Quantcast

troubleshooting a puzzling issue

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
9 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

troubleshooting a puzzling issue

Thierry Parmentelat
Hey


I am facing a problem that I have narrowed down to this:

I have two certificates, one being signed by the other
the attached code is a python code that uses M2Crypto to check for that fact

and it turns out, on some boxes x509_verify() returns 1 as expected, while on some others I am getting -1


---
I apologize that I am not able to write a pure C code that would reproduce the issue (I’m afraid that me trying to achieve that would just lead to more artificial problems than be actually helpful in any way :)

the m2crypto guys tell me they are essentially just passing stuff along to openssl’s function
X509_verify
as described here
https://www.openssl.org/docs/man1.1.0/crypto/X509_verify.html

---
and this says, I quote:

X509_verify(), X509_REQ_verify() and X509_CRL_verify() return 1 if the signature is valid and 0 if the signature check fails. If the signature could not be checked at all because it was invalid or some other error occurred then -1 is returned.


So my question here is, how do I go about figuring out what ‘some other error’ might be in my case ?

I was wondering, for example, if it could just be a missing library or something along this line, as my understanding is that the range of algorithms, ciphers, and other hashes can be configured at build-time
what tools can I use to look in this direction ?

---
So far it looks like the problems happens on fedora installations, while the code behaves as expected on macos and ubuntus
I have not yet been able to assess that on a wide variety of installations yet


Thanks for any hint











--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: troubleshooting a puzzling issue

Viktor Dukhovni

> On Jan 13, 2017, at 5:28 AM, Thierry Parmentelat <[hidden email]> wrote:
>
> I have two certificates, one being signed by the other
> the attached code is a python code that uses M2Crypto to check for that fact

Your current problem is failure to post the two certificates along with
the anecdotal description.  You're also not reporting which versions of
the various O/S distributions you were using, and more importantly which
versions of OpenSSL were linked into Python's M2Crypto.

Real answers require real data.

--
--
        Viktor.

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: troubleshooting a puzzling issue

Thierry Parmentelat
Thanks Viktor for your feedback


Well, the 2 certificates are embedded in the python code as PEM; I am attaching them again here as plain files if that helps





In terms of versioning, on one box that exhibits the issue of returning -1, I have this:

# cat /etc/fedora-release
Fedora release 24 (Twenty Four)

both openssl and m2crypto installed from fedora’s stock repos:

# rpm -q m2crypto openssl-libs
m2crypto-0.23.0-2.fc24.x86_64
openssl-libs-1.0.2j-3.fc24.x86_64

# uname -a
Linux r2labsfa.pl.sophia.inria.fr 4.8.15-300.fc25.x86_64 #1 SMP Thu Dec 15 23:10:23 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux


I hope it clarifies — thanks for looking into this — Thierry


> On 13 Jan 2017, at 15:26, Viktor Dukhovni <[hidden email]> wrote:
>
>
>> On Jan 13, 2017, at 5:28 AM, Thierry Parmentelat <[hidden email]> wrote:
>>
>> I have two certificates, one being signed by the other
>> the attached code is a python code that uses M2Crypto to check for that fact
>
> Your current problem is failure to post the two certificates along with
> the anecdotal description.  You're also not reporting which versions of
> the various O/S distributions you were using, and more importantly which
> versions of OpenSSL were linked into Python's M2Crypto.
>
> Real answers require real data.
>
> --
> --
> Viktor.
>
> --
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

p1 (848 bytes) Download Attachment
p2 (800 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: troubleshooting a puzzling issue

