i2d_X509_REQ_INFO doesn't convert req_info structure properly

Thu, 11 Mar 2010 07:46:03 -0800 

Hi all,

I'm trying to create X509 certificate request signed inside smart card
using PKCS11 interface.

To perform this task I have to perform following steps:
1, create certificate request (X509_new)
2, load public key (X509_REQ_set_pubkey)
3, set up subject name and extensions as required
4, export req_info structure (i2d_X509_REQ_INFO)
5, sign this structure using PKCS11
6, complete X509_REQ structure with proper signature and algorithm
identifier
7, export certificate request (PEM_write_bio_X509_REQ)

Unfortunately created request doesn't contain valid signature. After
closer look at the openssl calls I've noticed, that the buffer exported
using i2d_X509_REQ_INFO function doesn't contain properly encoded
structure.
Can somebody help me, what I'm doing wrong, or which parameter of the
structure I forgot to initialize?


Relevant part of the code:

...
  X509_REQ *req;
  X509_NAME *subj;

  if (!(req = X509_REQ_new())) {
    printf("Unable to initialize X509_REQ structure\n");
    return -1;
  }

  RSA *rsa;
  rsa = RSA_new();
  rsa->e = BN_bin2bn( (unsigned char *) pub_publicExponent, (int) 3, NULL );
  rsa->n = BN_bin2bn( (unsigned char *) modulus, (int)
(pub_modulusbits/8), NULL );

  if( (pkey = EVP_PKEY_new()) == NULL ) {
    printf("Unable to initialize PKEY structure\n");
    return -1;
  }

  EVP_PKEY_assign_RSA( pkey , rsa );
  X509_REQ_set_pubkey(req, pkey);

  subj=X509_REQ_get_subject_name(req);
  X509_NAME_add_entry_by_txt(subj,"C",
                          MBSTRING_ASC, (unsigned char *)"SK", -1, -1, 0);
  X509_NAME_add_entry_by_txt(subj,"CN",
                          MBSTRING_ASC, (unsigned char *)"Test", -1, -1, 0);

  int datasig_len;
  unsigned char *tobesigned;
  datasig_len = i2d_X509_REQ_INFO( req->req_info, NULL );
  tobesigned = (unsigned char *) malloc( datasig_len );
  if( !tobesigned ) {
    printf("Unable to alloc mem buffer\n");
    return -1;
  }
  int zzz = i2d_X509_REQ_INFO( req->req_info, &tobesigned );
....


After this part of code I've got following values inside the important
variables:
zzz = 0x000000c5

tobesigned buffer contains:
0x011B6135  fd fd fd fd ab ab ab ab ab ab ab ab fe ee fe ee 
ýýýý««««««««ţîţî
0x011B6145  fe ee fe 00 00 00 00 00 00 00 00 92 03 3b 68 59 
ţîţ........’.;hY
0x011B6155  b7 00 00 28 93 1b 01 88 1a 1b 01 ee fe ee fe ee 
·..(“......îţîţî
0x011B6165  fe ee fe ee fe ee fe ee fe ee fe ee fe ee fe ee 
ţîţîţîţîţîţîţîţî
0x011B6175  fe ee fe ee fe ee fe ee fe ee fe ee fe ee fe ee 
ţîţîţîţîţîţîţîţî
0x011B6185  fe ee fe ee fe ee fe ee fe ee fe ee fe ee fe ee 
ţîţîţîţîţîţîţîţî
0x011B6195  fe ee fe ee fe ee fe ee fe ee fe ee fe ee fe ee 
ţîţîţîţîţîţîţîţî
0x011B61A5  fe ee fe ee fe ee fe ee fe ee fe ee fe ee fe ee 
ţîţîţîţîţîţîţîţî
0x011B61B5  fe ee fe ee fe ee fe ee fe ee fe ee fe ee fe ee 
ţîţîţîţîţîţîţîţî
0x011B61C5  fe ee fe ee fe ee fe ee fe ee fe ee fe ee fe ee 
ţîţîţîţîţîţîţîţî
0x011B61D5  fe ee fe ee fe ee fe ee fe ee fe ee fe ee fe ee 
ţîţîţîţîţîţîţîţî
0x011B61E5  fe ee fe ee fe ee fe ee fe ee fe ee fe ee fe ee 
ţîţîţîţîţîţîţîţî
0x011B61F5  fe ee fe ee fe ee fe ee fe ee fe ee fe ee fe ee 
ţîţîţîţîţîţîţîţî
...

This buffer doesn't seems to be a correct ASN1-encoded structure.
Do you have any idea, what I'm doing wrong, or which library call I
forgot to perform?

Many thanks,
Peter.

Reply via email to