On Wed, Nov 14, 2012, Dirk-Willem van Gulik wrote: > Folks, > > Have a CA (created by certtool, validates in openssl as self signed just > fine) and a server cert (created with certtool, signed with certool) which > des NOT validate in openssl. > > However the signature (when extracted with openssl its asn1parse; openssl its > rsautl and openssl its sha256) looks correct. > > And it seems to be accepted by the NSS and apple their stack. > > Any suggestions? Not unlikely this is sha256 specific - as that is what > triggered this. > > Tried against 1.0.1c and 0.9.8q (with the latter of course not do the > SHA256). > > Thanks. > > Dw. > > $ openssl verify -CAfile ca.pem ca.pem > > ca.pem: OK > > $ openssl verify -CAfile ca.pem x.pem > > x.pem: O = MedVision360 Test Org, CN = svc01.local > error 7 at 0 depth lookup:certificate signature failure > 140735152787932:error:04091077:rsa routines:INT_RSA_VERIFY:wrong > signature length:rsa_sign.c:175: > 140735152787932:error:0D0C5006:asn1 encoding > routines:ASN1_item_verify:EVP lib:a_verify.c:215: > > Which errors out. Extracting the signature manually with > > $ openssl asn1parse -in x.pem -out x.sig -noout -strparse 828 > $ openssl x509 -in x.pem -pubkey -noout > x.rsa > $ openssl rsautl -in x.sig -verify -asn1parse -inkey x.rsa -pubin > $ openssl asn1parse -in x.pem -out x.tbs -noout -strparse 4 > 0:d=0 hl=2 l= 49 cons: SEQUENCE > 2:d=1 hl=2 l= 13 cons: SEQUENCE > 4:d=2 hl=2 l= 9 prim: OBJECT :sha256 > 15:d=2 hl=2 l= 0 prim: NULL > 17:d=1 hl=2 l= 32 prim: OCTET STRING > 0000 - 73 87 b0 9d e8 15 9f fb-ce af 3d ef 18 33 b3 04 > s.........=..3.. > 0010 - 28 64 b5 85 e9 88 91 69-e9 74 2a e6 45 ea 63 62 > (d.....i.t*.E.cb > $ openssl sha256 -c x.tbs > SHA256(x.tbs)= > 73:87:b0:9d:e8:15:9f:fb:ce:af:3d:ef:18:33:b3:04:28:64:b5:85:e9:88:91:69:e9:74:2a:e6:45:ea:63:62 > > looks actually good. As does the ANS1 it seems. > >
That would be OK if x.pem is self signed but it is not. The signature in x.pem needs to be checked by the key in its CA which in this case is ca.pem. If you look at the ca.pem certificate its key is 2432 bits in size while the signature in x.pem is 2048 bits: that's why you get the error. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
