Victor Duchovni wrote:
On Tue, Feb 27, 2007 at 09:52:38AM +0800, Zhuang Yuyao wrote:
I need to verify a message digest and its signature with a X.509
certificate. As far as I known, the procedure may looks like this:
pubkey = X509_get_pubkey(x);
rsa = EVP_PKEY_get1_RSA(pkey);
RSA_public_decrypt(signature_len, signature, rsa_out, rsa, pad);
memcmp(rsa_out, message_digest, message_digest_len);
man EVP_VerifyInit
the original message is required to do
EVP_VerifyInit()
EVP_VerifyUpdate()
EVP_VerifyFinal().
but my question is: I do not have the original message but only have the
digest of the message. how can I verify this message digest and its
signature.
after reading the openssl source code. I created a function called
EVP_VerifyFinal_ex() but compilation is failed(173: error: too many
arguments to function).
147 int EVP_VerifyFinal_ex(EVP_MD_CTX *ctx, unsigned char* m, unsigned
int m_len, unsigned char *sigbuf,
148 unsigned int siglen, EVP_PKEY *pkey)
149 {
150 int i,ok=0,v;
151
152 for (i=0; i<4; i++)
153 {
154 v=ctx->digest->required_pkey_type[i];
155 if (v == 0) break;
156 if (pkey->type == v)
157 {
158 ok=1;
159 break;
160 }
161 }
162 if (!ok)
163 {
164 EVPerr(EVP_F_EVP_VERIFYFINAL,EVP_R_WRONG_PUBLIC_KEY_TYPE);
165 return(-1);
166 }
167 if (ctx->digest->verify == NULL)
168 {
169 EVPerr(EVP_F_EVP_VERIFYFINAL,EVP_R_NO_VERIFY_FUNCTION_CONFIGURED);
170 return(0);
171 }
172
173
return(ctx->digest->verify(ctx->digest->type,m,m_len,sigbuf,siglen,pkey->pkey.ptr));
174 }
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
