Re: openssl 1.0.1e Signature verification problems
Hi Steve, I have compiled openssl with -DHAVE_CRYPTODEV -DUSE_CRYPTODEV_DIGESTS options. My kernel is OCF enabled. Below is the output of the command openssl asn1parse -genstr OID:sha1WithRSAEncryption # openssl asn1parse -genstr OID:sha1WithRSAEncryption 0:d=0 hl=2 l= 9 prim: OBJECT :sha1WithRSAEncryption Thanks, Anand - Original Message - From: Dr. Stephen Henson st...@openssl.org To: openssl-users@openssl.org Cc: Sent: Thursday, June 20, 2013 4:52 PM Subject: Re: openssl 1.0.1e Signature verification problems On Thu, Jun 20, 2013, anand rao wrote: The output of command openssl asn1parse -i -in cacert.pem is 0:d=0 hl=4 l= 872 cons: SEQUENCE 4:d=1 hl=4 l= 729 cons: SEQUENCE 8:d=2 hl=2 l= 3 cons: cont [ 0 ] 10:d=3 hl=2 l= 1 prim: INTEGER :02 13:d=2 hl=2 l= 9 prim: INTEGER :D46F3D4EDCA8F780 24:d=2 hl=2 l= 5 cons: SEQUENCE 26:d=3 hl=2 l= 1 prim: OBJECT :itu-t 29:d=3 hl=2 l= 0 prim: NULL That looks rather broken. Is this an unmodified version of OpenSSL? What happens if you do: openssl asn1parse -genstr OID:sha1WithRSAEncryption Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
smime verification failure
# openssl smime -verify -in mail.smime -CAfile A-Trust-nQual-03.pem Verification failure 3086427788:error:21071065:PKCS7 routines:PKCS7_signatureVerify:digest failure:pk7_doit.c:1097: 3086427788:error:21075069:PKCS7 routines:PKCS7_verify:signature failure:pk7_smime.c:410: # openssl version OpenSSL 1.0.1e 11 Feb 2013 Any hint locating the problem welcome. Best Regards Michael Gsandtner MA 14 - Informations- und Kommunikationstechnologie www.wien.gv.at A-Trust-nQual-03.pem Description: A-Trust-nQual-03.pem mail.smime Description: mail.smime
libssl 1.0.1 breaking program
Hello list, I need to compile a version of PPP that supports EAP-TLS authentication protocol. Fortunately there is a a patch that accomplishes exactly this [1]. I have built the package using the default libssl-dev package provided by my operating system (Debian Wheezy/7.0). Specifically, it is this version : 1.0.1e-2 While there are no issues when building, the resulting binary doesn't behave as expected: EAP-TLS auth fails. By enabling debug information in the program, I was able to obtain these error messages: pppd[2236]: EAP-TLS SSL error stack: pppd[2236]: error:0D0C5006:asn1 encoding routines:ASN1_item_verify:EVP lib and err: 7 (certificate signature failure) The first one appears to be a mere warning, as the handshake proceeds, while the second one triggers a TLS Alert message 'Decryption failed'. I thought maybe the encoding error results in a corrupt cert being sent, which would obviously fail the signature check. However, I don't know how to check for this. Both errors disappeared when I replaced the libssl-dev package currently installed by an older version. To be precise, I installed the libssl-dev_0.9.8o-4squeeze14_amd64.deb package. While this solves my problem right now, I am curious as to why this is happening. Additionally, replacing libssl-dev is not exactly acceptable, as other packages may depend on it and require a more up to date version. I've examined the patch and it doesn't to be doing anything out of the ordinary, yet it fails to work properly with a more recent version of the library. For my tests, I generated a CA and a pair of certs with openssl: /usr/lib/ssl/misc/CA.pl -newca /usr/lib/ssl/misc/CA.pl -newreq /usr/lib/ssl/misc/CA.pl -sign Kept the default values mostly, including the empty fields. The only exception being the commonName field where I put the hostname of each machines. I doubt the certificates are the issue as I tested them with s_server / s_client and the handshake completed without any errors. Does anybody know why the patch fails to work with libssl-1.0.1e, and what can be done to fix this ? Let me know if there is any additional information I can provide. Thanks, Marios [1] http://www.nikhef.nl/~janjust/ppp/index.html __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: libssl 1.0.1 breaking program
On Wed, Jun 26, 2013 at 02:57:15PM +0200, Marios Makassikis wrote: By enabling debug information in the program, I was able to obtain these error messages: pppd[2236]: EAP-TLS SSL error stack: pppd[2236]: error:0D0C5006:asn1 encoding routines:ASN1_item_verify:EVP lib and err: 7 (certificate signature failure) Since you provide very little additional information, a wild guess: OpenSSL 1.0.1e support TLSv1.2, while 0.9.8 only TLSv1. With TLSv1.2 SHA-2 digests may have been negotiated, and if your RSA key size is too small (e.g. 512-bit RSA keys, which you should not use by the way, too easy to crack) the key may be too small to encrypt a SHA-384 digest. If you capture the handshake and decode it with wireshark, you'll have a lot more detail available. And do make sure your key sizes are all reasonable. -- Viktor. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: libssl 1.0.1 breaking program
Hello, On 26 June 2013 16:41, Viktor Dukhovni openssl-us...@dukhovni.org wrote: On Wed, Jun 26, 2013 at 02:57:15PM +0200, Marios Makassikis wrote: By enabling debug information in the program, I was able to obtain these error messages: pppd[2236]: EAP-TLS SSL error stack: pppd[2236]: error:0D0C5006:asn1 encoding routines:ASN1_item_verify:EVP lib and err: 7 (certificate signature failure) Since you provide very little additional information, a wild guess: Sorry for that, I didn't know what additional information was expected. The error message is the one returned by SSL_CTX_set_verify(3), I couldn' t get additional information regarding this. OpenSSL 1.0.1e support TLSv1.2, while 0.9.8 only TLSv1. TLSv1 Record Layer: Handshake Protocol: Server Hello Content Type: Handshake (22) Version: TLS 1.0 (0x0301) ^ Same version for all exchanged messages. With TLSv1.2 SHA-2 digests may have been negotiated, and if your RSA key size is too small (e.g. 512-bit RSA keys, which you should not use by the way, too easy to crack) the key may be too small to encrypt a SHA-384 digest. If you capture the handshake and decode it with wireshark, you'll have a lot more detail available. And do make sure your key sizes are all reasonable. Here's some detail on the CA and certs: CA: $ openssl x509 -text -noout -in cacert.pem Certificate: Data: Version: 3 (0x2) Serial Number: 15591382118858604766 (0xd85fb76e2ff1c0de) Signature Algorithm: sha1WithRSAEncryption Issuer: C=FR, ST= , O=testca, CN=ca Validity Not Before: Jun 21 13:46:43 2013 GMT Not After : Jun 20 13:46:43 2016 GMT Subject: C=FR, ST= , O=testca, CN=ca Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (1024 bit) Modulus: 00:ca:02:f4:ea:56:d0:8d:fb:dd:dd:ba:53:52:60: 38:c0:14:cd:d1:cc:26:2e:67:a3:6e:57:e2:f8:8e: 