gpt4 book ai didi

c++ - i2d_X509_REQ_INFO 没有正确转换 req_info 结构

转载 作者:行者123 更新时间:2023-11-30 03:20:46 24 4
gpt4 key购买 nike

我们正在研究生成 CSR(证书签名请求)的 token 。 key 对在 token 中完美生成,但我们无法获得正确的 csr。我正在尝试使用 PKCS11 接口(interface)创建在智能卡内签名的 X509 证书请求。我正在使用 openssl-1.0.2。

要执行此任务,我必须执行以下步骤:1、创建证书请求(X509_new)2、加载公钥(X509_REQ_set_pubkey)3、根据需要设置主题名称和扩展名4、导出req_info结构体(i2d_X509_REQ_INFO)5、使用PKCS11签署这个结构

不幸的是,创建的请求不包含有效签名。仔细查看我注意到的 openssl 调用后,使用 i2d_X509_REQ_INFO 函数导出的缓冲区不包含正确编码的结构。有人可以帮助我,我做错了什么,或者我忘记初始化结构的哪个参数?

Relevant part of the code:

...
X509_REQ *req;
X509_NAME *subj;

if (!(req = X509_REQ_new())) {
printf("Unable to initialize X509_REQ structure\n");
return -1;
}

RSA *rsa;
rsa = RSA_new();
rsa->e = BN_bin2bn( (unsigned char *) pub_publicExponent, (int) 3, NULL );
rsa->n = BN_bin2bn( (unsigned char *) modulus, (int) (pub_modulusbits/8), NULL );

if( (pkey = EVP_PKEY_new()) == NULL ) {
printf("Unable to initialize PKEY structure\n");
return -1;
}

EVP_PKEY_assign_RSA( pkey , rsa );
X509_REQ_set_pubkey(req, pkey);

subj=X509_REQ_get_subject_name(req);
X509_NAME_add_entry_by_txt(subj,"C",
MBSTRING_ASC, (unsigned char *)"SK", -1, -1, 0);
X509_NAME_add_entry_by_txt(subj,"CN",
MBSTRING_ASC, (unsigned char *)"Test", -1, -1, 0);

int datasig_len;
unsigned char *tobesigned;
datasig_len = i2d_X509_REQ_INFO( req->req_info, NULL );
tobesigned = (unsigned char *) malloc( datasig_len );
if( !tobesigned ) {
printf("Unable to alloc mem buffer\n");
return -1;
}
int zzz = i2d_X509_REQ_INFO( req->req_info, &tobesigned );

最佳答案

您似乎忽略了 relevant documentation 的一部分(诚​​然,这很容易发生):

i2d_X509() encodes the structure pointed to by x into DER format. If out is not NULL is writes the DER encoded data to the buffer at *out, and increments it to point after the data just written. If the return value is negative an error occurred, otherwise it returns the length of the encoded data.

(请注意,此代码段以 i2d_X509() 为例,但它对 i2d_X509_REQ_INFO() 的作用相同)

在调用i2d 函数之前,您必须存储tobesigned 的值,以便之后可以引用它。

重新创建您的示例,它似乎确实包含您的结构的有效 DER 格式表示,因为它似乎在相反的方向上没有问题。以下片段说明了这一点:

  unsigned char *ptr = tobesigned;
int zzz = i2d_X509_REQ_INFO( req->req_info, &ptr );
const unsigned char *ptr2 = tobesigned;
X509_REQ_INFO *deser = d2i_X509_REQ_INFO(NULL, &ptr2, zzz);
printf("Result of i2d|d2i_X509_REQ_INFO: \n"
" zzz = %d\n"
" tobesigned = 0x%p\n"
" ptr = 0x%p\n"
" ptr2 = 0x%p\n"
" deser = 0x%p\n",
zzz, tobesigned, ptr, ptr2, deser);

它产生:

Result of i2d|d2i_X509_REQ_INFO: 
zzz = 198
tobesigned = 0x0x7fd09c403010
ptr = 0x0x7fd09c4030d6
ptr2 = 0x0x7fd09c4030d6
deser = 0x0x7fd09c402f60

关于c++ - i2d_X509_REQ_INFO 没有正确转换 req_info 结构,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/52586453/

24 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com