自学教程：C++ EVP_VerifyUpdate函数代码示例

void rsatest(){    const EVP_MD *sha256 = EVP_get_digestbyname("sha256");    if(!sha256){	fprintf(stderr,"SHA256 not available/n");	return;    }    printf("Now try signing with X.509 certificates and EVP/n");    char ptext[16];    memset(ptext,0,sizeof(ptext));    strcpy(ptext,"Simson");    unsigned char sig[1024];    uint32_t  siglen = sizeof(sig);    BIO *bp = BIO_new_file("signing_key.pem","r");    EVP_MD_CTX md;    EVP_PKEY *pkey = PEM_read_bio_PrivateKey(bp,0,0,0);    EVP_SignInit(&md,sha256);    EVP_SignUpdate(&md,ptext,sizeof(ptext));    EVP_SignFinal(&md,sig,&siglen,pkey);    /* let's try to verify it */    bp = BIO_new_file("signing_cert.pem","r");    X509 *x = 0;    PEM_read_bio_X509(bp,&x,0,0);    EVP_PKEY *pubkey = X509_get_pubkey(x);        printf("pubkey=%p/n",pubkey);	    EVP_VerifyInit(&md,sha256);    EVP_VerifyUpdate(&md,ptext,sizeof(ptext));    int r = EVP_VerifyFinal(&md,sig,siglen,pubkey);    printf("r=%d/n",r);    printf("do it again.../n");    EVP_VerifyInit(&md,sha256);    EVP_VerifyUpdate(&md,ptext,sizeof(ptext));    r = EVP_VerifyFinal(&md,sig,siglen,pubkey);    printf("r=%d/n",r);    printf("make a tiny change.../n");    ptext[0]='f';    EVP_VerifyInit(&md,sha256);    EVP_VerifyUpdate(&md,ptext,sizeof(ptext));    r = EVP_VerifyFinal(&md,sig,siglen,pubkey);    printf("r=%d/n",r);}

/**@fn int soap_smd_update(struct soap *soap, struct soap_smd_data *data, const char *buf, size_t len)@brief Updates (signed) digest computation with message part.@param soap context@param[in,out] data smdevp engine context@param[in] buf contains message part@param[in] len of message part@return SOAP_OK or SOAP_SSL_ERROR*/intsoap_smd_update(struct soap *soap, struct soap_smd_data *data, const char *buf, size_t len){ int ok = 1;  if (!data->ctx)    return soap_set_receiver_error(soap, "soap_smd_update() failed", "No context", SOAP_SSL_ERROR);  DBGLOG(TEST, SOAP_MESSAGE(fdebug, "-- SMD Update alg=%x n=%lu (%p) --/n", data->alg, (unsigned long)len, data->ctx));  switch (data->alg & SOAP_SMD_ALGO)  { case SOAP_SMD_HMAC:      HMAC_Update((HMAC_CTX*)data->ctx, (const unsigned char*)buf, len);      break;    case SOAP_SMD_DGST:      EVP_DigestUpdate((EVP_MD_CTX*)data->ctx, (const void*)buf, (unsigned int)len);      break;    case SOAP_SMD_SIGN:      ok = EVP_SignUpdate((EVP_MD_CTX*)data->ctx, (const void*)buf, (unsigned int)len);      break;    case SOAP_SMD_VRFY:      ok = EVP_VerifyUpdate((EVP_MD_CTX*)data->ctx, (const void*)buf, (unsigned int)len);      break;  }  DBGMSG(TEST, buf, len);  DBGLOG(TEST, SOAP_MESSAGE(fdebug, "/n--"));  /* check and return */  return soap_smd_check(soap, data, ok, "soap_smd_update() failed");}

