自学教程：C++ EVP_VerifyFinal函数代码示例

void rsatest(){    const EVP_MD *sha256 = EVP_get_digestbyname("sha256");    if(!sha256){	fprintf(stderr,"SHA256 not available/n");	return;    }    printf("Now try signing with X.509 certificates and EVP/n");    char ptext[16];    memset(ptext,0,sizeof(ptext));    strcpy(ptext,"Simson");    unsigned char sig[1024];    uint32_t  siglen = sizeof(sig);    BIO *bp = BIO_new_file("signing_key.pem","r");    EVP_MD_CTX md;    EVP_PKEY *pkey = PEM_read_bio_PrivateKey(bp,0,0,0);    EVP_SignInit(&md,sha256);    EVP_SignUpdate(&md,ptext,sizeof(ptext));    EVP_SignFinal(&md,sig,&siglen,pkey);    /* let's try to verify it */    bp = BIO_new_file("signing_cert.pem","r");    X509 *x = 0;    PEM_read_bio_X509(bp,&x,0,0);    EVP_PKEY *pubkey = X509_get_pubkey(x);        printf("pubkey=%p/n",pubkey);	    EVP_VerifyInit(&md,sha256);    EVP_VerifyUpdate(&md,ptext,sizeof(ptext));    int r = EVP_VerifyFinal(&md,sig,siglen,pubkey);    printf("r=%d/n",r);    printf("do it again.../n");    EVP_VerifyInit(&md,sha256);    EVP_VerifyUpdate(&md,ptext,sizeof(ptext));    r = EVP_VerifyFinal(&md,sig,siglen,pubkey);    printf("r=%d/n",r);    printf("make a tiny change.../n");    ptext[0]='f';    EVP_VerifyInit(&md,sha256);    EVP_VerifyUpdate(&md,ptext,sizeof(ptext));    r = EVP_VerifyFinal(&md,sig,siglen,pubkey);    printf("r=%d/n",r);}

int oauth_verify_rsa_sha1 (const char *m, const char *c, const char *s) {  EVP_MD_CTX md_ctx;  EVP_PKEY *pkey;  BIO *in;  X509 *cert = NULL;  unsigned char *b64d;  int slen, err;  in = BIO_new_mem_buf((unsigned char*)c, strlen(c));  cert = PEM_read_bio_X509(in, NULL, 0, NULL);  if (cert)  {    pkey = (EVP_PKEY *) X509_get_pubkey(cert);     X509_free(cert);  } else {    pkey = PEM_read_bio_PUBKEY(in, NULL, 0, NULL);  }  BIO_free(in);  if (pkey == NULL) {  //fprintf(stderr, "could not read cert/pubkey./n");    return -2;  }  b64d= (unsigned char*) xmalloc(sizeof(char)*strlen(s));  slen = oauth_decode_base64(b64d, s);  EVP_VerifyInit(&md_ctx, EVP_sha1());  EVP_VerifyUpdate(&md_ctx, m, strlen(m));  err = EVP_VerifyFinal(&md_ctx, b64d, slen, pkey);  EVP_MD_CTX_cleanup(&md_ctx);  EVP_PKEY_free(pkey);  free(b64d);  return (err);}

bool OSSLGOST::verifyFinal(const ByteString& signature){	// Save necessary state before calling super class verifyFinal	OSSLGOSTPublicKey* pk = (OSSLGOSTPublicKey*) currentPublicKey;	if (!AsymmetricAlgorithm::verifyFinal(signature))	{		return false;	}	// Perform the verify operation	EVP_PKEY *pkey = pk->getOSSLKey();	int ret;	if (pkey == NULL)	{		ERROR_MSG("Could not get the OpenSSL public key");		EVP_MD_CTX_cleanup(&curCTX);		return false;	}	ret = EVP_VerifyFinal(&curCTX, signature.const_byte_str(), signature.size(), pkey);	EVP_MD_CTX_cleanup(&curCTX);	if (ret != 1)	{		if (ret < 0)			ERROR_MSG("GOST verify failed (0x%08X)", ERR_get_error());		return false;	}	return true;}

