Sorry, I didn't get my brain last friday. I was thinking the length enforcement concerns the public key, whereas it concerns the signature... stupid. Indeed, in the streaming format I'm using, signature is stored on a fixed size field which is equal to DSA_size(). padding with \x00 is used to complete the signature, and unfortunately, the real signature length was not stored, thinking it was redundant with the information stored in the ASN1 format. Thank you for helping me to point this flaw. arnaud Le 16/01/2015 23:42, Dr. Stephen Henson a ?crit : > On Fri, Jan 16, 2015, arnaud.mouiche at invoxia.com wrote: > >> >> If you want to know about the signature, it was generating by signing the hash result >> > Do you have a code snippet of how you are generating the signature? That is > the code which calls DSA_sign()? > > I can think of one way that could be wrong. If you are using DSA_size(key) as > the signature length instead of the length returned by DSA_sign() that will > fail under some circumstances. That's because DSA_size() returns the > maximum length of the signature whereas DSA_sign() returns the actual > length which may be less. I > > Steve. > -- > Dr Stephen N. Henson. OpenSSL project core developer. > Commercial tech support now available see: http://www.openssl.org > _______________________________________________ > openssl-users mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
