Re: Searching the "true" about multithreading

[Scott Gifford]

faturita  writes:

[...]

> This is all very basic, and it is working but I am aware of the "OpenSSL
> multithreading (or not so) things" and I would like to know if this basic 
> stuff
> needs some form of synchronization

Not quite an answer to your question, but when faced with a similar
problem about a year ago, we rewrote our code to use boost asio, and
were very pleased with the results.  It handled the SSL and helped us
get rid of our very resource-hungry one-thread-per-connection model,
without tons of changes outside of the I/O layer.

Hope this is helpful,

Scott.
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

Re: Padding mode for RSA_private_decrypt()...

[Mounir IDRASSI]

Hi,

You simply can't guess the padding mode if you don't know it in advance. 
Imagine the security consequences if this was possible : it would mean 
that an attacker can have information about the clear text without 
having access to the private key!!


Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr

barcaroller wrote:
How can I tell what the padding mode was before I attempt to decrypt data. 
For example, when I use


RSA_private_decrypt(encsize,
encdata,
decdata,
privkey,
RSA_PKCS1_PADDING)


I sometimes (but not always) get the following error:

error:0407106B:rsa routines:RSA_padding_check_PKCS1_type_2:block type is 
not 02




__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org
  


__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

Memory leaks...

[barcaroller]

I'm getting some memory leaks when I use OpenSSL.  I was not able to get rid 
of these leaks, even when I use EVP_cleanup() and ERR_free_strings() at the 
end of my program.


Memory Leak 1.  PEM_read_PrivateKey()
=

EVP_PKEY* key = PEM_read_PrivateKey(fp, NULL, 0, NULL);
...
EVP_PKEY_free(key);

Valgrind reports:

==27769== 24 bytes in 1 blocks are still reachable in loss record 2 of 
20
==27769==at 0x4A05809: malloc (vg_replace_malloc.c:149)
==27769==by 0x3C3C6DAD41: CRYPTO_malloc (in 
/lib64/libcrypto.so.0.9.8e)
==27769==by 0x3C3C65B565: (within /lib64/libcrypto.so.0.9.8e)
==27769==by 0x3C3C65B98A: (within /lib64/libcrypto.so.0.9.8e)
==27769==by 0x3C3C66F9B3: RSA_new_method (in 
/lib64/libcrypto.so.0.9.8e)
==27769==by 0x3C3C66F33C: (within /lib64/libcrypto.so.0.9.8e)
==27769==by 0x3C3C692EA4: (within /lib64/libcrypto.so.0.9.8e)
==27769==by 0x3C3C696004: ASN1_item_ex_d2i (in 
/lib64/libcrypto.so.0.9.8e)
==27769==by 0x3C3C6960F3: ASN1_item_d2i (in 
/lib64/libcrypto.so.0.9.8e)
==27769==by 0x3C3C68FC0C: d2i_PrivateKey (in 
/lib64/libcrypto.so.0.9.8e)
==27769==by 0x3C3C6A10B9: PEM_read_bio_PrivateKey (in 
/lib64/libcrypto.so.0.9.8e)
==27769==by 0x3C3C6A1300: PEM_read_PrivateKey (in 
/lib64/libcrypto.so.0.9.8e)


Memory Leak 2. SSL_library_init()
=

Valgrind reports:

==27769== 24 bytes in 1 blocks are still reachable in loss record 6 of 
20
==27769==at 0x4A05809: malloc (vg_replace_malloc.c:149)
==27769==by 0x3C3C6DAD41: CRYPTO_malloc (in 
/lib64/libcrypto.so.0.9.8e)
==27769==by 0x3C3C65B565: (within /lib64/libcrypto.so.0.9.8e)
==27769==by 0x3C3C65BB3B: (within /lib64/libcrypto.so.0.9.8e)
==27769==by 0x3C3C6BFBFA: COMP_zlib (in /lib64/libcrypto.so.0.9.8e)
==27769==by 0x3C3CA31D7F: (within /lib64/libssl.so.0.9.8e)
==27769==by 0x3C3CA31F48: SSL_COMP_get_compression_methods (in 
/lib64/libssl.so.0.9.8e)
==27769==by 0x3C3CA37784: SSL_library_init (in 
/lib64/libssl.so.0.9.8e)