Richard Levitte - VMS Whacker-2
In reply to this post by Thierry Parmentelat
In message <[hidden email]> on Fri, 13 Jan 2017 11:28:40 +0100, Thierry Parmentelat <[hidden email]> said:

thierry.parmentelat> I am facing a problem that I have narrowed down to this:
thierry.parmentelat>
thierry.parmentelat> I have two certificates, one being signed by the other
thierry.parmentelat> the attached code is a python code that uses M2Crypto to check for that fact
thierry.parmentelat>
thierry.parmentelat> and it turns out, on some boxes x509_verify() returns 1 as expected, while on some others I am getting -1
thierry.parmentelat>
thierry.parmentelat>
thierry.parmentelat> ---
thierry.parmentelat> I apologize that I am not able to write a pure C code that would reproduce the issue (I’m afraid that me trying to achieve that would just lead to more artificial problems than be actually helpful in any way :)
thierry.parmentelat>
thierry.parmentelat> the m2crypto guys tell me they are essentially just passing stuff along to openssl’s function
thierry.parmentelat> X509_verify
thierry.parmentelat> as described here
thierry.parmentelat> https://www.openssl.org/docs/man1.1.0/crypto/X509_verify.html

Considering both certs in the attached script use the signature
algorithm md5WithRSAEncryption, you could get that kind of error with
an OpenSSL installation where MD5 has been disabled.  'openssl help'
will show you what's enabled, or 'openssl list -disabled' (with
OpenSSL 1.1.0) to see what's disabled.

There are other things that can give you a -1 as well...

Cheers,
Richard

--
Richard Levitte         [hidden email]
OpenSSL Project         http://www.openssl.org/~levitte/
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: troubleshooting a puzzling issue

Richard Levitte - VMS Whacker-2
In reply to this post by Viktor Dukhovni
In message <[hidden email]> on Fri, 13 Jan 2017 09:26:35 -0500, Viktor Dukhovni <[hidden email]> said:

openssl-users>
openssl-users> > On Jan 13, 2017, at 5:28 AM, Thierry Parmentelat <[hidden email]> wrote:
openssl-users> >
openssl-users> > I have two certificates, one being signed by the other
openssl-users> > the attached code is a python code that uses M2Crypto to check for that fact
openssl-users>
openssl-users> Your current problem is failure to post the two certificates along with
openssl-users> the anecdotal description.  You're also not reporting which versions of
openssl-users> the various O/S distributions you were using, and more importantly which
openssl-users> versions of OpenSSL were linked into Python's M2Crypto.
openssl-users>
openssl-users> Real answers require real data.

Errrr...  there's a script attached to the original post.  It contains
all the data you need, including two certs.

Cheers,
Richard

--
Richard Levitte         [hidden email]
OpenSSL Project         http://www.openssl.org/~levitte/
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: troubleshooting a puzzling issue

Thierry Parmentelat
In reply to this post by Richard Levitte - VMS Whacker-2
Hey Richard

here’s what I see

# openssl help
openssl:Error: 'help' is an invalid command.

Standard commands
asn1parse         ca                ciphers           cms
crl               crl2pkcs7         dgst              dh
dhparam           dsa               dsaparam          ec
ecparam           enc               engine            errstr
gendh             gendsa            genpkey           genrsa
nseq              ocsp              passwd            pkcs12
pkcs7             pkcs8             pkey              pkeyparam
pkeyutl           prime             rand              req
rsa               rsautl            s_client          s_server
s_time            sess_id           smime             speed
spkac             ts                verify            version
x509

Message Digest commands (see the `dgst' command for more details)
md2               md4               md5               rmd160
sha               sha1

Cipher commands (see the `enc' command for more details)
aes-128-cbc       aes-128-ecb       aes-192-cbc       aes-192-ecb
aes-256-cbc       aes-256-ecb       base64            bf
bf-cbc            bf-cfb            bf-ecb            bf-ofb
camellia-128-cbc  camellia-128-ecb  camellia-192-cbc  camellia-192-ecb
camellia-256-cbc  camellia-256-ecb  cast              cast-cbc
cast5-cbc         cast5-cfb         cast5-ecb         cast5-ofb
des               des-cbc           des-cfb           des-ecb
des-ede           des-ede-cbc       des-ede-cfb       des-ede-ofb
des-ede3          des-ede3-cbc      des-ede3-cfb      des-ede3-ofb
des-ofb           des3              desx              idea
idea-cbc          idea-cfb          idea-ecb          idea-ofb
rc2               rc2-40-cbc        rc2-64-cbc        rc2-cbc
rc2-cfb           rc2-ecb           rc2-ofb           rc4
rc4-40            rc5               rc5-cbc           rc5-cfb
rc5-ecb           rc5-ofb           seed              seed-cbc
seed-cfb          seed-ecb          seed-ofb          zlib