40:ac:9a:67:b3:8f:21:f7:10:d1:9b:1a:4b:7e:2f: 36:38:ee:40:fb:f1:2a:5f:9d:c0:0d:59:d0:91:43: 6d:9f:5e:7d:ff:99:f7:25:1b:de:c3:e1:df:e3:ca: 8a:7d:bb:66:70:8e:3a:bd:c0:0a:c0:4e:b6:d0:1e: 77:84:a5:3f:49:eb:22:ae:97:fd:53:34:aa:62:5e: 23:ad:ea:8c:4b:43:65:d7:7a:57:1c:d7:50:44:9d: 62:2b:7e:b1:ed:8c:20:3f:cb Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: 68:02:2C:46:4B:5D:05:B6:F2:DA:9F:D5:11:2D:C0:07:F6:4A:84:1A X509v3 Authority Key Identifier: keyid:68:02:2C:46:4B:5D:05:B6:F2:DA:9F:D5:11:2D:C0:07:F6:4A:84:1A X509v3 Basic Constraints: CA:TRUE Signature Algorithm: sha1WithRSAEncryption 28:0b:de:9c:84:0b:3a:c9:1f:eb:80:8e:4c:92:c1:92:a0:ae: 2f:a6:dd:c8:0c:3b:d1:67:e5:fe:47:6f:93:72:85:67:d0:83: cc:e9:28:f9:02:25:1b:18:45:ca:2f:19:45:36:67:35:81:b1: 26:db:8f:4e:ba:b0:3a:14:03:7e:4a:be:aa:66:f5:35:79:aa: 0f:2a:dd:ef:c6:de:36:58:95:e3:74:86:c5:4b:b1:3b:b8:27: 93:ba:42:71:d9:7d:b7:68:d9:ef:41:a1:c7:84:28:b0:b6:ae: b9:fc:62:1f:67:8b:8d:8a:f3:3c:92:48:ce:db:81:67:0c:98: 29:76 Server cert: $ openssl x509 -text -noout -in server.pem Certificate: Data: Version: 3 (0x2) Serial Number: 15591382118858604776 (0xd85fb76e2ff1c0e8) Signature Algorithm: sha1WithRSAEncryption Issuer: C=FR, ST= , O=testca, CN=ca Validity Not Before: Jun 26 14:58:47 2013 GMT Not After : Jun 26 14:58:47 2014 GMT Subject: C=FR, ST= , O=Internet Widgits Pty Ltd, CN=server Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: 00:c9:dd:7b:41:a3:af:2d:4c:83:4f:6e:ff:42:85: c4:2c:7a:6e:90:dc:09:52:b4:8e:20:4c:48:b5:21: 73:6d:00:e7:5b:1b:7f:0e:25:0a:ca:5f:42:45:39: 2b:e5:f7:1c:4e:f6:5e:f4:8a:e0:66:03:f7:83:02: d6:0f:40:09:2e:40:2e:60:49:f3:dd:05:df:06:0b: 67:88:89:98:24:3d:f5:01:07:3c:a3:aa:ae:e7:4e: 70:d0:88:36:19:14:da:b7:2e:b5:a1:4b:8b:fa:0c: 28:f2:70:8c:46:fc:59:ff:cb:1a:ec:c8:24:8d:e9: c2:21:08:fd:e0:e6:8e:e8:57:9d:49:c9:70:4a:20: 7d:c2:9f:91:2d:ba:b9:cf:4f:29:29:1c:48:f6:b3: f0:97:7b:5e:87:ec:dc:68:51:c9:f1:e9:c4:71:10: b2:cd:ea:8a:09:52:1d:51:06:9a:86:91:e3:fd:2f: c0:43:e4:e2:5b:b4:d3:27:f6:2a:66:60:1f:9b:d5: 53:06:0c:14:6c:cb:b0:79:c4:41:ae:80:0e:1c:5b: a4:7d:20:7f:0f:33:97:85:59:02:5a:18:8e:8c:be: 8a:fb:af:51:9f:52:28:a0:14:6e:c6:32:5a:44:14:
Re: libssl 1.0.1 breaking program
On Wed, Jun 26, 2013 at 05:29:52PM +0200, Marios Makassikis wrote: By enabling debug information in the program, I was able to obtain these error messages: pppd[2236]: EAP-TLS SSL error stack: pppd[2236]: error:0D0C5006:asn1 encoding routines:ASN1_item_verify:EVP lib and err: 7 (certificate signature failure) The error certificate signature failure happens only when the public key of an issuer certificate in the chain does not generate a matching signature for its child certificate. Either the trust store (CAfile, CApath, ...) certificates are not identical in the two test cases, or one of the two parties sends a different chain, or the handshake is somehow corrupted. crypto/x509/x509_vfy.c: internal_verify(): ... else if (X509_verify(xs,pkey) = 0) { ctx-error=X509_V_ERR_CERT_SIGNATURE_FAILURE; Look closely with wireshark at the chains captured on the machine where the error is detected. Are the peer certificate chains the same in every detail between the two library versions? Are both cases using compression? Any other differences? -- Viktor. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: OpenSSL FIPS Capable and No Fingerprint
