Le 16/01/2015 19:57, Dr. Stephen Henson a écrit :
On Fri, Jan 16, 2015, arnaud.moui...@invoxia.com wrote:
Hi all.
I was just checking the latest 1.0.1l version (running previously
the 1.0.1i).
some DSA signature check done with DSA_verify() are not working any
more, for at least one private/public key I'm using.
The public key was generated from the private key, long time ago, as
usual with command "openssl dsa -in key.priv -out key.pub -pubout"
So, it is not a forged key.
Here is the various things I tried / see.
I someone can tell me if this is an openssl issue, or simply the way
I'm using openssl lib, I will appreciate.
1) I imagine first that old generated keys are no more valid one to
enforce the CVE-2014-8275 warning, yet,
generating a new public key with the new openssl version lead to the
same issue.
No this should have no effect on previous keys.
CVE-2014-8275 makes signature checking for DSA/ECDSA more strict and some
invalid encodings are no longer tolerated.
What produced the signature that is now being rejected? Is it OpenSSL or some
other library? How are you obtaining the length of the signature?
DSA_verify() stops at the public key length check, and don't even check the
signature.
I'm only using openssl tools/lib
- the private key was generate few years ago with openssl (don't remember the
version)
- the public key was generated with openssl with "openssl dsa -in key.priv -out
key.pub -pubout"
and the resulting public key file, is rejected by DSA_verify() (even if I'm
using last 1.0.1l version to generate this public key file
- the signature is DSA signing of a sha256 hash
If you want to know about the signature, it was generating by signing the hash
result
There are ways to workaround the stricter checks by reencoding the signature
yourself or calling DSA_do_verify after decoding the signature yourself.
I have no issue to hack my tools to make it work by calling
DSA_do_verify() directly (ie. skipping the public key length)
Yet, I worry about any other software (not mine) that may failed for the
same reasons, whereas working fine before.
Again, the public key was generated by openssl itself. It seems wrong
that openssl didn't like it now.
Regards,
arnaud
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
_______________________________________________
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
_______________________________________________
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