Memory Leak 3. HMAC_Init()
==

HMAC_CTX hm;

HMAC_Init(&hm, ...);
HMAC_Update(&hm, ...);
HMAC_Final(&hm, ...);
...
HMAC_cleanup(&hm);


Valgrind reports:

==31996==at 0x4A05809: malloc (vg_replace_malloc.c:149)
==31996==by 0x3C3C6DAD41: CRYPTO_malloc (in 
/lib64/libcrypto.so.0.9.8e)
==31996==by 0x3C3C6D8A1D: EVP_DigestInit_ex (in 
/lib64/libcrypto.so.0.9.8e)
==31996==by 0x3C3C6EB36B: HMAC_Init_ex (in 
/lib64/libcrypto.so.0.9.8e)




__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

Padding mode for RSA_private_decrypt()...

[barcaroller]

How can I tell what the padding mode was before I attempt to decrypt data. 
For example, when I use

RSA_private_decrypt(encsize,
encdata,
decdata,
privkey,
RSA_PKCS1_PADDING)


I sometimes (but not always) get the following error:

error:0407106B:rsa routines:RSA_padding_check_PKCS1_type_2:block type is 
not 02



__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

Re: Searching the "true" about multithreading

[Sebastián Treu]

Hi David,

On Sat, Nov 7, 2009 at 2:35 PM, David Schwartz  wrote:
>
> Sebastián Treu wrote:
>
>> The main idea was avoid polling in an infinite loop consuming CPU
>> resources. I wrote that code thinking in: "If the particular client
>> socket is calling our (thread) attention then fetchs the data". I
>> thought on that approach as I don't know another for non-blocking IO
>> without a poll cycle. If I loop forever on the  SSL_read() function,
>> CPU will be kept busy on that job so I thought in a way of not having
>> to do so. Instead, something should "inform" that on that socket is
>> data ready to be read.
>
> Right, but your code call 'select' even if it doesn't need to read data from
> the socket.
>
>> Mmmh...I can't see how to do it without select(). The main important
>> thing here is that this thread is attending only 1 client. Maybe it's
>> confusing because "why use select() then if you are polling always on
>> the same IO socket?". Answer: I don't know if there is another system
>> call to block until a file descriptor is ready to be read.
>
> You totally missed my point. You are correct that you need to block
> somewhere, you are simply blocking in the wrong place for the wrong reason.
> The only reason you should ever block using 'select' on an SSL connection is
> because the SSL state machine cannot make forward progress until the socket
> is ready. But you call 'select' without knowing this.
>
>> Then, if I read first with SSL_read() on non-blocking IO, every time
>> the client isn't writting or sending anything, the server is using and
>> wasting cpu cycles. Without the select() approach and with a maximun
>> of 32 clients my cpu usage went to 200% ( 100 per core). With the
>> select() approach the cpu usage is relative to the clients
>> reading/writting actions.
>
> What? How does calling SSL_read *first* waste CPU cycles? You *cannot* call
> 'select' until you *know* that you need to call 'select'. The data the SSL
> state machine needs to make forward progress may already have been read.
>
>> I believe you are more experienced developer than me (in fact, i'm not
>> what you can call A developer) and if not much to ask, how do you
>> solve this kind of problem? (without removing the roots of the
>> multithreaded server design) I mean, how can you block execution
>> waiting for a "noise" on the file descriptor to take some action
>> without using select()?
>
> I guess I wasn't clear. The problem is not that you are calling 'select' at
> all, the problem is that you are calling 'select' even when you have
> absolutely no reason to do so.
>
> Call SSL_read. If you make forward progress, great. If you make no forward
> progress, the SSL state machine will tell you why. If, for example, it
> returns a 'WANT_READ' indication, then you know that the SSL state machine
> cannot make forward progress unless it reads from the socket. Then, and only
> then, does it make sense to call 'select'.
>
> Again, you *MUST* get this idea out of your head:
> "Read data from socket, decrypt it, pass it to application."
> That is *NOT* what SSL_read does. SSL_read is *NOT* a decryption function.
> It is an entry point into a state machine that can do all kinds of things,
> including reading from the socket.
>
> Here's where your code blows up horribly:
>
> 1) You call SSL_write. A renegotiation is in progress, so it reads data from
> the socket to see if it can complete the renegotiation. It gets the data
> needed to complete the renegotiation and some encrypted application data. It
> sends the encrypted data you asked it to, and returns success.
>
> 2) You enter your broken read function and call 'select', but the data has
> already arrived and been read (in step 1). You deadlock waiting forever for
> data that is already here.
>
> Do you see? You cannot call 'select' unless you know for a fact that the SSL
> state machine needs to read from the socket. Otherwise you could be waiting
> for something that already happened or is not supposed to happen.
>
> Do not "look through" the SSL state machine. Let it do its job.
>
> DS
>