void openssl_evp_comsign(){	RSA *rsa;	EVP_PKEY *evpKey;	EVP_MD_CTX mdctx;	unsigned int i, len;	char ins[MAX1_LEN] = "openssl signature";	unsigned char outs[MAX1_LEN];	OpenSSL_add_all_algorithms();	rsa = RSA_generate_key(MAX1_LEN, RSA_F4, NULL, NULL);	evpKey = EVP_PKEY_new();	EVP_PKEY_set1_RSA(evpKey, rsa);	EVP_MD_CTX_init(&mdctx);	EVP_SignInit_ex(&mdctx, EVP_md5(), NULL);	EVP_SignUpdate(&mdctx, ins, strlen(ins));	EVP_SignFinal(&mdctx, outs, &len, evpKey);	printf("/nEVP_COMSignature(%s) = ", ins);	for (i = 0; i < len; i++)		printf("0x%02x ", outs[i]);	printf("/n");	EVP_MD_CTX_cleanup(&mdctx);	EVP_MD_CTX_init(&mdctx);	EVP_VerifyInit_ex(&mdctx, EVP_md5(), NULL);	EVP_VerifyUpdate(&mdctx, ins, strlen(ins));	if (EVP_VerifyFinal(&mdctx, outs, len, evpKey) == 1)		printf("EVP_COMVerify OK!/n");	EVP_MD_CTX_cleanup(&mdctx);	EVP_PKEY_free(evpKey);	RSA_free(rsa);}

ssize_tdsa_verify_final(struct iked_dsa *dsa, void *buf, size_t len){	uint8_t		 sig[EVP_MAX_MD_SIZE];	unsigned int	 siglen = sizeof(sig);	uint8_t		*ptr = buf;	size_t		 off = 0;	if (dsa->dsa_hmac) {		if (!HMAC_Final(dsa->dsa_ctx, sig, &siglen))			return (-1);		if (siglen != len || memcmp(buf, sig, siglen) != 0)			return (-1);	} else {		if ((off = _dsa_verify_offset(dsa, ptr)) >= len)			return (-1);		if (EVP_VerifyFinal(dsa->dsa_ctx, ptr + off, len - off,		    dsa->dsa_key) != 1) {			ca_sslerror(__func__);			return (-1);		}	}	return (0);}

int COsslKey::VerifyBin( sqbind::CSqBinary *pData, sqbind::CSqBinary *sig ){_STT();	if ( !pData || !sig || !getPublicKeyPtr() )		return 0;	EVP_MD_CTX md_ctx;	if ( !EVP_VerifyInit( &md_ctx, EVP_sha1() ) )	{	oexERROR( 0, oexT( "EVP_VerifyInit() failed" ) );		return 0;	} // end if	if ( !EVP_VerifyUpdate( &md_ctx, pData->Ptr(), pData->getUsed() ) )	{	oexERROR( 0, oexT( "EVP_VerifyUpdate() failed" ) );		return 0;	} // end if	int err = EVP_VerifyFinal( &md_ctx, (unsigned char*)sig->Ptr(), sig->getUsed(), getPublicKeyPtr() );	if ( err != 1 )	{	oexERROR( err, oexT( "EVP_VerifyFinal() failed" ) );		return 0;	} // end if	return 1;}

/** Low-level signature verification. *  /param key_count Number of keys in the /a keys array  *         and number fo signatures in the /a sigs array. *  /param keys Array of keys.  The keys must include public key data. *  /param sigs Array of signatures, as returned from gale_crypto_sign_raw(). *  /param data Data to verify against signatures. *  /return Nonzero iff the all signatures are valid. */int gale_crypto_verify_raw(int key_count,        const struct gale_group *keys,        const struct gale_data *sigs,        struct gale_data data){	int i,is_valid = 1;	EVP_MD_CTX *context = EVP_MD_CTX_new();	RSA *rsa;	EVP_VerifyInit(context,EVP_md5());	EVP_VerifyUpdate(context,data.p,data.l);	for (i = 0; is_valid && i < key_count; ++i) {		EVP_PKEY *key = EVP_PKEY_new();		EVP_PKEY_assign_RSA(key,RSA_new());		rsa = EVP_PKEY_get0_RSA(key);		crypto_i_rsa(keys[i],rsa);		if (!crypto_i_public_valid(rsa)) {			gale_alert(GALE_WARNING,G_("invalid public key"),0);			is_valid = 0;			goto cleanup;		}		if (!EVP_VerifyFinal(context,sigs[i].p,sigs[i].l,key)) {			crypto_i_error();			is_valid = 0;			goto cleanup;		}	cleanup:		EVP_PKEY_free(key);	}	return is_valid;}

static int verify_fverify(lua_State *L){  /* parameter 1 is the 'crypto.verify' table */  const char *type_name = luaL_checkstring(L, 2);  const EVP_MD *type = EVP_get_digestbyname(type_name);  if (type == NULL) {    luaL_argerror(L, 1, "invalid digest type");    return 0;  } else {    EVP_MD_CTX c;    size_t input_len = 0;    const unsigned char *input = (unsigned char *) luaL_checklstring(L, 3, &input_len);    size_t sig_len = 0;    const unsigned char *sig = (unsigned char *) luaL_checklstring(L, 4, &sig_len);    EVP_PKEY **pkey = (EVP_PKEY **)luaL_checkudata(L, 5, LUACRYPTO_PKEYNAME);    int ret;    EVP_MD_CTX_init(&c);    EVP_VerifyInit_ex(&c, type, NULL);    EVP_VerifyUpdate(&c, input, input_len);    ret = EVP_VerifyFinal(&c, sig, sig_len, *pkey);    EVP_MD_CTX_cleanup(&c);    if (ret == -1)      return crypto_error(L);    lua_pushboolean(L, ret);    return 1;  }}