so I do see md5 in the list of digests

what else should I be looking at ?
is there a way to get some sort of error code or something that would at least hint at a direction..

thanks — Thierry

> On 13 Jan 2017, at 16:37, Richard Levitte <[hidden email]> wrote:
>
> In message <[hidden email]> on Fri, 13 Jan 2017 11:28:40 +0100, Thierry Parmentelat <[hidden email]> said:
>
> thierry.parmentelat> I am facing a problem that I have narrowed down to this:
> thierry.parmentelat>
> thierry.parmentelat> I have two certificates, one being signed by the other
> thierry.parmentelat> the attached code is a python code that uses M2Crypto to check for that fact
> thierry.parmentelat>
> thierry.parmentelat> and it turns out, on some boxes x509_verify() returns 1 as expected, while on some others I am getting -1
> thierry.parmentelat>
> thierry.parmentelat>
> thierry.parmentelat> ---
> thierry.parmentelat> I apologize that I am not able to write a pure C code that would reproduce the issue (I’m afraid that me trying to achieve that would just lead to more artificial problems than be actually helpful in any way :)
> thierry.parmentelat>
> thierry.parmentelat> the m2crypto guys tell me they are essentially just passing stuff along to openssl’s function
> thierry.parmentelat> X509_verify
> thierry.parmentelat> as described here
> thierry.parmentelat> https://www.openssl.org/docs/man1.1.0/crypto/X509_verify.html
>
> Considering both certs in the attached script use the signature
> algorithm md5WithRSAEncryption, you could get that kind of error with
> an OpenSSL installation where MD5 has been disabled.  'openssl help'
> will show you what's enabled, or 'openssl list -disabled' (with
> OpenSSL 1.1.0) to see what's disabled.
>
> There are other things that can give you a -1 as well...
>
> Cheers,
> Richard
>
> --
> Richard Levitte         [hidden email]
> OpenSSL Project         http://www.openssl.org/~levitte/

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: troubleshooting a puzzling issue

Viktor Dukhovni
In reply to this post by Thierry Parmentelat
On Fri, Jan 13, 2017 at 04:17:14PM +0100, Thierry Parmentelat wrote:

> Thanks Viktor for your feedback
>
> Well, the 2 certificates are embedded in the python code as PEM; I am
> attaching them again here as plain files if that helps

The leaf certificate is signed with RSA+MD5:

    $ openssl x509 -in /tmp/p1 -noout -text | egrep -v '^ *..:'
    Certificate:
        Data:
            Version: 3 (0x2)
            Serial Number: 3 (0x3)
        Signature Algorithm: md5WithRSAEncryption
            Issuer: CN=onelab.inria
            Validity
                Not Before: Aug 18 13:30:49 2014 GMT
                Not After : Aug 17 13:30:49 2019 GMT
            Subject: CN=onelab.inria.thierry_parmentelat
            Subject Public Key Info:
                Public Key Algorithm: rsaEncryption
                    Public-Key: (1024 bit)
                    Modulus:
                    Exponent: 35 (0x23)
            X509v3 extensions:
                X509v3 Basic Constraints: critical
                X509v3 Subject Alternative Name:
                    URI:urn:publicid:IDN+onelab:inria+user+thierry_parmentelat, URI:urn:uuid:8ee5aabe-5a16-4ac5-a18f-7ca145af285a
        Signature Algorithm: md5WithRSAEncryption

> In terms of versioning, on one box that exhibits the issue of returning -1, I have this:
>
> # cat /etc/fedora-release
> Fedora release 24 (Twenty Four)

Redhat is removing support for MD5 signatures from their OpenSSL
builds.  From a recent email from them to the OpenSSL team:

    We (Red Hat Enterprise Linux developers) decided to disable
    support for verification of signatures with MD4, MD5, and SHA0
    hashes in openssl library in Red Hat Enterprise Linux 6 and
    newer and in Fedora. ...

