verifying digest signed with private key using a C program
I'll explain all the steps I've done so far and conclude with my question.
using OpenSSL 1.0.1e-fips 11 Feb 2013
Generating a private and public key
openssl genrsa -des3 -out private.pem 2048
openssl rsa -in private.pem -outform PEM -pubout -out public.pem
signing a message with digest and private key
openssl dgst -sha256 -sign private.pem -out message.secret message.txt
at this point I have a public key, a signed message ( with digest ) and the original message.
Part 1 - using CLI ( this one works )
Using the CLI I manage to verify the digest:
openssl dgst -sha256 -verify public.pem -signature message.secret message.txt
I get "Verified OK" as a return value.
Part 2 - Using C program
My program looks like this:
where:
msg is message.txt
signature is message.secret
pkey is the public key ( achieved using PEM_read_PUBKEY )
int verify_it(const byte* msg, size_t msg_len, byte* signature, EVP_PKEY* pkey) {
EVP_MD_CTX *ctx;
size_t sig_len;
int bool_ret;
int ret_val;
ret_val = EXIT_SUCCESS;
ctx = NULL;
do
{
ctx = EVP_MD_CTX_create();
const EVP_MD* md = EVP_get_digestbyname( "SHA256" );
EVP_DigestInit_ex( ctx, md, NULL );
EVP_DigestVerifyInit( ctx, NULL, md, NULL, pkey );
EVP_DigestVerifyUpdate(ctx, msg, msg_len);
sig_len = 256;
if ( !EVP_DigestVerifyFinal( ctx, signature, sig_len )
ERR_print_errors_fp( stdout )
);
} while(0);
return ret_val;
}
this code returns a verification failure ( value of 0 ).
also the function ERR_print_errors_fp( stdout ) prints the following message:
140332412258152:error:04091077:lib(4):func(145):reason(119):rsa_sign.c:176
EDIT
thanks to @deniss I've managed to fix this one problem ( signature length was bad - probably a '