bool Verificador::verificarFirma(ParDeClaves& parDeClaves,const std::string& firma,std::istream& mensaje){    RSA* rsa = parDeClaves;    EVP_PKEY* pk = EVP_PKEY_new();    EVP_MD_CTX ctx;    EVP_PKEY_set1_RSA(pk,parDeClaves);    EVP_MD_CTX_init(&ctx);    M_EVP_MD_CTX_set_flags(&ctx, EVP_MD_CTX_FLAG_PAD_PKCS1/*EVP_MD_CTX_FLAG_PAD_X931*/);    EVP_VerifyInit_ex(&ctx, EVP_get_digestbynid(NID_sha1), NULL);    while(!mensaje.eof()){        unsigned char buffer[tamanio_de_buffer_default];        mensaje.read((char*)buffer,tamanio_de_buffer_default);        EVP_VerifyUpdate(&ctx, buffer, mensaje.gcount());        mensaje.peek();    }    int ok = EVP_VerifyFinal(&ctx, (unsigned char*)firma.c_str(), firma.size(), pk);    EVP_MD_CTX_cleanup(&ctx);    // El free esta en el constructor de ParDeClaves no puede    // liberarse aca    //FIPS_rsa_free(pk.pkey.rsa);    EVP_PKEY_free(pk);    return ok==1;}

int ASN1_verify(i2d_of_void *i2d, X509_ALGOR *a, ASN1_BIT_STRING *signature,                char *data, EVP_PKEY *pkey){    EVP_MD_CTX *ctx = EVP_MD_CTX_new();    const EVP_MD *type;    unsigned char *p, *buf_in = NULL;    int ret = -1, i, inl;    if (ctx == NULL) {        ASN1err(ASN1_F_ASN1_VERIFY, ERR_R_MALLOC_FAILURE);        goto err;    }    i = OBJ_obj2nid(a->algorithm);    type = EVP_get_digestbyname(OBJ_nid2sn(i));    if (type == NULL) {        ASN1err(ASN1_F_ASN1_VERIFY, ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM);        goto err;    }    if (signature->type == V_ASN1_BIT_STRING && signature->flags & 0x7) {        ASN1err(ASN1_F_ASN1_VERIFY, ASN1_R_INVALID_BIT_STRING_BITS_LEFT);        goto err;    }    inl = i2d(data, NULL);    if (inl <= 0) {        ASN1err(ASN1_F_ASN1_VERIFY, ERR_R_INTERNAL_ERROR);        goto err;    }    buf_in = OPENSSL_malloc((unsigned int)inl);    if (buf_in == NULL) {        ASN1err(ASN1_F_ASN1_VERIFY, ERR_R_MALLOC_FAILURE);        goto err;    }    p = buf_in;    i2d(data, &p);    ret = EVP_VerifyInit_ex(ctx, type, NULL)        && EVP_VerifyUpdate(ctx, (unsigned char *)buf_in, inl);    OPENSSL_clear_free(buf_in, (unsigned int)inl);    if (!ret) {        ASN1err(ASN1_F_ASN1_VERIFY, ERR_R_EVP_LIB);        goto err;    }    ret = -1;    if (EVP_VerifyFinal(ctx, (unsigned char *)signature->data,                        (unsigned int)signature->length, pkey) <= 0) {        ASN1err(ASN1_F_ASN1_VERIFY, ERR_R_EVP_LIB);        ret = 0;        goto err;    }    ret = 1; err:    EVP_MD_CTX_free(ctx);    return ret;}

