Re: openssl 1.0.1e Signature verification problems
Hi Steve, I have compiled openssl with -DHAVE_CRYPTODEV -DUSE_CRYPTODEV_DIGESTS options. My kernel is OCF enabled. Below is the output of the command openssl asn1parse -genstr OID:sha1WithRSAEncryption # openssl asn1parse -genstr OID:sha1WithRSAEncryption 0:d=0 hl=2 l= 9 prim: OBJECT :sha1WithRSAEncryption Thanks, Anand - Original Message - From: Dr. Stephen Henson st...@openssl.org To: openssl-users@openssl.org Cc: Sent: Thursday, June 20, 2013 4:52 PM Subject: Re: openssl 1.0.1e Signature verification problems On Thu, Jun 20, 2013, anand rao wrote: The output of command openssl asn1parse -i -in cacert.pem is 0:d=0 hl=4 l= 872 cons: SEQUENCE 4:d=1 hl=4 l= 729 cons: SEQUENCE 8:d=2 hl=2 l= 3 cons: cont [ 0 ] 10:d=3 hl=2 l= 1 prim: INTEGER :02 13:d=2 hl=2 l= 9 prim: INTEGER :D46F3D4EDCA8F780 24:d=2 hl=2 l= 5 cons: SEQUENCE 26:d=3 hl=2 l= 1 prim: OBJECT :itu-t 29:d=3 hl=2 l= 0 prim: NULL That looks rather broken. Is this an unmodified version of OpenSSL? What happens if you do: openssl asn1parse -genstr OID:sha1WithRSAEncryption Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: openssl 1.0.1e Signature verification problems
prim: OBJECT :itu-t 742:d=2 hl=2 l= 0 prim: NULL 744:d=1 hl=3 l= 129 prim: BIT STRING Thanks, Anand - Original Message - From: Wim Lewis w...@omnigroup.com To: openssl-users@openssl.org Cc: Sent: Tuesday, June 18, 2013 11:33 PM Subject: Re: openssl 1.0.1e Signature verification problems On 14 Jun 2013, at 6:09 AM, anand rao wrote: I am using openssl 1.0.1e to create a CA and generate certificates. I am facing an issue while generating the device certificates. After creating the ca certificate using below command # openssl req -x509 -new -newkey rsa:1024 -keyout private/cakey.pem -days 3650 -out cacert.pem when we try to display the contents the signature algorithm is shown as itu-t instead of sha1WithRSAEncryption #openssl x509 -in cacert.pem -noout -text Certificate: [...] Signature Algorithm: itu-t That certainly looks wrong to me. What do you get if you run openssl asn1parse -i -in cacert.pem ? __ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: openssl 1.0.1e Signature verification problems
On Thu, Jun 20, 2013, anand rao wrote: The output of command openssl asn1parse -i -in cacert.pem is 0:d=0 hl=4 l= 872 cons: SEQUENCE 4:d=1 hl=4 l= 729 cons: SEQUENCE 8:d=2 hl=2 l= 3 cons: cont [ 0 ] 10:d=3 hl=2 l= 1 prim: INTEGER :02 13:d=2 hl=2 l= 9 prim: INTEGER :D46F3D4EDCA8F780 24:d=2 hl=2 l= 5 cons: SEQUENCE 26:d=3 hl=2 l= 1 prim: OBJECT :itu-t 29:d=3 hl=2 l= 0 prim: NULL That looks rather broken. Is this an unmodified version of OpenSSL? What happens if you do: openssl asn1parse -genstr OID:sha1WithRSAEncryption Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: openssl 1.0.1e Signature verification problems
On 14 Jun 2013, at 6:09 AM, anand rao wrote: I am using openssl 1.0.1e to create a CA and generate certificates. I am facing an issue while generating the device certificates. After creating the ca certificate using below command # openssl req -x509 -new -newkey rsa:1024 -keyout private/cakey.pem -days 3650 -out cacert.pem when we try to display the contents the signature algorithm is shown as itu-t instead of sha1WithRSAEncryption #openssl x509 -in cacert.pem -noout -text Certificate: [...] Signature Algorithm: itu-t That certainly looks wrong to me. What do you get if you run openssl asn1parse -i -in cacert.pem ? __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org