with DSA signing/verification

 

Hello,

 

I wrote a simple code to sign and verify using DSA keys, but I am facing
some problem with verification and I cannot figure it out. This is the error
I get:

error:0A071003:dsa routines:DSA_do_verify:BN lib

 

I know the error comes from EVP_VerifyFinal, but I don't exactly know why.

 

My code for signing and verification looks as follows:

 

do_sign(EVP_PKEY *k, char *data, unsigned int data_len, char *signature,
unsigned int *sig_len)

{

  EVP_MD_CTX *ctx = EVP_MD_CTX_create();

  if (EVP_SignInit(ctx, EVP_sha256() == 1) && EVP_SignUpdate(ctx, data,
data_len) == 1) && 

  EVP_SignFinal(ctx, (unsigned char *)signature, sig_len, k) == 1) {

-- cleanup ---

return success;

  }

 

  -- print error --

  -- cleanup --

  return failure;

}

 

do_verify(EVP_PKEY *k, char *data, unsigned int data_len, char *signature,
unsigned int sig_len)

{

  EVP_MD_CTX *ctx = EVP_MD_CTX_create();

  if (EVP_VerifyInit(ctx, EVP_sha256()) == 1 && EVP_VerifyUpdate(ctx, data,
data_len) == 1) {

 int ret = EVP_VerifyFinal(ctx, (unsigned char *)signature, sig_len, k);

 --- cleanup --

 if (ret > 0)

   return success;

 else {

   -- print error --

   -- cleanup --

   return failure;

 }

  }

  -- cleanup --

  return failure;

}

 

 

I generated dsa keypair using ssh-keygen. And to get the DSA public key in
PEM format, I used the following command:

openssl dsa -in id_dsa -pubout > id_dsa_pem.pub

 

I read in the keys and have a buffer of arbitrary content to be signed and
verified. To test I use the following code snippet:

 

int dsa_privkey_len = DSA_size(dsa_priv);

char *sig = malloc(dsa_privkey_len);

int sig_len = 0;

do_sign(dsa_priv, data, strlen(data), sig, &sig_len);

 

char *ver_data = malloc(1024);

memset(ver_data, 0, 1024);

do_verify(dsa_pub, ver_data, strlen(data), sig, sig_len);

 

Could someone help me debug the issue? I am using openssl-1.0.1e. Please let
me know if any other information is required.

 

Thanks and regards,

Aastha.

RE: Adding a custom extension to a CSR

[Dave Thompson]

> From: owner-openssl-users On Behalf Of Danyk
> Sent: Wednesday, December 04, 2013 12:26

>   I used this , and it seems to work great (parsed it with ASN1):
> 
>  st_exts= sk_X509_EXTENSION_new_null();
>  X509_REQ *x;
> 
> /*add INTEGER EXT*/
> int1 = ASN1_INTEGER_new();
> ASN1_INTEGER_set(int1, 1);
> 
>   os1 = M_ASN1_OCTET_STRING_new();
> os1->data = NULL;
> 
>   n =  i2d_ASN1_INTEGER(int1,&os1->data);
> os1->length = n;
> 
That's clever. That uses the pointer and length in the OCTET_STRING 
object directly, instead of separate variables as I did. But it produces 
the same result, which is what matters.

> sk_X509_EXTENSION_push(st_exts,
>   X509_EXTENSION_create_by_OBJ(NULL, obj1, 0,os1));
> 

> I freed all the ASN1 structs at the end...
> Did I add the extension the way you meant? Do I need to free anything
else?
> 
Close enough. Assuming you freed with the ASN1_xxx_free routines 
(not direct OPENSSL_free) I think that should get everything, although 
personally I would run through a malloc debugger like valgrind and 
let it check. Computers are better at that than humans.


