Re: [openssl-users] Specify padding scheme with EVP_VerifyFinal

2017-02-24 Thread Dr. Stephen Henson
On Thu, Feb 23, 2017, open...@tuta.io wrote: > Hi Michel, > > it looks like what I am looking for, but the software uses EVP_VerifyInit_ex > which is a typedef for EVP_DigestInit_ex. How are those functions related to > EVP_DigestVerifyInit? Can I use EVP_DigestVerify* functions along with > E

Re: [openssl-users] Specify padding scheme with EVP_VerifyFinal

2017-02-23 Thread openssl
Hi Michel, it looks like what I am looking for, but the software uses EVP_VerifyInit_ex which is a typedef for EVP_DigestInit_ex. How are those functions related to EVP_DigestVerifyInit? Can I use EVP_DigestVerify* functions along with EVP_Verify* functions? I must not break compatibility with

Re: [openssl-users] Specify padding scheme with EVP_VerifyFinal

2017-02-23 Thread Michel
Hi, > Is it possible to specify a different padding scheme (e.g. > RSA_PKCS1_PSS_PADDING) using this API ? > If not, what is the easiest way to work around this "limitation" ? Isn’t it what you are looking for : EVP_PKEY_CTX_set_rsa_padding() ? https://www.openssl.org/docs/manmaster/man3/

[openssl-users] Specify padding scheme with EVP_VerifyFinal

2017-02-21 Thread openssl
Hello, I am facing a problem regarding an application which uses EVP_VerifyInit_ex, EVP_VerifyUpdate and EVP_VerifyFinal to verify RSA signatures with EVP_get_digestbyname("RSA-SHA256"). Is it correct that ECP_VerifyFinal defaults to PKCS#1 v1.5 padding? We would like to be able to

[openssl-users] openssh_DSA_verify_inFIPS EVP_VerifyFinal BAD SIG code:-1 ERROR

2015-07-09 Thread Gayathri Manoj
Hi All, We are getting the below error in syslog file in FIPS mode. sshd[5939]: error: openssh_DSA_verify_inFIPS EVP_VerifyFinal BAD SIG code:-1 This is hitting when connecting between two servers using ssh authentication. Please let me know how can I solve this issue. Openssl version : 0.9.8

RE: Query on X509 certificate validation- EVP_VerifyUpdate & EVP_VerifyFinal

2014-08-08 Thread Mitra, Rituparna (STSD)
tion- EVP_VerifyUpdate & EVP_VerifyFinal > From: owner-openssl-us...@openssl.org On Behalf Of Viktor Dukhovni > Sent: Monday, August 04, 2014 11:21 > On Mon, Aug 04, 2014 at 05:43:47AM +, Mitra, Rituparna (STSD) wrote: > > > 1. app1: sends a CGI POST request to ap

RE: Query on X509 certificate validation- EVP_VerifyUpdate & EVP_VerifyFinal

2014-08-08 Thread Mitra, Rituparna (STSD)
Of Viktor Dukhovni Sent: Monday, August 04, 2014 8:51 PM To: openssl-users@openssl.org Subject: Re: Query on X509 certificate validation- EVP_VerifyUpdate & EVP_VerifyFinal On Mon, Aug 04, 2014 at 05:43:47AM +, Mitra, Rituparna (STSD) wrote: > 1. app1: sends a CGI POST request

RE: Query on X509 certificate validation- EVP_VerifyUpdate & EVP_VerifyFinal

2014-08-07 Thread Dave Thompson
y{Init,Update,Final} does the hash of the data as part of verifying a signature just as EVP_Sign{Init,Update,Final} does the hash of the data to be signed. In fact {Sign,Verify}{Init,Update} are just macros for Digest{Init,Update}, the PK operations are done only in Final. > > 6. a

Re: Query on X509 certificate validation- EVP_VerifyUpdate & EVP_VerifyFinal

2014-08-04 Thread Viktor Dukhovni
form a hashdata, > > > > 5. app2: passes hashdata to EVP_VerifyUpdate(ctx, .. ) > > > > 6. app2: calls EVP_VerifyFinal -- this eventually fails during public > > key check (EVP_PKEY_verify), due to the ! character in UN > > Sorry, that's not

Re: Query on X509 certificate validation- EVP_VerifyUpdate & EVP_VerifyFinal

2014-08-04 Thread Viktor Dukhovni
s x509 certificate already stored, since it has to > allow SSO from app1 ? gets verification ctx from here. > > 4. app2: uses the UN (containing ! character) to form a hashdata, > > 5. app2: passes hashdata to EVP_VerifyUpdate(ctx, .. ) > > 6. app2: calls E

