Hello,
My openssl-1.0.2k-21.0.1.el7_9.x86_64 verify fails with HSM-signed
certificates. The HSM is causing other issues and is likely misbehaving,
I think this is a HSM bug. I'm sure I'm using the correct server.crt and
rootca.crt.
$ openssl verify -CAfile rootca.crt server.crt
server.crt: C <snip>
error 7 at 0 depth lookup:certificate signature failure
139734096439184:error:0D0680A8:asn1 encoding
routines:ASN1_CHECK_TLEN:wrong tag:tasn_dec.c:1239:
139734096439184:error:0D07803A:asn1 encoding
routines:ASN1_ITEM_EX_D2I:nested asn1 error:tasn_dec.c:405:Type=X509_SIG
139734096439184:error:0D0C5006:asn1 encoding
routines:ASN1_item_verify:EVP lib:a_verify.c:249:
I tried doing the verification manually like so:
Extracting the 'to be signed' part of the server.crt:
openssl asn1parse -in server.crt -strparse 4 -out server.tbs
sha256 that:
cat server.tbs | openssl sha256 -binary > server.tbs.sha256
Extracting the signature from the server.crt:
openssl asn1parse -in server.crt -strparse 569 -out server.sig
Extracting the public key from rootca.crt:
openssl x509 -in rootca.crt -noout -pubkey > rootca.pub
Decrypting the signature:
openssl rsautl -inkey rootca.pub -pubin -in server.sig -out
server.sig.decrypted
Comparing server.tbs.sha256 and server.sig.decrypted .
When I compare those, they are exactly the same. But that's the thing, I
think server.sig.decrypted should be prepended with a sha256 designator
30 31 30 0d 06 09 60 86 48 01 65 03 04 02 01 05 00 04 20, which is
missing. I do see this designator with working certificates. I suspect
this is the problem.
Is that designator mandatory and likely the cause of my issue ?
https://datatracker.ietf.org/doc/html/rfc5280#section-4.1.1.2 suggests
it's mandatory.. but I'm not sure if I'm looking at the right section.
Thanks.