This was tracked down to the makefile's `install` rule. The rule builds components rather than only copying the executable and axillary files. The original `install` rule (fails the fingerprint check): install: all install_docs install_sw The modified `install` rule (passes the fingerprint check): install: install_docs install_sw Once the rule was changed, dynamic linking to the shared object worked as expected: $ adb shell shell@android: $ cd /data/local/tmp shell@android: $ LD_LIBRARY_PATH=./; ./fips-test.exe .rodata start: 0x401a4820 .rodata end: 0x401ae9e4 .text start: 0x400911c0 .text end: 0x400d03fc Embedded: e1696e03f17341b925a1933b23c3b13856610728 Calculated: e1696e03f17341b925a1933b23c3b13856610728 Attempting to enable FIPS mode FIPS mode enabled We still need the `sudo -E` with arguments during install since the makefile does not specify full pathnames: sudo -E make install \ CC=$ANDROID_TOOLCHAIN/arm-linux-androideabi-gcc \ RANLIB=$ANDROID_TOOLCHAIN/arm-linux-androideabi-ranlib \ On Tue, Jun 25, 2013 at 8:46 PM, Jeffrey Walton noloa...@gmail.com wrote: Hi All, When linking to the FIPS Capable shared object, the program fails its fingerprint check: $ arm-linux-androideabi-gcc --sysroot=$ANDROID_SYSROOT -I/usr/local/ssl/android-14/include fips_hmac.c -o fips_hmac.exe /usr/local/ssl/android-14/lib/libcrypto.so.1.0.0 $ adb push /usr/local/ssl/android-14/lib/libcrypto.so.1.0.0 /data/local/tmp/ 827 KB/s (2154388 bytes in 2.541s) $ adb push fips_hmac.exe /data/local/tmp/ 64 KB/s (6884 bytes in 0.103s) $ adb shell shell@android: $ cd /data/local/tmp 255|shell@android: $ LD_LIBRARY_PATH=./; ./fips_hmac.exe -v * Attempting FIPS mode... 1076692172:error:2D06B06F:FIPS routines:FIPS_check_incore_fingerprint:fingerprint does not match:fips.c:232: 2|shell@android:/data/local/tmp $ Any ideas why the signature would be in the BSS (initialized to 0): $ arm-linux-androideabi-objdump -T libcrypto.so.1.0.0 | grep -i FIPS_signature 001a9668 gDO .bss 0014 FIPS_signature Should I be running fipsld somewhere (I thought that was done for the shared object during make). Below are the steps used to build the FIPS Object Module and FIPS Capable. Jeff FIPS Object Module * . ./setenv-android.sh cd openssl-fips-2.0.4/ ./config make sudo make install sudo mv /usr/local/ssl/fips-2.0/ /usr/local/ssl/$ANDROID_API sudo cp $FIPS_SIG /usr/local/ssl/$ANDROID_API/bin * FIPS Capable * . ./setenv-android.sh cd openssl-1.0.1e/ ./config fips shared -no-sslv2 -no-sslv3 -no-comp -no-hw -no-engines --openssldir=/usr/local/ssl/$ANDROID_API --with-fipsdir=/usr/local/ssl/$ANDROID_API --with-fipslibdir=/usr/local/ssl/$ANDROID_API/lib/ make depend make all sudo -E make install CC=$ANDROID_TOOLCHAIN/arm-linux-androideabi-gcc RANLIB=$ANDROID_TOOLCHAIN/arm-linux-androideabi-ranlib __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Sign with PKCS8
Hi, I have the public and the private key for ECDSA on secp128r1 in a file stored in PKCS8 format (saved with Crypto++; it is PKCS8 according to the Docu). I can create a signature without an error but unfortunately it is not validated successfully with my Crypto++ app: $ cat testakt.txt | openssl dgst -ecdsa-with-SHA1 -sign test.key -keyform DER act.bin On the other hand, if I want to check a signature, I cannot even open the (public) key file: $ cat testakt.txt | openssl dgst -sha1 -verify activation.pub -signature act.bin unable to load key file Though I am not sure I assume that openssl does not accept PKCS8. Can anyone tell me how openssl can read PKCS8 or if the problem is somewhere else? Thanks, Luke __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: Sign with PKCS8