__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

Re: Problem with DSA signing/verification

[Matt Caswell]

On 3 December 2013 10:36, Aastha Mehta  wrote:
> Hello,
>
> I wrote a simple code to sign and verify using DSA keys, but I am facing
> some problem with verification and I cannot figure it out. This is the error
> I get:
> error:0A071003:dsa routines:DSA_do_verify:BN lib
>
> I know the error comes from EVP_VerifyFinal, but I don't exactly know why.
>
> My code for signing and verification looks as follows:
>
> do_sign(EVP_PKEY *k, char *data, unsigned int data_len, char *signature,
> unsigned int *sig_len)
> {
>   EVP_MD_CTX *ctx = EVP_MD_CTX_create();
>   if (EVP_SignInit(ctx, EVP_sha256() == 1) && EVP_SignUpdate(ctx, data,

Well, there's one error. Mis-placed ). Should be:
EVP_SignInit(ctx, EVP_sha256()) == 1


Matt
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

RE: Adding a custom extension to a CSR

[Danyk]

I used this , and it seems to work great (parsed it with ASN1):

 st_exts= sk_X509_EXTENSION_new_null(); 
 X509_REQ *x;

/*add INTEGER EXT*/
int1 = ASN1_INTEGER_new(); 
ASN1_INTEGER_set(int1, 1); 

os1 = M_ASN1_OCTET_STRING_new(); 
os1->data = NULL;

n =  i2d_ASN1_INTEGER(int1,&os1->data); 
os1->length = n; 

sk_X509_EXTENSION_push(st_exts, X509_EXTENSION_create_by_OBJ(NULL,
obj1, 0,os1));

/*add PRINTABLESTRING EXT*/
   
tmp_os = M_ASN1_PRINTABLESTRING_new(); 
tmp_os->type = V_ASN1_PRINTABLESTRING;

ASN1_STRING_set(tmp_os, (const unsigned char *)"TEST", 4 ); 

os2 = M_ASN1_OCTET_STRING_new(); 
os->data = NULL;
   
n =  i2d_ASN1_PRINTABLESTRING( tmp_os, &os2->data ); 
os2->length = n; 
  
/* add to the extension stack.*/ 

sk_X509_EXTENSION_push(st_exts, X509_EXTENSION_create_by_OBJ(NULL,
obj2, 0, os2));  

/* Now we've created the extensions we add them to the request */

X509_REQ_add_extensions(x, st_exts);

I freed all the ASN1 structs at the end...
Did I add the extension the way you meant? Do I need to free anything else?
   



--
View this message in context: 
http://openssl.6102.n7.nabble.com/Adding-a-custom-extension-to-a-CSR-tp47446p47560.html
Sent from the OpenSSL - User mailing list archive at Nabble.com.
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

Re: Problem in configuring SSL in OPENLDAP

[supertramp]

Please accept my post and make it available for comments. I am in urgent need
of help for configuring SSL on openLDAP



--
View this message in context: 
http://openssl.6102.n7.nabble.com/Problem-in-configuring-SSL-in-OPENLDAP-tp47535p47557.html
Sent from the OpenSSL - User mailing list archive at Nabble.com.
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

Preference of 3DES over AES-128

[Fedor Brunner]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512



Hi all,
the default cipher settings in OpenSSL prefer 3DES over AES-128. In
general, Triple DES with three independent keys has a key length of 168
bits, but due to the meet-in-the-middle attack, the effective security
it provides is only 112 bits. Triple DES is much slower than 128 bit
AES. Why is the 3DES cipher preferred over AES-128 ?

