This thread has been locked.
If you have a related question, please click the "Ask a related question" button in the top right corner. The newly created question will be automatically linked to this question.
Hi TI team,
I am using am335x-evm platform and my version is as below
Arago Project http://arago-project.org am335x-evm /dev/ttyO0
Arago 2015.03 am335x-evm /dev/ttyO0
am335x-evm login: root
root@am335x-evm:~# cat /etc/mlb-version
PKG-20150714-FULL
I find the "openssl verify -CAfile" not working.
I just simply using below command to reproudce the issue "openssl verify -CAfile ca.crt client1.crt"
I confirmed my ca.crt and client.crt is corrected since I have tested the same files in other platform that doesn't have problem,
It only failed in TI asm335-evm openssl, even if you download some sample cert and will get the same error
for example, download from https://github.com/freelan-developers/freelan/wiki/Sample-certificate-files
and use command "openssl verify -CAfile ca.crt alice.crt" will get the same failed.
This failure will affect the OpenVPN application that I want to ported to this platform which required Openssl certificate verify process....
Please help to check and comment, thanks a lot!!
Detail log and cert attached below:
openssl verify -CAfile ca.crt client1.crt
client1.crt: C = TW, ST = TW, L = Taipei, O = Foxconn, OU = IOT, CN = client1, name = EasyRSA, emailAddress = james.ck.chien@foxconn.com
error 7 at 0 depth lookup:certificate signature failure
3068262112:error:04091068:rsa routines:INT_RSA_VERIFY:bad signature:rsa_sign.c:290:
3068262112:error:0D0C5006:asn1 encoding routines:ASN1_item_verify:EVP lib:a_verify.c:218
Here are the openssl libary info:
root@am335x-evm:~# openssl version -a
OpenSSL 1.0.1m 19 Mar 2015
built on: Fri Apr 10 14:36:34 2015
platform: linux-armv4
options: bn(64,32) rc4(ptr,char) des(idx,cisc,16,long) idea(int) blowfish(ptr)
compiler: arm-linux-gnueabihf-gcc -march=armv7-a -marm -mthumb-interwork -mfloat-abi=hard -mfpu=neon -mtune=cortex-a8 --sysroot=/home/gtbldadm/ti/oe-layersetup/build-CORTEX_1/arago-tmp-external-linaro-toolchain/sysroots/am335x-evm -I. -I.. -I../include -fPIC -DOPENSSL_PIC -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DL_ENDIAN -DTERMIO -isystem/opt/linaro-2013.03/arm-linux-gnueabihf/include -fstack-protector -O2 -pipe -g -feliminate-unused-debug-types -Wall -Wa,--noexecstack -DHAVE_CRYPTODEV -DUSE_CRYPTODEV_DIGESTS -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DGHASH_ASM
OPENSSLDIR: "/usr/lib/ssl"
Here is the cert I used.
root@am335x-evm:~# openssl x509 -in ca.crt -noout -text
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
e5:16:7f:96:50:e9:bf:e4