int ASN1_verify(i2d_of_void *i2d, X509_ALGOR *a, ASN1_BIT_STRING *signature,                char *data, EVP_PKEY *pkey){    EVP_MD_CTX ctx;    const EVP_MD *type;    unsigned char *p, *buf_in = NULL;    int ret = -1, i, inl;    EVP_MD_CTX_init(&ctx);    i = OBJ_obj2nid(a->algorithm);    type = EVP_get_digestbyname(OBJ_nid2sn(i));    if (type == NULL) {        ASN1err(ASN1_F_ASN1_VERIFY, ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM);        goto err;    }    if (signature->type == V_ASN1_BIT_STRING && signature->flags & 0x7) {        ASN1err(ASN1_F_ASN1_VERIFY, ASN1_R_INVALID_BIT_STRING_BITS_LEFT);        goto err;    }    inl = i2d(data, NULL);    buf_in = OPENSSL_malloc((unsigned int)inl);    if (buf_in == NULL) {        ASN1err(ASN1_F_ASN1_VERIFY, ERR_R_MALLOC_FAILURE);        goto err;    }    p = buf_in;    i2d(data, &p);    ret = EVP_VerifyInit_ex(&ctx, type, NULL)        && EVP_VerifyUpdate(&ctx, (unsigned char *)buf_in, inl);    OPENSSL_cleanse(buf_in, (unsigned int)inl);    OPENSSL_free(buf_in);    if (!ret) {        ASN1err(ASN1_F_ASN1_VERIFY, ERR_R_EVP_LIB);        goto err;    }    ret = -1;    if (EVP_VerifyFinal(&ctx, (unsigned char *)signature->data,                        (unsigned int)signature->length, pkey) <= 0) {        ASN1err(ASN1_F_ASN1_VERIFY, ERR_R_EVP_LIB);        ret = 0;        goto err;    }    /*     * we don't need to zero the 'ctx' because we just checked public     * information     */    /* memset(&ctx,0,sizeof(ctx)); */    ret = 1; err:    EVP_MD_CTX_cleanup(&ctx);    return (ret);}

static LUA_FUNCTION(openssl_verifyFinal){    EVP_MD_CTX *ctx = CHECK_OBJECT(1, EVP_MD_CTX, "openssl.evp_digest_ctx");    size_t signature_len;    const char* signature = luaL_checklstring(L, 2, &signature_len);    EVP_PKEY *pkey = CHECK_OBJECT(3, EVP_PKEY, "openssl.evp_pkey");    int ret = EVP_VerifyFinal(ctx, (const unsigned char*)signature, signature_len, pkey);    EVP_MD_CTX_cleanup(ctx);    return openssl_pushresult(L, ret);}

	int RSASHA256Stream::getVerification(const std::string& their_sign)	{		// check if data was feed into the stream and the sign needs to be		// recalculated		if (!_sign_valid)		{			sync();			_return_code = EVP_VerifyFinal(&_ctx, reinterpret_cast<const unsigned char *>(their_sign.c_str()), their_sign.size(), _pkey);			_sign_valid = true;		}		return _return_code;	}

static bool verifyRSASignature(const unsigned char *originalMessage,                                  unsigned int messageLength,                                  const unsigned char *signature,                                  unsigned int sigLength){    if(nullptr == originalMessage) {        return errorMessage(_("Message is empty"));    }    if(nullptr == signature) {        return errorMessage(_("Signature is empty"));    }    const char *settingsPath = CPLGetConfigOption("NGS_SETTINGS_PATH", nullptr);    std::string keyFilePath = File::formFileName(settingsPath, KEY_FILE, "");    FILE *file = VSIFOpen( keyFilePath.c_str(), "r" );    if( file == nullptr ) {        return errorMessage(_("Failed open file %s"), keyFilePath.c_str());    }    EVP_PKEY *evp_pubkey = PEM_read_PUBKEY(file, nullptr, nullptr, nullptr);    VSIFClose( file );    if (!evp_pubkey) {        return errorMessage(_("Failed PEM_read_PUBKEY"));    }    EVP_MD_CTX *ctx = EVP_MD_CTX_create();    if (!ctx) {        EVP_PKEY_free(evp_pubkey);        return errorMessage(_("Failed PEM_read_PUBKEY"));    }    if(!EVP_VerifyInit(ctx, EVP_sha256())) {        EVP_MD_CTX_destroy(ctx);        EVP_PKEY_free(evp_pubkey);        return errorMessage(_("Failed EVP_VerifyInit"));    }    if(!EVP_VerifyUpdate(ctx, originalMessage, messageLength)) {        EVP_MD_CTX_destroy(ctx);        EVP_PKEY_free(evp_pubkey);        return errorMessage(_("Failed EVP_VerifyUpdate"));    }    int result = EVP_VerifyFinal(ctx, signature, sigLength, evp_pubkey);    EVP_MD_CTX_destroy(ctx);    EVP_PKEY_free(evp_pubkey);    outMessage(result == 1 ? COD_SUCCESS : COD_UNEXPECTED_ERROR,               "Signature is %s", result == 1 ? "valid" : "invalid");    return result == 1;}