Kind regards,
Fedor


> openssl speed des-ede3 aes-128-cbc aes-256-cbc

The 'numbers' are in 1000s of bytes per second processed.
type 16 bytes 64 bytes256 bytes   1024 bytes   8192
bytes
des ede3 26389.81k26725.70k27550.82k27283.65k   
27129.17k
aes-128 cbc 102642.98k   109855.91k   112273.07k   226482.86k  
233971.71k
aes-256 cbc  74771.53k79185.70k79389.95k   168315.46k  
167545.51k

> openssl ciphers -v HIGH

ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=RSA  Enc=AESGCM(256)
Mac=AEAD
ECDHE-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA
Enc=AESGCM(256) Mac=AEAD
ECDHE-RSA-AES256-SHA384 TLSv1.2 Kx=ECDH Au=RSA  Enc=AES(256)  Mac=SHA384
ECDHE-ECDSA-AES256-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AES(256) 
Mac=SHA384
ECDHE-RSA-AES256-SHASSLv3 Kx=ECDH Au=RSA  Enc=AES(256)  Mac=SHA1
ECDHE-ECDSA-AES256-SHA  SSLv3 Kx=ECDH Au=ECDSA Enc=AES(256)  Mac=SHA1
SRP-DSS-AES-256-CBC-SHA SSLv3 Kx=SRP  Au=DSS  Enc=AES(256)  Mac=SHA1
SRP-RSA-AES-256-CBC-SHA SSLv3 Kx=SRP  Au=RSA  Enc=AES(256)  Mac=SHA1
DH-DSS-AES256-GCM-SHA384 TLSv1.2 Kx=DH/DSS   Au=DH   Enc=AESGCM(256)
Mac=AEAD
DHE-DSS-AES256-GCM-SHA384 TLSv1.2 Kx=DH   Au=DSS  Enc=AESGCM(256)
Mac=AEAD
DH-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=DH/RSA   Au=DH   Enc=AESGCM(256)
Mac=AEAD
DHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=DH   Au=RSA  Enc=AESGCM(256)
Mac=AEAD
DHE-RSA-AES256-SHA256   TLSv1.2 Kx=DH   Au=RSA  Enc=AES(256)  Mac=SHA256
DHE-DSS-AES256-SHA256   TLSv1.2 Kx=DH   Au=DSS  Enc=AES(256)  Mac=SHA256
DH-RSA-AES256-SHA256TLSv1.2 Kx=DH/RSA   Au=DH   Enc=AES(256)  Mac=SHA256
DH-DSS-AES256-SHA256TLSv1.2 Kx=DH/DSS   Au=DH   Enc=AES(256)  Mac=SHA256
DHE-RSA-AES256-SHA  SSLv3 Kx=DH   Au=RSA  Enc=AES(256)  Mac=SHA1
DHE-DSS-AES256-SHA  SSLv3 Kx=DH   Au=DSS  Enc=AES(256)  Mac=SHA1
DH-RSA-AES256-SHA   SSLv3 Kx=DH/RSA   Au=DH   Enc=AES(256)  Mac=SHA1
DH-DSS-AES256-SHA   SSLv3 Kx=DH/DSS   Au=DH   Enc=AES(256)  Mac=SHA1
DHE-RSA-CAMELLIA256-SHA SSLv3 Kx=DH   Au=RSA  Enc=Camellia(256) Mac=SHA1
DHE-DSS-CAMELLIA256-SHA SSLv3 Kx=DH   Au=DSS  Enc=Camellia(256) Mac=SHA1
DH-RSA-CAMELLIA256-SHA  SSLv3 Kx=DH/RSA   Au=DH   Enc=Camellia(256) Mac=SHA1
DH-DSS-CAMELLIA256-SHA  SSLv3 Kx=DH/DSS   Au=DH   Enc=Camellia(256) Mac=SHA1
