Hi,
I was not able to reproduce your problem using the same snapshot. I run
your commands a dozen times with no error. Tested under Linux 32-bit
(Centos 5, gcc 4.1.2) and Linux 64-bit (Debian 5, gcc 4.3.2).
What platform/compiler are you using?
How does your openssl.cnf look like? In my tests, I use the one
installed by the snapshot build.
Is anyone else able to reproduce this problem?
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr
On 8/8/2010 9:40 PM, Hanno Boeck via RT wrote:
It seems that openssl has a problem with pss certificates and uncommon rsa key
sizes. For all keysizes with "keysize mod 8 = 1" (or keysize = n*8+1),
verification of a self-signed test cert fails.
I've not yet investigated if it's the generation or the verification code that
is wrong, it's probably related to the emBits variable from the emsa-pss-
verify/encode-code.
Check with this:
openssl genrsa 2007> test.key
openssl req -batch -new -x509 -sigopt rsa_padding_mode:pss -nodes -days 99999
-key test.key> test.crt
openssl verify -check_ss_sig -CAfile test.crt test.crt
Output of the last command is:
139831192893096:error:0407E06D:rsa routines:RSA_verify_PKCS1_PSS:data too
large:rsa_pss.c:127:
139831192893096:error:0D0C5006:asn1 encoding routines:ASN1_item_verify:EVP
lib:a_verify.c:215:
Tested with openssl-SNAP-20100808.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [email protected]
Automated List Manager [email protected]
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [email protected]
Automated List Manager [email protected]
