head 1.2; access; symbols perseant-exfatfs-base-20250801:1.2 perseant-exfatfs-base-20240630:1.2 perseant-exfatfs:1.2.0.24 perseant-exfatfs-base:1.2 cjep_sun2x:1.2.0.22 cjep_sun2x-base:1.2 cjep_staticlib_x-base1:1.2 cjep_staticlib_x:1.2.0.20 cjep_staticlib_x-base:1.2 phil-wifi-20200421:1.2 phil-wifi-20200411:1.2 phil-wifi-20200406:1.2 pgoyette-compat-merge-20190127:1.2 pgoyette-compat-20190127:1.2 pgoyette-compat-20190118:1.2 pgoyette-compat-1226:1.2 pgoyette-compat-1126:1.2 pgoyette-compat-1020:1.2 pgoyette-compat-0930:1.2 pgoyette-compat-0906:1.2 pgoyette-compat-0728:1.2 pgoyette-compat-0625:1.2 pgoyette-compat-0521:1.2 pgoyette-compat-0502:1.2 pgoyette-compat-0422:1.2 pgoyette-compat-0415:1.2 pgoyette-compat-0407:1.2 pgoyette-compat-0330:1.2 pgoyette-compat-0322:1.2 pgoyette-compat-0315:1.2 pgoyette-compat:1.2.0.18 pgoyette-compat-base:1.2 perseant-stdc-iso10646:1.2.0.16 perseant-stdc-iso10646-base:1.2 prg-localcount2-base3:1.2 prg-localcount2-base2:1.2 prg-localcount2-base1:1.2 prg-localcount2:1.2.0.14 prg-localcount2-base:1.2 pgoyette-localcount-20170426:1.2 bouyer-socketcan-base1:1.2 pgoyette-localcount-20170320:1.2 bouyer-socketcan:1.2.0.12 bouyer-socketcan-base:1.2 pgoyette-localcount-20170107:1.2 pgoyette-localcount-20161104:1.2 localcount-20160914:1.2 pgoyette-localcount-20160806:1.2 pgoyette-localcount-20160726:1.2 pgoyette-localcount:1.2.0.10 pgoyette-localcount-base:1.2 netbsd-5-2-3-RELEASE:1.1.1.1 netbsd-5-1-5-RELEASE:1.1.1.1 yamt-pagecache-base9:1.2 yamt-pagecache-tag8:1.2 tls-earlyentropy:1.2.0.6 tls-earlyentropy-base:1.2 riastradh-xf86-video-intel-2-7-1-pre-2-21-15:1.2 riastradh-drm2-base3:1.2 netbsd-5-2-2-RELEASE:1.1.1.1 netbsd-5-1-4-RELEASE:1.1.1.1 netbsd-5-2-1-RELEASE:1.1.1.1 netbsd-5-1-3-RELEASE:1.1.1.1 agc-symver:1.2.0.8 agc-symver-base:1.2 tls-maxphys-base:1.2 yamt-pagecache-base8:1.2 netbsd-5-2:1.1.1.1.0.56 yamt-pagecache-base7:1.2 netbsd-5-2-RELEASE:1.1.1.1 netbsd-5-2-RC1:1.1.1.1 yamt-pagecache-base6:1.2 yamt-pagecache-base5:1.2 yamt-pagecache-base4:1.2 netbsd-5-1-2-RELEASE:1.1.1.1 netbsd-5-1-1-RELEASE:1.1.1.1 yamt-pagecache-base3:1.2 yamt-pagecache-base2:1.2 yamt-pagecache:1.2.0.4 yamt-pagecache-base:1.2 bouyer-quota2-nbase:1.2 bouyer-quota2:1.2.0.2 bouyer-quota2-base:1.2 matt-nb5-mips64-premerge-20101231:1.1.1.1 matt-nb5-pq3:1.1.1.1.0.54 matt-nb5-pq3-base:1.1.1.1 netbsd-5-1:1.1.1.1.0.52 netbsd-5-1-RELEASE:1.1.1.1 netbsd-5-1-RC4:1.1.1.1 matt-nb5-mips64-k15:1.1.1.1 netbsd-5-1-RC3:1.1.1.1 netbsd-5-1-RC2:1.1.1.1 netbsd-5-1-RC1:1.1.1.1 netbsd-5-0-2-RELEASE:1.1.1.1 matt-nb5-mips64-premerge-20091211:1.1.1.1 matt-nb5-mips64-u2-k2-k4-k7-k8-k9:1.1.1.1 matt-nb4-mips64-k7-u2a-k9b:1.1.1.1 matt-nb5-mips64-u1-k1-k5:1.1.1.1 matt-nb5-mips64:1.1.1.1.0.50 netbsd-5-0-1-RELEASE:1.1.1.1 jym-xensuspend-nbase:1.1.1.1 netbsd-5-0:1.1.1.1.0.48 netbsd-5-0-RELEASE:1.1.1.1 netbsd-5-0-RC4:1.1.1.1 netbsd-5-0-RC3:1.1.1.1 netbsd-5-0-RC2:1.1.1.1 jym-xensuspend:1.1.1.1.0.46 jym-xensuspend-base:1.1.1.1 netbsd-5-0-RC1:1.1.1.1 netbsd-5:1.1.1.1.0.44 