Does Openssl 0.9.8g supports RFC5280

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

Does Openssl 0.9.8g supports RFC5280

brajan
can any one tell me whether openssl 0.9.8g supports RFC5280 or not
Reply | Threaded
Open this post in threaded view
|

Re: Does Openssl 0.9.8g supports RFC5280

Dr. Stephen Henson
On Thu, Aug 18, 2011, brajan wrote:

>
> can any one tell me whether openssl 0.9.8g supports RFC5280 or not

No it is 1.0.0 and later only.

Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Esdsa test problem

Mark Shnaider
Hello,
 We performed long test for  Edsa sign(ECDSA_do_sign function) and verify (ECDSA_do_verify function).
 The test sometimes fails after 200000 -300000 cycles.
 The each cycle use the same private and public key and the same digest input.
 The output of function ECDSA_do_sign in this case depends only of random returned
 from function RAND_bytes (fie rand_lib.c).

 We found random when ECDSA_do_verify fails:

openssl-0.9.8g
NID_X9_62_prime256v1  /* secp256r1 (23) */
 
Data to sign - (5)
31 32 33 34 35

Returned Singed data from ECDSA_do_sign function (sin->r,sign->s 64 bytes)
54 09 a3 be 2e 6d 11 de de 1a cf a3 8f 24 1d 6f 2c bf d7 0e ba 33 06 78 ea da 93 88 7b 5c 43 93 ca f1 c7 d9 2f 6f 5d 54 54 06 7d a0 5e de d2 c0 5d 18 b5 8c 78 d5 88 14 2f c7 88 8c 0a 07 b6 ef

EC private key value  (34 bytes)
02 20 1F 07 87 EE BE A6 89 F8 2D FD 56 BB B2 53 0F BE 97 0F 08 5C FE 3E 41 AD F7 13 D2 B7 F8 C9 F6 56

EC public key value (65)
04 36 1B E1 51 43 FF E6 E3 CB 3E 80 0F 7D 91 0D F2 C2 CF 75 87 05 47 F4 19 DD 1B CF 64 77 87 FF 88 BF 38 67 62 FF 61 8D D4 7B 39 08 C6 4A 63 17 DB 92 3D 52 0F AA B2 04 6A 02 DB C7 FF E4 96 19 5E

Random from (32 bytes from function RAND_bytes )
1e bb 51 83 7f b2 78 8d 09 0d c5 b9 bb 60 eb 79 2a c9 0c a5 04 f6 99 ec 4b ec 0b 94 45 15 05 79

Hex C format:
Data to sign - (5)
0x31,0x32,0x33,0x34,0x35

Returned Singed data from ECDSA_do_sign finction (64 bytes)
0x54,0x09,0xa3,0xbe,0x2e,0x6d,0x11,0xde,
0xde,0x1a,0xcf,0xa3,0x8f,0x24,0x1d,0x6f,
0x2c,0xbf,0xd7,0x0e,0xba,0x33,0x06,0x78,
0xea,0xda,0x93,0x88,0x7b,0x5c,0x43,0x93,
0xca,0xf1,0xc7,0xd9,0x2f,0x6f,0x5d,0x54,
0x54,0x06,0x7d,0xa0,0x5e,0xde,0xd2,0xc0,
0x5d,0x18,0xb5,0x8c,0x78,0xd5,0x88,0x14,
0x2f,0xc7,0x88,0x8c,0x0a,0x07,0xb6,0xef

EC private key value  (34 bytes)
0x02,0x20,0x1F,0x07,0x87,0xEE,0xBE,0xA6,
0x89,0xF8,0x2D,0xFD,0x56,0xBB,0xB2,0x53,
0x0F,0xBE,0x97,0x0F,0x08,0x5C,0xFE,0x3E,
0x41,0xAD,0xF7,0x13,0xD2,0xB7,0xF8,0xC9,0xF6,0x56

EC public key value (65)
0x04,0x36,0x1B,0xE1,0x51,0x43,0xFF,0xE6,0xE3,
0xCB,0x3E,0x80,0x0F,0x7D,0x91,0x0D,0xF2,
0xC2,0xCF,0x75,0x87,0x05,0x47,0xF4,0x19,
0xDD,0x1B,0xCF,0x64,0x77,0x87,0xFF,0x88,
0xBF,0x38,0x67,0x62,0xFF,0x61,0x8D,0xD4,
0x7B,0x39,0x08,0xC6,0x4A,0x63,0x17,0xDB,
0x92,0x3D,0x52,0x0F,0xAA,0xB2,0x04,0x6A,
0x02,0xDB,0xC7,0xFF,0xE4,0x96,0x19,0x5E