EXPORT_C int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, ASN1_BIT_STRING *signature,	     void *asn, EVP_PKEY *pkey)	{	EVP_MD_CTX ctx;	const EVP_MD *type;	unsigned char *buf_in=NULL;	int ret= -1,i,inl;	EVP_MD_CTX_init(&ctx);	i=OBJ_obj2nid(a->algorithm);	type=EVP_get_digestbyname(OBJ_nid2sn(i));	if (type == NULL)		{		ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM);		goto err;		}	if (!EVP_VerifyInit_ex(&ctx,type, NULL))		{		ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ERR_R_EVP_LIB);		ret=0;		goto err;		}	inl = ASN1_item_i2d(asn, &buf_in, it);		if (buf_in == NULL)		{		ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ERR_R_MALLOC_FAILURE);		goto err;		}	EVP_VerifyUpdate(&ctx,(unsigned char *)buf_in,inl);	OPENSSL_cleanse(buf_in,(unsigned int)inl);	OPENSSL_free(buf_in);	if (EVP_VerifyFinal(&ctx,(unsigned char *)signature->data,			(unsigned int)signature->length,pkey) <= 0)		{		ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ERR_R_EVP_LIB);		ret=0;		goto err;		}	/* we don't need to zero the 'ctx' because we just checked	 * public information */	/* memset(&ctx,0,sizeof(ctx)); */	ret=1;err:	EVP_MD_CTX_cleanup(&ctx);	return(ret);	}

static isc_result_topensslgost_verify(dst_context_t *dctx, const isc_region_t *sig) {	dst_key_t *key = dctx->key;	int status = 0;	EVP_MD_CTX *evp_md_ctx = dctx->ctxdata.evp_md_ctx;	EVP_PKEY *pkey = key->keydata.pkey;	status = EVP_VerifyFinal(evp_md_ctx, sig->base, sig->length, pkey);	if (status != 1)		return (dst__openssl_toresult(DST_R_VERIFYFAILURE));	return (ISC_R_SUCCESS);}

int verifyData( char *clearText, int clearlen,unsigned char *sig, int sigLen){  int verify;  EVP_MD_CTX* ctx = 0;  ctx = EVP_MD_CTX_create();  EVP_VerifyInit_ex( ctx, EVP_sha256(), 0 );  EVP_VerifyUpdate( ctx, clearText, clearlen );  verify=EVP_VerifyFinal( ctx, sig, sigLen, pKey );  EVP_MD_CTX_destroy( ctx );  return verify;}

void do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout,			EVP_PKEY *key, unsigned char *sigin, int siglen)	{	int len;	int i;	for (;;)		{		i=BIO_read(bp,(char *)buf,BUFSIZE);		if (i <= 0) break;		}	if(sigin)		{		EVP_MD_CTX *ctx;		BIO_get_md_ctx(bp, &ctx);		i = EVP_VerifyFinal(ctx, sigin, (unsigned int)siglen, key); 		if(i > 0) BIO_printf(out, "Verified OK/n");		else if(i == 0) BIO_printf(out, "Verification Failure/n");		else			{			BIO_printf(bio_err, "Error Verifying Data/n");			ERR_print_errors(bio_err);			}		return;		}	if(key)		{		EVP_MD_CTX *ctx;		BIO_get_md_ctx(bp, &ctx);		if(!EVP_SignFinal(ctx, buf, (unsigned int *)&len, key)) 			{			BIO_printf(bio_err, "Error Signing Data/n");			ERR_print_errors(bio_err);			return;			}		}	else		len=BIO_gets(bp,(char *)buf,BUFSIZE);	if(binout) BIO_write(out, buf, len);	else 		{		for (i=0; i<len; i++)			{			if (sep && (i != 0))				BIO_printf(out, ":");			BIO_printf(out, "%02x",buf[i]);			}		BIO_printf(out, "/n");		}	}

int verify_sig( EVP_PKEY * pkey, const EVP_MD * htype, char * data, int data_len, unsigned char * sig, int sig_len ){   EVP_MD_CTX     md_ctx;      EVP_VerifyInit   (&md_ctx, htype);   EVP_VerifyUpdate (&md_ctx, data, data_len);      if ( EVP_VerifyFinal (&md_ctx, sig, sig_len, pkey) != 1)   {      ERR_print_errors_fp (stderr);      return 0;   }   return 1;}

static int verify_final(lua_State *L){  EVP_MD_CTX *c = (EVP_MD_CTX*)luaL_checkudata(L, 1, LUACRYPTO_VERIFYNAME);  size_t sig_len = 0;  const unsigned char *sig = (unsigned char *) luaL_checklstring(L, 2, &sig_len);  EVP_PKEY **pkey = (EVP_PKEY **)luaL_checkudata(L, 3, LUACRYPTO_PKEYNAME);  int ret;  ret = EVP_VerifyFinal(c, sig, sig_len, *pkey);  if (ret == -1)    return crypto_error(L);  lua_pushboolean(L, ret);  return 1;}

