openssl Signature Verification Failure : “RSA_padding_check_PKCS1_type_1:block type is not 01”

2012-06-07 Thread Lunar Mushrooms
I am trying to verify the signature of a sample downloaded from NIST . But I am getting the following output: retval=0 err='error:0407006A:lib(4):func(112):reason(106)' When I collected the detailed description I found: openssl errstr 0407006A error:0407006A:rsa

Re: openssl Signature Verification Failure : “RSA_padding_check_PKCS1_type_1:block type is not 01”

2012-06-07 Thread Lunar Mushrooms
Here is the vector and code that is provided in the link: /* VECTOR SOURCE: csrc.nist.gov/groups/STM/cavp/documents/dss/RSAVS.pdf B.1.3 SigVerRSA.req., it's Result = P as per B.3.3 SigVerRSA.rsp # CAVS 3.2 # SigVer RSA (X9.31) information for testshas # Mod sizes selected: 1024 1536 # SHA

Re: openssl Signature Verification Failure : “RSA_padding_check_PKCS1_type_1:block type is not 01”

2012-06-07 Thread Ken Goldman
I typically divide the problem in two. Do a raw public key operation. If you see something that looks random, then the public key doesn't match the private key used to generate the signature, or either the public key or signature has been altered. If it looks like padding + OID + hash, then

error in using EC/DSA cert as server cert

2012-06-07 Thread Bin Lu
Hi, I am trying to use an ECDSA certificate as the server cert, basically I created an EC_KEY and loaded it into SSL_CTX using SSL_CTX_use_PrivateKey(), after the cert is loaded using SSL_CTX_use_certificate(). The problem I am facing is that during SSL handshaking, the correct cipher suite

RE: error in using EC/DSA cert as server cert

2012-06-07 Thread Dave Thompson
From: owner-openssl-us...@openssl.org On Behalf Of Bin Lu Sent: Thursday, 07 June, 2012 14:53 I am trying to use an ECDSA certificate snip the correct cipher suite is not being chosen snip dh_tmp, ecdh_tmp and their callback functions snip not set Is some code missing in

RE: error in using EC/DSA cert as server cert

2012-06-07 Thread Bin Lu
But for a DSA key, what DH do I suppose to use? Thanks, -binlu -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Dave Thompson Sent: Thursday, June 07, 2012 2:39 PM To: openssl-users@openssl.org Subject: RE: error in using

RE: error in using EC/DSA cert as server cert

2012-06-07 Thread Bin Lu
For ecdh_tmp, should it be the same as what is set in the pkey in CTX-CERT? What is the purpose of these _tmp keys? Regards, -binlu -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Bin Lu Sent: Thursday, June 07, 2012 4:04

RE: error in using EC/DSA cert as server cert

2012-06-07 Thread Dave Thompson
From: owner-openssl-us...@openssl.org On Behalf Of Bin Lu Sent: Thursday, 07 June, 2012 19:25 For ecdh_tmp, should it be the same as what is set in the pkey in CTX-CERT? What is the purpose of these _tmp keys? Sent: Thursday, June 07, 2012 4:04 PM But for a DSA key, what DH do I suppose