OpenSSL and CryptoAPI

Wed, 05 Apr 2000 07:56:45 -0700 

Hello,
I have component which create certificate request on WindowsNT 
platform with CryptoAPI. This certificate request is sended to 
certification authority (written in OpenSSL on HP-UX platform), 
which issue a certificate. This certificate is saved into LDAP. It 
looks o.k., but messages signed with CryptoAPI I'm not able verify 
with OpenSSL. The same way messages signed with OpenSSL I'm 
not able verify with CryptoAPI.
Messages signed with CryptoAPI are verified with CryptoAPI OK.
Messages signed with OpenSSL are verified with OpenSSL OK.


When I try to verify message sign (created with CryptoAPI) with 
certificate (generated with OpenSSL on base certificate request 
from CryptoAPI), I get the error message:
23474:error:0407006A:rsa 
routines:RSA_padding_check_PKCS1_type_1:block type is not 
01:rsa_pk1.c:100:
23474:error:04067072:rsa 
routines:RSA_EAY_PUBLIC_DECRYPT:padding check 
failed:rsa_eay.c:396:

The source code in symbolic language (for brevity):

char *szX500name = "CN=Name, OU=APM, O=Company, C=CZ";
unsigned char *lpCert = NULL, sign_buf[200];
unsigned char *message = "Some message";
unsigned int    iCertLen, sign_len;
FILE                    *sign_fp;
X509                    *pX509;
EVP_PKEY        *pKey;
EVP_MD_CTX      md_ctx;

ERR_load_crypto_strings();

/* get the der form certificate from LDAP, allocate and store it to 
lpCert */
LdapRequest(szX500name, &lpCert, &iCertLen);

pX509 = d2i_X509(NULL, &lpCert, iCertLen);
[snip test on NULL]

pKey = X509_extract_key(pX509);
[snip test on NULL]

sign_fp = fopen("signmess.bin","rb");
sign_len=128;
fread(sign_buf, sizeof(unsigned char), sign_len, sign_fp);
[snip]

EVP_VerifyInit(&md_ctx, EVP_md5());
EVP_VerifyUpdate(&md_ctx, message, strlen((char *)message));
err = EVP_VerifyFinal(&md_ctx, sign_buf, sign_len, pKey);
if (err<=0)
{
        ERR_print_errors_fp(stderr);    /* Here prints errors */
        exit(1);
}

Do somebody any recommendation for me.
Thanks
              George
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to