RE: Query on X509 certificate validation- EVP_VerifyUpdate & EVP_VerifyFinal

2014-08-04 Thread Salz, Rich
Start by isolating the steps. The username is in the formdata? Can you run the openssl command-line program, for example, to encrypt the username you get? -- Principal Security Engineer Akamai Technologies, Cambridge MA IM: rs...@jabber.me Twitter: RichSalz

RE: Query on X509 certificate validation- EVP_VerifyUpdate & EVP_VerifyFinal

2014-08-03 Thread Mitra, Rituparna (STSD)
ctx, .. ) 6. app2: calls EVP_VerifyFinal -- this eventually fails during public key check (EVP_PKEY_verify), due to the ! character in UN As you see, in app2, we are not having any control over the character string type of the UN. Is there a way to fix ‘app2’ to make EVP_VerifyFinal pass ?

RE: Query on X509 certificate validation- EVP_VerifyUpdate & EVP_VerifyFinal

2014-08-01 Thread Salz, Rich
You have to look at the character string type of the DN. For example, in printableString the exclamation point is an illegal character. -- Principal Security Engineer Akamai Technologies, Cambridge MA IM: rs...@jabber.me Twitter: RichSalz

Query on X509 certificate validation- EVP_VerifyUpdate & EVP_VerifyFinal

2014-08-01 Thread Mitra, Rituparna (STSD)
app1 tries to login to app2). - This code works fine for all user names, except usernames containing a ! symbol (exclamation). EVP_MD_CTX_init(ctx); EVP_VerifyInit(ctx, md); EVP_VerifyUpdate(ctx, hashdata, strlen(hashdata)); err = EVP_VerifyFinal(ctx

openssh_DSA_verify_inFIPS EVP_VerifyFinal BAD SIG code:-1 ERROR

2012-11-13 Thread Anamitra Dutta Majumdar (anmajumd)
We are getting the following error in the syslogs secure:Nov 9 19:32:04 cls2-pub authpriv 3 sshd[9526]: error: openssh_DSA_verify_inFIPS EVP_VerifyFinal BAD SIG code:-1 when we connect between two servers using ssh key based authentication. This issue happens only in FIPS mode and not in non

intel accel engine and EVP_VerifyFinal

2012-02-22 Thread Mark Mc Keown
Hi All, I have built and installed intel-accel engine from http://www.openssl.org/contrib. When I use the engine to verify a certificate I get an error - I don't get the error without the engine. mmk@mmk:~$ openssl version OpenSSL 0.9.8o 01 Jun 2010 mmk@mmk:~$ openssl verify -CAfil

OpenSSH key verification with FIPS - RSA_verify succeeds, EVP_VerifyFinal fails

2011-07-29 Thread blaander
EVP_MD_CTX_init(ctx); const EVP_MD *md = EVP_get_digestbyname("SHA1"); if(EVP_VerifyInit(ctx, md)) { if(EVP_VerifyUpdate(ctx, hash, hashlen)) { retval = EVP_VerifyFinal(ctx, sigbuf, siglen, pkey); if(!retval) error("ERROR %s in EVP_VerifyFinal when verying RSA sign

答复: EVP_VerifyFinal fail use RSA public key, openssl-1.0.0d, win32, vc2008sp1

2011-05-24 Thread bs1
日 22:52 收件人: openssl-users@openssl.org 主题: EVP_VerifyFinal fail use RSA public key, openssl-1.0.0d, win32, vc2008sp1 Hello, EVP_VerifyFinal fail when use RSA public key, can anyone help? I use openssl cmd line tool generate a key pair of RSA and store them to two pem files. And RSA_sign and RSA_

EVP_VerifyFinal fail use RSA public key, openssl-1.0.0d, win32, vc2008sp1

2011-05-24 Thread bs1
Hello, EVP_VerifyFinal fail when use RSA public key, can anyone help? I use openssl cmd line tool generate a key pair of RSA and store them to two pem files. And RSA_sign and RSA_verify work fine with the pem files. To support large buffer , I change the code to work with EVP_Sign and

RE: Error returned from EVP_VerifyFinal()

2009-06-05 Thread Dave Thompson
> From: owner-openssl-us...@openssl.org On Behalf Of Don M > Sent: Friday, 05 June, 2009 02:37 > I try to write a program to verify a signature, all results of > openssl(0.9.8.h) function calls are fine except the last one > result = EVP_VerifyFi

Error returned from EVP_VerifyFinal()

2009-06-04 Thread Don M
Hi, I try to write a program to verify a signature, all results of openssl(0.9.8.h) function calls are fine except the last one result = EVP_VerifyFinal(md_ctx, sig, sig_size, evp_pkey);the result is -1, which means it's an error. Any idea what did I do wrong? see the codes below. T

Re: Does EVP_VerifyFinal handle ASN.1 DER encoded RSA signatures?

