RE: Signature verification fails with block type is not 01
Hello, I used the below mentioned test program. Theses were the results from the same. There was a core file created. The pstack of core is shown below. bash-2.03# openssl genrsa -out rsa.pem 2048 Generating RSA private key, 2048 bit long modulus .^C bash-2.03# cksum openssl 3693318708 2633912 openssl bash-2.03# ldd openssl libsocket.so.1 =/usr/lib/libsocket.so.1 libnsl.so.1 = /usr/lib/libnsl.so.1 libdl.so.1 =/usr/lib/libdl.so.1 libc.so.1 = /usr/lib/libc.so.1 libmp.so.2 =/usr/lib/libmp.so.2 /usr/platform/SUNW,Sun-Fire-280R/lib/libc_psr.so.1 bash-2.03# ls -l /usr/lib/libsocket.so.1 /usr/lib/libnsl.so.1 /usr/lib/libc.so.1 /usr/lib/libmp.so.2 /usr/platform/SUNW,Sun-Fire-280R/lib/libc_psr.so.1 -rwxr-xr-x 1 root bin 1158072 Jul 31 2006 /usr/lib/libc.so.1 -rwxr-xr-x 1 root bin24968 Jan 6 2000 /usr/lib/libmp.so.2 -rwxr-xr-x 1 root bin 920100 Jul 31 2006 /usr/lib/libnsl.so.1 -rwxr-xr-x 1 root bin70864 Nov 3 2001 /usr/lib/libsocket.so.1 lrwxrwxrwx 1 root root 33 Oct 3 2006 /usr/platform/SUNW,Sun-Fire-280R/lib/libc_psr.so.1 - ../../sun4u-us3/lib/libc_psr.so.1 bash-2.03# ls -la total 6000 drwxr-xr-x 2 root other646 Oct 17 04:50 . drwxr-xr-x 3 root other385 Oct 17 04:45 .. -rw--- 1 root other 383792 Oct 17 04:50 core -rw-r--r-- 1 root other 0 Oct 17 04:50 file.sig -rw-r--r-- 1 root other 15 Oct 17 04:50 file.txt -rwxr-xr-x 1 root other2633912 Oct 15 20:01 openssl -rw-r--r-- 1 root other 0 Oct 17 04:47 rsa.pem -rw-r--r-- 1 root other350 Oct 15 20:02 test_client.sh -rwxr-xr-x 1 root other 2332 Oct 15 20:01 test_rsa.sh -rw-r--r-- 1 root other 2097 Oct 15 20:01 test_server.sh bash-2.03# pstack core core 'core' of 7979:openssl genrsa -out rsa.pem 2048 000b5428 bn_mul_add_words (1f4ea8, 1ec470, 8, 7b55419a, 6432bff9, 5f6d1513) + 94 000b7f80 BN_from_montgomery (1eb76c, 1ec420, 1f, 1eb648, 0, 0) + 1bc 000b7d84 BN_mod_mul_montgomery (1eb76c, 1eb76c, 1eb76c, 1ec3d0, 1eb648, 0) + 68 00152178 BN_mod_exp_mont (1eb744, 161, 1eb730, 0, 1eb648, 1ec3d0) + 398 000b4e7c BN_is_prime_fasttest_ex (1db508, , 1eb648, 1db508, ffbef684, 3) + 41c 000b48d8 BN_generate_prime_ex (0, 400, 0, 0, 0, ffbef684) + 2c8 000c4908 rsa_builtin_keygen (1e10f0, 800, 1db468, ffbef684, 400, 1) + 1ec 0004fb44 genrsa_main (1, 18e5c4, 1e0148, 10001, ffbefc24, ffbefd38) + 668 000367cc do_cmd (1e0f60, 4, ffbefc18, f, 1e0fe8, 36ba4) + 40 0003657c main (5, ffbefc14, 1e0f60, ffbefb7c, 1c5010, 1843e0) + 2b0 00036190 _start (0, 0, 0, 0, 0, 0) + 108 bash-2.03# showrev -p |grep 112438 Patch: 112438-02 Obsoletes: Requires: Incompatibles: Packages: SUNWcarx, SUNWcsr, SUNWhea, SUNWmdb, SUNWmdbx Patch: 112438-03 Obsoletes: Requires: Incompatibles: Packages: SUNWcarx, SUNWcsr, SUNWhea, SUNWmdb, SUNWmdbx bash-2.03# uname -a SunOS test.hp.com 5.8 Generic_117350-39 sun4u sparc SUNW,Sun-Fire-280R Regards Ashith -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Marek Marcola Sent: Friday, October 12, 2007 11:48 PM To: openssl-users@openssl.org Subject: RE: Signature verification fails with block type is not 01 Hello, Does anyone have a separate test program where we can test only the signature verification? # openssl genrsa -out rsa.pem 2048 # openssl rsa -in rsa.pem -text -noout # openssl rsa -in rsa.pem -pubout -out rsa-pub.pem # openssl rsa -in rsa-pub.pem -pubin -text -noout # echo test test test file.txt # openssl dgst -sign rsa.pem file.txt file.sig # openssl dgst -verify rsa-pub.pem -signature file.sig file.txt Verified OK Best regards, -- Marek Marcola [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
RE: Signature verification fails with block type is not 01