AECDH-AES256-SHASSLv3 Kx=ECDH Au=None Enc=AES(256)  Mac=SHA1
SRP-AES-256-CBC-SHA SSLv3 Kx=SRP  Au=None Enc=AES(256)  Mac=SHA1
ADH-AES256-GCM-SHA384   TLSv1.2 Kx=DH   Au=None Enc=AESGCM(256) Mac=AEAD
ADH-AES256-SHA256   TLSv1.2 Kx=DH   Au=None Enc=AES(256)  Mac=SHA256
ADH-AES256-SHA  SSLv3 Kx=DH   Au=None Enc=AES(256)  Mac=SHA1
ADH-CAMELLIA256-SHA SSLv3 Kx=DH   Au=None Enc=Camellia(256) Mac=SHA1
ECDH-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH/RSA Au=ECDH Enc=AESGCM(256)
Mac=AEAD
ECDH-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH/ECDSA Au=ECDH
Enc=AESGCM(256) Mac=AEAD
ECDH-RSA-AES256-SHA384  TLSv1.2 Kx=ECDH/RSA Au=ECDH Enc=AES(256)  Mac=SHA384
ECDH-ECDSA-AES256-SHA384 TLSv1.2 Kx=ECDH/ECDSA Au=ECDH Enc=AES(256) 
Mac=SHA384
ECDH-RSA-AES256-SHA SSLv3 Kx=ECDH/RSA Au=ECDH Enc=AES(256)  Mac=SHA1
ECDH-ECDSA-AES256-SHA   SSLv3 Kx=ECDH/ECDSA Au=ECDH Enc=AES(256)  Mac=SHA1
AES256-GCM-SHA384   TLSv1.2 Kx=RSA  Au=RSA  Enc=AESGCM(256) Mac=AEAD
AES256-SHA256   TLSv1.2 Kx=RSA  Au=RSA  Enc=AES(256)  Mac=SHA256
AES256-SHA  SSLv3 Kx=RSA  Au=RSA  Enc=AES(256)  Mac=SHA1
CAMELLIA256-SHA SSLv3 Kx=RSA  Au=RSA  Enc=Camellia(256) Mac=SHA1
PSK-AES256-CBC-SHA  SSLv3 Kx=PSK  Au=PSK  Enc=AES(256)  Mac=SHA1
ECDHE-RSA-DES-CBC3-SHA  SSLv3 Kx=ECDH Au=RSA  Enc=3DES(168) Mac=SHA1
ECDHE-ECDSA-DES-CBC3-SHA SSLv3 Kx=ECDH Au=ECDSA Enc=3DES(168) Mac=SHA1
SRP-DSS-3DES-EDE-CBC-SHA SSLv3 Kx=SRP  Au=DSS  Enc=3DES(168) Mac=SHA1
SRP-RSA-3DES-EDE-CBC-SHA SSLv3 Kx=SRP  Au=RSA  Enc=3DES(168) Mac=SHA1
EDH-RSA-DES-CBC3-SHASSLv3 Kx=DH   Au=RSA  Enc=3DES(168) Mac=SHA1
EDH-DSS-DES-CBC3-SHASSLv3 Kx=DH   Au=DSS  Enc=3DES(168) Mac=SHA1
DH-RSA-DES-CBC3-SHA SSLv3 Kx=DH/RSA   Au=DH   Enc=3DES(168) Mac=SHA1
DH-DSS-DES-CBC3-SHA SSLv3 Kx=DH/DSS   Au=DH   Enc=3DES(168) Mac=SHA1
AECDH-DES-CBC3-SHA  SSLv3 Kx=ECDH Au=None Enc=3DES(168) Mac=SHA1
SRP-3DES-EDE-CBC-SHASSLv3 Kx=SRP  Au=None Enc=3DES(168) Mac=SHA1
ADH-DES-CBC3-SHASSLv3 Kx=DH   Au=None Enc=3DES(168) Mac=SHA1
ECDH-RSA-DES-CBC3-SHA   SSLv3 Kx=ECDH/RSA Au=ECDH Enc=3DES(168) Mac=SHA1
ECDH-ECDSA-DES-CBC3-SHA SSLv3 Kx=ECDH/ECDSA Au=ECDH Enc=3DES(168) Mac=SHA1
DES-CBC3-SHASSLv3 Kx=RSA  Au

OpenSSL mail server issues

[Lutz Jaenicke]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Hi!