netbsd-5-base:1.1.1.1 matt-mips64-base2:1.1.1.1 matt-mips64:1.1.1.1.0.42 mjf-devfs2:1.1.1.1.0.40 mjf-devfs2-base:1.1.1.1 netbsd-4-0-1-RELEASE:1.1.1.1 wrstuden-revivesa-base-3:1.1.1.1 wrstuden-revivesa-base-2:1.1.1.1 wrstuden-fixsa-newbase:1.1.1.1 wrstuden-revivesa-base-1:1.1.1.1 yamt-pf42-base4:1.1.1.1 yamt-pf42-base3:1.1.1.1 hpcarm-cleanup-nbase:1.1.1.1 yamt-pf42-baseX:1.1.1.1 yamt-pf42-base2:1.1.1.1 OPENSSL_SNAP_20080509:1.1.1.1 wrstuden-revivesa:1.1.1.1.0.38 wrstuden-revivesa-base:1.1.1.1 yamt-pf42:1.1.1.1.0.36 yamt-pf42-base:1.1.1.1 keiichi-mipv6:1.1.1.1.0.34 keiichi-mipv6-base:1.1.1.1 matt-armv6-nbase:1.1.1.1 matt-armv6-prevmlocking:1.1.1.1 wrstuden-fixsa-base-1:1.1.1.1 netbsd-4-0:1.1.1.1.0.32 netbsd-4-0-RELEASE:1.1.1.1 cube-autoconf:1.1.1.1.0.30 cube-autoconf-base:1.1.1.1 netbsd-4-0-RC5:1.1.1.1 netbsd-4-0-RC4:1.1.1.1 netbsd-4-0-RC3:1.1.1.1 netbsd-4-0-RC2:1.1.1.1 netbsd-4-0-RC1:1.1.1.1 matt-armv6:1.1.1.1.0.28 matt-armv6-base:1.1.1.1 matt-mips64-base:1.1.1.1 hpcarm-cleanup:1.1.1.1.0.26 hpcarm-cleanup-base:1.1.1.1 netbsd-3-1-1-RELEASE:1.1.1.1 netbsd-3-0-3-RELEASE:1.1.1.1 wrstuden-fixsa:1.1.1.1.0.24 wrstuden-fixsa-base:1.1.1.1 openssl_0_9_8e:1.1.1.1 abandoned-netbsd-4-base:1.1.1.1 abandoned-netbsd-4:1.1.1.1.0.18 openssl_0_9_8d:1.1.1.1 netbsd-3-1:1.1.1.1.0.20 netbsd-3-1-RELEASE:1.1.1.1 netbsd-3-0-2-RELEASE:1.1.1.1 netbsd-3-1-RC4:1.1.1.1 netbsd-3-1-RC3:1.1.1.1 netbsd-3-1-RC2:1.1.1.1 netbsd-3-1-RC1:1.1.1.1 netbsd-4:1.1.1.1.0.22 netbsd-4-base:1.1.1.1 netbsd-3-0-1-RELEASE:1.1.1.1 openssl_0_9_8b:1.1.1.1 netbsd-3-0:1.1.1.1.0.16 netbsd-3-0-RELEASE:1.1.1.1 netbsd-3-0-RC6:1.1.1.1 netbsd-3-0-RC5:1.1.1.1 netbsd-3-0-RC4:1.1.1.1 openssl_0_9_8a:1.1.1.1 netbsd-3-0-RC3:1.1.1.1 netbsd-3-0-RC2:1.1.1.1 netbsd-3-0-RC1:1.1.1.1 netbsd-2-0-3-RELEASE:1.1.1.1 netbsd-2-1:1.1.1.1.0.14 netbsd-2-1-RELEASE:1.1.1.1 netbsd-2-1-RC6:1.1.1.1 netbsd-2-1-RC5:1.1.1.1 netbsd-2-1-RC4:1.1.1.1 netbsd-2-1-RC3:1.1.1.1 netbsd-2-1-RC2:1.1.1.1 netbsd-2-1-RC1:1.1.1.1 openssl_0_9_7g:1.1.1.1 openssl_0_9_7f:1.1.1.1 netbsd-2-0-2-RELEASE:1.1.1.1 netbsd-3:1.1.1.1.0.12 netbsd-3-base:1.1.1.1 netbsd-2-0-1-RELEASE:1.1.1.1 netbsd-2:1.1.1.1.0.10 netbsd-2-base:1.1.1.1 netbsd-2-0-RELEASE:1.1.1.1 netbsd-2-0-RC5:1.1.1.1 netbsd-2-0-RC4:1.1.1.1 netbsd-2-0-RC3:1.1.1.1 netbsd-2-0-RC2:1.1.1.1 netbsd-2-0-RC1:1.1.1.1 netbsd-2-0:1.1.1.1.0.8 netbsd-2-0-base:1.1.1.1 openssl_0_9_7d:1.1.1.1 netbsd-1-6-PATCH002-RELEASE:1.1.1.1 netbsd-1-6-PATCH002:1.1.1.1 netbsd-1-6-PATCH002-RC4:1.1.1.1 netbsd-1-6-PATCH002-RC3:1.1.1.1 netbsd-1-6-PATCH002-RC2:1.1.1.1 openssl_0_9_7c:1.1.1.1 netbsd-1-6-PATCH002-RC1:1.1.1.1 openssl_0_9_7b:1.1.1.1 netbsd-1-6-PATCH001:1.1.1.1 netbsd-1-6-PATCH001-RELEASE:1.1.1.1 netbsd-1-6-PATCH001-RC3:1.1.1.1 netbsd-1-6-PATCH001-RC2:1.1.1.1 netbsd-1-6-PATCH001-RC1:1.1.1.1 fvdl_fs64_base:1.1.1.1 netbsd-1-6-RELEASE:1.1.1.1 netbsd-1-6-RC3:1.1.1.1 netbsd-1-6-RC2:1.1.1.1 netbsd-1-6-RC1:1.1.1.1 openssl_0_9_6g:1.1.1.1 openssl_0_9_6f:1.1.1.1 openssl_0_9_6e:1.1.1.1 openssl_0_9_6d:1.1.1.1 netbsd-1-6:1.1.1.1.0.6 