Random from (32 bytes from function RAND_bytes):
0x1e,0xbb,0x51,0x83,0x7f,0xb2,0x78,0x8d,
0x09,0x0d,0xc5,0xb9,0xbb,0x60,0xeb,0x79,
0x2a,0xc9,0x0c,0xa5,0x04,0xf6,0x99,0xec,
0x4b,0xec,0x0b,0x94,0x45,0x15,0x05,0x79

Please help us to solve this problem.
What is wrong?
Best regards
Mark

Mark Shnaider |Senior Software engineer | ARX
phone: +972.3.9279543 | mobile: +972.54.2448543 | email: [hidden email] | www.arx.com

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

RE: Esdsa test problem

Mark Shnaider
Hello ,
I tested  problematic signature using Bcrypt API on Window7 ,
and  function BCryptVerifySignature  succeed .
To my mind function ecdsa_do_verify implemented in the OpenSSL has bug.
I do not know how solve this problem?
Thanks for any help.
Mark


-----Original Message-----
From: [hidden email] [mailto:[hidden email]] On Behalf Of Mark Shnaider
Sent: Monday, August 22, 2011 1:55 PM
To: [hidden email]
Subject: Esdsa test problem

Hello,
 We performed long test for  Edsa sign(ECDSA_do_sign function) and verify (ECDSA_do_verify function).
 The test sometimes fails after 200000 -300000 cycles.
 The each cycle use the same private and public key and the same digest input.
 The output of function ECDSA_do_sign in this case depends only of random returned
 from function RAND_bytes (fie rand_lib.c).

 We found random when ECDSA_do_verify fails:

openssl-0.9.8g
NID_X9_62_prime256v1  /* secp256r1 (23) */
 
Data to sign - (5)
31 32 33 34 35

Returned Singed data from ECDSA_do_sign function (sin->r,sign->s 64 bytes)
54 09 a3 be 2e 6d 11 de de 1a cf a3 8f 24 1d 6f 2c bf d7 0e ba 33 06 78 ea da 93 88 7b 5c 43 93 ca f1 c7 d9 2f 6f 5d 54 54 06 7d a0 5e de d2 c0 5d 18 b5 8c 78 d5 88 14 2f c7 88 8c 0a 07 b6 ef

EC private key value  (34 bytes)
02 20 1F 07 87 EE BE A6 89 F8 2D FD 56 BB B2 53 0F BE 97 0F 08 5C FE 3E 41 AD F7 13 D2 B7 F8 C9 F6 56

EC public key value (65)
04 36 1B E1 51 43 FF E6 E3 CB 3E 80 0F 7D 91 0D F2 C2 CF 75 87 05 47 F4 19 DD 1B CF 64 77 87 FF 88 BF 38 67 62 FF 61 8D D4 7B 39 08 C6 4A 63 17 DB 92 3D 52 0F AA B2 04 6A 02 DB C7 FF E4 96 19 5E

Random from (32 bytes from function RAND_bytes )
1e bb 51 83 7f b2 78 8d 09 0d c5 b9 bb 60 eb 79 2a c9 0c a5 04 f6 99 ec 4b ec 0b 94 45 15 05 79

Hex C format:
Data to sign - (5)
0x31,0x32,0x33,0x34,0x35

Returned Singed data from ECDSA_do_sign finction (64 bytes)
0x54,0x09,0xa3,0xbe,0x2e,0x6d,0x11,0xde,
0xde,0x1a,0xcf,0xa3,0x8f,0x24,0x1d,0x6f,
0x2c,0xbf,0xd7,0x0e,0xba,0x33,0x06,0x78,
0xea,0xda,0x93,0x88,0x7b,0x5c,0x43,0x93,
0xca,0xf1,0xc7,0xd9,0x2f,0x6f,0x5d,0x54,
0x54,0x06,0x7d,0xa0,0x5e,0xde,0xd2,0xc0,
0x5d,0x18,0xb5,0x8c,0x78,0xd5,0x88,0x14,
0x2f,0xc7,0x88,0x8c,0x0a,0x07,0xb6,0xef

