fthielen/nginx-custom
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Initial Commit

Browse Source
This commit is contained in:
root
2017-02-25 23:55:24 +01:00
commit 1fe2e8ab62
4868 changed files with 1487355 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
openssl-1.0.2f/demos/sign/Makefile Normal file
View File

@@ -0,0 +1,15 @@
CC=cc
CFLAGS= -g -I../../include -Wall
LIBS= -L../.. -lcrypto
EXAMPLES=sign
all: $(EXAMPLES)
sign: sign.o
$(CC) -o sign sign.o $(LIBS)
clean:
rm -f $(EXAMPLES) *.o
test: all
./sign

14
openssl-1.0.2f/demos/sign/cert.pem Normal file
View File

@@ -0,0 +1,14 @@
-----BEGIN CERTIFICATE-----
MIICLDCCAdYCAQAwDQYJKoZIhvcNAQEEBQAwgaAxCzAJBgNVBAYTAlBUMRMwEQYD
VQQIEwpRdWVlbnNsYW5kMQ8wDQYDVQQHEwZMaXNib2ExFzAVBgNVBAoTDk5ldXJv
bmlvLCBMZGEuMRgwFgYDVQQLEw9EZXNlbnZvbHZpbWVudG8xGzAZBgNVBAMTEmJy
dXR1cy5uZXVyb25pby5wdDEbMBkGCSqGSIb3DQEJARYMc2FtcG9AaWtpLmZpMB4X
DTk2MDkwNTAzNDI0M1oXDTk2MTAwNTAzNDI0M1owgaAxCzAJBgNVBAYTAlBUMRMw
EQYDVQQIEwpRdWVlbnNsYW5kMQ8wDQYDVQQHEwZMaXNib2ExFzAVBgNVBAoTDk5l
dXJvbmlvLCBMZGEuMRgwFgYDVQQLEw9EZXNlbnZvbHZpbWVudG8xGzAZBgNVBAMT
EmJydXR1cy5uZXVyb25pby5wdDEbMBkGCSqGSIb3DQEJARYMc2FtcG9AaWtpLmZp
MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAL7+aty3S1iBA/+yxjxv4q1MUTd1kjNw
L4lYKbpzzlmC5beaQXeQ2RmGMTXU+mDvuqItjVHOK3DvPK7lTcSGftUCAwEAATAN
BgkqhkiG9w0BAQQFAANBAFqPEKFjk6T6CKTHvaQeEAsX0/8YHPHqH/9AnhSjrwuX
9EBc0n6bVGhN7XaXd6sJ7dym9sbsWxb+pJdurnkxjx4=
-----END CERTIFICATE-----

9
openssl-1.0.2f/demos/sign/key.pem Normal file
View File

@@ -0,0 +1,9 @@
-----BEGIN RSA PRIVATE KEY-----
MIIBPAIBAAJBAL7+aty3S1iBA/+yxjxv4q1MUTd1kjNwL4lYKbpzzlmC5beaQXeQ
2RmGMTXU+mDvuqItjVHOK3DvPK7lTcSGftUCAwEAAQJBALjkK+jc2+iihI98riEF
oudmkNziSRTYjnwjx8mCoAjPWviB3c742eO3FG4/soi1jD9A5alihEOXfUzloenr
8IECIQD3B5+0l+68BA/6d76iUNqAAV8djGTzvxnCxycnxPQydQIhAMXt4trUI3nc
a+U8YL2HPFA3gmhBsSICbq2OptOCnM7hAiEA6Xi3JIQECob8YwkRj29DU3/4WYD7
WLPgsQpwo1GuSpECICGsnWH5oaeD9t9jbFoSfhJvv0IZmxdcLpRcpslpeWBBAiEA
6/5B8J0GHdJq89FHwEG/H2eVVUYu5y/aD6sgcm+0Avg=
-----END RSA PRIVATE KEY-----

