OpenVPN + X509 Cert PKI signed error

Hello

I had do this setup with :

OpenVPN 2.4(without SYSTEMD CRAP) + OpenSSL + OpenSC
OpenVPN Master + last Emmanuel DELOGET openSSL 1.1 Patchs + OpenSSL 1.1.0 + OpenSC Git/Master

All certs are ok : server seen it ok and then get a padding error in SSL and restart connection in loop :

Fri Feb 24 11:51:34 2017 us=479215 ::ffff:XXXX VERIFY SCRIPT OK: depth=3, XXX
Fri Feb 24 11:51:34 2017 us=479342 ::ffff:XXXX VERIFY OK: depth=3, XXX
Fri Feb 24 11:51:34 2017 us=484484 ::ffff:XXXX VERIFY SCRIPT OK: XXX
Fri Feb 24 11:51:34 2017 us=484582 ::ffff:XXXX VERIFY OK: depth=2, XXX
Fri Feb 24 11:51:34 2017 us=490072 ::ffff:XXXX VERIFY SCRIPT OK: XXX
Fri Feb 24 11:51:34 2017 us=490161 ::ffff:XXXX VERIFY OK: depth=1, XXX
Fri Feb 24 11:51:34 2017 us=495224 ::ffff:XXXX VERIFY SCRIPT OK: XXX
Fri Feb 24 11:51:34 2017 us=495313 ::ffff:XXXX VERIFY OK: XXX
Fri Feb 24 11:51:34 2017 us=512670 ::ffff:XXXX TLS_ERROR: BIO read tls_read_plaintext error: error:0407006A:rsa routines:RSA_padding_check_PKCS1_type_1:block type is not 01: error:04067072:rsa routines:RSA_EAY_PUBLIC_DECRYPT:padding check failed: error:1408807B:SSL routines:ssl3_get_cert_verify:bad signature: error:140940E5:SSL routines:ssl3_read_bytes:ssl handshake failure