netbsd-1-6-base:1.1.1.1 netbsd-1-5-PATCH003:1.1.1.1 netbsd-1-5-PATCH002:1.1.1.1 openssl_0_9_6b:1.1.1.1 netbsd-1-5-PATCH001:1.1.1.1 openssl_0_9_6a:1.1.1.1 netbsd-1-5-RELEASE:1.1.1.1 netbsd-1-5-BETA2:1.1.1.1 netbsd-1-5-BETA:1.1.1.1 netbsd-1-5-ALPHA2:1.1.1.1 mrg-post-merge-openssl_0_9_5a:1.1.1.1 openssl_0_9_5a:1.1.1.1 minoura-xpg4dl:1.1.1.1.0.4 minoura-xpg4dl-base:1.1.1.1 netbsd-1-5:1.1.1.1.0.2 netbsd-1-5-base:1.1.1.1 openssl_0_9_4-netbsd-cryptosrc-intl:1.1.1.1 OPENSSL:1.1.1; locks; strict; comment @# @; 1.2 date 2009.07.20.22.56.32; author christos; state dead; branches; next 1.1; 1.1 date 2000.06.14.22.44.25; author thorpej; state Exp; branches 1.1.1.1; next ; 1.1.1.1 date 2000.06.14.22.44.25; author thorpej; state Exp; branches 1.1.1.1.4.1; next ; 1.1.1.1.4.1 date 2000.06.14.22.44.25; author thorpej; state dead; branches; next 1.1.1.1.4.2; 1.1.1.1.4.2 date 2000.06.14.22.44.26; author thorpej; state Exp; branches; next ; desc @@ 1.2 log @Don't lets this linger around forever. Causes hidden bugs. @ text @From ssl-lists-owner@@mincom.com Mon Sep 30 22:43:15 1996 Received: from cygnus.mincom.oz.au by orb.mincom.oz.au with SMTP id AA12802 (5.65c/IDA-1.4.4 for eay); Mon, 30 Sep 1996 12:45:43 +1000 Received: (from daemon@@localhost) by cygnus.mincom.oz.au (8.7.5/8.7.3) id MAA25922 for ssl-users-outgoing; Mon, 30 Sep 1996 12:43:43 +1000 (EST) Received: from orb.mincom.oz.au (eay@@orb.mincom.oz.au [192.55.197.1]) by cygnus.mincom.oz.au (8.7.5/8.7.3) with SMTP id MAA25900 for ; Mon, 30 Sep 1996 12:43:39 +1000 (EST) Received: by orb.mincom.oz.au id AA12688 (5.65c/IDA-1.4.4 for ssl-users@@listserv.mincom.oz.au); Mon, 30 Sep 1996 12:43:16 +1000 Date: Mon, 30 Sep 1996 12:43:15 +1000 (EST) From: Eric Young X-Sender: eay@@orb To: Sampo Kellomaki Cc: ssl-users@@mincom.com, sampo@@brutus.neuronio.pt Subject: Re: Signing with envelope routines In-Reply-To: <199609300037.BAA08729@@brutus.neuronio.pt> Message-Id: Mime-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: ssl-lists-owner@@mincom.com Precedence: bulk Status: O X-Status: On Mon, 30 Sep 1996, Sampo Kellomaki wrote: > I have been trying to figure out how to produce signatures with EVP_ > routines. I seem to be able to read in private key and sign some > data ok, but I can't figure out how I am supposed to read in > public key so that I could verify my signature. I use self signed > certificate. hmm... a rather poorly documented are of the library at this point in time. > I figured I should use > EVP_PKEY* pkey = PEM_ASN1_read(d2i_PrivateKey, PEM_STRING_EVP_PKEY, > fp, NULL, NULL); > to read in private key and this seems to work Ok. > > However when I try analogous > EVP_PKEY* pkey = PEM_ASN1_read(d2i_PublicKey, PEM_STRING_X509, > fp, NULL, NULL); What you should do is X509 *x509=PEM_read_X509(fp,NULL,NULL); /* which is the same as PEM_ASN1_read(d2i_X509,PEM_STRING_X509,fp, * NULL,NULL); */ Then EVP_PKEY *pkey=X509_extract_key(x509); There is also a X509_REQ_extract_key(req); which gets the public