/** Low-level signature verification. *  /param key_count Number of keys in the /a keys array  *         and number fo signatures in the /a sigs array. *  /param keys Array of keys.  The keys must include public key data. *  /param sigs Array of signatures, as returned from gale_crypto_sign_raw(). *  /param data Data to verify against signatures. *  /return Nonzero iff the all signatures are valid. */int gale_crypto_verify_raw(int key_count,        const struct gale_group *keys,        const struct gale_data *sigs,        struct gale_data data){	int i,is_valid = 1;	EVP_MD_CTX *context = EVP_MD_CTX_new();	RSA *rsa;	EVP_VerifyInit(context,EVP_md5());	EVP_VerifyUpdate(context,data.p,data.l);	for (i = 0; is_valid && i < key_count; ++i) {		EVP_PKEY *key = EVP_PKEY_new();		EVP_PKEY_assign_RSA(key,RSA_new());		rsa = EVP_PKEY_get0_RSA(key);		crypto_i_rsa(keys[i],rsa);		if (!crypto_i_public_valid(rsa)) {			gale_alert(GALE_WARNING,G_("invalid public key"),0);			is_valid = 0;			goto cleanup;		}		if (!EVP_VerifyFinal(context,sigs[i].p,sigs[i].l,key)) {			crypto_i_error();			is_valid = 0;			goto cleanup;		}	cleanup:		EVP_PKEY_free(key);	}	return is_valid;}

int oauth_verify_rsa_sha1 (const char *m, const char *c, const char *s) {  EVP_MD_CTX md_ctx;  EVP_PKEY *pkey;  BIO *in;  X509 *cert = NULL;  unsigned char *b64d;  int slen, err;  in = BIO_new_mem_buf((unsigned char*)c, strlen(c));  cert = PEM_read_bio_X509(in, NULL, 0, NULL);  if (cert)  {    pkey = (EVP_PKEY *) X509_get_pubkey(cert);     X509_free(cert);  } else {    pkey = PEM_read_bio_PUBKEY(in, NULL, 0, NULL);  }  BIO_free(in);  if (pkey == NULL) {  //fprintf(stderr, "could not read cert/pubkey./n");    return -2;  }  b64d= (unsigned char*) xmalloc(sizeof(char)*strlen(s));  slen = oauth_decode_base64(b64d, s);  EVP_VerifyInit(&md_ctx, EVP_sha1());  EVP_VerifyUpdate(&md_ctx, m, strlen(m));  err = EVP_VerifyFinal(&md_ctx, b64d, slen, pkey);  EVP_MD_CTX_cleanup(&md_ctx);  EVP_PKEY_free(pkey);  free(b64d);  return (err);}

static int verify_fverify(lua_State *L){  /* parameter 1 is the 'crypto.verify' table */  const char *type_name = luaL_checkstring(L, 2);  const EVP_MD *type = EVP_get_digestbyname(type_name);  if (type == NULL) {    luaL_argerror(L, 1, "invalid digest type");    return 0;  } else {    EVP_MD_CTX c;    size_t input_len = 0;    const unsigned char *input = (unsigned char *) luaL_checklstring(L, 3, &input_len);    size_t sig_len = 0;    const unsigned char *sig = (unsigned char *) luaL_checklstring(L, 4, &sig_len);    EVP_PKEY **pkey = (EVP_PKEY **)luaL_checkudata(L, 5, LUACRYPTO_PKEYNAME);    int ret;    EVP_MD_CTX_init(&c);    EVP_VerifyInit_ex(&c, type, NULL);    EVP_VerifyUpdate(&c, input, input_len);    ret = EVP_VerifyFinal(&c, sig, sig_len, *pkey);    EVP_MD_CTX_cleanup(&c);    if (ret == -1)      return crypto_error(L);    lua_pushboolean(L, ret);    return 1;  }}

bool Verificador::verificarFirma(ParDeClaves& parDeClaves,const std::string& firma,std::istream& mensaje){    RSA* rsa = parDeClaves;    EVP_PKEY* pk = EVP_PKEY_new();    EVP_MD_CTX ctx;    EVP_PKEY_set1_RSA(pk,parDeClaves);    EVP_MD_CTX_init(&ctx);    M_EVP_MD_CTX_set_flags(&ctx, EVP_MD_CTX_FLAG_PAD_PKCS1/*EVP_MD_CTX_FLAG_PAD_X931*/);    EVP_VerifyInit_ex(&ctx, EVP_get_digestbynid(NID_sha1), NULL);    while(!mensaje.eof()){        unsigned char buffer[tamanio_de_buffer_default];        mensaje.read((char*)buffer,tamanio_de_buffer_default);        EVP_VerifyUpdate(&ctx, buffer, mensaje.gcount());        mensaje.peek();    }    int ok = EVP_VerifyFinal(&ctx, (unsigned char*)firma.c_str(), firma.size(), pk);    EVP_MD_CTX_cleanup(&ctx);    // El free esta en el constructor de ParDeClaves no puede    // liberarse aca    //FIPS_rsa_free(pk.pkey.rsa);    EVP_PKEY_free(pk);    return ok==1;}