158
openssl-1.0.2f/demos/sign/sig.txt Normal file
View File

@@ -0,0 +1,158 @@
From ssl-lists-owner@mincom.com Mon Sep 30 02:37:40 1996
Received: from cygnus.mincom.oz.au by orb.mincom.oz.au with SMTP id AA11782
(5.65c/IDA-1.4.4 for eay); Mon, 30 Sep 1996 11:46:21 +1000
Received: (from daemon@localhost) by cygnus.mincom.oz.au (8.7.5/8.7.3) id LAA18980 for ssl-users-outgoing; Mon, 30 Sep 1996 11:44:56 +1000 (EST)
Received: from minbne.mincom.oz.au (minbne.mincom.oz.au [192.55.196.247]) by cygnus.mincom.oz.au (8.7.5/8.7.3) with SMTP id LAA18962 for <ssl-users@listserv.mincom.oz.au>; Mon, 30 Sep 1996 11:44:51 +1000 (EST)
Received: by minbne.mincom.oz.au id AA22230
(5.65c/IDA-1.4.4 for ssl-users@listserv.mincom.oz.au); Mon, 30 Sep 1996 11:38:41 +1000
Received: from brutus.neuronio.pt (brutus.neuronio.pt [193.126.253.2]) by bunyip.cc.uq.oz.au (8.7.6/8.7.3) with SMTP id LAA15824 for <ssl-users@mincom.com>; Mon, 30 Sep 1996 11:40:07 +1000
Received: (from sampo@localhost) by brutus.neuronio.pt (8.6.11/8.6.11) id BAA08729; Mon, 30 Sep 1996 01:37:40 +0100
Date: Mon, 30 Sep 1996 01:37:40 +0100
Message-Id: <199609300037.BAA08729@brutus.neuronio.pt>
From: Sampo Kellomaki <sampo@neuronio.pt>
To: ssl-users@mincom.com
Cc: sampo@brutus.neuronio.pt
Subject: Signing with envelope routines
Sender: ssl-lists-owner@mincom.com
Precedence: bulk
Status: RO
X-Status: D
I have been trying to figure out how to produce signatures with EVP_
routines. I seem to be able to read in private key and sign some
data ok, but I can't figure out how I am supposed to read in
public key so that I could verify my signature. I use self signed
certificate.
I figured I should use
EVP_PKEY* pkey = PEM_ASN1_read(d2i_PrivateKey, PEM_STRING_EVP_PKEY,
fp, NULL, NULL);
to read in private key and this seems to work Ok.
However when I try analogous
EVP_PKEY* pkey = PEM_ASN1_read(d2i_PublicKey, PEM_STRING_X509,
fp, NULL, NULL);
the program fails with
error:0D09508D:asn1 encoding routines:D2I_PUBLICKEY:unknown public key type:d2i_pu.c:93
error:0906700D:PEM routines:PEM_ASN1_read_bio:ASN1 lib:pem_lib.c:232
I figured that the second argument to PEM_ASN1_read should match the
name in my PEM encoded object, hence PEM_STRING_X509.
PEM_STRING_EVP_PKEY seems to be somehow magical
because it matches whatever private key there happens to be. I could
not find a similar constant to use with getting the certificate, however.
Is my approach of using PEM_ASN1_read correct? What should I pass in
as name? Can I use normal (or even self signed) X509 certificate for
verifying the signature?
When will SSLeay documentation be written ;-)? If I would contribute
comments to the code, would Eric take time to review them and include
them in distribution?
I'm using SSLeay-0.6.4. My program is included below along with the
key and cert that I use.
--Sampo
-----------------------------------
/* sign-it.cpp - Simple test app using SSLeay envelopes to sign data
29.9.1996, Sampo Kellomaki <sampo@iki.fi> */
