DSA Signing with OpenSSL

Question

I'm tryng to sign using DSA from OpenSSL. I have the files containing public and private keys.

First of all I make an unicast connection and every thing is fine. After that I need a multicast UDP connection and I want to sign the packets. I'm trying to use function PEM_read_DSA_PUBKEY() in order to load my public key from my cert but it doesn't work. It returns always NULL instead of a DSA struct.

Here you have a simplistic version of the code. I compile like this:

gcc -Wall -g -lm prueba.c -o prueba -lcrypto

Any idea? Thank you!

#include <stdio.h>
#include <openssl/dsa.h>
#include <openssl/pem.h>

int main()
{
    FILE *DSA_cert_file = fopen("./certs/cert.pem", "r");
    if (DSA_cert_file == NULL)
        return 1;

    printf("Certificate read\n");

    DSA *dsa = DSA_new();
    if((dsa = PEM_read_DSA_PUBKEY(DSA_cert_file, 0, 0, 0)) == NULL)
        return 1;

    printf("DSA public key read\n");

    return 0;
}

Answer 1

Are you using a password-protected public key?

If yes, you are required to pass a callback function as the third argument to PEM_read_DSA_PUBKEY, so if the provided password matches, it will be able to properly load your key.

Update:

Alternatively, as pointed by Hasturkun, you can pass a null-terminated string as the fourth argument. Quoting the official documentation:

If the cb parameters is set to NULL and the u parameter is not NULL then the u parameter is interpreted as a null terminated string to use as the passphrase. If both cb and u are NULL then the default callback routine is used which will typically prompt for the passphrase on the current terminal with echoing turned off.