KB,
The code isn't documented very well, it has something to do with the
salt length. The following is from RSA_verify_PKCS1_PSS() (in
rsa_pss.c):
/*
* Negative sLen has special meanings:
* -1 sLen == hLen
* -2 salt length is autorecovered from signature
* -N reserved
*/
I suggest either trying the values (or even 0), or looking further at
the code, to see what it does.
Gerry
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of k b
Sent: Friday, July 28, 2006 12:38 PM
To: openssl-dev@openssl.org
Subject: RE: How to verify signature data with RSA PKCS1
thanks for your reponse Gerry !
the two method you suggested were helpful
RSA *EVP_PKEY_get1_RSA(EVP_PKEY *pkey) (see evp.h)
and d2i_X509_fp(fp,x509) to read DER directly from the file into an X509
struct.
but i still need to know how would i verify the signature which is
SHA1 hash of data encrypted with RSA with PKCS1 padding.
I know there is this method
int RSA_verify_PKCS1_PSS(RSA *rsa, const unsigned char *mHash,
const EVP_MD *Hash, const unsigned char *EM, int
sLen)
but don't know what should sLen be set to.
thanks
kb
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager [EMAIL PROTECTED]
