Issuing CSR creates invalid self-signature

[dwmw2]

This is part of the self-tests in OpenConnect, using software TPM and even hardware TPM as part of its test suite: https://gitlab.com/openconnect/openconnect/-/blob/v9.12/tests/Makefile.am

I generate a key in the TPM, generate a CSR for it, attempt to sign it with my test CA, and get an error:

Certificate request self-signature did not match the contents
40B77A6FD27F0000:error:02000068:rsa routines:ossl_rsa_verify:bad signature:../crypto/rsa/rsa_sign.c:430:
40B77A6FD27F0000:error:1C880004:Provider routines:rsa_verify:RSA lib:../providers/implementations/signature/rsa_sig.c:774:
40B77A6FD27F0000:error:06880006:asn1 encoding routines:ASN1_item_verify_ctx:EVP lib:../crypto/asn1/a_verify.c:217:

It's the same for RSA and EC(secp256r1) keys.

 $ tpm2tss-genkey -t device -a rsa -s 2048 hwtpm-key-rsa.pem
Initializing
Setting TCTI option to "device"
Generating RSA key for 2048 bits keysize.
Establishing connection with TPM.
Creating primary key under owner.
Generating the RSA key inside the TPM.
Generated the RSA key inside the TPM.

$ TPM2TSSENGINE_TCTI=device openssl req -new -config ~/git/openconnect/tests/configs/user-cert.prm -engine tpm2tss -keyform ENGINE -key hwtpm-key-rsa.pem -out hwtpm-key-rsa-tpm2tss.csr
Initializing
Engine "tpm2tss" set.
Loading private key hwtpm-key-rsa.pem
Loaded key uses alg-id 1
Creating RSA key object.
Created RSA key object.
TPM2 Key loaded
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Common Name []:A user
User ID []:test
rsa_digest_custom 0x560169b3cca0 0x560169b244d0
Establishing connection with TPM.
Creating primary key under owner.
Loading key blob.
rsa_signctx 0x560169b3cca0 0x560169b244d0 sig_data 0x560169b6b0d0
rsa_signctx 0x560169ba2e20 0x560169ba59a0 sig_data 0x560169b760b0

$ openssl x509 -days 10000 -CA ~/git/openconnect/tests/certs/ca.pem -CAkey ~/git/openconnect/tests/certs/ca-key.pem -set_serial 1686782332 -req -out hwtpm-cert-rsa-tpm2tss.pem -in hwtpm-key-rsa-tpm2tss.csr
Certificate request self-signature did not match the contents
40B77A6FD27F0000:error:02000068:rsa routines:ossl_rsa_verify:bad signature:../crypto/rsa/rsa_sign.c:430:
40B77A6FD27F0000:error:1C880004:Provider routines:rsa_verify:RSA lib:../providers/implementations/signature/rsa_sig.c:774:
40B77A6FD27F0000:error:06880006:asn1 encoding routines:ASN1_item_verify_ctx:EVP lib:../crypto/asn1/a_verify.c:217:

If I use the other engine to generate the CSR, it works:

$ TPM_DEVICE=/dev/tpmrm0 openssl req -new -config ~/git/openconnect/tests/configs/user-cert.prm -engine tpm2 -keyform ENGINE -key hwtpm-key-rsa.pem -out hwtpm-key-rsa-tpm2.csr
Engine "tpm2" set.
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Common Name []:A user
User ID []:test

$ openssl x509 -days 10000 -CA ~/git/openconnect/tests/certs/ca.pem -CAkey ~/git/openconnect/tests/certs/ca-key.pem -set_serial 1686782332 -req -out hwtpm-cert-rsa-tpm2.pem -in hwtpm-key-rsa-tpm2.csr
Certificate request self-signature ok
subject=CN = A user, UID = test

[dwmw2]

hwtpm-key-files.tar.gz

[dwmw2]

Building with --disable-digestsign seems to fix it

[alxchk]

Looks like it also producing invalid signatures

[jmbents]

What version of openssl were you using? I ran into this same issue and realized that since I was using openssl 3.0.13, according to the README, I should be using tpm2-openssl instead of tpm2-tss.