Hi, I'm trying to verify a signature using the following code:
BIO* cert_bio; X509 *cert; X509 * x509; EVP_PKEY * pkey; EVP_MD_CTX *md_ctx; int sig_err;
cert_bio = BIO_new_file("vpn_test_konz.pem", "r");
if (cert_bio == NULL) {
printf("error reading PEM-file\n");
exit(1);
}cert = PEM_read_bio_X509(cert_bio, NULL,NULL, NULL);
if (cert == NULL) {
printf("could not read X509-cert from bio\n");
exit(1);
}pkey = (EVP_PKEY *) X509_get_pubkey(cert);
if (pkey == NULL) {
printf("error extracting pubkey\n");
exit(1);
}md_ctx = EVP_MD_CTX_create(); EVP_VerifyInit_ex(md_ctx, EVP_sha1(), NULL ); EVP_VerifyUpdate(md_ctx, data, data_length); sig_err = EVP_VerifyFinal(md_ctx, signature, signature_length, pkey);
if (sig_err == -1) {
printf("An error occured while verifying the signature!\n");
ERR_print_errors_fp (stderr);
exit(1);
}
else if (sig_err == 0) {
printf("The signature does not match the data\n");
ERR_print_errors_fp (stderr);
exit(1);
}
else {
printf("OK - The signature does match the data\n");
}But the result is always "signature does not match" - although it should.
The errors are:
9876:error:0D07209B:asn1 encoding routines:ASN1_get_object:too long:asn1_lib.c:132:
9876:error:0D068066:asn1 encoding routines:ASN1_CHECK_TLEN:bad object header:tasn_dec.c:935:
9876:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error:tasn_dec.c:304:Type=X509_SIG
The RSA-key-output from printf("BN n: %s\n",BN_bn2hex(pkey->pkey.rsa->n)); printf("BN e: %s\n",BN_bn2hex(pkey->pkey.rsa->e)); matches the one from the openssl-commandline tool.
Any ideas, what I'm doing wrong?
Thanks Andreas ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