/**@fn int soap_smd_update(struct soap *soap, struct soap_smd_data *data, const char *buf, size_t len)@brief Updates (signed) digest computation with message part.@param soap context@param[in,out] data smdevp engine context@param[in] buf contains message part@param[in] len of message part@return SOAP_OK or SOAP_SSL_ERROR*/intsoap_smd_update(struct soap *soap, struct soap_smd_data *data, const char *buf, size_t len){ int err = 1;  DBGLOG(TEST, SOAP_MESSAGE(fdebug, "-- SMD Update alg=%d n=%lu (%p) --/n", data->alg, (unsigned long)len, data->ctx));  switch (data->alg & (SOAP_SMD_PASSTHRU-1))  { case SOAP_SMD_DGST_MD5:    case SOAP_SMD_DGST_SHA1:      EVP_DigestUpdate((EVP_MD_CTX*)data->ctx, (const void*)buf, (unsigned int)len);      break;    case SOAP_SMD_HMAC_SHA1:      HMAC_Update((HMAC_CTX*)data->ctx, (const unsigned char*)buf, len);      break;    case SOAP_SMD_SIGN_DSA_SHA1:    case SOAP_SMD_SIGN_RSA_SHA1:      err = EVP_SignUpdate((EVP_MD_CTX*)data->ctx, (const void*)buf, (unsigned int)len);      break;    case SOAP_SMD_VRFY_DSA_SHA1:    case SOAP_SMD_VRFY_RSA_SHA1:      err = EVP_VerifyUpdate((EVP_MD_CTX*)data->ctx, (const void*)buf, (unsigned int)len);      break;  }  DBGMSG(TEST, buf, len);  DBGLOG(TEST, SOAP_MESSAGE(fdebug, "/n--"));  /* check and return */  return soap_smd_check(soap, data, err, "soap_smd_update() failed");}

int COsslKey::VerifyBin( sqbind::CSqBinary *pData, sqbind::CSqBinary *sig ){_STT();	if ( !pData || !sig || !getPublicKeyPtr() )		return 0;	EVP_MD_CTX md_ctx;	if ( !EVP_VerifyInit( &md_ctx, EVP_sha1() ) )	{	oexERROR( 0, oexT( "EVP_VerifyInit() failed" ) );		return 0;	} // end if	if ( !EVP_VerifyUpdate( &md_ctx, pData->Ptr(), pData->getUsed() ) )	{	oexERROR( 0, oexT( "EVP_VerifyUpdate() failed" ) );		return 0;	} // end if	int err = EVP_VerifyFinal( &md_ctx, (unsigned char*)sig->Ptr(), sig->getUsed(), getPublicKeyPtr() );	if ( err != 1 )	{	oexERROR( err, oexT( "EVP_VerifyFinal() failed" ) );		return 0;	} // end if	return 1;}

void openssl_evp_comsign(){	RSA *rsa;	EVP_PKEY *evpKey;	EVP_MD_CTX mdctx;	unsigned int i, len;	char ins[MAX1_LEN] = "openssl signature";	unsigned char outs[MAX1_LEN];	OpenSSL_add_all_algorithms();	rsa = RSA_generate_key(MAX1_LEN, RSA_F4, NULL, NULL);	evpKey = EVP_PKEY_new();	EVP_PKEY_set1_RSA(evpKey, rsa);	EVP_MD_CTX_init(&mdctx);	EVP_SignInit_ex(&mdctx, EVP_md5(), NULL);	EVP_SignUpdate(&mdctx, ins, strlen(ins));	EVP_SignFinal(&mdctx, outs, &len, evpKey);	printf("/nEVP_COMSignature(%s) = ", ins);	for (i = 0; i < len; i++)		printf("0x%02x ", outs[i]);	printf("/n");	EVP_MD_CTX_cleanup(&mdctx);	EVP_MD_CTX_init(&mdctx);	EVP_VerifyInit_ex(&mdctx, EVP_md5(), NULL);	EVP_VerifyUpdate(&mdctx, ins, strlen(ins));	if (EVP_VerifyFinal(&mdctx, outs, len, evpKey) == 1)		printf("EVP_COMVerify OK!/n");	EVP_MD_CTX_cleanup(&mdctx);	EVP_PKEY_free(evpKey);	RSA_free(rsa);}