/* * public static native void EVP_VerifyFinal(int, byte[], int, int, int) */static int NativeCrypto_EVP_VerifyFinal(JNIEnv* env, jclass clazz, EVP_MD_CTX* ctx, jbyteArray buffer, jint offset, jint length, EVP_PKEY* pkey) {    // LOGI("NativeCrypto_EVP_VerifyFinal %x, %x, %d, %d %x", ctx, buffer, offset, length, pkey);    if (ctx == NULL || buffer == NULL || pkey == NULL) {        throwNullPointerException(env);        return -1;    }    jbyte* bufferBytes = env->GetByteArrayElements(buffer, NULL);    int result = EVP_VerifyFinal(ctx, (unsigned char*) (bufferBytes + offset), length, pkey);    env->ReleaseByteArrayElements(buffer, bufferBytes, JNI_ABORT);    throwExceptionIfNecessary(env);    return result;}

/**@fn int soap_smd_final(struct soap *soap, struct soap_smd_data *data, char *buf, int *len)@brief Finalizes (signed) digest computation and returns digest or signature.@param soap context@param[in,out] data smdevp engine context@param[in] buf contains signature for verification (SOAP_SMD_VRFY algorithms)@param[out] buf is populated with the digest or signature@param[in] len points to length of signature to verify (SOAP_SMD_VRFY algorithms)@param[out] len points to length of stored digest or signature (pass NULL if you are not interested in this value)@return SOAP_OK or SOAP_SSL_ERROR*/intsoap_smd_final(struct soap *soap, struct soap_smd_data *data, char *buf, int *len){ unsigned int n = 0;  int err = 1;  if (buf)  { /* finalize the digest or signature computation */    switch (data->alg & (SOAP_SMD_PASSTHRU-1))    { case SOAP_SMD_DGST_MD5:      case SOAP_SMD_DGST_SHA1:      case SOAP_SMD_DGST_SHA256:        EVP_DigestFinal((EVP_MD_CTX*)data->ctx, (unsigned char*)buf, &n);        break;      case SOAP_SMD_HMAC_SHA1:        HMAC_Final((HMAC_CTX*)data->ctx, (unsigned char*)buf, &n);        break;      case SOAP_SMD_SIGN_DSA_SHA1:      case SOAP_SMD_SIGN_RSA_SHA1:      case SOAP_SMD_SIGN_RSA_SHA256:        err = EVP_SignFinal((EVP_MD_CTX*)data->ctx, (unsigned char*)buf, &n, (EVP_PKEY*)data->key);        break;      case SOAP_SMD_VRFY_DSA_SHA1:      case SOAP_SMD_VRFY_RSA_SHA1:        if (len)        { n = (unsigned int)*len;          err = EVP_VerifyFinal((EVP_MD_CTX*)data->ctx, (unsigned char*)buf, n, (EVP_PKEY*)data->key);        }        else          err = 0;        break;    }    DBGLOG(TEST, SOAP_MESSAGE(fdebug, "-- SMD Final alg=%d (%p) %d bytes--/n", data->alg, data->ctx, n));    DBGHEX(TEST, buf, n);    DBGLOG(TEST, SOAP_MESSAGE(fdebug, "/n--"));    /* return length of digest or signature produced */    if (len)      *len = (int)n;  }  /* cleanup and free the HMAC or EVP_MD context */  if ((data->alg & (SOAP_SMD_PASSTHRU-1)) == SOAP_SMD_HMAC_SHA1)    HMAC_CTX_cleanup((HMAC_CTX*)data->ctx);  else    EVP_MD_CTX_cleanup((EVP_MD_CTX*)data->ctx);  SOAP_FREE(soap, data->ctx);  data->ctx = NULL;  /* check and return */  return soap_smd_check(soap, data, err, "soap_smd_final() failed");}

/* * RSA: generate keys and sign, verify input plaintext. */static int FIPS_rsa_test(int bad){    RSA *key;    unsigned char input_ptext[] = "etaonrishdlc";    unsigned char buf[256];    unsigned int slen;    BIGNUM *bn;    EVP_MD_CTX mctx;    EVP_PKEY pk;    int r = 0;    ERR_clear_error();    EVP_MD_CTX_init(&mctx);    key = RSA_new();    bn = BN_new();    if (!key || !bn)        return 0;    BN_set_word(bn, 65537);    if (!RSA_generate_key_ex(key, 1024, bn, NULL))        return 0;    BN_free(bn);    if (bad)        BN_add_word(key->n, 1);    pk.type = EVP_PKEY_RSA;    pk.pkey.rsa = key;    if (!EVP_SignInit_ex(&mctx, EVP_sha1(), NULL))        goto end;    if (!EVP_SignUpdate(&mctx, input_ptext, sizeof(input_ptext) - 1))        goto end;    if (!EVP_SignFinal(&mctx, buf, &slen, &pk))        goto end;    if (!EVP_VerifyInit_ex(&mctx, EVP_sha1(), NULL))        goto end;    if (!EVP_VerifyUpdate(&mctx, input_ptext, sizeof(input_ptext) - 1))        goto end;    r = EVP_VerifyFinal(&mctx, buf, slen, &pk);end:    EVP_MD_CTX_cleanup(&mctx);    if (key)        RSA_free(key);    if (r != 1)        return 0;    return 1;}

