date:20190716

Re: RSA digital signature verification failure with openssl 1.1.0j

2019-07-16 Thread Ying

I found that if the signing and verification are all done by command line or
all done by API, the verification will pass. But if cross, then failed. Any
default configuration are different?



--
Sent from: http://openssl.6102.n7.nabble.com/OpenSSL-User-f3.html

RSA digital signature verification failure with openssl 1.1.0j

2019-07-16 Thread Ying

I am working on the upgrade my program written 4 years before with updated
openssl version 1.1.0j from 1.0.1e. There are so many changes between the
two versions. I updated my code with 1.1.0 API, but it failed and I cannot
figure out the reason. 

The RSA key pair and message signature are generated with openssl command
line as follows,

key generation and cert generation
$openssl req -new -keyout private/userkey.pem -out usercert-req.pem -config
./openssl.cnf
$openssl ca -in usercert-req.pem -out newcerts/usercert.pem -days 180
-config ./openssl.cnf

Sign.
openssl dgst -sha256 -sign userkey.pem -out signature.binary msg 
openssl dgst -hex -sha256 -sign userkey.pem -out signature.hex msg 


//get public key from cert
openssl x509 -pubkey -noout -in usercert.pem  > pubkey.pem

Verify
openssl dgst -sha256 -verify pubkey.pem -signature signature.binary msg

The result is verification OK

But I have to use the API to verify the signature in hex format, and the
result is verification failure. Can anyone help me to figure out the
problem.  The code first loads the certification and retrieve the public key
from certificate into EVP_PKEY, and then translate the hex digest (messasge)
to binary format, and use
EVP_DigestVerifyInitial/EVP_DigestVerifyUpdate/EVP_DigestVerifyFinal to
verify the signature.

It works in openssl 1.01e, and I tried to update the related functions in
the 1.1.0version, it still fails. Am I missing something in the new version?

This is the C code I am using:

#include 
#include 
#include 
#include 

#include 
#include 
#include 
#include 
#include 

#include 
#include 
#include 
#include 
#include 

int hex_to_bin(char ch)
{
if ((ch >= '0') && (ch <= '9'))
return ch - '0';
if ((ch >= 'a') && (ch <= 'f'))
return ch - 'a' + 0x0A;
if ((ch >= 'A') && (ch <= 'F'))
return ch - 'A' + 0x0A;
return -1;
}


int hex2bin(unsigned char *dst, const char *src, unsigned count)
{
while (count--) {
int hi = hex_to_bin(*src++);
int lo = hex_to_bin(*src++);

if ((hi < 0) || (lo < 0))
return -1;

*dst++ = (hi << 4) | lo;
}
return 0;
}


int main() {

FILE *fp;
X509 *x509 = NULL;
EVP_PKEY *pkey = NULL;
unsigned char *sigbuf = NULL;
unsigned char md[32];
unsigned char *digest = NULL;

unsigned int i, siglen = 0;

siglen = 128;

char line[siglen * 2 + 3];
char *buf;
int num = 0; //number of license


const char cert_filestr[] = "./cert.pem";
const char license_filename_str[] = "./signature";
const char digest_filename_str[] = "./digest";

//
//load certificate and get pub key
//***
//OpenSSL_add_all_algorithms();
//ERR_load_crypto_strings();


fp = fopen(cert_filestr, "r");
if (!fp) {
printf("Error opening certificate file \n");
return -1;
}
x509 = PEM_read_X509(fp, NULL, NULL, NULL);
fclose(fp);

pkey = X509_get_pubkey(x509);
if(!pkey){
printf("Fail to create pkey!");
return -1;
}   

//*
//
//load license.info (digest)
//
//

fp =fopen(digest_filename_str, "r");
if(!fp)
{   
  printf("Error opening digest file\n");
  return -1;
}

digest = (unsigned char*)malloc(64+10);
digest = fgets(line, sizeof(line), fp);
fclose(fp);



//*
//
//load license.key (signature)
//
//
//
fp = fopen(license_filename_str, "r");
if (!fp) {
printf("Error opening license file \n");
return -1;
}