#include <stdio.h>
#include "rsa.h"
#include "evp.h"
#include "objects.h"
#include "x509.h"
#include "err.h"
#include "pem.h"
#include "ssl.h"
void main ()
{
int err;
int sig_len;
unsigned char sig_buf [4096];
const char certfile[] = "plain-cert.pem";
const char keyfile[] = "plain-key.pem";
const char data[] = "I owe you...";
EVP_MD_CTX md_ctx;
EVP_PKEY* pkey;
FILE* fp;
SSL_load_error_strings();
/* Read private key */
fp = fopen (keyfile, "r"); if (fp == NULL) exit (1);
pkey = (EVP_PKEY*)PEM_ASN1_read ((char *(*)())d2i_PrivateKey,
PEM_STRING_EVP_PKEY,
fp,
NULL, NULL);
if (pkey == NULL) { ERR_print_errors_fp (stderr); exit (1); }
fclose (fp);
/* Do the signature */
EVP_SignInit (&md_ctx, EVP_md5());
EVP_SignUpdate (&md_ctx, data, strlen(data));
sig_len = sizeof(sig_buf);
err = EVP_SignFinal (&md_ctx,
sig_buf,
&sig_len,
pkey);
if (err != 1) { ERR_print_errors_fp (stderr); exit (1); }
EVP_PKEY_free (pkey);
/* Read public key */
fp = fopen (certfile, "r"); if (fp == NULL) exit (1);
pkey = (EVP_PKEY*)PEM_ASN1_read ((char *(*)())d2i_PublicKey,
PEM_STRING_X509,
fp,
NULL, NULL);
if (pkey == NULL) { ERR_print_errors_fp (stderr); exit (1); }
fclose (fp);
/* Verify the signature */
EVP_VerifyInit (&md_ctx, EVP_md5());
EVP_VerifyUpdate (&md_ctx, data, strlen((char*)data));
err = EVP_VerifyFinal (&md_ctx,
sig_buf,
sig_len,
pkey);
if (err != 1) { ERR_print_errors_fp (stderr); exit (1); }
EVP_PKEY_free (pkey);
printf ("Signature Verified Ok.\n");
}
/* EOF */
--------------- plain-cert.pem -----------------
-----BEGIN CERTIFICATE-----
MIICLDCCAdYCAQAwDQYJKoZIhvcNAQEEBQAwgaAxCzAJBgNVBAYTAlBUMRMwEQYD
VQQIEwpRdWVlbnNsYW5kMQ8wDQYDVQQHEwZMaXNib2ExFzAVBgNVBAoTDk5ldXJv
bmlvLCBMZGEuMRgwFgYDVQQLEw9EZXNlbnZvbHZpbWVudG8xGzAZBgNVBAMTEmJy
dXR1cy5uZXVyb25pby5wdDEbMBkGCSqGSIb3DQEJARYMc2FtcG9AaWtpLmZpMB4X
DTk2MDkwNTAzNDI0M1oXDTk2MTAwNTAzNDI0M1owgaAxCzAJBgNVBAYTAlBUMRMw
EQYDVQQIEwpRdWVlbnNsYW5kMQ8wDQYDVQQHEwZMaXNib2ExFzAVBgNVBAoTDk5l
dXJvbmlvLCBMZGEuMRgwFgYDVQQLEw9EZXNlbnZvbHZpbWVudG8xGzAZBgNVBAMT
EmJydXR1cy5uZXVyb25pby5wdDEbMBkGCSqGSIb3DQEJARYMc2FtcG9AaWtpLmZp
MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAL7+aty3S1iBA/+yxjxv4q1MUTd1kjNw
L4lYKbpzzlmC5beaQXeQ2RmGMTXU+mDvuqItjVHOK3DvPK7lTcSGftUCAwEAATAN
BgkqhkiG9w0BAQQFAANBAFqPEKFjk6T6CKTHvaQeEAsX0/8YHPHqH/9AnhSjrwuX
9EBc0n6bVGhN7XaXd6sJ7dym9sbsWxb+pJdurnkxjx4=
-----END CERTIFICATE-----
---------------- plain-key.pem -----------------
-----BEGIN RSA PRIVATE KEY-----
MIIBPAIBAAJBAL7+aty3S1iBA/+yxjxv4q1MUTd1kjNwL4lYKbpzzlmC5beaQXeQ
2RmGMTXU+mDvuqItjVHOK3DvPK7lTcSGftUCAwEAAQJBALjkK+jc2+iihI98riEF
oudmkNziSRTYjnwjx8mCoAjPWviB3c742eO3FG4/soi1jD9A5alihEOXfUzloenr
8IECIQD3B5+0l+68BA/6d76iUNqAAV8djGTzvxnCxycnxPQydQIhAMXt4trUI3nc
a+U8YL2HPFA3gmhBsSICbq2OptOCnM7hAiEA6Xi3JIQECob8YwkRj29DU3/4WYD7
WLPgsQpwo1GuSpECICGsnWH5oaeD9t9jbFoSfhJvv0IZmxdcLpRcpslpeWBBAiEA
6/5B8J0GHdJq89FHwEG/H2eVVUYu5y/aD6sgcm+0Avg=
-----END RSA PRIVATE KEY-----
------------------------------------------------