Has anyone seen this behavior? Any help would be appreciated. Thanks in advance, Regards Ashith -Original Message- From: Belliappa, Ashith Muddiana (HP Software) Sent: Wednesday, October 17, 2007 11:37 AM To: 'openssl-users@openssl.org' Subject: RE: Signature verification fails with block type is not 01 Hello, I used the below mentioned test program. Theses were the results from the same. There was a core file created. The pstack of core is shown below. bash-2.03# openssl genrsa -out rsa.pem 2048 Generating RSA private key, 2048 bit long modulus .^C bash-2.03# cksum openssl 3693318708 2633912 openssl bash-2.03# ldd openssl libsocket.so.1 =/usr/lib/libsocket.so.1 libnsl.so.1 = /usr/lib/libnsl.so.1 libdl.so.1 =/usr/lib/libdl.so.1 libc.so.1 = /usr/lib/libc.so.1 libmp.so.2 =/usr/lib/libmp.so.2 /usr/platform/SUNW,Sun-Fire-280R/lib/libc_psr.so.1 bash-2.03# ls -l /usr/lib/libsocket.so.1 /usr/lib/libnsl.so.1 /usr/lib/libc.so.1 /usr/lib/libmp.so.2 /usr/platform/SUNW,Sun-Fire-280R/lib/libc_psr.so.1 -rwxr-xr-x 1 root bin 1158072 Jul 31 2006 /usr/lib/libc.so.1 -rwxr-xr-x 1 root bin24968 Jan 6 2000 /usr/lib/libmp.so.2 -rwxr-xr-x 1 root bin 920100 Jul 31 2006 /usr/lib/libnsl.so.1 -rwxr-xr-x 1 root bin70864 Nov 3 2001 /usr/lib/libsocket.so.1 lrwxrwxrwx 1 root root 33 Oct 3 2006 /usr/platform/SUNW,Sun-Fire-280R/lib/libc_psr.so.1 - ../../sun4u-us3/lib/libc_psr.so.1 bash-2.03# ls -la total 6000 drwxr-xr-x 2 root other646 Oct 17 04:50 . drwxr-xr-x 3 root other385 Oct 17 04:45 .. -rw--- 1 root other 383792 Oct 17 04:50 core -rw-r--r-- 1 root other 0 Oct 17 04:50 file.sig -rw-r--r-- 1 root other 15 Oct 17 04:50 file.txt -rwxr-xr-x 1 root other2633912 Oct 15 20:01 openssl -rw-r--r-- 1 root other 0 Oct 17 04:47 rsa.pem -rw-r--r-- 1 root other350 Oct 15 20:02 test_client.sh -rwxr-xr-x 1 root other 2332 Oct 15 20:01 test_rsa.sh -rw-r--r-- 1 root other 2097 Oct 15 20:01 test_server.sh bash-2.03# pstack core core 'core' of 7979:openssl genrsa -out rsa.pem 2048 000b5428 bn_mul_add_words (1f4ea8, 1ec470, 8, 7b55419a, 6432bff9, 5f6d1513) + 94 000b7f80 BN_from_montgomery (1eb76c, 1ec420, 1f, 1eb648, 0, 0) + 1bc 000b7d84 BN_mod_mul_montgomery (1eb76c, 1eb76c, 1eb76c, 1ec3d0, 1eb648, 0) + 68 00152178 BN_mod_exp_mont (1eb744, 161, 1eb730, 0, 1eb648, 1ec3d0) + 398 000b4e7c BN_is_prime_fasttest_ex (1db508, , 1eb648, 1db508, ffbef684, 3) + 41c 000b48d8 BN_generate_prime_ex (0, 400, 0, 0, 0, ffbef684) + 2c8 000c4908 rsa_builtin_keygen (1e10f0, 800, 1db468, ffbef684, 400, 1) + 1ec 0004fb44 genrsa_main (1, 18e5c4, 1e0148, 10001, ffbefc24, ffbefd38) + 668 000367cc do_cmd (1e0f60, 4, ffbefc18, f, 1e0fe8, 36ba4) + 40 0003657c main (5, ffbefc14, 1e0f60, ffbefb7c, 1c5010, 1843e0) + 2b0 00036190 _start (0, 0, 0, 0, 0, 0) + 108 bash-2.03# showrev -p |grep 112438 Patch: 112438-02 Obsoletes: Requires: Incompatibles: Packages: SUNWcarx, SUNWcsr, SUNWhea, SUNWmdb, SUNWmdbx Patch: 112438-03 Obsoletes: Requires: Incompatibles: Packages: SUNWcarx, SUNWcsr, SUNWhea, SUNWmdb, SUNWmdbx bash-2.03# uname -a SunOS test.hp.com 5.8 Generic_117350-39 sun4u sparc SUNW,Sun-Fire-280R Regards Ashith -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Marek Marcola Sent: Friday, October 12, 2007 11:48 PM To: openssl-users@openssl.org Subject: RE: Signature verification fails with block type is not 01 Hello, Does anyone have a separate test program where we can test only the signature verification? # openssl genrsa -out rsa.pem 2048 # openssl rsa -in rsa.pem -text -noout # openssl rsa -in rsa.pem -pubout -out rsa-pub.pem # openssl rsa -in rsa-pub.pem -pubin -text -noout # echo test test test file.txt # openssl dgst -sign rsa.pem file.txt file.sig # openssl dgst -verify rsa-pub.pem -signature file.sig file.txt Verified OK Best regards, -- Marek Marcola [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
RE: Signature verification fails with block type is not 01
Hi, We have checked for proper library files usage during the signature verification. Even we have compared the file size of the library used in working and non- working machine and found both are exactly same. Even the checksum matches for the files. In Solaris 5.7 also it works fine. The problem is in only one Solaris 5.8 box. 1) What all shared system library files we need to check which could be the possible reason for getting this error? 2) What are the machine configuration we need to check if that would cause the failure? 