//**
//change the sigature format from Hex to Binary
//
fp = fopen(license_filename_str, "r");

unsigned int len = siglen ;
sigbuf = (unsigned char*)malloc(len);


if((buf = fgets(line, sizeof(line), fp)) != NULL) 
   {

printf("*Retrieved line of length %d :\n", 
(int)strlen(buf));
printf("*signature**\n%s", buf);
hex2bin(sigbuf , buf, siglen);

}
fclose(fp);


//**
//
//verify signature
//
//

Re: Errors building 1.1.1 on RHEL 7

2019-07-16 Thread Mark Richter

I removed the directory, re-untarred the source, ran 'make clean', then 'make', 
then 'make TESTS=test_dsa V=1 test':

[root@sfsdr220d openssl-1.1.1]# make TESTS=test_dsa V=1 test
make depend && make _tests
make[1]: Entering directory `/tmp/openssl-1.1.1'
make[1]: Leaving directory `/tmp/openssl-1.1.1'
make[1]: Entering directory `/tmp/openssl-1.1.1'
( cd test; \
  mkdir -p test-runs; \
  SRCTOP=../. \
  BLDTOP=../. \
  RESULT_D=test-runs \
  PERL="/usr/bin/perl" \
  EXE_EXT= \
  OPENSSL_ENGINES=`cd .././engines 2>/dev/null && pwd` \
  OPENSSL_DEBUG_MEMORY=on \
/usr/bin/perl .././test/run_tests.pl test_dsa )
/tmp/openssl-1.1.1/test
../test/recipes/15-test_dsa.t ..
1..6
ok 1 - require '../../test/recipes/tconversion.pl';
# Subtest: ../../test/dsatest
1..1
ok 1 - dsa_test
../../util/shlib_wrap.sh ../../test/dsatest => 0
ok 2 - running dsatest
# Subtest: ../../test/dsa_no_digest_size_test
1..3
ok 1 - dsa_exact_size_test
ok 2 - dsa_small_digest_test
ok 3 - dsa_large_digest_test
../../util/shlib_wrap.sh ../../test/dsa_no_digest_size_test => 0
ok 3 - running dsa_no_digest_size_test
1..10
ok 1 - initializing
read DSA key
writing DSA key
../../util/shlib_wrap.sh ../../apps/openssl dsa -in dsa-fff.p -inform p -out 
dsa-f.d -outform d => 0
ok 2 - p -> d
read DSA key
writing DSA key
../../util/shlib_wrap.sh ../../apps/openssl dsa -in dsa-fff.p -inform p -out 
dsa-f.p -outform p => 0
ok 3 - p -> p
read DSA key
writing DSA key
../../util/shlib_wrap.sh ../../apps/openssl dsa -in dsa-f.d -inform d -out 
dsa-ff.dd -outform d => 0
ok 4 - d -> d
read DSA key
writing DSA key
../../util/shlib_wrap.sh ../../apps/openssl dsa -in dsa-f.p -inform p -out 
dsa-ff.pd -outform d => 0
ok 5 - p -> d
read DSA key
writing DSA key
../../util/shlib_wrap.sh ../../apps/openssl dsa -in dsa-f.d -inform d -out 
dsa-ff.dp -outform p => 0
ok 6 - d -> p
read DSA key
writing DSA key
../../util/shlib_wrap.sh ../../apps/openssl dsa -in dsa-f.p -inform p -out 
dsa-ff.pp -outform p => 0
ok 7 - p -> p
ok 8 - comparing orig to p
ok 9 - comparing p to dp
ok 10 - comparing p to pp
ok 4 - dsa conversions -- private key
1..10
../../util/shlib_wrap.sh ../../apps/openssl pkey -in ../../test/testdsa.pem 