Get it. Excellent explanation. I didn't knew that thing about the
state machine. Thanks,

Regards,
-- 
If you want freedom, compile the source. Get gentoo.

Sebastián Treu
http://labombiya.com.ar
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

RE: Searching the "true" about multithreading

[David Schwartz]

Sebastián Treu wrote:

> The main idea was avoid polling in an infinite loop consuming CPU
> resources. I wrote that code thinking in: "If the particular client
> socket is calling our (thread) attention then fetchs the data". I
> thought on that approach as I don't know another for non-blocking IO
> without a poll cycle. If I loop forever on the  SSL_read() function,
> CPU will be kept busy on that job so I thought in a way of not having
> to do so. Instead, something should "inform" that on that socket is
> data ready to be read.

Right, but your code call 'select' even if it doesn't need to read data from
the socket.
 
> Mmmh...I can't see how to do it without select(). The main important
> thing here is that this thread is attending only 1 client. Maybe it's
> confusing because "why use select() then if you are polling always on
> the same IO socket?". Answer: I don't know if there is another system
> call to block until a file descriptor is ready to be read.

You totally missed my point. You are correct that you need to block
somewhere, you are simply blocking in the wrong place for the wrong reason.
The only reason you should ever block using 'select' on an SSL connection is
because the SSL state machine cannot make forward progress until the socket
is ready. But you call 'select' without knowing this.
 
> Then, if I read first with SSL_read() on non-blocking IO, every time
> the client isn't writting or sending anything, the server is using and
> wasting cpu cycles. Without the select() approach and with a maximun
> of 32 clients my cpu usage went to 200% ( 100 per core). With the
> select() approach the cpu usage is relative to the clients
> reading/writting actions.

What? How does calling SSL_read *first* waste CPU cycles? You *cannot* call
'select' until you *know* that you need to call 'select'. The data the SSL
state machine needs to make forward progress may already have been read.
 
> I believe you are more experienced developer than me (in fact, i'm not
> what you can call A developer) and if not much to ask, how do you
> solve this kind of problem? (without removing the roots of the
> multithreaded server design) I mean, how can you block execution
> waiting for a "noise" on the file descriptor to take some action
> without using select()?

I guess I wasn't clear. The problem is not that you are calling 'select' at
all, the problem is that you are calling 'select' even when you have
absolutely no reason to do so.

Call SSL_read. If you make forward progress, great. If you make no forward
progress, the SSL state machine will tell you why. If, for example, it
returns a 'WANT_READ' indication, then you know that the SSL state machine
cannot make forward progress unless it reads from the socket. Then, and only
then, does it make sense to call 'select'.

Again, you *MUST* get this idea out of your head:
"Read data from socket, decrypt it, pass it to application."
That is *NOT* what SSL_read does. SSL_read is *NOT* a decryption function.
It is an entry point into a state machine that can do all kinds of things,
including reading from the socket.

Here's where your code blows up horribly:

1) You call SSL_write. A renegotiation is in progress, so it reads data from
the socket to see if it can complete the renegotiation. It gets the data
needed to complete the renegotiation and some encrypted application data. It
sends the encrypted data you asked it to, and returns success.