int ASN1_verify(i2d_of_void *i2d, X509_ALGOR *a, ASN1_BIT_STRING *signature,                char *data, EVP_PKEY *pkey){    EVP_MD_CTX *ctx = EVP_MD_CTX_new();    const EVP_MD *type;    unsigned char *p, *buf_in = NULL;    int ret = -1, i, inl;    if (ctx == NULL) {        ASN1err(ASN1_F_ASN1_VERIFY, ERR_R_MALLOC_FAILURE);        goto err;    }    i = OBJ_obj2nid(a->algorithm);    type = EVP_get_digestbyname(OBJ_nid2sn(i));    if (type == NULL) {        ASN1err(ASN1_F_ASN1_VERIFY, ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM);        goto err;    }    if (signature->type == V_ASN1_BIT_STRING && signature->flags & 0x7) {        ASN1err(ASN1_F_ASN1_VERIFY, ASN1_R_INVALID_BIT_STRING_BITS_LEFT);        goto err;    }    inl = i2d(data, NULL);    if (inl <= 0) {        ASN1err(ASN1_F_ASN1_VERIFY, ERR_R_INTERNAL_ERROR);        goto err;    }    buf_in = OPENSSL_malloc((unsigned int)inl);    if (buf_in == NULL) {        ASN1err(ASN1_F_ASN1_VERIFY, ERR_R_MALLOC_FAILURE);        goto err;    }    p = buf_in;    i2d(data, &p);    ret = EVP_VerifyInit_ex(ctx, type, NULL)        && EVP_VerifyUpdate(ctx, (unsigned char *)buf_in, inl);    OPENSSL_clear_free(buf_in, (unsigned int)inl);    if (!ret) {        ASN1err(ASN1_F_ASN1_VERIFY, ERR_R_EVP_LIB);        goto err;    }    ret = -1;    if (EVP_VerifyFinal(ctx, (unsigned char *)signature->data,                        (unsigned int)signature->length, pkey) <= 0) {        ASN1err(ASN1_F_ASN1_VERIFY, ERR_R_EVP_LIB);        ret = 0;        goto err;    }    ret = 1; err:    EVP_MD_CTX_free(ctx);    return ret;}

int ASN1_verify(i2d_of_void *i2d, X509_ALGOR *a, ASN1_BIT_STRING *signature,                char *data, EVP_PKEY *pkey){    EVP_MD_CTX ctx;    const EVP_MD *type;    unsigned char *p, *buf_in = NULL;    int ret = -1, i, inl;    EVP_MD_CTX_init(&ctx);    i = OBJ_obj2nid(a->algorithm);    type = EVP_get_digestbyname(OBJ_nid2sn(i));    if (type == NULL) {        ASN1err(ASN1_F_ASN1_VERIFY, ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM);        goto err;    }    if (signature->type == V_ASN1_BIT_STRING && signature->flags & 0x7) {        ASN1err(ASN1_F_ASN1_VERIFY, ASN1_R_INVALID_BIT_STRING_BITS_LEFT);        goto err;    }    inl = i2d(data, NULL);    buf_in = OPENSSL_malloc((unsigned int)inl);    if (buf_in == NULL) {        ASN1err(ASN1_F_ASN1_VERIFY, ERR_R_MALLOC_FAILURE);        goto err;    }    p = buf_in;    i2d(data, &p);    ret = EVP_VerifyInit_ex(&ctx, type, NULL)        && EVP_VerifyUpdate(&ctx, (unsigned char *)buf_in, inl);    OPENSSL_cleanse(buf_in, (unsigned int)inl);    OPENSSL_free(buf_in);    if (!ret) {        ASN1err(ASN1_F_ASN1_VERIFY, ERR_R_EVP_LIB);        goto err;    }    ret = -1;    if (EVP_VerifyFinal(&ctx, (unsigned char *)signature->data,                        (unsigned int)signature->length, pkey) <= 0) {        ASN1err(ASN1_F_ASN1_VERIFY, ERR_R_EVP_LIB);        ret = 0;        goto err;    }    /*     * we don't need to zero the 'ctx' because we just checked public     * information     */    /* memset(&ctx,0,sizeof(ctx)); */    ret = 1; err:    EVP_MD_CTX_cleanup(&ctx);    return (ret);}