3) Is there any specific OS patch that could create an problem? If yes, please let me know. Thanks in advance, Regards Ashith -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of jimmy bahuleyan Sent: Friday, October 12, 2007 5:46 PM To: openssl-users@openssl.org Subject: Re: Signature verification fails with block type is not 01 Belliappa, Ashith Muddiana (HP Software) wrote: Hi, We have complied the code in an Solaris 5.7 machine. We have the same set of binaries working fine in all the Solaris 5.8 machines. I am getting the error ONLY in ONE Solaris 5.8 machine. i believe your saying that the same application code, same set of openssl libraries AND the same signature works on all but one Solaris 5.8. Have you checked that the proper library is picked up on this machine (or if shared libs are used, the proper library is loaded). Could possibly be a machine config issue if all the above hold true.. (I haven't got 5.7 thing. Is it that you have also checked the code on a 5.7 found it to be working properly?) Does anyone have a separate test program where we can test only the signature verification? Regards Ashith -jb -- No snowflake in an avalanche ever feels responsible. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Signature verification fails with block type is not 01
Belliappa, Ashith Muddiana (HP Software) wrote: Hi, We have checked for proper library files usage during the signature verification. Even we have compared the file size of the library used in working and non- working machine and found both are exactly same. Even the checksum matches for the files. In Solaris 5.7 also it works fine. The problem is in only one Solaris 5.8 box. i'm assuming the scenario is: build libs, application on 5.7, test it = works fine. build libs, application on 5.8, test it = works fine except one machine. signature, key is same in all cases. 1) What all shared system library files we need to check which could be the possible reason for getting this error? 2) What are the machine configuration we need to check if that would cause the failure? what I meant was, if your building the application on one particular 5.8 machine and then using it to run on other 5.8s, it could /possibly/ happen that one of the test machines may not have the proper library at the path that you're expecting. If you've already checked all of these, then it shouldn't be a problem. 3) Is there any specific OS patch that could create an problem? If yes, please let me know. Well, wrt to OS patches I assume you're keeping all your machines at the same patch level whatever it maybe. Thanks in advance, Regards Ashith If all of these lead you no where, I'm out of clues. You could probably try debug with the hints provided by Marek earlier. -jb -- No snowflake in an avalanche ever feels responsible. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
RE: Signature verification fails with block type is not 01
Hello, We have the same openssl version in both the machines. Still the problem occurs. My proposition was to check private key modulus and public/certificate modulus to be sure that they are the same. Best regards, -- Marek Marcola [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
RE: Signature verification fails with block type is not 01
Hello, Does anyone have a separate test program where we can test only the signature verification? # openssl genrsa -out rsa.pem 2048 # openssl rsa -in rsa.pem -text -noout # openssl rsa -in rsa.pem -pubout -out rsa-pub.pem # openssl rsa -in rsa-pub.pem -pubin -text -noout # echo test test test file.txt # openssl dgst -sign rsa.pem file.txt file.sig # openssl dgst -verify rsa-pub.pem -signature file.sig file.txt Verified OK Best regards, -- Marek Marcola [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Signature verification fails with block type is not 01
Belliappa, Ashith Muddiana (HP Software) wrote: Hi, We have complied the code in an Solaris 5.7 machine. We have the same set of binaries working fine in all the Solaris 5.8 machines. I am getting the error ONLY in ONE Solaris 5.8 machine. i believe your saying that the same application code, same set of openssl libraries AND the same signature works on all but one Solaris 5.8. Have you checked that the proper library is picked up on this machine (or if shared libs are used, the proper library is loaded). Could possibly be a machine config issue if all the above hold true.. (I haven't got 5.7 thing. Is it that you have also checked the code on a 5.7 found it to be working properly?) Does anyone have a separate test program where we can test only the signature verification? Regards Ashith -jb -- No snowflake in an avalanche ever feels responsible. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Signature verification fails with block type is not 01