key from a certificate request. I re-worked quite a bit of this when I cleaned up the dependancy on RSA as the private key. > I figured that the second argument to PEM_ASN1_read should match the > name in my PEM encoded object, hence PEM_STRING_X509. > PEM_STRING_EVP_PKEY seems to be somehow magical > because it matches whatever private key there happens to be. I could > not find a similar constant to use with getting the certificate, however. :-), PEM_STRING_EVP_PKEY is 'magical' :-). In theory I should be using a standard such as PKCS#8 to store the private key so that the type is encoded in the asn.1 encoding of the object. > Is my approach of using PEM_ASN1_read correct? What should I pass in > as name? Can I use normal (or even self signed) X509 certificate for > verifying the signature? The actual public key is kept in the certificate, so basically you have to load the certificate and then 'unpack' the public key from the certificate. > When will SSLeay documentation be written ;-)? If I would contribute > comments to the code, would Eric take time to review them and include > them in distribution? :-) After SSLv3 and PKCS#7 :-). I actually started doing a function list but what I really need to do is do quite a few 'this is how you do xyz' type documents. I suppose the current method is to post to ssl-users and I'll respond :-). I'll add a 'demo' directory for the next release, I've appended a modified version of your program that works, you were very close :-). eric /* sign-it.cpp - Simple test app using SSLeay envelopes to sign data 29.9.1996, Sampo Kellomaki */ /* converted to C - eay :-) */ #include #include "rsa.h" #include "evp.h" #include "objects.h" #include "x509.h" #include "err.h" #include "pem.h" #include "ssl.h" void main () { int err; int sig_len; unsigned char sig_buf [4096]; static char certfile[] = "plain-cert.pem"; static char keyfile[] = "plain-key.pem"; static char data[] = "I owe you..."; EVP_MD_CTX md_ctx; EVP_PKEY * pkey; FILE * fp; X509 * x509; /* Just load the crypto library error strings, * SSL_load_error_strings() loads the crypto AND the SSL ones */ /* SSL_load_error_strings();*/ ERR_load_crypto_strings(); /* Read private key */ fp = fopen (keyfile, "r"); if (fp == NULL) exit (1); pkey = (EVP_PKEY*)PEM_ASN1_read ((char *(*)())d2i_PrivateKey, PEM_STRING_EVP_PKEY, fp, NULL, NULL); if (pkey == NULL) { ERR_print_errors_fp (stderr); exit (1); } fclose (fp); /* Do the signature */ EVP_SignInit (&md_ctx, EVP_md5()); EVP_SignUpdate (&md_ctx, data, strlen(data)); sig_len = sizeof(sig_buf); err = EVP_SignFinal (&md_ctx, sig_buf, &sig_len, pkey); if (err != 1) { ERR_print_errors_fp (stderr); exit (1); } EVP_PKEY_free (pkey); /* Read public key */ fp = fopen (certfile, "r"); if (fp == NULL) exit (1); x509 = (X509 *)PEM_ASN1_read ((char *(*)())d2i_X509, PEM_STRING_X509, fp, NULL, NULL); if (x509 == NULL) { ERR_print_errors_fp (stderr); exit (1); } fclose (fp); /* Get public key - eay */ pkey=X509_extract_key(x509); if (pkey == NULL) { ERR_print_errors_fp (stderr); exit (1); } /* Verify the signature */ EVP_VerifyInit (&md_ctx, EVP_md5()); EVP_VerifyUpdate (&md_ctx, data, strlen((char*)data)); err = EVP_VerifyFinal (&md_ctx, sig_buf, sig_len, pkey); if (err != 1) { ERR_print_errors_fp (stderr); exit (1); } EVP_PKEY_free (pkey); printf ("Signature Verified Ok.