-out dsa-fff.p => 0
ok 1 - initializing
../../util/shlib_wrap.sh ../../apps/openssl pkey -in dsa-fff.p -inform p -out 
dsa-f.d -outform d => 0
ok 2 - p -> d
../../util/shlib_wrap.sh ../../apps/openssl pkey -in dsa-fff.p -inform p -out 
dsa-f.p -outform p => 0
ok 3 - p -> p
../../util/shlib_wrap.sh ../../apps/openssl pkey -in dsa-f.d -inform d -out 
dsa-ff.dd -outform d => 0
ok 4 - d -> d
../../util/shlib_wrap.sh ../../apps/openssl pkey -in dsa-f.p -inform p -out 
dsa-ff.pd -outform d => 0
ok 5 - p -> d
../../util/shlib_wrap.sh ../../apps/openssl pkey -in dsa-f.d -inform d -out 
dsa-ff.dp -outform p => 0
ok 6 - d -> p
../../util/shlib_wrap.sh ../../apps/openssl pkey -in dsa-f.p -inform p -out 
dsa-ff.pp -outform p => 0
ok 7 - p -> p
ok 8 - comparing orig to p
ok 9 - comparing p to dp
ok 10 - comparing p to pp
ok 5 - dsa conversions -- private key PKCS\#8
1..20
ok 1 - initializing
read DSA key
writing DSA key
../../util/shlib_wrap.sh ../../apps/openssl dsa -pubin -pubout -in msb-fff.p 
-inform p -out msb-f.d -outform d => 0
ok 2 - p -> d
read DSA key
writing DSA key
../../util/shlib_wrap.sh ../../apps/openssl dsa -pubin -pubout -in msb-fff.p 
-inform p -out msb-f.p -outform p => 0
ok 3 - p -> p
read DSA key
writing DSA key
../../util/shlib_wrap.sh ../../apps/openssl dsa -pubin -pubout -in msb-fff.p 
-inform p -out msb-f.msblob -outform msblob => 0
ok 4 - p -> msblob
read DSA key
writing DSA key
../../util/shlib_wrap.sh ../../apps/openssl dsa -pubin -pubout -in msb-f.d 
-inform d -out msb-ff.dd -outform d => 0
ok 5 - d -> d
read DSA key
writing DSA key
../../util/shlib_wrap.sh ../../apps/openssl dsa -pubin -pubout -in msb-f.p 
-inform p -out msb-ff.pd -outform d => 0
ok 6 - p -> d
read DSA key
writing DSA key
../../util/shlib_wrap.sh ../../apps/openssl dsa -pubin -pubout -in msb-f.msblob 
-inform msblob -out msb-ff.msblobd -outform d => 0
ok 7 - msblob -> d
read DSA key
writing DSA key
../../util/shlib_wrap.sh ../../apps/openssl dsa -pubin -pubout -in msb-f.d 
-inform d -out msb-ff.dp -outform p => 0
ok 8 - d -> p
read DSA key
writing DSA key
../../util/shlib_wrap.sh ../../apps/openssl dsa -pubin -pubout -in msb-f.p 
-inform p -out msb-ff.pp -outform p => 0
ok 9 - p -> p
read DSA key
writing DSA key
../../util/shlib_wrap.sh ../../apps/openssl dsa -pubin -pubout -in msb-f.msblob 
-inform msblob -out msb-ff.msblobp -outform p => 0
ok 10 - msblob -> p
read DSA key
writing DSA key
../../util/shlib_wrap.sh ../../apps/openssl dsa -pubin -pubout -in msb-f.d 
-inform d -out msb-ff.dmsblob -outform msblob => 0
ok 11 - d -> msblob
read DSA key
writing DSA key
../../util/shlib_wrap.sh ../../apps/openssl

