7

I'm tryng to sign using DSA from OpenSSL. I have the files containing public and private keys.

First of all I make an unicast connection and every thing is fine. After that I need a multicast UDP connection and I want to sign the packets. I'm trying to use function PEM_read_DSA_PUBKEY() in order to load my public key from my cert but it doesn't work. It returns always NULL instead of a DSA struct.

Here you have a simplistic version of the code. I compile like this:

gcc -Wall -g -lm prueba.c -o prueba -lcrypto

Any idea? Thank you!

#include <stdio.h>
#include <openssl/dsa.h>
#include <openssl/pem.h>

int main()
{
    FILE *DSA_cert_file = fopen("./certs/cert.pem", "r");
    if (DSA_cert_file == NULL)
        return 1;

    printf("Certificate read\n");

    DSA *dsa = DSA_new();
    if((dsa = PEM_read_DSA_PUBKEY(DSA_cert_file, 0, 0, 0)) == NULL)
        return 1;

    printf("DSA public key read\n");

    return 0;
}
jww
  • 97,681
  • 90
  • 411
  • 885
calamares
  • 71
  • 3

2 Answers2

1

Are you using a password-protected public key?

If yes, you are required to pass a callback function as the third argument to PEM_read_DSA_PUBKEY, so if the provided password matches, it will be able to properly load your key.

Update:

Alternatively, as pointed by Hasturkun, you can pass a null-terminated string as the fourth argument. Quoting the official documentation:

If the cb parameters is set to NULL and the u parameter is not NULL then the u parameter is interpreted as a null terminated string to use as the passphrase. If both cb and u are NULL then the default callback routine is used which will typically prompt for the passphrase on the current terminal with echoing turned off.

Community
  • 1
  • 1
jweyrich
  • 31,198
  • 5
  • 66
  • 97
  • It's also possible to pass a pointer to a null terminated string as the fourth argument – Hasturkun May 03 '11 at 13:40
  • @Hasturkun: true, thanks! Updated to mention. Fact is I don't see any problem with his code (except an unnecessary memory leak), so I assume his key is password-protected and he's not properly providing the password. – jweyrich May 03 '11 at 13:46
  • No. I have avoided to use a password in order to make it simpler. – calamares May 03 '11 at 13:54
1

Does your cert.pem contains a X.509 certificate ? It looks like PEM_read_DSA_PUBKEY expects a PEM-encoded DSA public key without the X.509 container.

Try something like that instead:

X509 *cert;
EVP_PKEY *pk;
DSA *dsa; 

cert = PEM_read_X509(DSA_cert_file,NULL,NULL,NULL);
if (!cert) { /* error */ }
pk = X509_get_pubkey(cert);
if (!pk) { /* error */ }
if (pk->type != 116) { /* not a dsa key */ }
dsa = pk->pkey.dsa
b0fh
  • 1,678
  • 12
  • 28