bool verifySignature(int message, unsigned char* signature, char* certfile) {	int err;	unsigned int sig_len;	//unsigned char sig_buf[4096];	static char data[100];	EVP_MD_CTX md_ctx;	EVP_PKEY* pkey;	FILE * fp;	X509 * x509;	memset(&data, '/0', sizeof(data));	sprintf(data, "%d", message);	ERR_load_crypto_strings();	fp = fopen(certfile, "r");	if (fp == NULL) {		printf("certfile not found/n");		exit(1);	}	x509 = PEM_read_X509(fp, NULL, NULL, NULL);	fclose(fp);	if (x509 == NULL) {		printf("Error in certificate file x509/n");		ERR_print_errors_fp (stderr);		exit(1);	}	/* Get public key - eay */	pkey = X509_get_pubkey(x509);	if (pkey == NULL) {		printf("Error in claiming the public key/n");		ERR_print_errors_fp (stderr);		exit(1);	}	sig_len = 128;	/* Verify the signature */	EVP_VerifyInit(&md_ctx, EVP_sha1());	EVP_VerifyUpdate(&md_ctx, data, strlen((char*) data));	err = EVP_VerifyFinal(&md_ctx, signature, sig_len, pkey);	EVP_PKEY_free(pkey);	if (err != 1) {		ERR_print_errors_fp (stderr);		return 0;	}	return 1;}

int API_SWU_VerifyImage(unsigned char* image, unsigned int imageSize) { 	unsigned char *md_value;	unsigned int md_len = 0;	md_value = malloc(0x40);	EVP_MD_CTX ctx1, ctx2;	EVP_DigestInit(&ctx1, EVP_get_digestbyname("sha1"));	EVP_DigestUpdate(&ctx1, image + SIGNATURE_SIZE, imageSize - SIGNATURE_SIZE);	EVP_DigestFinal(&ctx1, md_value, &md_len);	EVP_DigestInit(&ctx2, EVP_sha1());	EVP_DigestUpdate(&ctx2, md_value, md_len);	int result = 0;	if (EVP_VerifyFinal(&ctx2, image, SIGNATURE_SIZE, _gpPubKey) == 1) result = 1;	EVP_MD_CTX_cleanup(&ctx1);	EVP_MD_CTX_cleanup(&ctx2);	free(md_value);	return result;}

/* * DSA: generate keys and sign, verify input plaintext. */static int FIPS_dsa_test(int bad){    DSA *dsa = NULL;    EVP_PKEY pk;    unsigned char dgst[] = "etaonrishdlc";    unsigned char buf[60];    unsigned int slen;    int r = 0;    EVP_MD_CTX mctx;    ERR_clear_error();    EVP_MD_CTX_init(&mctx);    dsa = DSA_new();    if (!dsa)        goto end;    if (!DSA_generate_parameters_ex(dsa, 1024, NULL, 0, NULL, NULL, NULL))        goto end;    if (!DSA_generate_key(dsa))        goto end;    if (bad)        BN_add_word(dsa->pub_key, 1);    pk.type = EVP_PKEY_DSA;    pk.pkey.dsa = dsa;    if (!EVP_SignInit_ex(&mctx, EVP_dss1(), NULL))        goto end;    if (!EVP_SignUpdate(&mctx, dgst, sizeof(dgst) - 1))        goto end;    if (!EVP_SignFinal(&mctx, buf, &slen, &pk))        goto end;    if (!EVP_VerifyInit_ex(&mctx, EVP_dss1(), NULL))        goto end;    if (!EVP_VerifyUpdate(&mctx, dgst, sizeof(dgst) - 1))        goto end;    r = EVP_VerifyFinal(&mctx, buf, slen, &pk);end:    EVP_MD_CTX_cleanup(&mctx);    if (dsa)        DSA_free(dsa);    if (r != 1)        return 0;    return 1;}

static bool EVP_verify(RSA *rsa, const char *sign, size_t sigl, const char *data, size_t l) {	EVP_MD_CTX ctx;	EVP_PKEY *pkey;	bool ret = false;	pkey = EVP_PKEY_new();	if (!pkey) return ret;	if (!EVP_PKEY_set1_RSA(pkey, rsa)) goto _fail;	EVP_VerifyInit(&ctx, EVP_sha256());	if (!EVP_VerifyUpdate(&ctx, data, l)) goto _fail;	if (EVP_VerifyFinal(&ctx, sign, sigl, pkey) == 1) ret = true;_fail:	EVP_PKEY_free(pkey);	return ret;}

