Understanding RSA_sign and type argument

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

Understanding RSA_sign and type argument

Ignacio Alamo Corsino

Hello everyone,


i am having some issues understanding the RSA_sign function:

RSA_sign(int type, const unsigned char *m, unsigned int m_len, unsigned char *sigret, unsigned int *siglen, RSA *rsa);


As far as I know, the signing is a four step process:

- Calculate hash with digest algorithm <type> (given as argument to this function -> m)

- Encapsulate hash in a DigestInfo structure (X509_SIG)

- Structure padding (in RSA_private_encrypt)

- Private key operation on this padded structure (in RSA_private_encrypt)


Is that correct?


So, during the TLS handshake, the RSA_sign function is called in the CertificateVerify step.

For my tests, everytime this function is called, the hashing type is SHA512 even though I specify to use a SHA256 hash.

These are the commands that I use to test TLS:

#openssl s_server -accept 443 -cert cert.pem -key key.pem  -Verify 1 -msg -debug -cipher eNULL:aRSA:!SHA512:SHA256 -serverpref
#openssl s_client -connect localhost:443 -cert client_cert.pem   -key client.key -state -cipher eNULL:aRSA:!SHA512:SHA256

How can I force TLS to use a SHA256 digest for DH?

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: Understanding RSA_sign and type argument

Erwann Abalea-4
Bonjour,

Add « -sigalgs SHA256+RSA » to one of your command lines.

Cordialement,
Erwann Abalea

Le 9 juin 2017 à 09:45, Ignacio Alamo Corsino <[hidden email]> a écrit :

Hello everyone,

i am having some issues understanding the RSA_sign function:

RSA_sign(int type, const unsigned char *m, unsigned int m_len, unsigned char *sigret, unsigned int *siglen, RSA *rsa);


As far as I know, the signing is a four step process:
- Calculate hash with digest algorithm <type> (given as argument to this function -> m)
- Encapsulate hash in a DigestInfo structure (X509_SIG)
- Structure padding (in RSA_private_encrypt)
- Private key operation on this padded structure (in RSA_private_encrypt)

Is that correct?

So, during the TLS handshake, the RSA_sign function is called in the CertificateVerify step. 
For my tests, everytime this function is called, the hashing type is SHA512 even though I specify to use a SHA256 hash.

These are the commands that I use to test TLS:

#openssl s_server -accept 443 -cert cert.pem -key key.pem  -Verify 1 -msg -debug -cipher eNULL:aRSA:!SHA512:SHA256 -serverpref
#openssl s_client -connect localhost:443 -cert client_cert.pem   -key client.key -state -cipher eNULL:aRSA:!SHA512:SHA256

How can I force TLS to use a SHA256 digest for DH?
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users


--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: Understanding RSA_sign and type argument

Ignacio Alamo Corsino

Hello Erwann,


Merci beaucoup!

It has worked but with "-sigalgs RSA+SHA256" instead of "sigalgs SHA256+RSA"


Finding this option was driving me crazy because I could not find it in the wiki page of s_server:

https://wiki.openssl.org/index.php/Manual:S_server(1)





De: openssl-users <[hidden email]> en nombre de Erwann Abalea <[hidden email]>
Enviado: lunes, 12 de junio de 2017 10:42
Para: [hidden email]
Asunto: Re: [openssl-users] Understanding RSA_sign and type argument
 
Bonjour,

Add « -sigalgs SHA256+RSA » to one of your command lines.

Cordialement,
Erwann Abalea

Le 9 juin 2017 à 09:45, Ignacio Alamo Corsino <[hidden email]> a écrit :

Hello everyone,

i am having some issues understanding the RSA_sign function:

RSA_sign(int type, const unsigned char *m, unsigned int m_len, unsigned char *sigret, unsigned int *siglen, RSA *rsa);


As far as I know, the signing is a four step process:
- Calculate hash with digest algorithm <type> (given as argument to this function -> m)
- Encapsulate hash in a DigestInfo structure (X509_SIG)
- Structure padding (in RSA_private_encrypt)
- Private key operation on this padded structure (in RSA_private_encrypt)

Is that correct?

So, during the TLS handshake, the RSA_sign function is called in the CertificateVerify step. 
For my tests, everytime this function is called, the hashing type is SHA512 even though I specify to use a SHA256 hash.

These are the commands that I use to test TLS:

#openssl s_server -accept 443 -cert cert.pem -key key.pem  -Verify 1 -msg -debug -cipher eNULL:aRSA:!SHA512:SHA256 -serverpref
#openssl s_client -connect localhost:443 -cert client_cert.pem   -key client.key -state -cipher eNULL:aRSA:!SHA512:SHA256

How can I force TLS to use a SHA256 digest for DH?
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users


--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users