EC private key value  (34 bytes)
0x02,0x20,0x1F,0x07,0x87,0xEE,0xBE,0xA6,
0x89,0xF8,0x2D,0xFD,0x56,0xBB,0xB2,0x53,
0x0F,0xBE,0x97,0x0F,0x08,0x5C,0xFE,0x3E,
0x41,0xAD,0xF7,0x13,0xD2,0xB7,0xF8,0xC9,0xF6,0x56

EC public key value (65)
0x04,0x36,0x1B,0xE1,0x51,0x43,0xFF,0xE6,0xE3,
0xCB,0x3E,0x80,0x0F,0x7D,0x91,0x0D,0xF2,
0xC2,0xCF,0x75,0x87,0x05,0x47,0xF4,0x19,
0xDD,0x1B,0xCF,0x64,0x77,0x87,0xFF,0x88,
0xBF,0x38,0x67,0x62,0xFF,0x61,0x8D,0xD4,
0x7B,0x39,0x08,0xC6,0x4A,0x63,0x17,0xDB,
0x92,0x3D,0x52,0x0F,0xAA,0xB2,0x04,0x6A,
0x02,0xDB,0xC7,0xFF,0xE4,0x96,0x19,0x5E

Random from (32 bytes from function RAND_bytes):
0x1e,0xbb,0x51,0x83,0x7f,0xb2,0x78,0x8d,
0x09,0x0d,0xc5,0xb9,0xbb,0x60,0xeb,0x79,
0x2a,0xc9,0x0c,0xa5,0x04,0xf6,0x99,0xec,
0x4b,0xec,0x0b,0x94,0x45,0x15,0x05,0x79

Please help us to solve this problem.
What is wrong?
Best regards
Mark

Mark Shnaider |Senior Software engineer | ARX
phone: +972.3.9279543 | mobile: +972.54.2448543 | email: [hidden email] | www.arx.com

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: RE: Esdsa test problem

Billy Brumley
In reply to this post by Mark Shnaider

It's likely you're hitting RT #1593:

http://rt.openssl.org/Ticket/Display.html?id=1593&user=guest&pass=guest

Options include

A) Use a different curve.
B) Use a 64-bit build.
C) upgrade to at least 0.9.8h.
D) Figure out the series of patches to resolve the bug.
E) Hack the code up to resolve it yourself.

If none of the above work for you, contact me directly with the particulars.

