000026131 - How to generate proof of possession for message with POP type PKI_POP_RA_VERIFIED

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000026131
Applies ToRSA BSAFE Cert-C
IssueHow to generate proof of possession for message with POP type PKI_POP_RA_VERIFIED
C_GeneratePKIMsgProofOfPossession() returns error E_INVALID_PARAMETER if passing it a NULL private key for the fifth parameter
CauseThe provider code does not allow a NULL private key, but it should
ResolutionTo correct this issue, modify the provider code as follows, rebuild certcsp.lib, and re-link the application with certcsp.lib.

C_GeneratePKIMsgProofOfPossession() calls the corresponding Cert-C service provider function. For example, in provider\pki\cmp\cmp.c:

funcs->pki.GeneratePKIMsgProofOfPossession = CMP_GeneratePKIProofOfPossessionByIndex;


1. In CMP_GeneratePKIProofOfPossessionByIndex(), the following code checks that the private key is not NULL. You can comment out this code:

if (!privateKey)

  return logInvalidParam(ctx, "privateKey==0", __LINE__);

This should eliminate an invalid parameter error.


2. Later, C_GeneratePKIMsgProofOfPossession() for the CRMF object is called:

status = C_GeneratePKIMsgProofOfPossession
  (ctx, spData->crmfPrvName, pcmp->crmfObj, index, privateKey, popGenInfo);

In provider\pki\CRMF\crmf.c, comment out the same check for the private key:

if (!privateKey)

  return logInvalidParam(ctx, "privateKey==0", __LINE__);

This should eliminate another invalid parameter error.


3. Returning to CMP_GeneratePKIProofOfPossessionByIndex() in provider\pki\cmp\cmp.c, add a check for a non-NULL private key before inserting it into the private key list. Change the following:

status = C_InsertPrivateKeyInList(pcmp->privateKeyList, privateKey, index);

to:

if (privateKey)

  status = C_InsertPrivateKeyInList(pcmp->privateKeyList, privateKey, index);

This should eliminate the final invalid parameter error.
Legacy Article IDa21145

Attachments

    Outcomes