On Mon, Jul 30, 2012, Albers, Thorsten wrote: > Thanks Steve! Unfortunately your hint couldn't help me. I know that in TLS > 1.2 the hash and signature algorithms can be chosen during the handshake. I > chose to use Sha256 with RSA for the signature, and therefore adding the > corresponding algorithm ids in front of the signature. In Wireshark my > Client Certificate Verify message (including the record layer header) looks > like following: > 0000 16 03 03 00 88 0f 00 00 84 04 01 00 80 b4 ee c0 > 0010 8a 35 79 0d 97 7d f0 82 e6 69 3d 7d 66 a7 58 11 > 0020 e5 9c 86 c1 9e 18 0c a0 94 37 2e 2b d2 08 9a 69 > 0030 0f 14 22 42 5c 66 b8 cb 8f dd 85 6d 85 82 f7 5e > 0040 48 84 05 b5 ca e1 7b 67 d2 08 da 8c ec 55 a2 49 > 0050 5e e6 eb f4 c2 ae b9 6e 0c 9b 43 2a 78 92 16 97 > 0060 8a ee 1e 19 57 10 7c dc d3 f5 74 21 7c cc b8 e4 > 0070 cb f2 c0 2d fe 4f c7 5f 33 cb 1a 55 da 6c 6a 76 > 0080 6a 94 ad 64 f5 b0 d1 d2 0e 9b 15 8d b7 > > The first 5 bytes are the record layer header (handshake message, protocol > version TLS 1.2, length 0x88 byte). Next comes 0x0F as handshake message > type (certificate verify), then 0x000084 as the length, then 0x0401 for > SHA256 hash signed with RSA, followed by the length of the signature and the > signature itself. From this point of view to me it looks exactly like the > message I observed on a conversation between an openssl client and server > (both TLS1.2). So where else can the problem be? >
The problem you mentioned indicates that there is a bug in the RSA signature format itself and not the TLS message structure. Without the corresponding public key it is impossible to analyse that signature though. > I also debugged the openssl-server when receiving the message above. The > server recognized the correct hash and signature algorithms, but while > following the functions to the point where the signature shall be verified, > I will come to a point where for some reason a wrong function is called. The > code says it wants to call RSA_verify(), but CMS_RecipientInfo_type() is > called instead and returns a value that (of course) does not correspond with > the function that should have been called. It would really help me a lot if > I could debug the server correctly so that I could compare my hash/signature > better with the one computed by the openssl server. Did anyone see that > behavior before? > This sounds like the debugger is getting confused. Try adding a debugging printf in the RSA_verify function to check it is being called. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