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=TW, ST=TW, L=Taipei, O=Foxconn, OU=IOT, CN=server25-CA/name=EasyRSA/emailAddress=james.ck.chien@foxconn.com
Validity
Not Before: Sep 25 08:00:49 2015 GMT
Not After : Sep 22 08:00:49 2025 GMT
Subject: C=TW, ST=TW, L=Taipei, O=Foxconn, OU=IOT, CN=server25-CA/name=EasyRSA/emailAddress=james.ck.chien@foxconn.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:d3:3a:be:b8:cf:91:e1:00:0e:20:0e:76:31:bd:
e6:64:f3:e1:2a:60:d6:d3:d7:3c:d8:e1:30:0e:21:
a7:7c:b7:26:e2:9d:96:dd:d0:2d:26:f2:1c:ce:cf:
38:71:5a:24:91:3c:84:9a:2d:44:23:2e:98:38:9b:
ea:70:a5:24:75:57:a4:f4:2f:16:67:50:0c:28:b5:
0e:71:c3:5b:76:a7:0b:eb:cd:cc:34:39:f4:9b:74:
16:40:4b:5c:94:43:07:ef:aa:03:28:03:6b:c8:26:
d5:54:8f:e1:2e:4b:67:39:4b:5c:6a:64:e6:28:d8:
7a:62:75:7c:68:f3:b5:44:eb:2a:ef:ba:a8:38:70:
2e:c1:02:ac:ff:60:b2:65:73:28:5b:93:02:67:1e:
24:f2:f2:aa:89:b0:59:58:ca:d1:37:59:ec:2f:2f:
9e:76:d7:02:a6:04:02:1c:54:a2:77:5a:34:8d:1b:
b9:68:4f:0a:3c:6f:90:8b:f3:bd:fb:4d:4f:fb:86:
21:bc:ee:5e:1e:72:93:7d:41:3c:d0:39:a4:89:c7:
da:75:10:2c:8a:b0:1d:d5:65:19:a1:a1:2e:22:3f:
ba:15:63:be:29:c0:08:db:52:12:bd:e6:33:2a:37:
c7:34:a1:be:71:df:62:aa:1d:20:24:df:95:02:d9:
79:f3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
82:ED:78:18:DC:57:6E:B3:AA:0F:1E:B6:0A:14:34:5E:8E:14:93:25
X509v3 Authority Key Identifier:
keyid:82:ED:78:18:DC:57:6E:B3:AA:0F:1E:B6:0A:14:34:5E:8E:14:93:25
DirName:/C=TW/ST=TW/L=Taipei/O=Foxconn/OU=IOT/CN=server25-CA/name=EasyRSA/emailAddress=james.ck.chien@foxconn.com
serial:E5:16:7F:96:50:E9:BF:E4
X509v3 Basic Constraints:
CA:TRUE
Signature Algorithm: sha256WithRSAEncryption
9b:b1:70:52:0a:8e:b7:79:a1:a3:ee:3a:65:96:e6:5e:82:af:
cd:6e:8f:92:f8:b8:2c:70:dd:28:ee:5d:c1:ce:71:fd:a2:d8:
f8:fa:75:49:c9:2a:ff:2a:e2:4f:d8:42:b8:d7:e1:aa:ec:b5:
80:2b:61:a1:c5:49:9e:4d:4b:8d:0c:95:54:7b:32:59:ee:03:
f4:ca:f6:a8:e9:72:d2:23:37:ef:33:1e:17:68:ec:19:45:86:
ab:b7:27:01:f6:b2:1f:cd:74:8a:97:16:48:ca:90:35:fa:05:
73:10:0a:9b:d5:4a:b5:43:80:f2:b9:7f:1e:44:69:12:f8:20:
0d:18:05:6e:37:17:a4:42:1f:37:cb:00:79:1b:5f:07:ca:80:
08:30:8a:c9:bc:eb:7d:db:e2:43:2a:5c:2b:aa:97:7f:02:32:
c9:61:06:ca:1b:1e:d6:a9:77:60:48:78:ca:2d:b0:80:00:06:
2d:b8:44:41:62:fc:9b:08:3b:8e:93:5f:df:50:1f:e1:2e:fb:
47:47:e6:35:3d:3d:6b:c5:2b:8f:7d:ab:ab:0f:31:77:56:45:
af:fc:d1:34:61:66:13:ab:68:4b:f1:59:28:7f:e7:8c:65:a2:
c2:43:f6:0f:50:d7:a3:c7:e0:38:f0:fd:c5:00:de:67:a8:2c:
0d:c8:39:40
root@am335x-evm:~# openssl x509 -in client1.crt -noout -text
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2 (0x2)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=TW, ST=TW, L=Taipei, O=Foxconn, OU=IOT, CN=server25-CA/name=EasyRSA/emailAddress=james.ck.chien@foxconn.com
