Re: Hi

Dr. Stephen Henson Fri, 24 May 2013 04:16:42 -0700

On Thu, May 23, 2013, Lavanya wrote:

> Hi Openssl developers,
> 
>   In our product we are using openssl source to some of the security
> development. In our old product we were using openssl-0.9.8l and the product
> is now in market. In our new product we upgraded our source base with
> openssl-1.0.1e, we didnt change any thing in our application but the RSA
> signature verification is failing when I comment the following portion of
> code in p_verify.c file, it started working, May I have to clue what should
> be set in our application to solve the issue with our modifying the openssl
> code.
> 
> if (ctx->digest->flags & EVP_MD_FLAG_PKEY_METHOD_SIGNATURE)
>         {
>         i = -1;
>         pkctx = EVP_PKEY_CTX_new(pkey, NULL);
>         if (!pkctx)
>             goto err;
>         if (EVP_PKEY_verify_init(pkctx) <= 0)
>             goto err;
>         if (EVP_PKEY_CTX_set_signature_md(pkctx, ctx->digest) <= 0)
>             goto err;
>         i = EVP_PKEY_verify(pkctx, sigbuf, siglen, m, m_len);
>         err:
>         EVP_PKEY_CTX_free(pkctx);
>         return i;
>         }
>  
> In the above mention code is commented now, in result RSA_Signature
> verification is passing now. In this portion of code  EVP_PKEY_CTX_new ->
> int_ctx_new ->EVP_PKEY_meth_find ->OBJ_bsearch_pmeth is the failure path.
> 
> OBJ_bsearch_pmeth returns zero,(openssl error is unsupported algorithms) but
> OpenSSL_add_all_algorithms is already called in our application. To add to
> this when I debugged type value received in EVP_PKEY_meth_find seems high
> value 1179403647(in decimal), this is derived from the pkey->ameth->pkey_id
> where as we dont set this value in our application.
> 
> In our application do we need to set something to avoid the failure. Thanks
> in Advance. 
> 
>


It's hard to say what the cause is without knowing how you are verifying the
signature in more detail. How are you initialising the EVP_PKEY structure?

If you are doing something non-portable like initialising EVP_PKEY manually
instead of using EVP_PKEY_assign_RSA that will cause problems.

Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           majord...@openssl.org

Re: Hi

Reply via email to