Hi ,
I'm running into this error
1823:error:0407006A:rsa routines:RSA_padding_check_PKCS1_type_1:block type is
not 01:rsa_pk1.c:100:
1823:error:04067072:rsa routines:RSA_EAY_PUBLIC_DECRYPT:padding check
failed:rsa_eay.c:632:
just to quickly give a background i'm trying to verify a signature and that's
when i run into the above error.
code snippet that calls openssl is shown below.
so this verify_sign works if i use my own cert (generated by openssl ) and a
signature but when i use this
to consume someone else i run into the above mentioned error.
>From what it looks it seems that the signature isn't computed right or padded
>right.
Is that what this error means ?
Second is this verify_sign function correct. or am i missing something or not
considering some corner case.
Any pointers would be appreciated. As i'm out of ideas.
.
int verify_sign(X509 *pSignerCert, unsigned int *pSignature, size_t
pSignatureSize,
unsigned int *pPlainData, size_t pPlainDataSize)
{
int returnStatus;
EVP_MD_CTX md_ctx;
EVP_PKEY *pubKey = NULL;
if (!pSignerCert) {
printf("x509 is NULL\n");
return -10;
}
pubKey = X509_get_pubkey(pSignerCert);
if (!pubKey) {
printf("Signature successfully verified.\n");
}
EVP_MD_CTX_init(&md_ctx);
EVP_VerifyInit(&md_ctx, EVP_sha1());
int update = EVP_VerifyUpdate(&md_ctx, pPlainData, pPlainDataSize);
//int size = RSA_size(pubKey->pkey.ptr);
printf("returnStatus %d size \n", update);
returnStatus = EVP_VerifyFinal(&md_ctx, (const unsigned char *) pSignature,
pSignatureSize, pubKey);
ERR_print_errors_fp(stdout);
if (returnStatus == 1) {
printf("Signature successfully verified.\n");
returnStatus = 0;
}
else if (returnStatus <= 0) {
char *str = (returnStatus == 0) ? "Incorrect" : "Error verifying";
printf("verify_sign: '%s' signature!\r\n", str);
returnStatus = (returnStatus == 0) ? -100 : -200;
}
EVP_PKEY_free (pubKey);
EVP_MD_CTX_destroy(&md_ctx);
return returnStatus;
}
Thanks for you inputs in advance.
Best
Kunal
-----------------------------------------------
> From: [EMAIL PROTECTED]
> To: [email protected]
> Subject: Error EVP_verify
> Date: Fri, 22 Sep 2006 15:10:17 -0700
>
> Hi All,
> I'm using the EVP api to verify signature
> and i'm see this after turning the ERR_print_errors_fp(stdout);
> 1:error:0D07207B:asn1 encoding routines:ASN1_get_object:header too
> long:asn1_lib.c:150:
> 1:error:0D068066:asn1 encoding routines:ASN1_CHECK_TLEN:bad object
> header:tasn_dec.c:1269:
> 1:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1
> error:tasn_dec.c:374:Type=X509_SIG
> can anyone tell me which ASN1_OBJECT's header is too long. or provide some
> pointers.
> thanks
> kb
> -----------------------------------------------
> Check the weather nationwide with MSN Search Try it now!
_________________________________________________________________
Try the new Live Search today!
http://imagine-windowslive.com/minisites/searchlaunch/?locale=en-us&FORM=WLMTAG
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [email protected]
Automated List Manager [EMAIL PROTECTED]
