OpenSSL RSA_sign()返回零错误代码 [英] OpenSSL RSA_sign() returns zero error code
问题描述
我正在使用OpenSSL 1.0.2o版本.我是从OpenSSL编译的,只有静态的libcrypto.我使用了以下配置标志:
I am playing with OpenSSL 1.0.2o version. I compiled from OpenSSL only static libcrypto. I used this configuration flags:
no-demos, no-bugs, no-apps, no-ssl, no-test, no-shared, no-zlib, no-zlib-dynamic, no-ssl-trace, no-unit-test, no-ec_nistp_64_gcc_128, no-libunbound, no-ssl1, no-ssl2, no-ssl3, no-asm, no-dtls, no-dtls1, no-threads, no-npn, no-weak-ssl-ciphers, no-rfc3779, no-sctp, no-ui, no-async, no-dgram, no-posix-io, no-sock, no-des, no-dso, no-srp, no-store, no-ts, no-txt_db, no-hw, no-ec, no-gmp, -DOPENSSL_NO_STDIO, -DOPENSSL_NO_FP_API, -DOPENSSL_NO_DYNAMIC_ENGINE,-UOPENSSL_FIPS.
我将OpenSSL用于小型嵌入式设备. (没有文件操作,没有操作系统,没有libc).
I use OpenSSL into small embedded device. (without file operations, without operating system and without libc).
我从PEM字符串中从内存中导入RSA公钥和私钥,然后将其用于签名/验证,但是RSA_sign()函数返回零.可能是我做错了吗?
I import RSA public and private keys from memory from PEM-strings and then I want to use it for sign/verify, but RSA_sign() function returns zero. May be am I do that wrong?
导入键:
#include <openssl/pem.h>
#include <openssl/rsa.h>
#include <openssl/evp.h>
#include <openssl/bio.h>
#include <openssl/err.h>
#include <openssl/bn.h>
typedef RSA *(*read_bio2rsa_f)(BIO *, RSA **, pem_password_cb *, void *);
static BIO *pub_bio;
static RSA *pub_key;
static BIO *prv_bio;
static RSA *prv_key;
static RSA *openssl_read_key_rsa(int rsa_type, BIO **bio)
{
RSA *rsa;
char *pem_str;
int pem_str_len;
read_bio2rsa_f read_bio2rsa;
if (rsa_type == PUB_KEY_TYPE) {
pem_str = (char *)pem_pub_key;
pem_str_len = (int)sizeof(pem_pub_key);
read_bio2rsa = PEM_read_bio_RSA_PUBKEY;
} else {
pem_str = (char *)pem_prv_key;
pem_str_len = (int)sizeof(pem_prv_key);
read_bio2rsa = PEM_read_bio_RSAPrivateKey;
}
if ((*bio = BIO_new_mem_buf((const void *)pem_str,
pem_str_len)) == NULL) {
EMSG("BIO_new_mem_buf() FAILED read PEM key");
return NULL;
}
if ((rsa = RSA_new()) == NULL) {
EMSG("RSA_new() FAILED");
return NULL;
}
read_bio2rsa(*bio, &rsa, NULL, NULL);
return rsa;
}
static int check_rsa_key_pair(RSA *pub, RSA *priv)
{
if (BN_cmp(pub->n, priv->n) != 0)
return CRYPTO_ERR;
return CRYPTO_OK;
}
/* extrnal function for import RSA-keys */
int openssl_rsa_init_key(void)
{
ERR_load_crypto_strings();
OPENSSL_add_all_algorithms_noconf();
if ((prv_key = openssl_read_key_rsa(PRV_KEY_TYPE, &prv_bio)) == NULL) {
EMSG("Importing the private key FAILED!");
return CRYPTO_ERR;
}
if ((pub_key = openssl_read_key_rsa(PUB_KEY_TYPE, &pub_bio)) == NULL) {
EMSG("Importing the public key FAILED!");
return CRYPTO_ERR;
}
if (!check_rsa_key_pair(pub_key, prv_key)) {
EMSG("Key pair don't match");
return CRYPTO_ERR;
}
EMSG("Import KEYs is successful!");
return CRYPTO_OK;
}
以上所有代码均已成功执行.在此之后,从理论上讲,我可以将rsa密钥免费用于任何需要RSA类型的OpenSSL函数中.
All code above is executed successfully. After this, in theory, I can free use the rsa keys into any OpenSSL functions that expected RSA-type.
我试图这样签名:
int openssl_rsa_sign_hash(uint8_t *hash, unsigned int hash_len,
uint8_t *sig, int *sig_len)
{
if (!RSA_sign(NID_sha256, (const unsigned char *)hash, hash_len,
(unsigned char *)sig, (unsigned int *)sig_len,
prv_key)) {
EMSG("RSA signature FAILED with %s",
ERR_error_string(ERR_get_error(), NULL));
return CRYPTO_ERR;
}
EMSG("RSA signature success!");
return CRYPTO_OK;
}
但是,我收到了"RSA签名失败,错误:00000000:lib(0):func(0):reason(0)"的错误信息.
But, I got "RSA signature FAILED with error:00000000:lib(0):func(0):reason(0)" this string into my error output.
请问有人可以向我解释这些错误吗?
Could anyone explain me the mistakes, please?
推荐答案
但是,我收到了"RSA签名失败 错误:00000000:lib(0):func(0):原因(0)"将此字符串放入我的错误中 输出.
But, I got "RSA signature FAILED with error:00000000:lib(0):func(0):reason(0)" this string into my error output.
请问有人可以向我解释这些错误吗?
Could anyone explain me the mistakes, please?
我没有看到main
函数,所以这只是猜测...
I don't see a main
function, so this is just speculation...
在main
中的SSL_library_init
和ERR_load_crypto_strings
中添加呼叫.您可能还需要致电OpenSSL_add_all_ciphers
.
Add a call to SSL_library_init
and ERR_load_crypto_strings
in main
. You may also need a call to OpenSSL_add_all_ciphers
.
由于没有得到正确的错误字符串,因此您可以尝试打印ERR_get_error()
的结果.获得ERR_get_error()
的结果后,就可以通过openssl errstr
命令运行它:
Since you are not getting a good error string, you might try printing the result of ERR_get_error()
. Once you get the result of ERR_get_error()
, you can run it through the openssl errstr
command:
$ openssl errstr 0406506C
error:0406506C:rsa routines:RSA_EAY_PRIVATE_DECRYPT:data greater than mod len
另请参阅OpenSSL Wiki上的库初始化.
Also see Library Initialization on the OpenSSL wiki.
这篇关于OpenSSL RSA_sign()返回零错误代码的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!