Validity
Not Before: Sep 25 08:02:05 2015 GMT
Not After : Sep 22 08:02:05 2025 GMT
Subject: C=TW, ST=TW, L=Taipei, O=Foxconn, OU=IOT, CN=client1/name=EasyRSA/emailAddress=james.ck.chien@foxconn.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:d8:24:7b:96:89:a8:09:fa:36:21:03:47:a8:30:
64:e6:42:06:5f:4b:e3:e2:f9:4a:b7:ea:77:d3:90:
f3:7e:b3:78:d0:d2:c6:29:a7:06:c6:cb:9a:57:44:
31:b8:55:22:4c:18:cc:30:5b:57:f1:3b:e4:fc:55:
21:a0:32:06:2a:b0:ec:d3:84:62:b2:2a:c2:7b:79:
1b:61:27:70:74:4d:d5:e8:2a:16:37:e9:17:7a:94:
77:07:c6:dd:84:d8:86:47:ab:ac:5c:a3:8d:c2:81:
57:da:96:54:ba:18:b5:f0:d6:14:41:3b:93:83:ff:
a7:8b:71:42:52:a2:47:a3:8b:05:b2:38:4e:97:d5:
ec:21:e8:e3:4d:ca:dd:31:c3:6c:67:11:ce:a6:0e:
9c:05:18:56:35:df:a7:6d:94:1a:1f:d9:e9:49:5b:
28:bd:79:71:3a:0d:24:42:16:7b:d5:b1:95:a3:20:
c0:d3:a8:e9:50:6a:1f:1d:c5:bf:3f:d4:d8:46:80:
29:1c:b2:31:f4:f7:bc:5d:43:04:fc:98:10:ed:eb:
f1:c1:fd:9f:3e:b6:16:27:74:a6:71:61:84:8f:24:
5d:14:65:ad:be:4f:c4:6c:3f:b6:79:fc:56:b6:cd:
a3:67:0e:c3:c6:28:79:da:6f:b2:97:01:68:7b:fb:
5e:59
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
Easy-RSA Generated Certificate
X509v3 Subject Key Identifier:
99:7E:D4:CA:CD:16:25:A0:37:6F:6B:DB:7C:79:45:5F:28:01:F8:19
X509v3 Authority Key Identifier:
keyid:82:ED:78:18:DC:57:6E:B3:AA:0F:1E:B6:0A:14:34:5E:8E:14:93:25
DirName:/C=TW/ST=TW/L=Taipei/O=Foxconn/OU=IOT/CN=server25-CA/name=EasyRSA/emailAddress=james.ck.chien@foxconn.com
serial:E5:16:7F:96:50:E9:BF:E4
X509v3 Extended Key Usage:
TLS Web Client Authentication
X509v3 Key Usage:
Digital Signature
X509v3 Subject Alternative Name:
DNS:client1
Signature Algorithm: sha256WithRSAEncryption
2d:7c:69:74:97:26:62:b3:ed:8a:e9:ea:43:ec:43:a7:bb:aa:
37:6f:65:ca:60:89:ef:0e:ba:2e:65:66:b7:5b:ca:9a:68:5d:
62:e1:eb:d6:2a:e1:56:53:00:4b:61:b3:6c:f7:09:2a:4a:35:
34:92:87:7e:0a:a9:45:22:9c:af:31:dd:c9:8e:16:de:d0:2a:
4a:aa:ad:c3:20:2a:34:fd:12:73:3d:50:12:b6:34:ef:07:34:
60:15:03:b4:92:04:cf:19:4e:d5:7b:ce:37:9d:f3:9c:61:22:
e3:f6:bb:50:4f:5d:a5:cc:e7:cd:66:e0:c7:09:7b:84:fe:d1:
87:e4:f8:34:7c:0e:81:34:d6:ff:81:82:b9:cc:a8:da:bf:00:
cf:05:93:66:81:f7:ee:a2:26:14:06:53:33:5e:ed:97:47:04:
d0:a7:58:c7:86:ff:dc:28:3d:13:c9:b5:e3:5a:1e:e2:95:c4:
22:71:b9:04:59:ad:c0:1c:f2:2d:cf:35:c2:02:2d:df:cc:9d:
25:85:97:6b:15:39:30:c7:aa:2e:ee:30:96:ad:f4:3f:04:53:
f3:7d:6c:15:64:eb:cd:23:05:ba:3a:18:a6:e4:e1:ea:8f:0d:
89:0e:22:72:91:d3:78:1b:5f:4e:57:f7:c9:b3:5c:32:ab:1d:
f1:6c:49:95
root@am335x-evm:~#
Best Regards
James
Hello James,
Thank you for the update. This issue occurs if the Cryptodev module is loaded and it has been fixed in SDK v01.00.00.03 by the last changes in linux-3.14.43/drivers/crypto.
Best regards,
Kemal