Re: Errors building 1.1.1 on RHEL 7

2019-07-16 Thread Matt Caswell




On 16/07/2019 22:23, Mark Richter wrote:
> After I built version 1.1.1 on RHEL 7, I got these errors at the end of the 
> 'make test.'  What do they mean?
> 
> 
> Test Summary Report
> ---
> ../test/recipes/15-test_dsa.t(Wstat: 768 Tests: 6 Failed: 
> 3)
>   Failed tests:  4-6
>   Non-zero exit status: 3

Looks like something fundamentally wrong to get this many errors (guess: perl
version is too low?)

Please run:

make TESTS=test_dsa V=1 test

Also lets see the output from:

perl -v

Matt


> ../test/recipes/15-test_ec.t (Wstat: 768 Tests: 5 Failed: 
> 3)
>   Failed tests:  3-5
>   Non-zero exit status: 3
> ../test/recipes/15-test_genrsa.t (Wstat: 1024 Tests: 5 
> Failed: 4)
>   Failed tests:  2-5
>   Non-zero exit status: 4
> ../test/recipes/15-test_mp_rsa.t (Wstat: 7680 Tests: 31 
> Failed: 30)
>   Failed tests:  2-31
>   Non-zero exit status: 30
> ../test/recipes/15-test_out_option.t (Wstat: 256 Tests: 4 Failed: 
> 1)
>   Failed test:  2
>   Non-zero exit status: 1
> ../test/recipes/15-test_rsa.t(Wstat: 768 Tests: 6 Failed: 
> 3)
>   Failed tests:  4-6
>   Non-zero exit status: 3
> ../test/recipes/15-test_rsapss.t (Wstat: 512 Tests: 5 Failed: 
> 2)
>   Failed tests:  1, 5
>   Non-zero exit status: 2
> ../test/recipes/20-test_enc.t(Wstat: 256 Tests: 87 
> Failed: 1)
>   Failed test:  2
>   Non-zero exit status: 1
>   Parse errors: Bad plan.  You planned 172 tests but ran 87.
> ../test/recipes/20-test_enc_more.t   (Wstat: 256 Tests: 137 
> Failed: 1)
>   Failed test:  2
>   Non-zero exit status: 1
> ../test/recipes/25-test_crl.t(Wstat: 768 Tests: 7 Failed: 
> 3)
>   Failed tests:  2, 6-7
>   Non-zero exit status: 3
> ../test/recipes/25-test_pkcs7.t  (Wstat: 512 Tests: 3 Failed: 
> 2)
>   Failed tests:  2-3
>   Non-zero exit status: 2
> ../test/recipes/25-test_req.t(Wstat: 1024 Tests: 9 
> Failed: 4)
>   Failed tests:  2, 7-9
>   Non-zero exit status: 4
> ../test/recipes/25-test_sid.t(Wstat: 256 Tests: 2 Failed: 
> 1)
>   Failed test:  2
>   Non-zero exit status: 1
> ../test/recipes/25-test_x509.t   (Wstat: 1792 Tests: 9 
> Failed: 7)
>   Failed tests:  2-8
>   Non-zero exit status: 7
> ../test/recipes/40-test_rehash.t (Wstat: 65280 Tests: 0 
> Failed: 0)
>   Non-zero exit status: 255
>   Parse errors: Bad plan.  You planned 4 tests but ran 0.
> ../test/recipes/60-test_x509_store.t (Wstat: 65280 Tests: 0 
> Failed: 0)
>   Non-zero exit status: 255
>   Parse errors: Bad plan.  You planned 3 tests but ran 0.
> ../test/recipes/80-test_ca.t (Wstat: 256 Tests: 5 Failed: 
> 1)
>   Failed test:  1
>   Non-zero exit status: 1
> ../test/recipes/80-test_cms.t(Wstat: 1024 Tests: 4 
> Failed: 4)
>   Failed tests:  1-4
>   Non-zero exit status: 4
> ../test/recipes/80-test_ocsp.t   (Wstat: 512 Tests: 11 
> Failed: 2)
>   Failed tests:  1, 10
>   Non-zero exit status: 2
> ../test/recipes/80-test_ssl_new.t(Wstat: 6912 Tests: 27 
> Failed: 27)
>   Failed tests:  1-27
>   Non-zero exit status: 27
> ../test/recipes/80-test_ssl_old.t(Wstat: 1536 Tests: 6 
> Failed: 6)
>   Failed tests:  1-6
>   Non-zero exit status: 6
> ../test/recipes/80-test_tsa.t(Wstat: 3328 Tests: 0 
> Failed: 0)
>   Non-zero exit status: 13
>   Parse errors: Bad plan.  You planned 20 tests but ran 0.
> ../test/recipes/90-test_store.t  (Wstat: 3328 Tests: 0 
> Failed: 0)
>   Non-zero exit status: 13
>   Parse errors: Bad plan.  You planned 209 tests but ran 0.
> Files=152, Tests=850, 30 wallclock secs ( 0.38 usr  0.10 sys + 31.02 cusr  
> 4.55 csys = 36.05 CPU)
> Result: FAIL
> make[1]: *** [_tests] Error 1
> make[1]: Leaving directory `/home/mrichter/bin/openssl-1.1.1'
> make: *** [tests] Error 2
> 
> ?
> 
> 
> Mark Richter | Senior Staff Engineer
> SolarFlare Communications, Inc. | 
> www.Solarflare.com
> 9444 Waples Street, #170, San Diego, CA  92121
> Mobile: +1 949-632-8403
> [Description: Description: cid:EC628FDE-ACA6-4F34-A8AE-E1F672D4E395]
> The information contained in this message is confidential and is intended for 
> the addressee(s) only. If you have received this message in error, please 
> notify the sender immediately and delete the message. Unless you are an 
> addressee (or authorized to receive for an addressee), you may not use, copy 
> or disclose to anyone this message or any information contained in this 
> message. The unauthorized use, disclosure, copying or alteration of this 
> message is strictly prohibited.
>