On Fri, Oct 12, 2007, Belliappa, Ashith Muddiana (HP Software) wrote: Hi, We have the same openssl version in both the machines. Still the problem occurs. Do you have the same binaries or did you compile it on both machines? If you compiled it try make test on the failing machine if that fails check compiler versions. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
RE: Signature verification fails with block type is not 01
Hi, We have complied the code in an Solaris 5.7 machine. We have the same set of binaries working fine in all the Solaris 5.8 machines. I am getting the error ONLY in ONE Solaris 5.8 machine. Does anyone have a separate test program where we can test only the signature verification? Regards Ashith -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dr. Stephen Henson Sent: Friday, October 12, 2007 4:35 PM To: openssl-users@openssl.org Subject: Re: Signature verification fails with block type is not 01 On Fri, Oct 12, 2007, Belliappa, Ashith Muddiana (HP Software) wrote: Hi, We have the same openssl version in both the machines. Still the problem occurs. Do you have the same binaries or did you compile it on both machines? If you compiled it try make test on the failing machine if that fails check compiler versions. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Signature verification fails with block type is not 01
Hello, We are using openssl 0.9.8d in our environment. In one of the Solaris box we are getting an “block type is not 01” while doing the signature verification. We have compared the openssl (0.9.7l) and openssl (0.9.8d) and found few difference in the signature verification part. We then used openssl 0.9.7l and we get the same error message “block type is not 01. This does occur in only one Solaris box. details of the machine is provided below. If this happens only on one machine and with two different OpenSSL versions then private/public key compatibility may be problem. If you sign with some private key and next you will try to verify with public key not from pair then you will get this error. This error is generated after successful modular exponentation (where public key is used) when try to remove padding is performed. After modular exponentation first byte of result should be 0x01 but is not in this case. Look at private key modulus and public/certificate modulus and check if they are the same. Best regards, -- Marek Marcola [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
RE: Signature verification fails with block type is not 01
Hi, We have the same openssl version in both the machines. Still the problem occurs. Regards Ashith -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Marek Marcola Sent: Thursday, October 11, 2007 10:14 PM To: openssl-users@openssl.org Subject: Re: Signature verification fails with block type is not 01 Hello, We are using openssl 0.9.8d in our environment. In one of the Solaris box we are getting an block type is not 01 while doing the signature verification. We have compared the openssl (0.9.7l) and openssl (0.9.8d) and found few difference in the signature verification part. We then used openssl 0.9.7l and we get the same error message block type is not 01. This does occur in only one Solaris box. details of the machine is provided below. If this happens only on one machine and with two different OpenSSL versions then private/public key compatibility may be problem. If you sign with some private key and next you will try to verify with public key not from pair then you will get this error. This error is generated after successful modular exponentation (where public key is used) when try to remove padding is performed. After modular exponentation first byte of result should be 0x01 but is not in this case. Look at private key modulus and public/certificate modulus and check if they are the same. Best regards, -- Marek Marcola [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]