Hi Openssl developers,
In our product we are using openssl source to some of the security
development. In our old product we were using openssl-0.9.8l and the product
is now in market. In our new product we upgraded our source base with
openssl-1.0.1e, we didnt change any thing in our application but the RSA
signature verification is failing when I comment the following portion of
code in p_verify.c file, it started working, May I have to clue what should
be set in our application to solve the issue with our modifying the openssl
code.
if (ctx->digest->flags & EVP_MD_FLAG_PKEY_METHOD_SIGNATURE)
{
i = -1;
pkctx = EVP_PKEY_CTX_new(pkey, NULL);
if (!pkctx)
goto err;
if (EVP_PKEY_verify_init(pkctx) <= 0)
goto err;
if (EVP_PKEY_CTX_set_signature_md(pkctx, ctx->digest) <= 0)
goto err;
i = EVP_PKEY_verify(pkctx, sigbuf, siglen, m, m_len);
err:
EVP_PKEY_CTX_free(pkctx);
return i;
}
In the above mention code is commented now, in result RSA_Signature
verification is passing now. In this portion of code EVP_PKEY_CTX_new ->
int_ctx_new ->EVP_PKEY_meth_find ->OBJ_bsearch_pmeth is the failure path.
OBJ_bsearch_pmeth returns zero,(openssl error is unsupported algorithms) but
OpenSSL_add_all_algorithms is already called in our application. To add to
this when I debugged type value received in EVP_PKEY_meth_find seems high
value 1179403647(in decimal), this is derived from the pkey->ameth->pkey_id
where as we dont set this value in our application.
In our application do we need to set something to avoid the failure. Thanks
in Advance.
Thanks,
Lavanya
--
View this message in context:
http://openssl.6102.n7.nabble.com/openssl-1-0-1e-RSA-signature-verification-fails-tp45250.html
Sent from the OpenSSL - User mailing list archive at Nabble.com.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
