Encoding of AlgorithmIdentifier with NULL parameters

Viktor Dukhovni openssl-users at dukhovni.org
Thu Jan 28 22:25:41 UTC 2021 

On Fri, Jan 29, 2021 at 12:37:18AM +0530, Thulasi Goriparthi wrote:

> I am trying to provide a test certificate generated by
> openssl-3.0.0-alpha10 to a third party certificate parser/manager.
> This software expects AlgorithmIdentifier to either have parameters or
> to have null encoded (05 00) parameters which seems to be missing in
> the certificate.

Indeed it appears that the development branch differs in its output
format from the stable releases, in that the (05 00) NULL parameters
present in the tbsCertificate are missing from the signature block:

    $ OpenSSL_master/bin/openssl req \
        -config <(printf 'distinguished_name = dn\n[dn]\nprompt=yes\n') \
        -new -newkey rsa:1024 -keyout /dev/null \
        -x509 -subj / -days 30 -nodes 2>/dev/null |
        openssl asn1parse
        0:d=0  hl=4 l= 381 cons: SEQUENCE
        4:d=1  hl=3 l= 233 cons: SEQUENCE
        7:d=2  hl=2 l=  20 prim: INTEGER           :58EFB7C8A23DC6F6A16D9C30A9300C285B7E9287
       29:d=2  hl=2 l=  11 cons: SEQUENCE
       31:d=3  hl=2 l=   9 prim: OBJECT            :sha256WithRSAEncryption
       42:d=2  hl=2 l=   0 cons: SEQUENCE
       44:d=2  hl=2 l=  30 cons: SEQUENCE
       46:d=3  hl=2 l=  13 prim: UTCTIME           :210128221706Z
       61:d=3  hl=2 l=  13 prim: UTCTIME           :210227221706Z
       76:d=2  hl=2 l=   0 cons: SEQUENCE
       78:d=2  hl=3 l= 159 cons: SEQUENCE
       81:d=3  hl=2 l=  13 cons: SEQUENCE
       83:d=4  hl=2 l=   9 prim: OBJECT            :rsaEncryption
       94:d=4  hl=2 l=   0 prim: NULL
       96:d=3  hl=3 l= 141 prim: BIT STRING
      240:d=1  hl=2 l=  11 cons: SEQUENCE
      242:d=2  hl=2 l=   9 prim: OBJECT            :sha256WithRSAEncryption
      253:d=1  hl=3 l= 129 prim: BIT STRING

as compared with e.g. OpenSSL 1.1.1:

    $ OpenSSL_1_1_1/bin/openssl req \
        -config <(printf 'distinguished_name = dn\n[dn]\nprompt=yes\n')
        -new -newkey rsa:1024 -keyout /dev/null \
        -x509 -subj / -days 30 -nodes 2>/dev/null |
        openssl asn1parse
        0:d=0  hl=4 l= 385 cons: SEQUENCE
        4:d=1  hl=3 l= 235 cons: SEQUENCE
        7:d=2  hl=2 l=  20 prim: INTEGER           :72A1C904EDFE1C1F15DF51649A7A9F339A0982CD
       29:d=2  hl=2 l=  13 cons: SEQUENCE
       31:d=3  hl=2 l=   9 prim: OBJECT            :sha256WithRSAEncryption
       42:d=3  hl=2 l=   0 prim: NULL
       44:d=2  hl=2 l=   0 cons: SEQUENCE
       46:d=2  hl=2 l=  30 cons: SEQUENCE
       48:d=3  hl=2 l=  13 prim: UTCTIME           :210128222008Z
       63:d=3  hl=2 l=  13 prim: UTCTIME           :210227222008Z
       78:d=2  hl=2 l=   0 cons: SEQUENCE
       80:d=2  hl=3 l= 159 cons: SEQUENCE
       83:d=3  hl=2 l=  13 cons: SEQUENCE
       85:d=4  hl=2 l=   9 prim: OBJECT            :rsaEncryption
       96:d=4  hl=2 l=   0 prim: NULL
       98:d=3  hl=3 l= 141 prim: BIT STRING
      242:d=1  hl=2 l=  13 cons: SEQUENCE
      244:d=2  hl=2 l=   9 prim: OBJECT            :sha256WithRSAEncryption
      255:d=2  hl=2 l=   0 prim: NULL
      257:d=1  hl=3 l= 129 prim: BIT STRING

If there isn't yet a Github issue for this, please open one.  It appears
that the code that is actually generating the signature is no longer
encoding explicit NULL parameters for the algorithms in question.

-- 
    Viktor.

More information about the openssl-users mailing list