On Mon, Mar 30, 2009, Goblin_Queen wrote:
>
> This is the code I used to test the signing mechanism:
>
>
>
> void sign_test (const pkcs11h_certificate_t cert) {
>
> string hash = "67Vz7or3fAge1eo0ahO/S1YiCmo="; //test base64 encoded hash
> value
>
> unsigned char* sha1_data2;
> sha1_data2 = (unsigned char*)malloc(sizeof(char)*4096);
>
> base64_decode_block(hash.c_str(),strlen(hash.c_str()),(char*)sha1_data2);
>
>
> CK_RV rv;
>
> unsigned char *blob;
>
> //----------Hoort bij manier 2 en 3 en 4---------------
> pkcs11h_openssl_session_t session = pkcs11h_openssl_createSession(cert);
> RSA* rsa = pkcs11h_openssl_session_getRSA(session);
> blob=(unsigned char*)malloc(RSA_size(rsa));
>
> //----------Manier 4---------------
> unsigned int blobRsaSize;
> int ok =
> RSA_sign(NID_sha1WithRSA,sha1_data2,sizeof(sha1_data2),blob,&blobRsaSize,rsa);
> int verifyOK =
> RSA_verify(NID_sha1WithRSA,sha1_data2,sizeof(sha1_data2),blob,blobRsaSize,rsa);
>
Well the two calls above are clearly wrong. Instead of passing the length of
the decoded hash you are passing the size of the *pointer*.
Steve.
--
Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and freelance consultant.
Homepage: http://www.drh-consultancy.demon.co.uk
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
