This thread has been locked.
If you have a related question, please click the "Ask a related question" button in the top right corner. The newly created question will be automatically linked to this question.
Replies: 8
Views: 6507
Hi TI team,
I am using am335x-evm platform and my version is as below
Arago Project http://arago-project.org am335x-evm /dev/ttyO0
Arago 2015.03 am335x-evm /dev/ttyO0
am335x-evm login: root
root@am335x-evm:~# cat /etc/mlb-version PKG-20150714-FULL
I find the "openssl verify -CAfile" not working.
I just simply using below command to reproudce the issue "openssl verify -CAfile ca.crt client1.crt"I confirmed my ca.crt and client.crt is corrected since I have tested the same files in other platform that doesn't have problem,It only failed in TI asm335-evm openssl, even if you download some sample cert and will get the same errorfor example, download from https://github.com/freelan-developers/freelan/wiki/Sample-certificate-filesand use command "openssl verify -CAfile ca.crt alice.crt" will get the same failed.This failure will affect the OpenVPN application that I want to ported to this platform which required Openssl certificate verify process....Please help to check and comment, thanks a lot!!
Detail log and cert attached below:
openssl verify -CAfile ca.crt client1.crtclient1.crt: C = TW, ST = TW, L = Taipei, O = Foxconn, OU = IOT, CN = client1, name = EasyRSA, emailAddress = james.ck.chien@foxconn.comerror 7 at 0 depth lookup:certificate signature failure3068262112:error:04091068:rsa routines:INT_RSA_VERIFY:bad signature:rsa_sign.c:290:3068262112:error:0D0C5006:asn1 encoding routines:ASN1_item_verify:EVP lib:a_verify.c:218
Here are the openssl libary info:root@am335x-evm:~# openssl version -aOpenSSL 1.0.1m 19 Mar 2015built on: Fri Apr 10 14:36:34 2015platform: linux-armv4options: bn(64,32) rc4(ptr,char) des(idx,cisc,16,long) idea(int) blowfish(ptr) compiler: arm-linux-gnueabihf-gcc -march=armv7-a -marm -mthumb-interwork -mfloat-abi=hard -mfpu=neon -mtune=cortex-a8 --sysroot=/home/gtbldadm/ti/oe-layersetup/build-CORTEX_1/arago-tmp-external-linaro-toolchain/sysroots/am335x-evm -I. -I.. -I../include -fPIC -DOPENSSL_PIC -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DL_ENDIAN -DTERMIO -isystem/opt/linaro-2013.03/arm-linux-gnueabihf/include -fstack-protector -O2 -pipe -g -feliminate-unused-debug-types -Wall -Wa,--noexecstack -DHAVE_CRYPTODEV -DUSE_CRYPTODEV_DIGESTS -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DGHASH_ASMOPENSSLDIR: "/usr/lib/ssl"
Here is the cert I used.
