> From: [email protected] On Behalf Of Jordi Baylina via RT > Sent: Tuesday, 31 January, 2012 12:45 > Cc: [email protected] > Subject: [openssl.org #2699] openssl dgst -sha1 -verify ... > sais verification failure whet it is ok in a concrete set of data
<snip: pubkey, datafile> > $ echo "SEjTquEPcqY0V90KYvDi7ofGiKlc53T4XzHwHtIgcN5wuOg4JxffK > trLN9Tq+8c/045m15JXULJUMkN7fdDUqtxFyIBSEt4nqhvZgLDVQBIBXJRF8 > c32CBaLsG837hZra8/nD5b4T+sCyEXRUMmcfflhJiMIr7l72sOxgRmzTw==" > > test_err.sig.64 > $ base64 -D -i test_err.sig.64 -o test_err.sig > This b64-decoded signature is 127 bytes, not 128. RSA signatures are normally treated as octet strings (preserving length) not integers, although mathematically they are integers. (For other algorithms, signatures aren't integers at all.) > $ openssl dgst -sha1 -verify test.pub -signature test_err.sig > test_err.txt > Verification Failure > dgst -verify uses EVP_VerifyFinal which uses RSA_verify which insists on correct length, although it (confusingly?) returns 0 for this error, and others like malloc failure, even though errstack contains useful info. If I pad test_err.sig with one zero byte at the left, dgst -verify succeeds. > // If we do it manualy we can see that the signature is ok: <snip> > $ openssl rsautl -verify -inkey test.pub -pkcs -pubin -in test_err.sig > -out test_err.sha1.calc > rsautl -verify, in spite of the name, just does RSA_public_decrypt, which doesn't insist on correct length. > // With this other set of data with the same public key, works OK <snip> > $ echo "GURbsl4CFPCG83RCZxsEpoRleXicXQhH1OC4Fk77b7EMj2g8aHUhD/L+sm > oGSVpuEwup1fmkZBADXwBel8UKsmxgTLRX+vlGgyTr1XPqqHFNjtL33fd5 > 7NuKBqaJjwSp7D5xVMeVdQtQQbsKuKx5AvOPPyZfdtdyoJw/all1tl4=" > > test_ok.sig.64 That b64-signature is 128 bytes after decoding and works OK. ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected]