static int verify_update(lua_State *L){  EVP_MD_CTX *c = (EVP_MD_CTX*)luaL_checkudata(L, 1, LUACRYPTO_VERIFYNAME);  size_t input_len = 0;  const unsigned char *input = (unsigned char *) luaL_checklstring(L, 2, &input_len);  EVP_VerifyUpdate(c, input, input_len);  return 0;}

static LUA_FUNCTION(openssl_verifyUpdate){    size_t l;    int ret;    EVP_MD_CTX *ctx = CHECK_OBJECT(1, EVP_MD_CTX, "openssl.evp_digest_ctx");    const char* data = luaL_checklstring(L, 2, &l);    ret = EVP_VerifyUpdate(ctx, data, l);    return openssl_pushresult(L, ret);}

static bool verifyRSASignature(const unsigned char *originalMessage,                                  unsigned int messageLength,                                  const unsigned char *signature,                                  unsigned int sigLength){    if(nullptr == originalMessage) {        return errorMessage(_("Message is empty"));    }    if(nullptr == signature) {        return errorMessage(_("Signature is empty"));    }    const char *settingsPath = CPLGetConfigOption("NGS_SETTINGS_PATH", nullptr);    std::string keyFilePath = File::formFileName(settingsPath, KEY_FILE, "");    FILE *file = VSIFOpen( keyFilePath.c_str(), "r" );    if( file == nullptr ) {        return errorMessage(_("Failed open file %s"), keyFilePath.c_str());    }    EVP_PKEY *evp_pubkey = PEM_read_PUBKEY(file, nullptr, nullptr, nullptr);    VSIFClose( file );    if (!evp_pubkey) {        return errorMessage(_("Failed PEM_read_PUBKEY"));    }    EVP_MD_CTX *ctx = EVP_MD_CTX_create();    if (!ctx) {        EVP_PKEY_free(evp_pubkey);        return errorMessage(_("Failed PEM_read_PUBKEY"));    }    if(!EVP_VerifyInit(ctx, EVP_sha256())) {        EVP_MD_CTX_destroy(ctx);        EVP_PKEY_free(evp_pubkey);        return errorMessage(_("Failed EVP_VerifyInit"));    }    if(!EVP_VerifyUpdate(ctx, originalMessage, messageLength)) {        EVP_MD_CTX_destroy(ctx);        EVP_PKEY_free(evp_pubkey);        return errorMessage(_("Failed EVP_VerifyUpdate"));    }    int result = EVP_VerifyFinal(ctx, signature, sigLength, evp_pubkey);    EVP_MD_CTX_destroy(ctx);    EVP_PKEY_free(evp_pubkey);    outMessage(result == 1 ? COD_SUCCESS : COD_UNEXPECTED_ERROR,               "Signature is %s", result == 1 ? "valid" : "invalid");    return result == 1;}

EXPORT_C int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, ASN1_BIT_STRING *signature,	     void *asn, EVP_PKEY *pkey)	{	EVP_MD_CTX ctx;	const EVP_MD *type;	unsigned char *buf_in=NULL;	int ret= -1,i,inl;	EVP_MD_CTX_init(&ctx);	i=OBJ_obj2nid(a->algorithm);	type=EVP_get_digestbyname(OBJ_nid2sn(i));	if (type == NULL)		{		ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM);		goto err;		}	if (!EVP_VerifyInit_ex(&ctx,type, NULL))		{		ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ERR_R_EVP_LIB);		ret=0;		goto err;		}	inl = ASN1_item_i2d(asn, &buf_in, it);		if (buf_in == NULL)		{		ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ERR_R_MALLOC_FAILURE);		goto err;		}	EVP_VerifyUpdate(&ctx,(unsigned char *)buf_in,inl);	OPENSSL_cleanse(buf_in,(unsigned int)inl);	OPENSSL_free(buf_in);	if (EVP_VerifyFinal(&ctx,(unsigned char *)signature->data,			(unsigned int)signature->length,pkey) <= 0)		{		ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ERR_R_EVP_LIB);		ret=0;		goto err;		}	/* we don't need to zero the 'ctx' because we just checked	 * public information */	/* memset(&ctx,0,sizeof(ctx)); */	ret=1;err:	EVP_MD_CTX_cleanup(&ctx);	return(ret);	}

int verifyData( char *clearText, int clearlen,unsigned char *sig, int sigLen){  int verify;  EVP_MD_CTX* ctx = 0;  ctx = EVP_MD_CTX_create();  EVP_VerifyInit_ex( ctx, EVP_sha256(), 0 );  EVP_VerifyUpdate( ctx, clearText, clearlen );  verify=EVP_VerifyFinal( ctx, sig, sigLen, pKey );  EVP_MD_CTX_destroy( ctx );  return verify;}

