I am porting some code using Intel IPP lib to OpenSSL (Apple Silicon port).
I have some code checking an XML file signature that looks like this:
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
<Reference URI="">
<Transforms>
<Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<DigestValue>j/cpRUOeyAoW+xF+RzK5rizbWyA=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>4dCoh+dB9/YY3pL1wWi6+3h5z52a0R230a4RQraJJFHSys5jndXlYMC3vSz7f2SO0o1AiYFPiSB5wr6OMUlzvTH7StQsG+NcRIJ2OaScjI3rEj497qfeCld+Ko656UfW5aLwxOtG1BW1XVWXJ4eFbD5lgP2161Tw0wV2BdUJlnc=</SignatureValue>
</Signature>
Which appears to be following this spec: https://www.w3.org/TR/xmldsig-core1/#sec-PKCS1
The current implementation uses a call to ippsRSAVerify_PKCS1v15 with the ippHashAlg_SHA1 hashAlg argument. I have tried to use OpenSSL’s RSA_Verify with no success. I suppose I’m not giving RSA_Verify the right kind of data, but I have a hard time understanding the different layers in RSA signing. Is there a direct equivalent in OpenSSL for the IPP function, or should I re-implement more steps myself using OpenSSL more primitive functions?
So after a bit more experimenting, I realised that indeed, ippsRSAVerify_PCKS1v15 and RSA_Verify expect different data for their respective pMsg and m arguments. The Intel function wants to be given the entire message to sign/verify, and computes the SHA1 digest (or other digest) internally, whereas the OpenSSL function expects to be given the digest of the message to sign/verify, not the original message itself.