date:20111004

Java signature verification fail in openssl

2011-10-04 Thread brajan


hi
 can any one tell me why the signature verification in openssl fail when the
message is signed bu java IBM fips compliant.i am using openssl 0.9.8g in
power Pc. i am getting error in 

if (((unsigned int)sig-digest-length != m_len) ||
(memcmp(m,sig-digest-data,m_len) != 0)) line of source code in
RSA_verify().
the value are 

m data :a12df146d87db3ce911e61444eed322bbd027a58cfa27ceec3626317ebe62f89
sig-digest-data :�*�H�b9���A6w�(�
Memcompare fail mLen :64sig-digest-length :20

why this is happening.? whether is it due to d2i_X509_SIG() this function
-- 
View this message in context: 
http://old.nabble.com/Java-signature-verification-fail-in-openssl-tp32589928p32589928.html
Sent from the OpenSSL - User mailing list archive at Nabble.com.

__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

Re: Java signature verification fail in openssl

2011-10-04 Thread Jakob Bohm


On 10/4/2011 4:58 PM, brajan wrote:

hi
  can any one tell me why the signature verification in openssl fail when the
message is signed bu java IBM fips compliant.i am using openssl 0.9.8g in
power Pc. i am getting error in

if (((unsigned int)sig-digest-length != m_len) ||
(memcmp(m,sig-digest-data,m_len) != 0)) line of source code in
RSA_verify().
the value are

m data :a12df146d87db3ce911e61444eed322bbd027a58cfa27ceec3626317ebe62f89
sig-digest-data :�*�H�b9���A6w�(�
Memcompare fail mLen :64sig-digest-length :20

why this is happening.? whether is it due to d2i_X509_SIG() this function
Was the signature made with a different hash algorithm than the one you 
try to use to verify it?


__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

Re: Java signature verification fail in openssl

2011-10-04 Thread Jeffrey Walton

On Tue, Oct 4, 2011 at 10:58 AM, brajan balamurugan@gmail.com wrote:

 hi
  can any one tell me why the signature verification in openssl fail when the
 message is signed bu java IBM fips compliant.i am using openssl 0.9.8g in
 power Pc. i am getting error in

        if (((unsigned int)sig-digest-length != m_len) ||
 (memcmp(m,sig-digest-data,m_len) != 0)) line of source code in
 RSA_verify().
 the value are

 m data :a12df146d87db3ce911e61444eed322bbd027a58cfa27ceec3626317ebe62f89
 sig-digest-data :�*�H�b9���A6w�(�
 Memcompare fail mLen :64        sig-digest-length :20

DSA? Java uses a DER encoded signature per RFC 3279:

  SEQUENCE ::= {
r INTEGER,
s INTEGER }

Jeff
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

RE: Java signature verification fail in openssl

2011-10-04 Thread Dave Thompson

 From: owner-openssl-us...@openssl.org On Behalf Of brajan
 Sent: Tuesday, 04 October, 2011 10:58

  can any one tell me why the signature verification in 
 openssl fail when the
 message is signed bu java IBM fips compliant.i am using 
 openssl 0.9.8g in
 power Pc. i am getting error in 
 
   if (((unsigned int)sig-digest-length != m_len) ||
 (memcmp(m,sig-digest-data,m_len) != 0)) line of source code in
 RSA_verify().
 the value are 
 
 m data 
 :a12df146d87db3ce911e61444eed322bbd027a58cfa27ceec3626317ebe62f89
 sig-digest-data :?*?H?b9???A6w?(?
 Memcompare fail mLen :64sig-digest-length :20
 
Assuming 'mLen' is the m_length/m_len passed to RSA_verify, 
it appears your digest-to-compare is 64 hex chars (32 bytes) 
while the digest specified by the signer is 20 bytes. 
It looks like you are computing the wrong hash, maybe SHA256 
instead of SHA1, and also representing it wrongly.



__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

FIPS-capable OpenSSL that works on Windows NT

2011-10-04 Thread Bill Durant

Hello,  

Does anyone know how to produce a FIPS-capable OpenSSL that works on Windows NT?

I have built the latest FIPS-capable OpenSSL (openssl-fips-1.2.3) with 
openssl-0.9.8r using MS Visual Studio .NET 2003 on Windows 7.

I have a small app that uses the OpenSSL library (just encrypts/decrypts).  It 
runs fine on Windows 7/32-bit.

But when I run it under Windows NT, I get the following run-time error:

The procedure entry point Module32NextW could not be located in the 
dynamic link library KERNEL32.dll  

So I re-built the FIPS-capable OpenSSL again specifying TARGET=VC-NT in 
ms/do_fips.bat.  I then configured openssl-0.9.8r as follows:

perl Configure VC-NT ... 

And then rebuilt it as before. I still get the same run-time error on Wiindows 
NT.  

I did some research and determined that Module32NextW call is not available on 
Windows NT (it is available on Windows 2000 and above).

So is it possible to produce a working FIPS-capable OpenSSL without some 
hacking of the code to remove calls to Module32NextW and friends?

Any ideas?

Thanks,

Bill



__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

Re: FIPS-capable OpenSSL that works on Windows NT

2011-10-04 Thread William A. Rowe Jr.

On 10/4/2011 10:45 PM, Bill Durant wrote:
 
 Does anyone know how to produce a FIPS-capable OpenSSL that works on Windows 
 NT?

It's likely not possible...

 But when I run it under Windows NT, I get the following run-time error:
 
   The procedure entry point Module32NextW could not be located in the 
 dynamic link library KERNEL32.dll  

If you use the equivalent of nm against the fipscanister.lib, I'd expect
you'll find the binding there.

I see no reason the team would accommodate this in OpenSSL/FIPS 2.0, though.
Support for Windows NT 4.xx ended on December 31, 2004.  Support for Windows
2000 ended on July 13, 2010.  So updating security or cryptographic software
validation for such systems is something of an oxymoron.
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

Re: FIPS-capable OpenSSL that works on Windows NT

2011-10-04 Thread Jeffrey Walton

On Wed, Oct 5, 2011 at 12:59 AM, William A. Rowe Jr.
wr...@rowe-clan.net wrote:
 On 10/4/2011 10:45 PM, Bill Durant wrote:

 Does anyone know how to produce a FIPS-capable OpenSSL that works on Windows 
 NT?

 It's likely not possible...

 But when I run it under Windows NT, I get the following run-time error:

       The procedure entry point Module32NextW could not be located in the 
 dynamic link library KERNEL32.dll
That's Windows 2000 and above.
http://msdn.microsoft.com/en-us/library/windows/desktop/ms684221%28v=vs.85%29.aspx

Jeff
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

Java signature verification fail in openssl

Re: Java signature verification fail in openssl

Re: Java signature verification fail in openssl

RE: Java signature verification fail in openssl

FIPS-capable OpenSSL that works on Windows NT

Re: FIPS-capable OpenSSL that works on Windows NT

Re: FIPS-capable OpenSSL that works on Windows NT

7 matches

Site Navigation

Mail list logo

Footer information