In openSC logs :
0x7f0560d59700 16:15:43.856 [opensc-pkcs11] framework-pkcs15.c:3512:pkcs15_prkey_sign: Initiating signing operation, mechanism 0x1.
0x7f0560d59700 16:15:43.856 [opensc-pkcs11] card.c:393:sc_lock: called
0x7f0560d59700 16:15:43.856 [opensc-pkcs11] reader-pcsc.c:582:pcsc_lock: called
0x7f0560d59700 16:15:43.856 [opensc-pkcs11] card.c:435:sc_lock: returning with: 0 (Success)
0x7f0560d59700 16:15:43.856 [opensc-pkcs11] framework-pkcs15.c:3573:pkcs15_prkey_sign: Selected flags 12. Now computing signature for 83 bytes. 256 bytes reserved.
0x7f0560d59700 16:15:43.856 [opensc-pkcs11] pkcs15-sec.c:314:sc_pkcs15_compute_signature: called
0x7f0560d59700 16:15:43.856 [opensc-pkcs11] pkcs15-sec.c:362:sc_pkcs15_compute_signature: supported algorithm flags 0x80000001, private key usage 0x2E
0x7f0560d59700 16:15:43.856 [opensc-pkcs11] padding.c:283:sc_get_encoding_flags: called
0x7f0560d59700 16:15:43.856 [opensc-pkcs11] padding.c:287:sc_get_encoding_flags: iFlags 0x12, card capabilities 0x80000001
0x7f0560d59700 16:15:43.856 [opensc-pkcs11] padding.c:316:sc_get_encoding_flags: pad flags 0x12, secure algorithm flags 0x0
0x7f0560d59700 16:15:43.856 [opensc-pkcs11] padding.c:317:sc_get_encoding_flags: returning with: 0 (Success)
0x7f0560d59700 16:15:43.856 [opensc-pkcs11] pkcs15-sec.c:413:sc_pkcs15_compute_signature: DEE flags:0x00000012 alg_info->flags:0x80000001 pad:0x00000012 sec:0x00000000
0x7f0560d59700 16:15:43.856 [opensc-pkcs11] padding.c:242:sc_pkcs1_encode: called
0x7f0560d59700 16:15:43.856 [opensc-pkcs11] padding.c:246:sc_pkcs1_encode: hash algorithm 0x10, pad algorithm 0x2
0x7f0560d59700 16:15:43.856 [opensc-pkcs11] padding.c:269:sc_pkcs1_encode: returning with: 0 (Success)
0x7f0560d59700 16:15:43.856 [opensc-pkcs11] card.c:393:sc_lock: called
0x7f0560d59700 16:15:43.856 [opensc-pkcs11] card.c:435:sc_lock: returning with: 0 (Success)
0x7f0560d59700 16:15:43.856 [opensc-pkcs11] sec.c:68:sc_set_security_env: called
0x7f0560d59700 16:15:43.856 [opensc-pkcs11] card-sc-hsm.c:462:sc_hsm_set_security_env: returning with: 0 (Success)
0x7f0560d59700 16:15:43.856 [opensc-pkcs11] sec.c:72:sc_set_security_env: returning with: 0 (Success)
0x7f0560d59700 16:15:43.856 [opensc-pkcs11] sec.c:54:sc_compute_signature: called
0x7f0560d59700 16:15:43.856 [opensc-pkcs11] apdu.c:550:sc_transmit_apdu: called
0x7f0560d59700 16:15:43.856 [opensc-pkcs11] card.c:393:sc_lock: called
0x7f0560d59700 16:15:43.856 [opensc-pkcs11] card.c:435:sc_lock: returning with: 0 (Success)
0x7f0560d59700 16:15:43.856 [opensc-pkcs11] apdu.c:517:sc_transmit: called
0x7f0560d59700 16:15:43.856 [opensc-pkcs11] apdu.c:371:sc_single_transmit: called
0x7f0560d59700 16:15:43.856 [opensc-pkcs11] apdu.c:376:sc_single_transmit: CLA:80, INS:68, P1:2, P2:20, data(256) 0x7ffc38b073b0
0x7f0560d59700 16:15:43.856 [opensc-pkcs11] reader-pcsc.c:269:pcsc_transmit: reader ‘Nitrokey Nitrokey HSM (010000000000000000000000) 00 00’
0x7f0560d59700 16:15:43.856 [opensc-pkcs11] reader-pcsc.c:270:pcsc_transmit:
Outgoing APDU (265 bytes):
80 68 02 20 00 01 00 00 01 FF FF FF FF FF FF FF .h. …
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF …
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF …
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF …
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF …
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF …
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF …
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF …
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF …
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF …
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF …
FF FF FF 00 30 51 30 0D 06 09 60 86 48 01 65 03 …0Q0….H.e. 04 02 03 05 00 04 40 00 CD 82 FD EE 74 BA 33 E9 ......@.....t.3. 4E B8 57 14 63 18 7F 35 D1 12 61 E4 E4 7C E3 B3 N.W.c..5..a..|.. E2 E5 36 64 BD CA 61 88 5A 5B CD 2B C2 B9 59 79 ..6d..a.Z[.+..Yy 1D 3C C2 C4 C4 A5 96 38 31 C7 D1 52 8A BD 90 FA .<.....81..R.... A6 77 81 0D 68 3D 3A 01 00 .w..h=:.. 0x7f0560d59700 16:15:43.856 [opensc-pkcs11] reader-pcsc.c:199:pcsc_internal_transmit: called 0x7f0560d59700 16:15:44.587 [opensc-pkcs11] reader-pcsc.c:279:pcsc_transmit: Incoming APDU (258 bytes): 0D 24 DD 89 7E F8 EF 98 06 09 6B C0 44 21 A8 E1 .$..~.....k.D!.. C3 3E 64 98 36 B6 AC 60 BB C3 D6 3B 2B 2B 54 6B .>d.6..…;++Tk
37 77 BF 9D 9E 30 95 2C C0 03 6C C1 C8 0F C6 01 7w…0.,…l…
CA 54 85 7C 8B D4 86 C8 92 9D 91 BF 1D CC E7 C8 .T.|…
A5 5D 43 97 40 A7 A9 29 97 9A 1B FE 3C 0B 5F 4B .]C.@…)…<._K
B7 F2 3F FB 50 A6 5E 43 7E A0 ED 1A EB 6A E3 1E …?.P.^C~…j…
11 51 73 D0 D9 8E 85 2D 8A 60 2C DD 99 40 07 68 .Qs…-.`,…@.h
3C 9A 92 61 F5 9E 41 CA 2B 83 93 C4 8C 48 8C 98 <…a…A.+…H…
5A 9C A9 43 08 E7 7C 97 B9 87 23 EA 6F 1E BF 01 Z…C…|…#.o…
0C B7 66 59 C0 29 22 43 58 8A DC 1D 7F 40 85 B5 …fY.)"CX…@…
43 2F B3 13 54 15 1D 58 E3 D3 0E B7 8A E0 87 CA C/…T…X…
23 C3 AC 07 E4 47 96 D4 21 51 31 C3 9C FD A6 CD #…G…!Q1…
70 2E A9 2C 9D 0C 82 13 37 85 85 AA B3 06 82 66 p…,…7…f
70 72 04 7F FB 28 53 15 FE 50 B5 7A C3 A2 AD 96 pr…(S…P.z…
D1 50 2F 58 FA E5 C1 E8 C8 4E 69 C2 73 BF 2B 52 .P/X…Ni.s.+R
ED AC C3 96 7C 40 F3 47 C7 FD 12 10 B9 94 A6 BE …|@.G…
90 00 …
0x7f0560d59700 16:15:44.587 [opensc-pkcs11] apdu.c:386:sc_single_transmit: returning with: 0 (Success)
0x7f0560d59700 16:15:44.587 [opensc-pkcs11] apdu.c:539:sc_transmit: returning with: 0 (Success)
0x7f0560d59700 16:15:44.587 [opensc-pkcs11] card.c:445:sc_unlock: called
0x7f0560d59700 16:15:44.587 [opensc-pkcs11] card-sc-hsm.c:576:sc_hsm_compute_signature: returning with: 256
0x7f0560d59700 16:15:44.587 [opensc-pkcs11] sec.c:58:sc_compute_signature: returning with: 256
0x7f0560d59700 16:15:44.587 [opensc-pkcs11] card.c:445:sc_unlock: called
0x7f0560d59700 16:15:44.587 [opensc-pkcs11] pkcs15-sec.c:451:sc_pkcs15_compute_signature: returning with: 256
0x7f0560d59700 16:15:44.587 [opensc-pkcs11] card.c:445:sc_unlock: called
0x7f0560d59700 16:15:44.588 [opensc-pkcs11] reader-pcsc.c:627:pcsc_unlock: called
0x7f0560d59700 16:15:44.595 [opensc-pkcs11] framework-pkcs15.c:3590:pkcs15_prkey_sign: Sign complete. Result 256.
0x7f0560d59700 16:15:44.595 [opensc-pkcs11] mechanism.c:447:sc_pkcs11_signature_final: returning with: 0 (Success)
0x7f0560d59700 16:15:44.595 [opensc-pkcs11] mechanism.c:312:sc_pkcs11_sign_final: returning with: 0 (Success)
0x7f0560d59700 16:15:44.595 [opensc-pkcs11] pkcs11-object.c:697:C_Sign: C_Sign() = CKR_OK

I’m not an SSL expert, is it related to the padding negociation ? Is it a problem with nitrokey ?

The key is working ok with OpenSSH (and so without cert part)

Please help

Nicolas F.

I assume you use a Nitrokey Pro, right? For SSH usually the AUT key is used but here C_Sign is executed which requires the SIG key and which doesn’t work with the AUT key.

No I use a Nitrokey HSM

Most likely the certificate doesn’t match to the key. This would explain why the verification of the signature fails. To test keys and certificates you might find this testcase helpful.

Ok, is there a tutorial to use this ? scsh3 doesn’t seem to see the card…

Doing procedure from scratch with same script and now working.

Still another problem.

Did you manage to solve this issue?