On Mon, Mar 18, 2013, Tim Tassonis wrote:
> Hi Erwann
>
> > What you have to do it hash your data, prepare an X509_SIG object, set
> > its "algor" to SHA1 (with NULL parameters), and fill the "digest" part
> > with your hash result. Then transform it into DER, and sign it with
> > CKM_RSA_PKCS mechanism.
>
>
> Thanks a lot for the explanation. However, I can't find any
> documentation about how to setup this X509_SIG object and then
> transfer it into DER. The structure seems to look as follows:
>
> typedef struct X509_sig_st
> {
> X509_ALGOR *algor;
> ASN1_OCTET_STRING *digest;
> } X509_SIG;
>
>
>
> EVP_DigestFinal(&ctx,buf,&buf_len);
>
> gives me a character buffer buf, containing the digest, but I seem
> to have to encode this to ASN1_OCTET_STRING.
>
> Can anybody quickly tell me the required functions or point me to an
> example of how to do this?
>
Well you can use the ASN1 code for this but for a single digest you can just
manually prepend the necessary encoding. The fips code does this to avoid
having to include the ASN1 module. The relavant data is in
fips/rsa/fips_rsa_sign.c in any FIPS branch (and the master branch).
For example for SHA1 it is:
static const unsigned char sha1_bin[] = {
0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1a,
0x05,
0x00, 0x04, 0x14
};
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [email protected]
Automated List Manager [email protected]