From: owner-openssl-us...@openssl.org On Behalf Of Lukas Haase Sent: Tuesday, 25 June, 2013 19:13 I have the public and the private key for ECDSA on secp128r1 in a file stored in PKCS8 format (saved with Crypto++; it is PKCS8 according to the Docu). I can create a signature without an error but unfortunately it is not validated successfully with my Crypto++ app: $ cat testakt.txt | openssl dgst -ecdsa-with-SHA1 -sign test.key -keyform DER act.bin On the other hand, if I want to check a signature, I cannot even open the (public) key file: $ cat testakt.txt | openssl dgst -sha1 -verify activation.pub -signature act.bin unable to load key file What exactly is in activation.pub? If it's a public-key-only (aka public half, suitable for distribution), it can't be PKCS8; the most common format for public is X.509 SubjectPublicKeyInfo, which openssl calls PUBKEY. If that file is PUBKEY in PEM that command should work; if it is PUBKEY in DER you need -keyform der; if it's not PUBKEY at all explain what it is. If it's actually a keypair (private+public) in PKCS8 and you want to use the public half to verify, use -prverify. Though I am not sure I assume that openssl does not accept PKCS8. Can anyone tell me how openssl can read PKCS8 or if the problem is somewhere else? OpenSSL can read and write clear and encrypted PKCS8 in PEM or DER, in library and commandline pkcs8 (since a long time) and the pkey* utilities (since 1.0.0). Commandline dgst can read either PEM or clear DER, but only when expecting a private key/keypair, which it is for -sign and -prverify but not -verify. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
openssl-1.0.1e build error for CE 6.0
Hello, Getting following error when trying to build openssl-1.0.1e for Win CE Compiling using visual studio 2005 command prompt. cl.exe /Fotmp32dll_X86\b_sock.obj -Iinc32 -Itmp32dll_X86 /MC /O1i /W3 / WX /GF /Gy /nologo -DUNICODE -D_UNICODE -DOPENSSL_SYSNAME_WINCE -DWIN32_LEAN_AND _MEAN -DL_ENDIAN -DDSO_WIN32 -DNO_CHMOD -DOPENSSL_SMALL_FOOTPRINT -D_WIN32_WCE=6 00 -DUNDER_CE=600 -DWCE_PLATFORM_DO_X86_600 -Dx86 -D_X86_ -D_i386_ -Di_386_ -ID: \wcecompat/include -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL _NO_JPAKE -DOPENSSL_NO_STATIC_ENGINE /Zi /Fdtmp32dll_X86/lib -D_WINDLL -D_DLL - DOPENSSL_BUILD_SHLIBCRYPTO -c .\crypto\bio\b_sock.c cl : Command line warning D9002 : ignoring unknown option '/MC' b_sock.c .\crypto\bio\b_sock.c(629) : error C2079: 'sa_in6' uses undefined struct 'sockaddr_in6' .\crypto\bio\b_sock.c(776) : error C2224: left of '.sin6_addr' must have struct/union type .\crypto\bio\b_sock.c(776) : error C2224: left of '.sin6_addr' must have struct/union type .\crypto\bio\b_sock.c(776) : error C2168: 'memset' : too few actual parameters for intrinsic function .\crypto\bio\b_sock.c(777) : error C2224: left of '.sin6_addr' must have struct/union type .\crypto\bio\b_sock.c(861) : error C2079: 'sa_in6' uses undefined struct 'sockaddr_in6' NMAKE : fatal error U1077: 'D:\Program Files\Microsoft Visual Studio 8\VC\bin\cl.exe' : return code '0x2' Regards Balaji