Re: problem with signature chain in X509 certificates

Tue, 21 Jun 2005 10:12:10 -0700 

On Tue, Jun 21, 2005, soukyan wrote:

> Hello
> 
> I have the following code:
> variables
> X509 * cert;
> and
> X509_PUBKEY * working_public_key;
> are previously instantiated.
>                       ASN1_BIT_STRING_free(working_public_key->public_key);
> working_public_key->public_key =
>   ASN1_STRING_dup(cert->cert_info->key->public_key);
> if (cert->cert_info->key->algor->parameter)
> {
>   if (working_public_key->algor->parameter)
>     ASN1_TYPE_free(working_public_key->algor->parameter);
>   working_public_key->algor->parameter = ASN1_TYPE_new();
>   ASN1_TYPE_set(working_public_key->algor->parameter,
>     cert->cert_info->key->algor->parameter->type,
>     (void*)(&(cert->cert_info->key->algor->parameter->value)));
> }
> else
> {
>   if (OBJ_cmp(working_public_key->algor->algorithm,
>               cert->cert_info->key->algor->algorithm))
>   {
>     ASN1_TYPE_free(working_public_key->algor->parameter);
>     working_public_key->algor->parameter = NULL;
>   }
> }
> ASN1_OBJECT_free(working_public_key->algor->algorithm);
> working_public_key->algor->algorithm =
>   OBJ_dup(cert->cert_info->key->algor->algorithm);
> EVP_PKEY_free(working_public_key->pkey);
> working_public_key->pkey = NULL;
> X509_PUBKEY_get(working_public_key);
> 
> I do it according to RFC 3280 chapter 6.1.4 (d), (e) and (f).
> 
> If an algorithm in certificates' chain is RSA, the above code works 
> correctly. But if the algorithm is DSA, application crashes 
> (segmentation fault) in X509_PUBKEY_get(working_public_key).
> 
> What do I wrong i this code?
> 
> 

That's horribly non-portable and depends on lots of structure internals. You
should instead use X509_verify() if you just want to verify the signature on a
certificate.

If you want to extract the public key portably from a certificate use
X509_get_pubkey().

Steve.
--
Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and freelance consultant.
Funding needed! Details on homepage.
Homepage: http://www.drh-consultancy.demon.co.uk
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to