/**@fn int soap_smd_final(struct soap *soap, struct soap_smd_data *data, char *buf, int *len)@brief Finalizes (signed) digest computation and returns digest or signature.@param soap context@param[in,out] data smdevp engine context@param[in] buf contains signature for verification (SOAP_SMD_VRFY algorithms)@param[out] buf is populated with the digest or signature@param[in] len points to length of signature to verify (SOAP_SMD_VRFY algorithms)@param[out] len points to length of stored digest or signature (pass NULL if you are not interested in this value)@return SOAP_OK or SOAP_SSL_ERROR*/intsoap_smd_final(struct soap *soap, struct soap_smd_data *data, char *buf, int *len){ unsigned int n = 0;  int ok = 1;  if (!data->ctx)    return soap_set_receiver_error(soap, "soap_smd_final() failed", "No context", SOAP_SSL_ERROR);  if (buf)  { /* finalize the digest or signature computation */    switch (data->alg & SOAP_SMD_ALGO)    { case SOAP_SMD_HMAC:        HMAC_Final((HMAC_CTX*)data->ctx, (unsigned char*)buf, &n);        break;      case SOAP_SMD_DGST:        EVP_DigestFinal_ex((EVP_MD_CTX*)data->ctx, (unsigned char*)buf, &n);        break;      case SOAP_SMD_SIGN:        ok = EVP_SignFinal((EVP_MD_CTX*)data->ctx, (unsigned char*)buf, &n, (EVP_PKEY*)data->key);        break;      case SOAP_SMD_VRFY:        if (len)        { n = (unsigned int)*len;          ok = EVP_VerifyFinal((EVP_MD_CTX*)data->ctx, (unsigned char*)buf, n, (EVP_PKEY*)data->key);        }        else          ok = 0;        break;    }    DBGLOG(TEST, SOAP_MESSAGE(fdebug, "-- SMD Final alg=%x (%p) %d bytes--/n", data->alg, data->ctx, n));    DBGHEX(TEST, buf, n);    DBGLOG(TEST, SOAP_MESSAGE(fdebug, "/n--"));    /* pass back length of digest or signature produced */    if (len)      *len = (int)n;  }  /* cleanup */  if ((data->alg & SOAP_SMD_ALGO) == SOAP_SMD_HMAC)    HMAC_CTX_cleanup((HMAC_CTX*)data->ctx);  else    EVP_MD_CTX_cleanup((EVP_MD_CTX*)data->ctx);  SOAP_FREE(soap, data->ctx);  data->ctx = NULL;  /* check and return */  return soap_smd_check(soap, data, ok, "soap_smd_final() failed");}

static isc_result_topensslgost_verify(dst_context_t *dctx, const isc_region_t *sig) {	dst_key_t *key = dctx->key;	int status = 0;	EVP_MD_CTX *evp_md_ctx = dctx->ctxdata.evp_md_ctx;	EVP_PKEY *pkey = key->keydata.pkey;	status = EVP_VerifyFinal(evp_md_ctx, sig->base, sig->length, pkey);	switch (status) {	case 1:		return (ISC_R_SUCCESS);	case 0:		return (dst__openssl_toresult(DST_R_VERIFYFAILURE));	default:		return (dst__openssl_toresult3(dctx->category,					       "EVP_VerifyFinal",					       DST_R_VERIFYFAILURE));	}}

/*! * /brief Verify the DNSSEC signature for supplied data. * * /param context         DNSSEC signature context. * /param signature       Pointer to signature. * /param signature_size  Size of the signature. * * /return Error code. * /retval KNOT_EOK                        The signature is valid. * /retval KNOT_DNSSEC_EINVALID_SIGNATURE  The signature is invalid. * /retval KNOT_DNSSEC_ESIGN               Some error occured. */static int any_sign_verify(const knot_dnssec_sign_context_t *context,                            const uint8_t *signature, size_t signature_size){	assert(context);	assert(signature);	int result = EVP_VerifyFinal(context->digest_context,	                             signature, signature_size,	                             context->key->data->private_key);	switch (result) {	case 1:		return KNOT_EOK;	case 0:		return KNOT_DNSSEC_EINVALID_SIGNATURE;	default:		return KNOT_DNSSEC_ESIGN;	};}