Due to a misunderstanding within the OpenSSL team we ran into trouble
with our mail and mailing service still hosted at the old server
(hopefully I will be able to complete the migration to the new server
over the Christmas break).

Caused by a software upgrade on Monday, Dec 2, 2013 around noon GMT the
following problems occured:
1 mail was not received due to software failure (which is ok as mail
  is queued at the sender)
2 a malfunction of the majordomo mailing list software lost mails
  received (which is not ok as these mails seem to be lost permanently).
As soon as issue 2 was noted the mail server was shut down again to
prevent further loss of mails.

As a consequence we seem to have lost mailing list contributions between
Monday noon GMT and Tuesday morning GMT.
If you have made any submissions that did not yet make it to the lists,
please resend them.

Most issues are fixed now except for minor effects (I have seen at least
one mail passing throught the moderation queue that only reached the
list truncated.

Sorry for any inconvenience caused,
Lutz
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Icedove - http://www.enigmail.net/

iQCVAwUBUp7qUniZOxScWKZtAQJmegP/ax8LfFbPsqg3JKDVQ4zokNBQcCg9v6Tg
Wy82nqeVDK+14SUgsDJcGDRiVkFYcMHoUANPSvfyprbt/sdbEFaF+1VpsA1Zlzxr
f4UM7TkXUhh+7be5wMorG1eQNHs8afQbvFjQ9tMxk84ESxNQ7FmAqAain4pVw7Bk
obNOqEy+8as=
=+QSD
-END PGP SIGNATURE-
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

Problem with DSA signing/verification

[Aastha Mehta]

Hello,

I wrote a simple code to sign and verify using DSA keys, but I am facing
some problem with verification and I cannot figure it out. This is the
error I get:
error:0A071003:dsa routines:DSA_do_verify:BN lib

I know the error comes from EVP_VerifyFinal, but I don't exactly know why.

My code for signing and verification looks as follows:

do_sign(EVP_PKEY *k, char *data, unsigned int data_len, char *signature,
unsigned int *sig_len)
 {
  EVP_MD_CTX *ctx = EVP_MD_CTX_create();
  if (EVP_SignInit(ctx, EVP_sha256() == 1) && EVP_SignUpdate(ctx, data,
data_len) == 1) &&
  EVP_SignFinal(ctx, (unsigned char *)signature, sig_len, k) == 1) {
-- cleanup ---
return success;
  }

  -- print error --
  -- cleanup --
  return failure;
}

do_verify(EVP_PKEY *k, char *data, unsigned int data_len, char *signature,
unsigned int sig_len)
{
  EVP_MD_CTX *ctx = EVP_MD_CTX_create();
  if (EVP_VerifyInit(ctx, EVP_sha256()) == 1 && EVP_VerifyUpdate(ctx, data,
data_len) == 1) {
 int ret = EVP_VerifyFinal(ctx, (unsigned char *)signature, sig_len, k);
 --- cleanup --
 if (ret > 0)
   return success;
 else {
   -- print error --
   -- cleanup --
   return failure;
 }
  }
  -- cleanup --
  return failure;
}


I generated dsa keypair using ssh-keygen. And to get the DSA public key in
PEM format, I used the following command:
openssl dsa -in id_dsa -pubout > id_dsa_pem.pub

I read in the keys and have a buffer of arbitrary content to be signed and
verified. To test I use the following code snippet:

int dsa_privkey_len = DSA_size(dsa_priv);
char *sig = malloc(dsa_privkey_len);
int sig_len = 0;
do_sign(dsa_priv, data, strlen(data), sig, &sig_len);

char *ver_data = malloc(1024);
memset(ver_data, 0, 1024);
do_verify(dsa_pub, ver_data, strlen(data), sig, sig_len);

Could someone help me debug the issue? I am using openssl-1.0.1e. Please
let me know if any other information is required.

Thanks and regards,
Aastha.