2007-06-19 Thread digested
the length EVP_VerifyUpdate(&md_ctx, pData, dataLength); // pSignatureOut and pSignatureOutLength are extracted from the signature above // evpKey is extracted from a root certificate as follows: // X509 *x509 = d2i_X509(NULL, pRootCertData, rootCertLength); // EVP_PKEY *evpKey = X509_get_pubkey

Re: Does EVP_VerifyFinal handle ASN.1 DER encoded RSA signatures?

2007-06-06 Thread Dr. Stephen Henson
; > EVP_VerifyUpdate(&md_ctx, pDigest, digestLength); > EVP_VerifyFinal (&md_ctx, pSignature, signatureLength, evpKey); > > QUESTION #1: Should the above pDigest paramater contain (a) the contents of > the already calculated SHA1 digest (with EVP_DigestInit/Update/Final) or (b) > the file

Does EVP_VerifyFinal handle ASN.1 DER encoded RSA signatures?

2007-06-06 Thread digested
*x509 = d2i_X509(NULL, pData, dataLength); EVP_PKEY *evpKey = X509_get_pubkey(x509); To verify the signature I use the following functions: EVP_VerifyInit(&md_ctx, EVP_sha1()); EVP_VerifyUpdate(&md_ctx, pDigest, digestLength); EVP_VerifyFinal (&md_ctx, pSignature, signatureLength, evpKey); QU

signature verification with EVP_VerifyFinal fails

2006-03-24 Thread Antonio A
te(&mdctx, data, dataLen) EVP_VerifyFinal(&mdctx,sig, sLen,pkey) vi) if (EVP_VerifyFinal ==1) signature of random data was verified, so the user is authenticated. vii) else: authentication process fails everything looks fine, but in some cases i get the following error: error:0406707

Re: EVP_VerifyFinal()

2003-02-09 Thread Ken Murchison
"Dr. Stephen Henson" wrote: > > On Sun, Feb 09, 2003, Ken Murchison wrote: > > > > > > > Nils Larsch wrote: > > > > > > Ken Murchison wrote: > > > > What is the correct way to convert a DSA key struct into a u_char buffer &g

Re: EVP_VerifyFinal()

2003-02-09 Thread Dr. Stephen Henson
On Sun, Feb 09, 2003, Ken Murchison wrote: > > > Nils Larsch wrote: > > > > Ken Murchison wrote: > > > What is the correct way to convert a DSA key struct into a u_char buffer > > > for use with EVP_VerifyFinal()? Is there a generic way to do thi

Re: EVP_VerifyFinal()

2003-02-09 Thread Ken Murchison
Nils Larsch wrote: > > Ken Murchison wrote: > > What is the correct way to convert a DSA key struct into a u_char buffer > > for use with EVP_VerifyFinal()? Is there a generic way to do this > > regardless of the signature key algorithm? The value of the EVP > >

Re: EVP_VerifyFinal()

2003-02-09 Thread Nils Larsch
Ken Murchison wrote: > What is the correct way to convert a DSA key struct into a u_char buffer > for use with EVP_VerifyFinal()? Is there a generic way to do this > regardless of the signature key algorithm? The value of the EVP > interface seems lost if I have to call different key

EVP_VerifyFinal()

2003-02-08 Thread Ken Murchison
What is the correct way to convert a DSA key struct into a u_char buffer for use with EVP_VerifyFinal()? Is there a generic way to do this regardless of the signature key algorithm? The value of the EVP interface seems lost if I have to call different key preparation functions depending on

Re: question on DSA_verify vs EVP_VerifyFinal

2001-09-04 Thread Mark W. Webb
On Saturday 01 September 2001 07:49 am, you wrote: Thanks for getting back to me. What you are saying makes sense, I just do not know why EVP_VerifyFinal passes a signature coming from Java, and DSA_verify fails it? There must be some difference between the two. > "Mark W. Web

EVP_SignFinal & EVP_VerifyFinal

1999-04-19 Thread Roberto Lopez
. Here are some questions: EVP_VerifyFinal: I suppose the new generated hash is in the EVP_MD_CTX structure (previously I will call EVP_VerifyInit and EVP_VerifyUpdate) and that the encrypted hash is passed through "sigbuf" (I used the openssl/deni/sign code as reference). Am I rigth?