DSA_sign maximum digest length?

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

DSA_sign maximum digest length?

Andrei Warkentin
Hi everybody,

I am not at all familiar with OpenSSL or DSA, but I was tinkering around trying to get
DSA_sign/DSA_verify to work. I've stumbled upon a peculiar issue I have not seen brought
up anywhere else, or documented. Somehow I am not able to sign messages longer than 20 bytes.
The error message I am getting back is error:0A070064:lib(10):func(112):reason(100). I have not been able to find further info on this. Is there a maximum digest length?

 This is how I generate my DSA object.
 dsa = DSA_generate_parameters(512, NULL, 0, NULL, NULL, NULL, NULL);

Thank you very much for your time.
--
here
dup =
negate
dup invert
negate dup dup +
dup dup lshift invert
negate dup emit 2tuck
rot 2tuck dup lshift + swap
( Andrey/Andrei Warkentin )
invert - emit 2tuck 2swap drop
+ + dup rot + swap emit rot dup
invert negate * + emit drop cr bye
Reply | Threaded
Open this post in threaded view
|

Re: DSA_sign maximum digest length?

Nils Larsch
Andrey Warkentin wrote:

> Hi everybody,
>
> I am not at all familiar with OpenSSL or DSA, but I was tinkering around
> trying to get
> DSA_sign/DSA_verify to work. I've stumbled upon a peculiar issue I have
> not seen brought
> up anywhere else, or documented. Somehow I am not able to sign messages
> longer than 20 bytes.
> The error message I am getting back is
> error:0A070064:lib(10):func(112):reason(100). I have not been able to
> find further info on this. Is there a maximum digest length?

DSA_sign/DSA_verify expect a SHA-1 message digest as input, hence
you need to hash your message before signing it. Alternative you
may use EVP_SignInit etc.

Nils
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: DSA_sign maximum digest length?

Andrei Warkentin
Whoops - thanks a lot! I guess for now I'll use the
SHA1-Init/Update/Final functions, then look at the EVP higher level
interface. Thanks again for clarifying it.

On 6/15/05, Nils Larsch <[hidden email]> wrote:

> Andrey Warkentin wrote:
> > Hi everybody,
> >
> > I am not at all familiar with OpenSSL or DSA, but I was tinkering around
> > trying to get
> > DSA_sign/DSA_verify to work. I've stumbled upon a peculiar issue I have
> > not seen brought
> > up anywhere else, or documented. Somehow I am not able to sign messages
> > longer than 20 bytes.
> > The error message I am getting back is
> > error:0A070064:lib(10):func(112):reason(100). I have not been able to
> > find further info on this. Is there a maximum digest length?
>
> DSA_sign/DSA_verify expect a SHA-1 message digest as input, hence
> you need to hash your message before signing it. Alternative you
> may use EVP_SignInit etc.
>
> Nils
> ______________________________________________________________________
> OpenSSL Project                                 http://www.openssl.org
> User Support Mailing List                    [hidden email]
> Automated List Manager                           [hidden email]
>


--
here
dup =
negate
dup invert
negate dup dup +
dup dup lshift invert
negate dup emit 2tuck
rot 2tuck dup lshift + swap
( Andrey/Andrei Warkentin )
invert - emit 2tuck 2swap drop
+ + dup rot + swap emit rot dup
invert negate * + emit drop cr bye
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]