Hi all, I'm trying to create X509 certificate request signed inside smart card using PKCS11 interface.
To perform this task I have to perform following steps: 1, create certificate request (X509_new) 2, load public key (X509_REQ_set_pubkey) 3, set up subject name and extensions as required 4, export req_info structure (i2d_X509_REQ_INFO) 5, sign this structure using PKCS11 6, complete X509_REQ structure with proper signature and algorithm identifier 7, export certificate request (PEM_write_bio_X509_REQ) Unfortunately created request doesn't contain valid signature. After closer look at the openssl calls I've noticed, that the buffer exported using i2d_X509_REQ_INFO function doesn't contain properly encoded structure. Can somebody help me, what I'm doing wrong, or which parameter of the structure I forgot to initialize? Relevant part of the code: ... X509_REQ *req; X509_NAME *subj; if (!(req = X509_REQ_new())) { printf("Unable to initialize X509_REQ structure\n"); return -1; } RSA *rsa; rsa = RSA_new(); rsa->e = BN_bin2bn( (unsigned char *) pub_publicExponent, (int) 3, NULL ); rsa->n = BN_bin2bn( (unsigned char *) modulus, (int) (pub_modulusbits/8), NULL ); if( (pkey = EVP_PKEY_new()) == NULL ) { printf("Unable to initialize PKEY structure\n"); return -1; } EVP_PKEY_assign_RSA( pkey , rsa ); X509_REQ_set_pubkey(req, pkey); subj=X509_REQ_get_subject_name(req); X509_NAME_add_entry_by_txt(subj,"C", MBSTRING_ASC, (unsigned char *)"SK", -1, -1, 0); X509_NAME_add_entry_by_txt(subj,"CN", MBSTRING_ASC, (unsigned char *)"Test", -1, -1, 0); int datasig_len; unsigned char *tobesigned; datasig_len = i2d_X509_REQ_INFO( req->req_info, NULL ); tobesigned = (unsigned char *) malloc( datasig_len ); if( !tobesigned ) { printf("Unable to alloc mem buffer\n"); return -1; } int zzz = i2d_X509_REQ_INFO( req->req_info, &tobesigned ); .... After this part of code I've got following values inside the important variables: zzz = 0x000000c5 tobesigned buffer contains: 0x011B6135 fd fd fd fd ab ab ab ab ab ab ab ab fe ee fe ee ýýýý««««««««ţîţî 0x011B6145 fe ee fe 00 00 00 00 00 00 00 00 92 03 3b 68 59 ţîţ........’.;hY 0x011B6155 b7 00 00 28 93 1b 01 88 1a 1b 01 ee fe ee fe ee ·..(“......îţîţî 0x011B6165 fe ee fe ee fe ee fe ee fe ee fe ee fe ee fe ee ţîţîţîţîţîţîţîţî 0x011B6175 fe ee fe ee fe ee fe ee fe ee fe ee fe ee fe ee ţîţîţîţîţîţîţîţî 0x011B6185 fe ee fe ee fe ee fe ee fe ee fe ee fe ee fe ee ţîţîţîţîţîţîţîţî 0x011B6195 fe ee fe ee fe ee fe ee fe ee fe ee fe ee fe ee ţîţîţîţîţîţîţîţî 0x011B61A5 fe ee fe ee fe ee fe ee fe ee fe ee fe ee fe ee ţîţîţîţîţîţîţîţî 0x011B61B5 fe ee fe ee fe ee fe ee fe ee fe ee fe ee fe ee ţîţîţîţîţîţîţîţî 0x011B61C5 fe ee fe ee fe ee fe ee fe ee fe ee fe ee fe ee ţîţîţîţîţîţîţîţî 0x011B61D5 fe ee fe ee fe ee fe ee fe ee fe ee fe ee fe ee ţîţîţîţîţîţîţîţî 0x011B61E5 fe ee fe ee fe ee fe ee fe ee fe ee fe ee fe ee ţîţîţîţîţîţîţîţî 0x011B61F5 fe ee fe ee fe ee fe ee fe ee fe ee fe ee fe ee ţîţîţîţîţîţîţîţî ... This buffer doesn't seems to be a correct ASN1-encoded structure. Do you have any idea, what I'm doing wrong, or which library call I forgot to perform? Many thanks, Peter.