160
openssl-1.0.2f/demos/sign/sign.c Normal file
View File

@@ -0,0 +1,160 @@
/* demos/sign/sign.c */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
*
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
*
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* "This product includes cryptographic software written by
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
* 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
*
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* [including the GNU Public Licence.]
*/
/*
* sign-it.cpp - Simple test app using SSLeay envelopes to sign data
* 29.9.1996, Sampo Kellomaki <sampo@iki.fi>
*/
/* converted to C - eay :-) */
/*
* reformated a bit and converted to use the more common functions: this was
* initially written at the dawn of time :-) - Steve.
*/
#include <stdio.h>
#include <openssl/rsa.h>
#include <openssl/evp.h>
#include <openssl/objects.h>
#include <openssl/x509.h>
#include <openssl/err.h>
#include <openssl/pem.h>
#include <openssl/ssl.h>
int main()
{
int err;
int sig_len;
unsigned char sig_buf[4096];
static char certfile[] = "cert.pem";
static char keyfile[] = "key.pem";
static char data[] = "I owe you...";
EVP_MD_CTX md_ctx;
EVP_PKEY *pkey;
FILE *fp;
X509 *x509;
/*
* Just load the crypto library error strings, SSL_load_error_strings()
* loads the crypto AND the SSL ones
*/
/* SSL_load_error_strings(); */
ERR_load_crypto_strings();
/* Read private key */
fp = fopen(keyfile, "r");
if (fp == NULL)
exit(1);
pkey = PEM_read_PrivateKey(fp, NULL, NULL, NULL);
fclose(fp);
if (pkey == NULL) {
ERR_print_errors_fp(stderr);
exit(1);
}
/* Do the signature */
EVP_SignInit(&md_ctx, EVP_sha1());
EVP_SignUpdate(&md_ctx, data, strlen(data));
sig_len = sizeof(sig_buf);
err = EVP_SignFinal(&md_ctx, sig_buf, &sig_len, pkey);
if (err != 1) {
ERR_print_errors_fp(stderr);
exit(1);
}
EVP_PKEY_free(pkey);
/* Read public key */
fp = fopen(certfile, "r");
if (fp == NULL)
exit(1);
x509 = PEM_read_X509(fp, NULL, NULL, NULL);
fclose(fp);
if (x509 == NULL) {
ERR_print_errors_fp(stderr);
exit(1);
}
/* Get public key - eay */
pkey = X509_get_pubkey(x509);
if (pkey == NULL) {
ERR_print_errors_fp(stderr);
exit(1);
}
/* Verify the signature */
EVP_VerifyInit(&md_ctx, EVP_sha1());
EVP_VerifyUpdate(&md_ctx, data, strlen((char *)data));
err = EVP_VerifyFinal(&md_ctx, sig_buf, sig_len, pkey);
EVP_PKEY_free(pkey);
if (err != 1) {
ERR_print_errors_fp(stderr);
exit(1);
}
printf("Signature Verified Ok.\n");
return (0);
}