intdsa_update(struct iked_dsa *dsa, const void *buf, size_t len){	int	ret = 1;	if (dsa->dsa_hmac)		ret = HMAC_Update(dsa->dsa_ctx, buf, len);	else if (dsa->dsa_sign)		ret = EVP_SignUpdate(dsa->dsa_ctx, buf, len);	else		ret = EVP_VerifyUpdate(dsa->dsa_ctx, buf, len);	return (ret ? 0 : -1);}

/* * public static native void EVP_VerifyUpdate(int, byte[], int, int) */static void NativeCrypto_EVP_VerifyUpdate(JNIEnv* env, jclass clazz, EVP_MD_CTX* ctx, jbyteArray buffer, jint offset, jint length) {    // LOGI("NativeCrypto_EVP_VerifyUpdate %x, %x, %d, %d", ctx, buffer, offset, length);    if (ctx == NULL || buffer == NULL) {        throwNullPointerException(env);        return;    }    jbyte* bufferBytes = env->GetByteArrayElements(buffer, NULL);    EVP_VerifyUpdate(ctx, (unsigned char*) (bufferBytes + offset), length);    env->ReleaseByteArrayElements(buffer, bufferBytes, JNI_ABORT);    throwExceptionIfNecessary(env);}

int verify_sig( EVP_PKEY * pkey, const EVP_MD * htype, char * data, int data_len, unsigned char * sig, int sig_len ){   EVP_MD_CTX     md_ctx;      EVP_VerifyInit   (&md_ctx, htype);   EVP_VerifyUpdate (&md_ctx, data, data_len);      if ( EVP_VerifyFinal (&md_ctx, sig, sig_len, pkey) != 1)   {      ERR_print_errors_fp (stderr);      return 0;   }   return 1;}

/* * RSA: generate keys and sign, verify input plaintext. */static int FIPS_rsa_test(int bad){    RSA *key;    unsigned char input_ptext[] = "etaonrishdlc";    unsigned char buf[256];    unsigned int slen;    BIGNUM *bn;    EVP_MD_CTX mctx;    EVP_PKEY pk;    int r = 0;    ERR_clear_error();    EVP_MD_CTX_init(&mctx);    key = RSA_new();    bn = BN_new();    if (!key || !bn)        return 0;    BN_set_word(bn, 65537);    if (!RSA_generate_key_ex(key, 1024, bn, NULL))        return 0;    BN_free(bn);    if (bad)        BN_add_word(key->n, 1);    pk.type = EVP_PKEY_RSA;    pk.pkey.rsa = key;    if (!EVP_SignInit_ex(&mctx, EVP_sha1(), NULL))        goto end;    if (!EVP_SignUpdate(&mctx, input_ptext, sizeof(input_ptext) - 1))        goto end;    if (!EVP_SignFinal(&mctx, buf, &slen, &pk))        goto end;    if (!EVP_VerifyInit_ex(&mctx, EVP_sha1(), NULL))        goto end;    if (!EVP_VerifyUpdate(&mctx, input_ptext, sizeof(input_ptext) - 1))        goto end;    r = EVP_VerifyFinal(&mctx, buf, slen, &pk);end:    EVP_MD_CTX_cleanup(&mctx);    if (key)        RSA_free(key);    if (r != 1)        return 0;    return 1;}

bool verifySignature(int message, unsigned char* signature, char* certfile) {	int err;	unsigned int sig_len;	//unsigned char sig_buf[4096];	static char data[100];	EVP_MD_CTX md_ctx;	EVP_PKEY* pkey;	FILE * fp;	X509 * x509;	memset(&data, '/0', sizeof(data));	sprintf(data, "%d", message);	ERR_load_crypto_strings();	fp = fopen(certfile, "r");	if (fp == NULL) {		printf("certfile not found/n");		exit(1);	}	x509 = PEM_read_X509(fp, NULL, NULL, NULL);	fclose(fp);	if (x509 == NULL) {		printf("Error in certificate file x509/n");		ERR_print_errors_fp (stderr);		exit(1);	}	/* Get public key - eay */	pkey = X509_get_pubkey(x509);	if (pkey == NULL) {		printf("Error in claiming the public key/n");		ERR_print_errors_fp (stderr);		exit(1);	}	sig_len = 128;	/* Verify the signature */	EVP_VerifyInit(&md_ctx, EVP_sha1());	EVP_VerifyUpdate(&md_ctx, data, strlen((char*) data));	err = EVP_VerifyFinal(&md_ctx, signature, sig_len, pkey);	EVP_PKEY_free(pkey);	if (err != 1) {		ERR_print_errors_fp (stderr);		return 0;	}	return 1;}