2) You enter your broken read function and call 'select', but the data has
already arrived and been read (in step 1). You deadlock waiting forever for
data that is already here.

Do you see? You cannot call 'select' unless you know for a fact that the SSL
state machine needs to read from the socket. Otherwise you could be waiting
for something that already happened or is not supposed to happen.

Do not "look through" the SSL state machine. Let it do its job.
 
DS



__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

Re: Searching the "true" about multithreading

[Sebastián Treu]

On Sat, Nov 7, 2009 at 12:47 PM, David Schwartz  wrote:
> Your logic is backwards here. You are trying to decide whether or not to
> read data on the decrypted output link, so why are you 'select'ing on the
> encrypted input link?
>
> SSL is a state machine, not a filter. The implementation of SSL_read is
> *NOT*:
> 1) Read some data from the socket.
> 2) If we got any data, decrypt it.
> 3) Return the data we read.
>
> It is:
> 1) Try to make forward progress, doing any reads and writes as necessary.
> 2) If this resulted in any decrypted data, return it.
> 3) If not, tell the caller why.
>
> As a result, you can only 'select' *after* calling SSL_read, never before.
> And you cannot assume that you will be selecting in the read direction,
> because either can be necessary.
>
> DS

Hi David,

The main idea was avoid polling in an infinite loop consuming CPU
resources. I wrote that code thinking in: "If the particular client
socket is calling our (thread) attention then fetchs the data". I
thought on that approach as I don't know another for non-blocking IO
without a poll cycle. If I loop forever on the  SSL_read() function,
CPU will be kept busy on that job so I thought in a way of not having
to do so. Instead, something should "inform" that on that socket is
data ready to be read.

Mmmh...I can't see how to do it without select(). The main important
thing here is that this thread is attending only 1 client. Maybe it's
confusing because "why use select() then if you are polling always on
the same IO socket?". Answer: I don't know if there is another system
call to block until a file descriptor is ready to be read.

That part of code is threaded, and althought you are right on saying:
"why a server should have 1,000 threads when you have 1,000
connections", the particular use of this application will be a
very-connection-limited server. For example, saying 20 clients is a
huge number of connections. The numbers of threads are limited as the
number of connections.

Then, if I read first with SSL_read() on non-blocking IO, every time
the client isn't writting or sending anything, the server is using and
wasting cpu cycles. Without the select() approach and with a maximun
of 32 clients my cpu usage went to 200% ( 100 per core). With the
select() approach the cpu usage is relative to the clients
reading/writting actions.

I believe you are more experienced developer than me (in fact, i'm not
what you can call A developer) and if not much to ask, how do you
solve this kind of problem? (without removing the roots of the
multithreaded server design) I mean, how can you block execution
waiting for a "noise" on the file descriptor to take some action
without using select()?

I really appreciatte your concern on letting me know my errors and
sorry if this invalidate the main topic thread,
Regards
-- 
If you want freedom, compile the source. Get gentoo.

Sebastián Treu
http://labombiya.com.ar
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

RE: Searching the "true" about multithreading

[David Schwartz]

Sebastián Treu wrote:

> I used a select() thread with non-blocking IO just to no keep the cpu
> busy in a infinite loop. Kind of:
> 
> while( alive && CONTINUE )
> {
>   /* The main client attendance */
> 
>   copy = master;
>   if ( select(client->fd+1, ©, NULL,NULL,NULL) == -1)
> printf(":[ERR]:\tSelect fail\n",tid);
>   else
> {
>   if ( FD_ISSET(client->fd, ©) )
> {
>   /* read from the secure connection gaining exclusive
> access */
>   /* to the client ssl structure. The 'sender thread' could
> */
>   /* access this structure coliding with the 'err' value
> and  */
>   /* starting a catastrophe.
> */
>   pthread_mutex_lock(&client->mutex[SSL_MUTEX]);
>   nbytes = SSL_read(client->ssl, client->buffer,
> chunk_size);
>   err = SSL_get_error(client->ssl, nbytes);
>   pthread_mutex_unlock(&client->mutex[SSL_MUTEX]);
> 
> You can check the hole threaded server in earlier development here:
> 
> http://code.google.com/p/tellapic/source/browse/trunk/server.c

Your logic is backwards here. You are trying to decide whether or not to
read data on the decrypted output link, so why are you 'select'ing on the
encrypted input link?