170
openssl-1.0.2f/demos/sign/sign.txt Normal file
View File

@@ -0,0 +1,170 @@
From ssl-lists-owner@mincom.com Mon Sep 30 22:43:15 1996
Received: from cygnus.mincom.oz.au by orb.mincom.oz.au with SMTP id AA12802
(5.65c/IDA-1.4.4 for eay); Mon, 30 Sep 1996 12:45:43 +1000
Received: (from daemon@localhost) by cygnus.mincom.oz.au (8.7.5/8.7.3) id MAA25922 for ssl-users-outgoing; Mon, 30 Sep 1996 12:43:43 +1000 (EST)
Received: from orb.mincom.oz.au (eay@orb.mincom.oz.au [192.55.197.1]) by cygnus.mincom.oz.au (8.7.5/8.7.3) with SMTP id MAA25900 for <ssl-users@listserv.mincom.oz.au>; Mon, 30 Sep 1996 12:43:39 +1000 (EST)
Received: by orb.mincom.oz.au id AA12688
(5.65c/IDA-1.4.4 for ssl-users@listserv.mincom.oz.au); Mon, 30 Sep 1996 12:43:16 +1000
Date: Mon, 30 Sep 1996 12:43:15 +1000 (EST)
From: Eric Young <eay@mincom.com>
X-Sender: eay@orb
To: Sampo Kellomaki <sampo@neuronio.pt>
Cc: ssl-users@mincom.com, sampo@brutus.neuronio.pt
Subject: Re: Signing with envelope routines
In-Reply-To: <199609300037.BAA08729@brutus.neuronio.pt>
Message-Id: <Pine.SOL.3.91.960930121504.11800Y-100000@orb>
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: ssl-lists-owner@mincom.com
Precedence: bulk
Status: O
X-Status:
On Mon, 30 Sep 1996, Sampo Kellomaki wrote:
> I have been trying to figure out how to produce signatures with EVP_
> routines. I seem to be able to read in private key and sign some
> data ok, but I can't figure out how I am supposed to read in
> public key so that I could verify my signature. I use self signed
> certificate.
hmm... a rather poorly documented are of the library at this point in time.
> I figured I should use
> EVP_PKEY* pkey = PEM_ASN1_read(d2i_PrivateKey, PEM_STRING_EVP_PKEY,
> fp, NULL, NULL);
> to read in private key and this seems to work Ok.
>
> However when I try analogous
> EVP_PKEY* pkey = PEM_ASN1_read(d2i_PublicKey, PEM_STRING_X509,
> fp, NULL, NULL);
What you should do is
X509 *x509=PEM_read_X509(fp,NULL,NULL);
/* which is the same as PEM_ASN1_read(d2i_X509,PEM_STRING_X509,fp,
* NULL,NULL); */
Then
EVP_PKEY *pkey=X509_extract_key(x509);
There is also a X509_REQ_extract_key(req);
which gets the public key from a certificate request.
I re-worked quite a bit of this when I cleaned up the dependancy on
RSA as the private key.
> I figured that the second argument to PEM_ASN1_read should match the
> name in my PEM encoded object, hence PEM_STRING_X509.
> PEM_STRING_EVP_PKEY seems to be somehow magical
> because it matches whatever private key there happens to be. I could
> not find a similar constant to use with getting the certificate, however.
:-), PEM_STRING_EVP_PKEY is 'magical' :-). In theory I should be using a
standard such as PKCS#8 to store the private key so that the type is
encoded in the asn.1 encoding of the object.
> Is my approach of using PEM_ASN1_read correct? What should I pass in
> as name? Can I use normal (or even self signed) X509 certificate for
> verifying the signature?
The actual public key is kept in the certificate, so basically you have
to load the certificate and then 'unpack' the public key from the
certificate.
> When will SSLeay documentation be written ;-)? If I would contribute
> comments to the code, would Eric take time to review them and include
> them in distribution?
:-) After SSLv3 and PKCS#7 :-). I actually started doing a function list
but what I really need to do is do quite a few 'this is how you do xyz'
type documents. I suppose the current method is to post to ssl-users and
I'll respond :-).
I'll add a 'demo' directory for the next release, I've appended a
modified version of your program that works, you were very close :-).
eric
/* sign-it.cpp - Simple test app using SSLeay envelopes to sign data
29.9.1996, Sampo Kellomaki <sampo@iki.fi> */
/* converted to C - eay :-) */
#include <stdio.h>
#include "rsa.h"
#include "evp.h"
#include "objects.h"
#include "x509.h"
#include "err.h"
#include "pem.h"
#include "ssl.h"
void main ()
{
int err;
int sig_len;
unsigned char sig_buf [4096];
static char certfile[] = "plain-cert.pem";
static char keyfile[] = "plain-key.pem";
static char data[] = "I owe you...";
EVP_MD_CTX md_ctx;
EVP_PKEY * pkey;
FILE * fp;
X509 * x509;
/* Just load the crypto library error strings,
* SSL_load_error_strings() loads the crypto AND the SSL ones */
/* SSL_load_error_strings();*/
ERR_load_crypto_strings();
/* Read private key */
fp = fopen (keyfile, "r"); if (fp == NULL) exit (1);
pkey = (EVP_PKEY*)PEM_ASN1_read ((char *(*)())d2i_PrivateKey,
PEM_STRING_EVP_PKEY,
fp,
NULL, NULL);
if (pkey == NULL) { ERR_print_errors_fp (stderr); exit (1); }
fclose (fp);
/* Do the signature */
EVP_SignInit (&md_ctx, EVP_md5());
EVP_SignUpdate (&md_ctx, data, strlen(data));
sig_len = sizeof(sig_buf);
err = EVP_SignFinal (&md_ctx,
sig_buf,
&sig_len,
pkey);
if (err != 1) { ERR_print_errors_fp (stderr); exit (1); }
EVP_PKEY_free (pkey);
/* Read public key */
fp = fopen (certfile, "r"); if (fp == NULL) exit (1);
x509 = (X509 *)PEM_ASN1_read ((char *(*)())d2i_X509,
PEM_STRING_X509,
fp, NULL, NULL);
if (x509 == NULL) { ERR_print_errors_fp (stderr); exit (1); }
fclose (fp);
/* Get public key - eay */
pkey=X509_extract_key(x509);
if (pkey == NULL) { ERR_print_errors_fp (stderr); exit (1); }
/* Verify the signature */
EVP_VerifyInit (&md_ctx, EVP_md5());
EVP_VerifyUpdate (&md_ctx, data, strlen((char*)data));
err = EVP_VerifyFinal (&md_ctx,
sig_buf,
sig_len,
pkey);
if (err != 1) { ERR_print_errors_fp (stderr); exit (1); }
EVP_PKEY_free (pkey);
printf ("Signature Verified Ok.\n");
}