Re: Errors building 1.1.1 on RHEL 7

2019-07-16 Thread Viktor Dukhovni

On Tue, Jul 16, 2019 at 09:23:32PM +, Mark Richter wrote:

> After I built version 1.1.1 on RHEL 7, I got these errors at the end of the 
> 'make test.'  What do they mean?

The test scripts exited with non-zero exit codes.

> Test Summary Report
> ---
> ../test/recipes/15-test_dsa.t(Wstat: 768 Tests: 6 Failed: 
> 3)
>   Failed tests:  4-6
>   Non-zero exit status: 3

> ../test/recipes/20-test_enc.t(Wstat: 256 Tests: 87 
> Failed: 1)
>   Failed test:  2
>   Non-zero exit status: 1
>   Parse errors: Bad plan.  You planned 172 tests but ran 87.

Something looks wrong with your build.

> Files=152, Tests=850, 30 wallclock secs ( 0.38 usr  0.10 sys + 31.02 cusr  
> 4.55 csys = 36.05 CPU)
> Result: FAIL

Insufficient detail, but make sure the directory is "clean" before
you do the build. And post the build options in future problem
reports.  IIRC, you can use "make V=1 ..." to get more verbose test
output.

-- 
Viktor.

Errors building 1.1.1 on RHEL 7

2019-07-16 Thread Mark Richter

After I built version 1.1.1 on RHEL 7, I got these errors at the end of the 
'make test.'  What do they mean?