SSL is a state machine, not a filter. The implementation of SSL_read is
*NOT*:
1) Read some data from the socket.
2) If we got any data, decrypt it.
3) Return the data we read.

It is:
1) Try to make forward progress, doing any reads and writes as necessary.
2) If this resulted in any decrypted data, return it.
3) If not, tell the caller why.

As a result, you can only 'select' *after* calling SSL_read, never before.
And you cannot assume that you will be selecting in the read direction,
because either can be necessary.

DS



__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

Linking and execution problems with a FIPS-capable OpenSSL distribution

[Daugherty]

Synopsis:


Linking and execution problems with a FIPS-capable OpenSSL distribution.

System:
--

openSUSE 11.0 (i586)
Linux version 2.6.25.20-0.4-pae
gcc (SUSE Linux) 4.3.1
OpenSSL 0.9.8g 19 Oct 2007 (currently installed)
  Includes are in /usr/include/openssl
  Libs are in /usr/lib

Fips/OpenSSL Versions:
-

openssl-fips-1.2.tar.gz
openssl-0.9.8l.tar.gz

Goal of this post:
-

1. Additional clarification on the linking process as described in the User 
Guide and comment as to whether my workarounds are correct and in accordance 
with the Security Policy.

2. Help on overcoming the "fingerprint does not match" runtime error.

Description:
---

I have read the UserGuide-1.2.pdf and SecurityPolicy-1.2.pdf numerous times and 
have also scoured the news groups searching for a solution to my problem.  

I am trying to link fipscanister.o and libssl into a shared library, 
specifically, the ACE_SSL library that is part of the latest ACE distribution 
from the ACE/TAO group.  The User Guide is somewhat vague on whether this can 
be done.  From my understanding, linking fipscanister.o and libssl into a 
shared library is possible since my shared library is considered an application 
as defined in the User Guide.  

So here is what I am doing...

Per the User Guide, I do the usual after successfully performing the two 
verification steps:

openssl-fips-1.2 # ./config fipscanisterbuild
make
make install

openssl-0.9.8l # ./config fips
make
make install

As a non-su user, I modify the environment per the User Guide as follows:

export FIPSLD_CC=gcc
export CC=/usr/local/ssl/fips/bin/fipsld
export CXX=/usr/local/ssl/fips/bin/fipsld

I also copied the openssl include directory from 
/usr/local/ssl/fips/include/openssl to /usr/local/include which will be found 
by gcc.  If I did not do this, gcc would find my existing openssl headers 
located at /usr/include/openssl.

Finally, I modify my LD_LIBRARY_PATH environment variable to include 
/usr/local/ssl/fips/lib prior to the /usr/lib include so that ld will find the 
Fips-capable OpenSSL library.

When I execute the ACE_SSL shared library make, I get the following output and 
error:

/usr/local/ssl/fips/bin/fipsld -fvisibility=hidden -fvisibility-inlines-hidden 
-W -Wall -Wpointer-arith  -O3 -ggdb -pipe -D_REENTRANT -DA$
/usr/local/ssl/fips/bin/fipsld -fvisibility=hidden -fvisibility-inlines-hidden 
-W -Wall -Wpointer-arith  -O3 -ggdb -pipe -D_REENTRANT -DA$
/usr/local/ssl/fips/bin/fipsld -fvisibility=hidden -fvisibility-inlines-hidden 
-W -Wall -Wpointer-arith  -O3 -ggdb -pipe -D_REENTRANT -DA$
/usr/local/ssl/fips/bin/fipsld -fvisibility=hidden -fvisibility-inlines-hidden 
-W -Wall -Wpointer-arith  -O3 -ggdb -pipe -D_REENTRANT -DA$
/usr/local/ssl/fips/bin/fipsld -fvisibility=hidden -fvisibility-inlines-hidden 
-W -Wall -Wpointer-arith  -O3 -ggdb -pipe -D_REENTRANT -DA$
/usr/local/ssl/fips/bin/fipsld -fvisibility=hidden -fvisibility-inlines-hidden 
-W -Wall -Wpointer-arith  -O3 -ggdb -pipe -D_REENTRANT -DA$
/usr/local/ssl/fips/bin/fipsld -fvisibility=hidden -fvisibility-inlines-hidden 
-W -Wall -Wpointer-arith  -O3 -ggdb -pipe -D_REENTRANT -DA$
/usr/local/ssl/fips/bin/fipsld -Wl,-O3 -D_REENTRANT -DACE_HAS_AIO_CALLS 
-D_GNU_SOURCE   -I/home/linuxbuild/ntsdev/3rdParty/ACE_wrappers_L$
/usr/local/ssl/fips/bin/fipsld: line 94: 
/usr/local/ssl/fips/bin/../fips/fips_standalone_sha1: No such file or directory
1d0
< HMAC-SHA1(fips_premain.c)= 9e5ddba185ac446e0cf36fcf8e1b3acffe5d0b2c
/usr/local/ssl/fips/bin/../lib/fips_premain.c fingerprint mismatch


The fips_standalone_sha1 program is located in:

/usr/local/src/openssl-fips-1.2/fips/fips_standalone_sha1
/usr/local/src/openssl-0.9.8l/fips/fips_standalone_sha1
  
So, I modified the environment as follows to have access to 
fips_standalone_sha1:

export FIPSLD_CC=gcc
export CC=/usr/local/src/openssl-fips-1.2/fips/fipsld
export CXX=/usr/local/src/openssl-fips-1.2/fips/fipsld

This succeeds in linking the shared library; however, it seems like the 
fips_standalone_sha1 and other dependent files should have been copied to 
/usr/local/ssl/fips/fips as the headers, modules, and libraries were.  It seems 
that the User Guide could add some explanation on the various duplicate file 
copies.

Anyways, I then compile and link my application to the shared library created 
above using gcc/ld instead of fipsld.  I also tried compiling and linking my 
application with fipsld but it did not make a difference.

When my application runs and calls FIPS_mode_set, I get an error of 
"fingerprint does not match."

Relevant Environment When Building/Linking the ACE_SSL Shared Library
with fipscanister.o and libssl:
-

LD_LIBRARY_PATH =
:/home/linuxbuild/ntsdev/3rdParty/ACE_wrappers_Linux/lib:/usr/lib/oracle/xe/app/oracle/product/10.2.0\
/server/lib:/usr/local/ssl/fips/lib:/usr/local/lib:/usr/lib:
FIPSLD_CC=gcc
CC=/usr/local/src/ope

Re: Signature Verification

[Mounir IDRASSI]

Hi,

In order to help you further, can you post :
  - The data to be hashed which is the content of your variable xmlDat
  - The signature to be verified which is the content of your variable 
sigDat (maybe it's what you posted first)

  - The public key that will be used for the verification
  - The endianess of the the signature. It should be big endian as 
expected by OpenSSL


And just one last confirmation : In your first email, you posted some 
BASE64 data that you say is the signature. This data is 512 bytes long. 
So this would mean that the key used is a 4096 bit RSA key. Is this 
correct?


Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr

Jim Welch wrote:

Hello Again,

The code is there to check for a non-null pkey.  It wasn't copied to 
keep the original message shorter.  I've now made sure that I've 
Base64'd the xml string and Base64'd the signature string.  These are 
what I'm giving to the EVP_VerifyUpdate and EVP_VerifyFinal.  Still 
not verifying.


Thanks Again,

Jim
- Original Message - From: "Mounir IDRASSI" 


To: 
Sent: Friday, November 06, 2009 5:11 PM
Subject: Re: Signature Verification



Hi,

You must also handle BASE64 decoding in EVP_VerifyUpdate not only 
EVP_VerifyFinal. Those two functions must have as input the byte 
arrays that represent the binary data and the binary signature 
respectively.
Concerning PEM_read_PUBKEY, if it returns a non NULL pointer then 
everything is OK with the public key and you don't have to worry.


Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr


Jim Welch wrote:

Hi,

Thank you for the response.  It was sha512 not 256.  I changed it to 
EVP_sha512 in the code but it still won't verify.  On the verify 
final, I've tried it both with and without a Base64 converted string 
(and corresponding length).  I'm not sure from what I've read if the 
PEM_read_PUBKEY does a Base64 conversion on the Public Key or not 
and I'm not sure where to look in the pkey to find out.


Jim

- Original Message - From: "Mounir IDRASSI" 


To: 
Sent: Friday, November 06, 2009 3:55 PM
Subject: Re: Signature Verification



Hi,

In your description you say that the signature was created with 
SHA256 but in your code you are using SHA-1 through EVP_sha1. 
Replace this with EVP_sha256 to have a correct processing.
Also, your data seems to be BASE64 encoded and you are computing 
the digest directly on the BASE64 string. You should convert this 
BASE64 string to the corresponding byte array and then compute the 
digest on this byte array.


I hope this will help.
Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr

Jim Welch wrote:

Hello,

I've been trying to verify the signature from the following xml data:

1.0EC1000-090001800:54:66:18:3A:40code="impedance">2000-01-012099-12-31code="multimeter">2000-01-012099-12-31code="sulfation">2000-01-012099-12-31AA80A2A7119FD4F1C122080E1AD17490 



using this signature:

C4S953HqB8S/SZ8nOO5IgGA0Vm3BxHT8vByWJFG2gn/OrBKc45QvjEdX855bb9p8KdSa1YQt3nnv 

p6MCA+5YCDePEIuYpbTYzAIJ9p7zqpJsXzb8YlDpw4qpf0TSbCCEFZZReSRSAxlE2gH/SOvPAjRY 

ykvxbjrgMQ07Jf/ae4lX+CaBxA/Az8efhsBDyT6wCPECkj1SiufTtVA2MAt9Bf76Y1T5RnHph/kf 

Hj3/osgrMKKbIPhii2nPktMH223QfgmTOtHxw21ahi2vcSnADb9p1WIjDiq/gLk0uisT/p0g4MZb 

SKNOct3MRqgv64wtyUD+W/+8/yGQK+/IXNIhgKoKsvuwR242c7RpF+HdVZRrfeIQMnUAAo/7q+rS 

AzRJO7L7xoXYvFOmVxvjRZP8Rhw445N6bnLwLxANFNvyoo5ykGdocBUEBMD5sC3TipYUti39mso2 

dsqSMwtRhPDw9dzf6evwG3+Qo0ewLVap3pNu8XzBrXxCM6pv7IydmekiHvSF6OFrt/rPUA2pXyuU 

njhD/twe0+n5fLlSTZ6w/D898e/blvFUroQbmaI8Rr7AE9fZY0KJBuc73YgPTXOnm4Iqc/5vMwId 

j27g+JGWEzjyAtNIBo9Su0/9LE1IVPyZgAjquBEmKEAcQQjnW4D8kj2mllJLRwI00e1TAwE9Klo= 



These two strings above are being sent from a server as one file 
which I parse into the two separate strings making sure white 
space has been removed from the xml as that was how it was 
signed.  The signature was created with RSA & SHA512.


I'm using a C program to verify and have tried numerous attemps 
with no sucess.  The openssl release is 0.9.8k.  The vars sigDat 
and xmlDat are the respective strings.  The code is as  follows 
(some parts left out for simplicity):


fp = fopen (filePubKey, "r");

pkey = PEM_read_PUBKEY(fp, NULL, NULL, NULL);

EVP_VerifyInit (&md_ctx, EVP_sha1());

EVP_VerifyUpdate (&md_ctx, xmlDat, strlen(xmlDat));

err = EVP_VerifyFinal (&md_ctx, sigDat, strlen(sigDat), pkey);

EVP_PKEY_free (pkey);

Any ideas as to what is wrong.  Another part of the project here 
involves java and the programmer working on that says that he can 
verify the signature so I know that the data is correct.


Thank You,

Jim Welch






__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org


__
OpenSSL Project http