\n"); } @ 1.1 log @Initial revision @ text @@ 1.1.1.1 log @Import OpenSSL 0.9.4 from netbsd-cryptosrc-intl. @ text @@ 1.1.1.1.4.1 log @file sign.txt was added on branch minoura-xpg4dl on 2000-06-14 22:44:26 +0000 @ text @d1 170 @ 1.1.1.1.4.2 log @Import OpenSSL 0.9.4 from netbsd-cryptosrc-intl. @ text @a0 170 From ssl-lists-owner@@mincom.com Mon Sep 30 22:43:15 1996 Received: from cygnus.mincom.oz.au by orb.mincom.oz.au with SMTP id AA12802 (5.65c/IDA-1.4.4 for eay); Mon, 30 Sep 1996 12:45:43 +1000 Received: (from daemon@@localhost) by cygnus.mincom.oz.au (8.7.5/8.7.3) id MAA25922 for ssl-users-outgoing; Mon, 30 Sep 1996 12:43:43 +1000 (EST) Received: from orb.mincom.oz.au (eay@@orb.mincom.oz.au [192.55.197.1]) by cygnus.mincom.oz.au (8.7.5/8.7.3) with SMTP id MAA25900 for ; Mon, 30 Sep 1996 12:43:39 +1000 (EST) Received: by orb.mincom.oz.au id AA12688 (5.65c/IDA-1.4.4 for ssl-users@@listserv.mincom.oz.au); Mon, 30 Sep 1996 12:43:16 +1000 Date: Mon, 30 Sep 1996 12:43:15 +1000 (EST) From: Eric Young X-Sender: eay@@orb To: Sampo Kellomaki Cc: ssl-users@@mincom.com, sampo@@brutus.neuronio.pt Subject: Re: Signing with envelope routines In-Reply-To: <199609300037.BAA08729@@brutus.neuronio.pt> Message-Id: Mime-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: ssl-lists-owner@@mincom.com Precedence: bulk Status: O X-Status: On Mon, 30 Sep 1996, Sampo Kellomaki wrote: > I have been trying to figure out how to produce signatures with EVP_ > routines. I seem to be able to read in private key and sign some > data ok, but I can't figure out how I am supposed to read in > public key so that I could verify my signature. I use self signed > certificate. hmm... a rather poorly documented are of the library at this point in time. > I figured I should use > EVP_PKEY* pkey = PEM_ASN1_read(d2i_PrivateKey, PEM_STRING_EVP_PKEY, > fp, NULL, NULL); > to read in private key and this seems to work Ok. > > However when I try analogous > EVP_PKEY* pkey = PEM_ASN1_read(d2i_PublicKey, PEM_STRING_X509, > fp, NULL, NULL); What you should do is X509 *x509=PEM_read_X509(fp,NULL,NULL); /* which is the same as PEM_ASN1_read(d2i_X509,PEM_STRING_X509,fp, * NULL,NULL); */ Then EVP_PKEY *pkey=X509_extract_key(x509); There is also a X509_REQ_extract_key(req); which gets the public key from a certificate request. I re-worked quite a bit of this when I cleaned up the dependancy on RSA as the private key. > I figured that the second argument to PEM_ASN1_read should match the > name in my PEM encoded object, hence PEM_STRING_X509. > PEM_STRING_EVP_PKEY seems to be somehow magical > because it matches whatever private key there happens