Test Summary Report
---
../test/recipes/15-test_dsa.t(Wstat: 768 Tests: 6 Failed: 3)
  Failed tests:  4-6
  Non-zero exit status: 3
../test/recipes/15-test_ec.t (Wstat: 768 Tests: 5 Failed: 3)
  Failed tests:  3-5
  Non-zero exit status: 3
../test/recipes/15-test_genrsa.t (Wstat: 1024 Tests: 5 Failed: 
4)
  Failed tests:  2-5
  Non-zero exit status: 4
../test/recipes/15-test_mp_rsa.t (Wstat: 7680 Tests: 31 Failed: 
30)
  Failed tests:  2-31
  Non-zero exit status: 30
../test/recipes/15-test_out_option.t (Wstat: 256 Tests: 4 Failed: 1)
  Failed test:  2
  Non-zero exit status: 1
../test/recipes/15-test_rsa.t(Wstat: 768 Tests: 6 Failed: 3)
  Failed tests:  4-6
  Non-zero exit status: 3
../test/recipes/15-test_rsapss.t (Wstat: 512 Tests: 5 Failed: 2)
  Failed tests:  1, 5
  Non-zero exit status: 2
../test/recipes/20-test_enc.t(Wstat: 256 Tests: 87 Failed: 
1)
  Failed test:  2
  Non-zero exit status: 1
  Parse errors: Bad plan.  You planned 172 tests but ran 87.
../test/recipes/20-test_enc_more.t   (Wstat: 256 Tests: 137 Failed: 
1)
  Failed test:  2
  Non-zero exit status: 1
../test/recipes/25-test_crl.t(Wstat: 768 Tests: 7 Failed: 3)
  Failed tests:  2, 6-7
  Non-zero exit status: 3
../test/recipes/25-test_pkcs7.t  (Wstat: 512 Tests: 3 Failed: 2)
  Failed tests:  2-3
  Non-zero exit status: 2
../test/recipes/25-test_req.t(Wstat: 1024 Tests: 9 Failed: 
4)
  Failed tests:  2, 7-9
  Non-zero exit status: 4
../test/recipes/25-test_sid.t(Wstat: 256 Tests: 2 Failed: 1)
  Failed test:  2
  Non-zero exit status: 1
../test/recipes/25-test_x509.t   (Wstat: 1792 Tests: 9 Failed: 
7)
  Failed tests:  2-8
  Non-zero exit status: 7
../test/recipes/40-test_rehash.t (Wstat: 65280 Tests: 0 Failed: 
0)
  Non-zero exit status: 255
  Parse errors: Bad plan.  You planned 4 tests but ran 0.
../test/recipes/60-test_x509_store.t (Wstat: 65280 Tests: 0 Failed: 
0)
  Non-zero exit status: 255
  Parse errors: Bad plan.  You planned 3 tests but ran 0.
../test/recipes/80-test_ca.t (Wstat: 256 Tests: 5 Failed: 1)
  Failed test:  1
  Non-zero exit status: 1
../test/recipes/80-test_cms.t(Wstat: 1024 Tests: 4 Failed: 
4)
  Failed tests:  1-4
  Non-zero exit status: 4
../test/recipes/80-test_ocsp.t   (Wstat: 512 Tests: 11 Failed: 
2)
  Failed tests:  1, 10
  Non-zero exit status: 2
../test/recipes/80-test_ssl_new.t(Wstat: 6912 Tests: 27 Failed: 
27)
  Failed tests:  1-27
  Non-zero exit status: 27
../test/recipes/80-test_ssl_old.t(Wstat: 1536 Tests: 6 Failed: 
6)
  Failed tests:  1-6
  Non-zero exit status: 6
../test/recipes/80-test_tsa.t(Wstat: 3328 Tests: 0 Failed: 
0)
  Non-zero exit status: 13
  Parse errors: Bad plan.  You planned 20 tests but ran 0.
../test/recipes/90-test_store.t  (Wstat: 3328 Tests: 0 Failed: 
0)
  Non-zero exit status: 13
  Parse errors: Bad plan.  You planned 209 tests but ran 0.
Files=152, Tests=850, 30 wallclock secs ( 0.38 usr  0.10 sys + 31.02 cusr  4.55 
csys = 36.05 CPU)
Result: FAIL
make[1]: *** [_tests] Error 1
make[1]: Leaving directory `/home/mrichter/bin/openssl-1.1.1'
make: *** [tests] Error 2

?


Mark Richter | Senior Staff Engineer
SolarFlare Communications, Inc. | www.Solarflare.com
9444 Waples Street, #170, San Diego, CA  92121
Mobile: +1 949-632-8403
[Description: Description: cid:EC628FDE-ACA6-4F34-A8AE-E1F672D4E395]
The information contained in this message is confidential and is intended for 
the addressee(s) only. If you have received this message in error, please 
notify the sender immediately and delete the message. Unless you are an 
addressee (or authorized to receive for an addressee), you may not use, copy or 
disclose to anyone this message or any information contained in this message. 
The unauthorized use, disclosure, copying or alteration of this message is 
strictly prohibited.

Server Binary Mode: open files requested by the client in binary mode

2019-07-16 Thread chabboud

I am trying to set up a server from which I can download binary files. 
However, I can only download text files. If I try to download binary files,
I only receive the first few hundred bytes.

Using options:
openssl s_server -key key.pem -cert cert.pem -accept 4443 -WWW

The master Manual lists option: -http_server_binmode
/"When acting as web-server (using option -WWW or -HTTP) open files
requested by the client in binary mode."/

This option sounds like exactly what I need but it is not available in the
latest release.  How can I make the server open files in binary mode?

I am running OpenSSL 1.1.1c for Windows.



--
Sent from: http://openssl.6102.n7.nabble.com/OpenSSL-User-f3.html

Re: RSA digital signature verification failure with openssl 1.1.0j

RSA digital signature verification failure with openssl 1.1.0j

Re: Errors building 1.1.1 on RHEL 7

Re: Errors building 1.1.1 on RHEL 7

Re: Errors building 1.1.1 on RHEL 7

Errors building 1.1.1 on RHEL 7

Server Binary Mode: open files requested by the client in binary mode

7 matches

Site Navigation

Mail list logo

Footer information