Billy

On Aug 23, 2011 7:22 PM, "Mark Shnaider" <[hidden email]> wrote:
> Hello ,
> I tested problematic signature using Bcrypt API on Window7 ,
> and function BCryptVerifySignature succeed .
> To my mind function ecdsa_do_verify implemented in the OpenSSL has bug.
> I do not know how solve this problem?
> Thanks for any help.
> Mark
>
>
> -----Original Message-----
> From: [hidden email] [mailto:[hidden email]] On Behalf Of Mark Shnaider
> Sent: Monday, August 22, 2011 1:55 PM
> To: [hidden email]
> Subject: Esdsa test problem
>
> Hello,
> We performed long test for Edsa sign(ECDSA_do_sign function) and verify (ECDSA_do_verify function).
> The test sometimes fails after 200000 -300000 cycles.
> The each cycle use the same private and public key and the same digest input.
> The output of function ECDSA_do_sign in this case depends only of random returned
> from function RAND_bytes (fie rand_lib.c).
>
> We found random when ECDSA_do_verify fails:
>
> openssl-0.9.8g
> NID_X9_62_prime256v1 /* secp256r1 (23) */
>
> Data to sign - (5)
> <a href="tel:31%2032%2033%2034%2035" value="+13132333435" target="_blank">31 32 33 34 35
>
> Returned Singed data from ECDSA_do_sign function (sin->r,sign->s 64 bytes)
> 54 09 a3 be 2e 6d 11 de de 1a cf a3 8f 24 1d 6f 2c bf d7 0e ba 33 06 78 ea da 93 88 7b 5c 43 93 ca f1 c7 d9 2f 6f 5d 54 54 06 7d a0 5e de d2 c0 5d 18 b5 8c 78 d5 88 14 2f c7 88 8c 0a 07 b6 ef
>
> EC private key value (34 bytes)
> 02 20 1F 07 87 EE BE A6 89 F8 2D FD 56 BB B2 53 0F BE 97 0F 08 5C FE 3E 41 AD F7 13 D2 B7 F8 C9 F6 56
>
> EC public key value (65)
> 04 36 1B E1 51 43 FF E6 E3 CB 3E 80 0F 7D 91 0D F2 C2 CF 75 87 05 47 F4 19 DD 1B CF 64 77 87 FF 88 BF 38 67 62 FF 61 8D D4 7B 39 08 C6 4A 63 17 DB 92 3D 52 0F AA B2 04 6A 02 DB C7 FF E4 96 19 5E
>
> Random from (32 bytes from function RAND_bytes )
> 1e bb 51 83 7f b2 78 8d 09 0d c5 b9 bb 60 eb 79 2a c9 0c a5 04 f6 99 ec 4b ec 0b 94 45 15 05 79
>
> Hex C format:
> Data to sign - (5)
> 0x31,0x32,0x33,0x34,0x35
>
> Returned Singed data from ECDSA_do_sign finction (64 bytes)
> 0x54,0x09,0xa3,0xbe,0x2e,0x6d,0x11,0xde,
> 0xde,0x1a,0xcf,0xa3,0x8f,0x24,0x1d,0x6f,
> 0x2c,0xbf,0xd7,0x0e,0xba,0x33,0x06,0x78,
> 0xea,0xda,0x93,0x88,0x7b,0x5c,0x43,0x93,
> 0xca,0xf1,0xc7,0xd9,0x2f,0x6f,0x5d,0x54,
> 0x54,0x06,0x7d,0xa0,0x5e,0xde,0xd2,0xc0,
> 0x5d,0x18,0xb5,0x8c,0x78,0xd5,0x88,0x14,
> 0x2f,0xc7,0x88,0x8c,0x0a,0x07,0xb6,0xef
>
> EC private key value (34 bytes)
> 0x02,0x20,0x1F,0x07,0x87,0xEE,0xBE,0xA6,
> 0x89,0xF8,0x2D,0xFD,0x56,0xBB,0xB2,0x53,
> 0x0F,0xBE,0x97,0x0F,0x08,0x5C,0xFE,0x3E,
> 0x41,0xAD,0xF7,0x13,0xD2,0xB7,0xF8,0xC9,0xF6,0x56
>
> EC public key value (65)
> 0x04,0x36,0x1B,0xE1,0x51,0x43,0xFF,0xE6,0xE3,
> 0xCB,0x3E,0x80,0x0F,0x7D,0x91,0x0D,0xF2,
> 0xC2,0xCF,0x75,0x87,0x05,0x47,0xF4,0x19,
> 0xDD,0x1B,0xCF,0x64,0x77,0x87,0xFF,0x88,
> 0xBF,0x38,0x67,0x62,0xFF,0x61,0x8D,0xD4,
> 0x7B,0x39,0x08,0xC6,0x4A,0x63,0x17,0xDB,
> 0x92,0x3D,0x52,0x0F,0xAA,0xB2,0x04,0x6A,
> 0x02,0xDB,0xC7,0xFF,0xE4,0x96,0x19,0x5E
>
> Random from (32 bytes from function RAND_bytes):
> 0x1e,0xbb,0x51,0x83,0x7f,0xb2,0x78,0x8d,
> 0x09,0x0d,0xc5,0xb9,0xbb,0x60,0xeb,0x79,
> 0x2a,0xc9,0x0c,0xa5,0x04,0xf6,0x99,0xec,
> 0x4b,0xec,0x0b,0x94,0x45,0x15,0x05,0x79
>
> Please help us to solve this problem.
> What is wrong?
> Best regards
> Mark
>
> Mark Shnaider |Senior Software engineer | ARX
> phone: <a href="tel:%2B972.3.9279543" value="+97239279543" target="_blank">+972.3.9279543 | mobile: <a href="tel:%2B972.54.2448543" value="+972542448543" target="_blank">+972.54.2448543 | email: [hidden email] | www.arx.com
>
> ______________________________________________________________________
> OpenSSL Project http://www.openssl.org
> User Support Mailing List [hidden email]
> Automated List Manager [hidden email]
> ______________________________________________________________________
> OpenSSL Project http://www.openssl.org
> User Support Mailing List [hidden email]
> Automated List Manager [hidden email]