The salt length in RSA-PSS signatures is shown as a hex number but
without the "0x" prefix. Moreover the default value is shown as
"20 (default)" but this is now decimal.
The attached patch solves the problem.
Check the two certs:
-----BEGIN CERTIFICATE-----
MIIDLTCCAWGgAwIBAgIDBHEQMEEGCSqGSIb3DQEBCjA0oA8wDQYJYIZIAWUDBAIB
BQChHDAaBgkqhkiG9w0BAQgwDQYJYIZIAWUDBAIBBQCiAwIBIDAdMQswCQYDVQQG
EwJERTEOMAwGA1UEAwwFQVkgQ0EwHhcNMDkwOTE4MDc1OTUzWhcNMTIxMTEzMDc1
OTUzWjAdMQswCQYDVQQGDAJERTEOMAwGA1UEAwwFQW5uaWUwgZ8wDQYJKoZIhvcN
AQEBBQADgY0AMIGJAoGBALbFqO5XMHZ542Tj9+d26mQHTppy9rN2wtIxiWMcELpl
6jRv73A7Uu91k9SW4VAPcWTQOOmogNBukPz5b61bYGizQsyoJHcLrfFCnrvbl4gK
rqQxFGLKzkCq8iR4NavCWR4YgK3Z/TXywOQ8xv65Gw8TfMQq2DRzJJP9Y/ePx9p1
AgMBQiujEjAQMA4GA1UdDwEB/wQEAwIHgDBBBgkqhkiG9w0BAQowNKAPMA0GCWCG
SAFlAwQCAQUAoRwwGgYJKoZIhvcNAQEIMA0GCWCGSAFlAwQCAQUAogMCASoDggGB
AKOv7DvF02bmYRlKyo38OQZ2Bh1uUjAYyhOTDXlA5s53hh0Y9l8874y/ROh9War6
bynsV/sZ2xIw8PL8G/YNHQOWMzyJqSvyMTxDYLqyGN5XcT85DKW7tpnNGh4nPGGL
Jafu2rXwurAwZap0nVEyYL6GfrARKR3PStyDM/d4T93oFy9GxPeQQhX9yY9c3kkW
8D4knNOUB2LS+OkvIxcWpr90L+3CYn5i8EaVbbl7qtJcBGJHVNSvPhp+xHIHzAi9
FU6DmkNV0B8W2izBYXepFNRCh+ZSJWTQAFOeyWorDh5uu4ljgYaLWv4KD9PDYvQZ
r/3/AWpxFwrIs3im45ldgu5FlQ7rtMm79jETJIKlA8MQJrTCzZQm5mY95MQ+/lQB
9NO6duVPZjsoMj6jMx6WpwgS+UMV1gip6M4b8CtuzwcBXUD0c9/hb1wSFGCBxEwU
jasJg1BGV6U8yha9VF1a1ZohqpGef5u3s1ABq+9h59VuIcfxE3NCVXGnkUXURi6y
aw==
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIDLTCCAWGgAwIBAgIDBHH/MEEGCSqGSIb3DQEBCjA0oA8wDQYJYIZIAWUDBAIB
BQChHDAaBgkqhkiG9w0BAQgwDQYJYIZIAWUDBAIBBQCiAwIBIDAdMQswCQYDVQQG
EwJERTEOMAwGA1UEAwwFQVkgQ0EwHhcNMDkwOTE4MDc1OTUzWhcNMTIxMTEzMDc1
OTUzWjAdMQswCQYDVQQGDAJERTEOMAwGA1UEAwwFQW5uaWUwgZ8wDQYJKoZIhvcN
AQEBBQADgY0AMIGJAoGBALbFqO5XMHZ542Tj9+d26mQHTppy9rN2wtIxiWMcELpl
6jRv73A7Uu91k9SW4VAPcWTQOOmogNBukPz5b61bYGizQsyoJHcLrfFCnrvbl4gK
rqQxFGLKzkCq8iR4NavCWR4YgK3Z/TXywOQ8xv65Gw8TfMQq2DRzJJP9Y/ePx9p1
AgMBQiujEjAQMA4GA1UdDwEB/wQEAwIHgDBBBgkqhkiG9w0BAQowNKAPMA0GCWCG
SAFlAwQCAQUAoRwwGgYJKoZIhvcNAQEIMA0GCWCGSAFlAwQCAQUAogMCASADggGB
AKOv7DvF02bmYRlKyo38OQZ2Bh1uUjAYyhOTDXlA5s53hh0Y9l8874y/ROh9War6
bynsV/sZ2xIw8PL8G/YNHQOWMzyJqSvyMTxDYLqyGN5XcT85DKW7tpnNGh4nPGGL
Jafu2rXwurAwZap0nVEyYL6GfrARKR3PStyDM/d4T93oFy9GxPeQQhX9yY9c3kkW
8D4knNOUB2LS+OkvIxcWpr90L+3CYn5i8EaVbbl7qtJcBGJHVNSvPhp+xHIHzAi9
FU6DmkNV0B8W2izBYXepFNRCh+ZSJWTQAFOeyWorDh5uu4ljgYaLWv4KD9PDYvQZ
r/3/AWpxFwrIs3im45ldgu5FlQ7rtMm79jETJIKlA8MQJrTCzZQm5mY95MQ+/lQB
9NO6duVPZjsoMj6jMx6WpwgS+UMV1gip6M4b8CtuzwcBXUD0c9/hb1wSFGCBxEwU
jasJg1BGV6U8yha9VF1a1ZohqpGef5u3s1ABq+9h59VuIcfxE3NCVXGnkUXURi6y
aw==
-----END CERTIFICATE-----
So this is solved, but there comes up another problem:
Please compare the two saltlength indications in the second cert
carefully (one is in the beginning the other just before the signature).
The command
openssl x509 -text -noout -in second.cert
says that they are equal, but in fact they are different.
Check this with
openssl asn1parse -i -in second.cert
Regards,
/Ann.
--- /opt/openssl-1.0.1c/crypto/rsa/rsa_ameth.c 2011-10-10 01:13:50.000000000
+0200
+++ /opt/openssl-1.0.1c.patch/crypto/rsa/rsa_ameth.c 2012-10-26
12:52:33.049290500 +0200
@@ -356,6 +356,13 @@
if (pss->saltLength)
{
- if (i2a_ASN1_INTEGER(bp, pss->saltLength) <= 0)
+ if (ASN1_INTEGER_get(pss->saltLength) <=0 )
goto err;
+ else {
+ BIO_printf(bp,"%ld
(",ASN1_INTEGER_get(pss->saltLength));
+ if (ASN1_INTEGER_get(pss->saltLength) ==
+
EVP_MD_size(EVP_get_digestbyobj(pss->hashAlgorithm->algorithm))
+ ) BIO_printf(bp,"hash value byte length)");
+ else
BIO_printf(bp,"0x%lx)",ASN1_INTEGER_get(pss->saltLength));
+ }
}
else if (BIO_puts(bp, "20 (default)") <= 0)
