On 14 nov. 2012, at 19:58, "Dr. Stephen Henson" <st...@openssl.org> wrote:
> On Wed, Nov 14, 2012, Dirk-Willem van Gulik wrote:
>
>> Folks,
>>
>> Have a CA (created by certtool, validates in openssl as self signed just
>> fine) and a server cert (created with certtool, signed with certool) which
>> des NOT validate in openssl.
>>
>> However the signature (when extracted with openssl its asn1parse; openssl
>> its rsautl and openssl its sha256) looks correct.
>>
>> And it seems to be accepted by the NSS and apple their stack.
>>
>> Any suggestions? Not unlikely this is sha256 specific - as that is what
>> triggered this.
>>
>> Tried against 1.0.1c and 0.9.8q (with the latter of course not do the
>> SHA256).
>>
>> Thanks.
>>
>> Dw.
>>
>> $ openssl verify -CAfile ca.pem ca.pem
>>
>> ca.pem: OK
>>
>> $ openssl verify -CAfile ca.pem x.pem
>>
>> x.pem: O = MedVision360 Test Org, CN = svc01.local
>> error 7 at 0 depth lookup:certificate signature failure
>> 140735152787932:error:04091077:rsa routines:INT_RSA_VERIFY:wrong
>> signature length:rsa_sign.c:175:
>> 140735152787932:error:0D0C5006:asn1 encoding
>> routines:ASN1_item_verify:EVP lib:a_verify.c:215:
>>
>> Which errors out. Extracting the signature manually with
>>
>> $ openssl asn1parse -in x.pem -out x.sig -noout -strparse 828
>> $ openssl x509 -in x.pem -pubkey -noout > x.rsa
>> $ openssl rsautl -in x.sig -verify -asn1parse -inkey x.rsa -pubin
>> $ openssl asn1parse -in x.pem -out x.tbs -noout -strparse 4
>> 0:d=0 hl=2 l= 49 cons: SEQUENCE
>> 2:d=1 hl=2 l= 13 cons: SEQUENCE
>> 4:d=2 hl=2 l= 9 prim: OBJECT :sha256
>> 15:d=2 hl=2 l= 0 prim: NULL
>> 17:d=1 hl=2 l= 32 prim: OCTET STRING
>> 0000 - 73 87 b0 9d e8 15 9f fb-ce af 3d ef 18 33 b3 04
>> s.........=..3..
>> 0010 - 28 64 b5 85 e9 88 91 69-e9 74 2a e6 45 ea 63 62
>> (d.....i.t*.E.cb
>> $ openssl sha256 -c x.tbs
>> SHA256(x.tbs)=
>> 73:87:b0:9d:e8:15:9f:fb:ce:af:3d:ef:18:33:b3:04:28:64:b5:85:e9:88:91:69:e9:74:2a:e6:45:ea:63:62
>>
>> looks actually good. As does the ANS1 it seems.
>
> That would be OK if x.pem is self signed but it is not. The signature in x.pem
> needs to be checked by the key in its CA which in this case is ca.pem. If you
> look at the ca.pem certificate its key is 2432 bits in size while the
> signature in x.pem is 2048 bits: that's why you get the error.
Thanks - so extracting that:
openssl x509 -in ca.pem -pubkey -noout | openssl rsa -text -pubin
..
Public-Key: (2432 bit)
..
so the RSA signature on x.pem its sha256 should have been 2432 bits in length.
And it is not:
openssl asn1parse -in x.pem -out x.sig -noout -strparse 828
wc -c x.sig
256 x.sig (2048 bits)
it is 2048 bits in size. Is that the correct reasoning ? And I need to assume
that the other tools are somehow getting confused and then accept it.
Correct ?
Dw.______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