Your 5 year MD5 certificate is getting stale, time to use something
a bit more current.  Also its rather small exponent (35) is very
unwise.  While not quite as bad as 3, it may be open to attack.

--
        Viktor.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: troubleshooting a puzzling issue

Thierry Parmentelat
ooookkkk; it explains it all :)

Thanks so much for your time looking into this, it is very helpful — Thierry


> On 13 Jan 2017, at 16:47, Viktor Dukhovni <[hidden email]> wrote:
>
> On Fri, Jan 13, 2017 at 04:17:14PM +0100, Thierry Parmentelat wrote:
>
>> Thanks Viktor for your feedback
>>
>> Well, the 2 certificates are embedded in the python code as PEM; I am
>> attaching them again here as plain files if that helps
>
> The leaf certificate is signed with RSA+MD5:
>
>    $ openssl x509 -in /tmp/p1 -noout -text | egrep -v '^ *..:'
>    Certificate:
> Data:
>    Version: 3 (0x2)
>    Serial Number: 3 (0x3)
> Signature Algorithm: md5WithRSAEncryption
>    Issuer: CN=onelab.inria
>    Validity
> Not Before: Aug 18 13:30:49 2014 GMT
> Not After : Aug 17 13:30:49 2019 GMT
>    Subject: CN=onelab.inria.thierry_parmentelat
>    Subject Public Key Info:
> Public Key Algorithm: rsaEncryption
>    Public-Key: (1024 bit)
>    Modulus:
>    Exponent: 35 (0x23)
>    X509v3 extensions:
> X509v3 Basic Constraints: critical
> X509v3 Subject Alternative Name:
>    URI:urn:publicid:IDN+onelab:inria+user+thierry_parmentelat, URI:urn:uuid:8ee5aabe-5a16-4ac5-a18f-7ca145af285a
> Signature Algorithm: md5WithRSAEncryption
>
>> In terms of versioning, on one box that exhibits the issue of returning -1, I have this:
>>
>> # cat /etc/fedora-release
>> Fedora release 24 (Twenty Four)
>
> Redhat is removing support for MD5 signatures from their OpenSSL
> builds.  From a recent email from them to the OpenSSL team:
>
>    We (Red Hat Enterprise Linux developers) decided to disable
>    support for verification of signatures with MD4, MD5, and SHA0
>    hashes in openssl library in Red Hat Enterprise Linux 6 and
>    newer and in Fedora. ...
>
> Your 5 year MD5 certificate is getting stale, time to use something
> a bit more current.  Also its rather small exponent (35) is very
> unwise.  While not quite as bad as 3, it may be open to attack.
>
> --
> Viktor.
> --
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: troubleshooting a puzzling issue

Richard Levitte - VMS Whacker-2
In reply to this post by Thierry Parmentelat
In message <[hidden email]> on Fri, 13 Jan 2017 16:46:59 +0100, Thierry Parmentelat <[hidden email]> said:

thierry.parmentelat> so I do see md5 in the list of digests

Ok

thierry.parmentelat>
thierry.parmentelat> what else should I be looking at ?
thierry.parmentelat> is there a way to get some sort of error code or something that would at least hint at a direction..

I found that M2Crypto has an Err package, so add this to your script:

    if v <= 0:
        print(M2Crypto.Err.get_error());
    else:
        print("v = {}".format(v))

--
Richard Levitte         [hidden email]
OpenSSL Project         http://www.openssl.org/~levitte/
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Loading...