root@am335x-evm:~# openssl x509 -in ca.crt -noout -textCertificate: Data: Version: 3 (0x2) Serial Number: e5:16:7f:96:50:e9:bf:e4 Signature Algorithm: sha256WithRSAEncryption Issuer: C=TW, ST=TW, L=Taipei, O=Foxconn, OU=IOT, CN=server25-CA/name=EasyRSA/emailAddress=james.ck.chien@foxconn.com Validity Not Before: Sep 25 08:00:49 2015 GMT Not After : Sep 22 08:00:49 2025 GMT Subject: C=TW, ST=TW, L=Taipei, O=Foxconn, OU=IOT, CN=server25-CA/name=EasyRSA/emailAddress=james.ck.chien@foxconn.com Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: 00:d3:3a:be:b8:cf:91:e1:00:0e:20:0e:76:31:bd: e6:64:f3:e1:2a:60:d6:d3:d7:3c:d8:e1:30:0e:21: a7:7c:b7:26:e2:9d:96:dd:d0:2d:26:f2:1c:ce:cf: 38:71:5a:24:91:3c:84:9a:2d:44:23:2e:98:38:9b: ea:70:a5:24:75:57:a4:f4:2f:16:67:50:0c:28:b5: 0e:71:c3:5b:76:a7:0b:eb:cd:cc:34:39:f4:9b:74: 16:40:4b:5c:94:43:07:ef:aa:03:28:03:6b:c8:26: d5:54:8f:e1:2e:4b:67:39:4b:5c:6a:64:e6:28:d8: 7a:62:75:7c:68:f3:b5:44:eb:2a:ef:ba:a8:38:70: 2e:c1:02:ac:ff:60:b2:65:73:28:5b:93:02:67:1e: 24:f2:f2:aa:89:b0:59:58:ca:d1:37:59:ec:2f:2f: 9e:76:d7:02:a6:04:02:1c:54:a2:77:5a:34:8d:1b: b9:68:4f:0a:3c:6f:90:8b:f3:bd:fb:4d:4f:fb:86: 21:bc:ee:5e:1e:72:93:7d:41:3c:d0:39:a4:89:c7: da:75:10:2c:8a:b0:1d:d5:65:19:a1:a1:2e:22:3f: ba:15:63:be:29:c0:08:db:52:12:bd:e6:33:2a:37: c7:34:a1:be:71:df:62:aa:1d:20:24:df:95:02:d9: 79:f3 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: 82:ED:78:18:DC:57:6E:B3:AA:0F:1E:B6:0A:14:34:5E:8E:14:93:25 X509v3 Authority Key Identifier: keyid:82:ED:78:18:DC:57:6E:B3:AA:0F:1E:B6:0A:14:34:5E:8E:14:93:25 DirName:/C=TW/ST=TW/L=Taipei/O=Foxconn/OU=IOT/CN=server25-CA/name=EasyRSA/emailAddress=james.ck.chien@foxconn.com serial:E5:16:7F:96:50:E9:BF:E4
X509v3 Basic Constraints: CA:TRUE Signature Algorithm: sha256WithRSAEncryption 9b:b1:70:52:0a:8e:b7:79:a1:a3:ee:3a:65:96:e6:5e:82:af: cd:6e:8f:92:f8:b8:2c:70:dd:28:ee:5d:c1:ce:71:fd:a2:d8: f8:fa:75:49:c9:2a:ff:2a:e2:4f:d8:42:b8:d7:e1:aa:ec:b5: 80:2b:61:a1:c5:49:9e:4d:4b:8d:0c:95:54:7b:32:59:ee:03: f4:ca:f6:a8:e9:72:d2:23:37:ef:33:1e:17:68:ec:19:45:86: ab:b7:27:01:f6:b2:1f:cd:74:8a:97:16:48:ca:90:35:fa:05: 73:10:0a:9b:d5:4a:b5:43:80:f2:b9:7f:1e:44:69:12:f8:20: 0d:18:05:6e:37:17:a4:42:1f:37:cb:00:79:1b:5f:07:ca:80: 08:30:8a:c9:bc:eb:7d:db:e2:43:2a:5c:2b:aa:97:7f:02:32: c9:61:06:ca:1b:1e:d6:a9:77:60:48:78:ca:2d:b0:80:00:06: 2d:b8:44:41:62:fc:9b:08:3b:8e:93:5f:df:50:1f:e1:2e:fb: 47:47:e6:35:3d:3d:6b:c5:2b:8f:7d:ab:ab:0f:31:77:56:45: af:fc:d1:34:61:66:13:ab:68:4b:f1:59:28:7f:e7:8c:65:a2: c2:43:f6:0f:50:d7:a3:c7:e0:38:f0:fd:c5:00:de:67:a8:2c: 0d:c8:39:40root@am335x-evm:~# openssl x509 -in client1.crt -noout -text Certificate: Data: Version: 3 (0x2) Serial Number: 2 (0x2) Signature Algorithm: sha256WithRSAEncryption Issuer: C=TW, ST=TW, L=Taipei, O=Foxconn, OU=IOT, CN=server25-CA/name=EasyRSA/emailAddress=james.ck.chien@foxconn.com Validity Not Before: Sep 25 08:02:05 2015 GMT Not After : Sep 22 08:02:05 2025 GMT Subject: C=TW, ST=TW, L=Taipei, O=Foxconn, OU=IOT, CN=client1/name=EasyRSA/emailAddress=james.ck.chien@foxconn.com Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: 00:d8:24:7b:96:89:a8:09:fa:36:21:03:47:a8:30: 64:e6:42:06:5f:4b:e3:e2:f9:4a:b7:ea:77:d3:90: f3:7e:b3:78:d0:d2:c6:29:a7:06:c6:cb:9a:57:44: 31:b8:55:22:4c:18:cc:30:5b:57:f1:3b:e4:fc:55: 21:a0:32:06:2a:b0:ec:d3:84:62:b2:2a:c2:7b:79: 1b:61:27:70:74:4d:d5:e8:2a:16:37:e9:17:7a:94: 77:07:c6:dd:84:d8:86:47:ab:ac:5c:a3:8d:c2:81: 57:da:96:54:ba:18:b5:f0:d6:14:41:3b:93:83:ff: a7:8b:71:42:52:a2:47:a3:8b:05:b2:38:4e:97:d5: ec:21:e8:e3:4d:ca:dd:31:c3:6c:67:11:ce:a6:0e: 9c:05:18:56:35:df:a7:6d:94:1a:1f:d9:e9:49:5b: 28:bd:79:71:3a:0d:24:42:16:7b:d5:b1:95:a3:20: c0:d3:a8:e9:50:6a:1f:1d:c5:bf:3f:d4:d8:46:80: 29:1c:b2:31:f4:f7:bc:5d:43:04:fc:98:10:ed:eb: f1:c1:fd:9f:3e:b6:16:27:74:a6:71:61:84:8f:24: 5d:14:65:ad:be:4f:c4:6c:3f:b6:79:fc:56:b6:cd: a3:67:0e:c3:c6:28:79:da:6f:b2:97:01:68:7b:fb: 5e:59 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Basic Constraints: CA:FALSE Netscape Comment: Easy-RSA Generated Certificate X509v3 Subject Key Identifier: 99:7E:D4:CA:CD:16:25:A0:37:6F:6B:DB:7C:79:45:5F:28:01:F8:19 X509v3 Authority Key Identifier: keyid:82:ED:78:18:DC:57:6E:B3:AA:0F:1E:B6:0A:14:34:5E:8E:14:93:25 DirName:/C=TW/ST=TW/L=Taipei/O=Foxconn/OU=IOT/CN=server25-CA/name=EasyRSA/emailAddress=james.ck.chien@foxconn.com serial:E5:16:7F:96:50:E9:BF:E4
X509v3 Extended Key Usage: TLS Web Client Authentication X509v3 Key Usage: Digital Signature X509v3 Subject Alternative Name: DNS:client1 Signature Algorithm: sha256WithRSAEncryption 2d:7c:69:74:97:26:62:b3:ed:8a:e9:ea:43:ec:43:a7:bb:aa: 37:6f:65:ca:60:89:ef:0e:ba:2e:65:66:b7:5b:ca:9a:68:5d: 62:e1:eb:d6:2a:e1:56:53:00:4b:61:b3:6c:f7:09:2a:4a:35: 34:92:87:7e:0a:a9:45:22:9c:af:31:dd:c9:8e:16:de:d0:2a: 4a:aa:ad:c3:20:2a:34:fd:12:73:3d:50:12:b6:34:ef:07:34: 60:15:03:b4:92:04:cf:19:4e:d5:7b:ce:37:9d:f3:9c:61:22: e3:f6:bb:50:4f:5d:a5:cc:e7:cd:66:e0:c7:09:7b:84:fe:d1: 87:e4:f8:34:7c:0e:81:34:d6:ff:81:82:b9:cc:a8:da:bf:00: cf:05:93:66:81:f7:ee:a2:26:14:06:53:33:5e:ed:97:47:04: d0:a7:58:c7:86:ff:dc:28:3d:13:c9:b5:e3:5a:1e:e2:95:c4: 22:71:b9:04:59:ad:c0:1c:f2:2d:cf:35:c2:02:2d:df:cc:9d: 25:85:97:6b:15:39:30:c7:aa:2e:ee:30:96:ad:f4:3f:04:53: f3:7d:6c:15:64:eb:cd:23:05:ba:3a:18:a6:e4:e1:ea:8f:0d: 89:0e:22:72:91:d3:78:1b:5f:4e:57:f7:c9:b3:5c:32:ab:1d: f1:6c:49:95root@am335x-evm:~#
Best RegardsJames
In reply to Biser Gatchev-XID:
In reply to james chien:
Hello James, This error shouldn't arise with the latest processor SDK v01.00.00.03 You can download it from here. Best regards, Kemal
In reply to Kemal R. Shakir:
Hello James, Thank you for the update. This issue occurs if the Cryptodev module is loaded and it has been fixed in SDK v01.00.00.03 by the last changes in linux-3.14.43/drivers/crypto. Best regards, Kemal