For an embedded device, I've just compiled Chromium 56 (part of Qt 5.9.5 framework), but I've got some *strange* behavior about BoringSSL linked by Chromium...
Whatever HTTPS website I try to navigate to, I get the generic error page "This site can't provide a secude connection": ERR_SSL_PROTOCOL_ERROR"... Everything works like a charm for non secure HTTP sites.
Digging down into source code I found that the problem arises in BoringSSL's function ECDSA_do_verify(), in file ecdsa.c: the last call to BN_cmp() returns a value different than zero, and actually variables u1 and sig->r have different values:
Using wget or cURL on the same device (both of the relying on OpenSSL original libraries instead of BoringSSL) works fine, so the problem appears strictly related to BoringSSL and/or Chromium...
Any ideas of the reason of SSL failure? And/or can you provide me a way for further debugging this kind of stuff?
Thanks.
For an embedded device, I've just compiled Chromium 56 (part of Qt 5.9.5 framework), but I've got some *strange* behavior about BoringSSL linked by Chromium...
Whatever HTTPS website I try to navigate to, I get the generic error page "This site can't provide a secude connection": ERR_SSL_PROTOCOL_ERROR"... Everything works like a charm for non secure HTTP sites.
Digging down into source code I found that the problem arises in BoringSSL's function ECDSA_do_verify(), in file ecdsa.c: the last call to BN_cmp() returns a value different than zero, and actually variables u1 and sig->r have different values:
Using wget or cURL on the same device (both of the relying on OpenSSL original libraries instead of BoringSSL) works fine, so the problem appears strictly related to BoringSSL and/or Chromium...
Any ideas of the reason of SSL failure? And/or can you provide me a way for further debugging this kind of stuff?
Navigating to https://rsa2048.badssl.com does not result in a SSL error, but unluckily gives me a segmentation fault! ☹
I think that getting things work should take me a long long time… :cry:
/Morix
Da: Adam Langley
Inviato: lunedì 21 maggio 2018 17:30
A: mori...@gmail.com
Cc: security-dev
Oggetto: Re: BoringSSL: error in verifying ECDSA signature?