On Wed, Feb 03, 2010, Ujwal Chinthala wrote:
> Hi,
>
> I modified the code as you mentioned, I am just trying to verify if signing
> the certificate using private key works.
>
> I signed the certificate using private key.
> But I still get the same error from CMS_verify. It complains about "signer
> certificate not found".
> Is this the right way to create the self-signed dummy certificate? It seems
> to behave exactly the same way as before.
>
> Please find the modified code below (just added a block of code for signing
> the cert). Also I printed the certificate for reference.
>
>
> //COPY the DSA params and public keys from const char arrays into DSA
> structure
> DSA *dsaParams= DSA_new();
> dsaParams->g = BN_new();
> dsaParams->p = BN_new();
> dsaParams->q = BN_new();
> dsaParams->pub_key = BN_new();
> BN_bin2bn((const unsigned char *)uLicenseCheckG,
> sizeof(uLicenseCheckG), dsaParams->g);
> BN_bin2bn((const unsigned char *)uLicenseCheckP,
> sizeof(uLicenseCheckP), dsaParams->p);
> BN_bin2bn((const unsigned char *)uLicenseCheckQ,
> sizeof(uLicenseCheckQ), dsaParams->q);
> BN_bin2bn((const unsigned char *)uLicenseCheckY,
> sizeof(uLicenseCheckY), dsaParams->pub_key);
>
> //Create a EVP_PKEY to use in creating a certificate
> EVP_PKEY *evpTemp = EVP_PKEY_new();
> EVP_PKEY_assign_DSA(evpTemp, dsaParams);
>
> //Create a CMS content info structure out of the license key
> CMS_ContentInfo *cms = NULL;
> BIO *bioBuff = BIO_new_mem_buf((char *)nBytes, nCountOfBytes);
> BIO_set_mem_eof_return(bioBuff,0);
> cms = d2i_CMS_bio(bioBuff, NULL);// i believe this finds the end of
> ASN1 data
>
>
> STACK_OF(CMS_SignerInfo) *sinfos;
> CMS_SignerInfo *si;
> sinfos = CMS_get0_SignerInfos(cms);
> si = sk_CMS_SignerInfo_value(sinfos, 0);
> ASN1_OCTET_STRING* keyid;
> X509_NAME* issuer;
> ASN1_INTEGER* sno;
> int rc = CMS_SignerInfo_get0_signer_id(si, &keyid, &issuer, &sno);
> //USE THIS KEYID TO SET THE x509Cert->skid VALUE
> printf ("si: %d %p %p %p\n", rc, keyid, issuer, sno);
>
> //create a x509 cert with above DSA params and public key and skid
> X509 *x509Cert = X509_new();
> X509_set_version(x509Cert, 2);
> ASN1_INTEGER_set(X509_get_serialNumber(x509Cert), 0);
> x509Cert->skid = ASN1_OCTET_STRING_dup(keyid);
The above line is incorrect. You are just setting a cache SKID value and not
including it in the certificate.
Try X509_add1_ext_i2d(x509Cert, NID_subject_key_identifier, keyid, 0, 0);
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