to be. I could > not find a similar constant to use with getting the certificate, however. :-), PEM_STRING_EVP_PKEY is 'magical' :-). In theory I should be using a standard such as PKCS#8 to store the private key so that the type is encoded in the asn.1 encoding of the object. > Is my approach of using PEM_ASN1_read correct? What should I pass in > as name? Can I use normal (or even self signed) X509 certificate for > verifying the signature? The actual public key is kept in the certificate, so basically you have to load the certificate and then 'unpack' the public key from the certificate. > When will SSLeay documentation be written ;-)? If I would contribute > comments to the code, would Eric take time to review them and include > them in distribution? :-) After SSLv3 and PKCS#7 :-). I actually started doing a function list but what I really need to do is do quite a few 'this is how you do xyz' type documents. I suppose the current method is to post to ssl-users and I'll respond :-). I'll add a 'demo' directory for the next release, I've appended a modified version of your program that works, you were very close :-). eric /* sign-it.cpp - Simple test app using SSLeay envelopes to sign data 29.9.1996, Sampo Kellomaki */ /* converted to C - eay :-) */ #include #include "rsa.h" #include "evp.h" #include "objects.h" #include "x509.h" #include "err.h" #include "pem.h" #include "ssl.h" void main () { int err; int sig_len; unsigned char sig_buf [4096]; static char certfile[] = "plain-cert.pem"; static char keyfile[] = "plain-key.pem"; static char data[] = "I owe you..."; EVP_MD_CTX md_ctx; EVP_PKEY * pkey; FILE * fp; X509 * x509; /* Just load the crypto library error strings, * SSL_load_error_strings() loads the crypto AND the SSL ones */ /* SSL_load_error_strings();*/ ERR_load_crypto_strings(); /* Read private key */ fp = fopen (keyfile, "r"); if (fp == NULL) exit (1); pkey = (EVP_PKEY*)PEM_ASN1_read ((char *(*)())d2i_PrivateKey, PEM_STRING_EVP_PKEY, fp, NULL, NULL); if (pkey == NULL) { ERR_print_errors_fp (stderr); exit (1); } fclose (fp); /* Do the signature */ EVP_SignInit (&md_ctx, EVP_md5()); EVP_SignUpdate (&md_ctx, data, strlen(data)); sig_len = sizeof(sig_buf); err = EVP_SignFinal (&md_ctx, sig_buf, &sig_len, pkey); if (err != 1) { ERR_print_errors_fp (stderr); exit (1); } EVP_PKEY_free (pkey); /* Read public key */ fp = fopen (certfile, "r"); if (fp == NULL) exit (1); x509 = (X509 *)PEM_ASN1_read ((char *(*)())d2i_X509, PEM_STRING_X509, fp, NULL, NULL); if (x509 == NULL) { ERR_print_errors_fp (stderr); exit (1); } fclose (fp); /* Get public key - eay */ pkey=X509_extract_key(x509); if (pkey == NULL) { ERR_print_errors_fp (stderr); exit (1); } /* Verify the signature */ EVP_VerifyInit (&md_ctx, EVP_md5()); EVP_VerifyUpdate (&md_ctx, data, strlen((char*)data)); err = EVP_VerifyFinal (&md_ctx, sig_buf, sig_len, pkey); if (err != 1) { ERR_print_errors_fp (stderr); exit (1); } EVP_PKEY_free (pkey); printf ("Signature Verified Ok.\n"); } @