/* * DSA: generate keys and sign, verify input plaintext. */static int FIPS_dsa_test(int bad){    DSA *dsa = NULL;    EVP_PKEY pk;    unsigned char dgst[] = "etaonrishdlc";    unsigned char buf[60];    unsigned int slen;    int r = 0;    EVP_MD_CTX mctx;    ERR_clear_error();    EVP_MD_CTX_init(&mctx);    dsa = DSA_new();    if (!dsa)        goto end;    if (!DSA_generate_parameters_ex(dsa, 1024, NULL, 0, NULL, NULL, NULL))        goto end;    if (!DSA_generate_key(dsa))        goto end;    if (bad)        BN_add_word(dsa->pub_key, 1);    pk.type = EVP_PKEY_DSA;    pk.pkey.dsa = dsa;    if (!EVP_SignInit_ex(&mctx, EVP_dss1(), NULL))        goto end;    if (!EVP_SignUpdate(&mctx, dgst, sizeof(dgst) - 1))        goto end;    if (!EVP_SignFinal(&mctx, buf, &slen, &pk))        goto end;    if (!EVP_VerifyInit_ex(&mctx, EVP_dss1(), NULL))        goto end;    if (!EVP_VerifyUpdate(&mctx, dgst, sizeof(dgst) - 1))        goto end;    r = EVP_VerifyFinal(&mctx, buf, slen, &pk);end:    EVP_MD_CTX_cleanup(&mctx);    if (dsa)        DSA_free(dsa);    if (r != 1)        return 0;    return 1;}

static bool EVP_verify(RSA *rsa, const char *sign, size_t sigl, const char *data, size_t l) {	EVP_MD_CTX ctx;	EVP_PKEY *pkey;	bool ret = false;	pkey = EVP_PKEY_new();	if (!pkey) return ret;	if (!EVP_PKEY_set1_RSA(pkey, rsa)) goto _fail;	EVP_VerifyInit(&ctx, EVP_sha256());	if (!EVP_VerifyUpdate(&ctx, data, l)) goto _fail;	if (EVP_VerifyFinal(&ctx, sign, sigl, pkey) == 1) ret = true;_fail:	EVP_PKEY_free(pkey);	return ret;}

FLASH2_RESULT Flash2AppSMVerifyHashWrite(SM_MEDIA_HANDLE h, void* buffer, FLASH2_UINT32 buffer_len){	int err;	if (h == NULL)	{		return FLASH2_FAILURE;	}	err = EVP_VerifyUpdate(&h->md_ctx, buffer, buffer_len);	if (err != 1)	{		return FLASH2_FAILURE;	}	return FLASH2_SUCCESS;}

boolcrypto_rsa_verify_signature(struct string *databuffer, struct string *signature, const char *pubkey){	int err;	bool retval;	EVP_MD_CTX md_ctx;	EVP_PKEY *pkey;	/* load public key into openssl structure */        pkey = crypto_load_key(pubkey, false);        if (pkey == NULL) {            log_err("crypto_verify_signature: key loading failed/n");            return false;        }                /* Verify the signature */        if (EVP_VerifyInit(&md_ctx, EVP_sha512()) != 1) {            log_err("crypto_verify_signature: libcrypto verify init failed/n");            EVP_PKEY_free(pkey);            return false;        }        EVP_VerifyUpdate(&md_ctx, string_get(databuffer), string_length(databuffer));        err = EVP_VerifyFinal(&md_ctx, (unsigned char*)string_get(signature), string_length(signature), pkey);        EVP_PKEY_free(pkey);                if (err != 1) {            log_err("crypto_verify_signature: signature verify failed, received bogus data from backend./n");            ERR_print_errors_fp(stderr);            retval = false;            goto bailout_ctx_cleanup;        }        retval = true;bailout_ctx_cleanup:        EVP_MD_CTX_cleanup(&md_ctx);        //log_info("Signature Verified Ok./n");	return retval;}

	int RSASHA256Stream:: overflow(int c)	{		char *ibegin = out_buf_;		char *iend = pptr();		// mark the buffer as free		setp(out_buf_, out_buf_ + BUFF_SIZE - 1);		if (!std::char_traits<char>::eq_int_type(c, std::char_traits<char>::eof()))		{			//TODO writing one byte after the buffer?			*iend++ = std::char_traits<char>::to_char_type(c);		}		// if there is nothing to send, just return		if ((iend - ibegin) == 0)		{			return std::char_traits<char>::not_eof(c);		}		if (!_verify)			// hashing		{			if (!EVP_SignUpdate(&_ctx, reinterpret_cast<unsigned char*>(out_buf_), iend - ibegin))			{				IBRCOMMON_LOGGER(critical) << "failed to feed data into the signature function" << IBRCOMMON_LOGGER_ENDL;				ERR_print_errors_fp(stderr);			}		}		else		{			if (!EVP_VerifyUpdate(&_ctx, reinterpret_cast<unsigned char*>(out_buf_), iend - ibegin))			{				IBRCOMMON_LOGGER(critical) << "failed to feed data into the verfication function" << IBRCOMMON_LOGGER_ENDL;				ERR_print_errors_fp(stderr);			}		}		return std::char_traits<char>::not_eof(c);	}

void openssl_evp_rsasign(){	int inlen;	RSA *rkey;	BIGNUM *bne;	EVP_PKEY *pkey;	char data[COMM_LEN];	EVP_MD_CTX mdctx;	unsigned char outs[LINE_LEN];	unsigned int i, outlen = 0;	strcpy(data, "openssl rsasign");	inlen = strlen(data);	bne = BN_new();	BN_set_word(bne, RSA_3);	rkey = RSA_new();	RSA_generate_key_ex(rkey, MAX1_LEN, bne, NULL);	pkey = EVP_PKEY_new();	EVP_PKEY_assign_RSA(pkey, rkey);	EVP_MD_CTX_init(&mdctx);	EVP_SignInit_ex(&mdctx, EVP_md5(), NULL);	EVP_SignUpdate(&mdctx, data, inlen);	EVP_SignFinal(&mdctx, outs, &outlen, pkey);	printf("/nEVP_RSASignature(%s) = ", data);	for (i = 0; i < outlen; i++)		printf("0x%02x ", outs[i]);	printf("/n");	EVP_MD_CTX_cleanup(&mdctx);	EVP_MD_CTX_init(&mdctx);	EVP_VerifyInit_ex(&mdctx, EVP_md5(), NULL);	EVP_VerifyUpdate(&mdctx, data, inlen);	if (EVP_VerifyFinal(&mdctx, outs, outlen, pkey) == 1)		printf("EVP_RSAVerify OK!/n");	EVP_MD_CTX_cleanup(&mdctx);	RSA_free(rkey);	BN_free(bne);}

int uwsgi_subscription_sign_check(struct uwsgi_subscribe_slot *slot, struct uwsgi_subscribe_req *usr) {	if (EVP_VerifyInit_ex(slot->sign_ctx, uwsgi.subscriptions_sign_check_md, NULL) == 0) {		ERR_print_errors_fp(stderr);		return 0;	}	if (EVP_VerifyUpdate(slot->sign_ctx, usr->base, usr->base_len) == 0) {		ERR_print_errors_fp(stderr);		return 0;	}	if (EVP_VerifyFinal(slot->sign_ctx, (unsigned char *) usr->sign, usr->sign_len, slot->sign_public_key) != 1) {#ifdef UWSGI_DEBUG		ERR_print_errors_fp(stderr);#endif		return 0;	}	return 1;}

extern intcrypto_verify_sign(void * key, char *buffer, unsigned int buf_size,		char *signature, unsigned int sig_size){	EVP_MD_CTX     *ectx;	int            rc;	ectx = EVP_MD_CTX_new();	EVP_VerifyInit(ectx, EVP_sha1());	EVP_VerifyUpdate(ectx, buffer, buf_size);	rc = EVP_VerifyFinal(ectx, (unsigned char *) signature,		sig_size, (EVP_PKEY *) key);	if (rc <= 0)		rc = SLURM_ERROR;	else		rc = SLURM_SUCCESS;	EVP_MD_CTX_free(ectx);	return rc;}