Hello Wouter, I'm not quite familiar with your app internals, but it seems your fix makes no big difference between 0 and 1 return codes. You really want to use EVP_VerifyFinal as openssl guys did it [1], and provide the above functioning level with the all possible returns. Their doc suggests the same:
EVP_VerifyFinal() returns:
1 for a correct signature
0 for verfication failure
-1 if some other error occurred.
This is a short code snippet from openssl: apps/dgst.c around line ~458.
i = EVP_VerifyFinal(ctx, sigin, (unsigned int)siglen, key);
if(i > 0)
BIO_printf(out, "Verified OK\n");
else if(i == 0)
{
BIO_printf(out, "Verification Failure\n");
return 1;
}
else
{
BIO_printf(bio_err, "Error Verifying Data\n");
ERR_print_errors(bio_err);
return 1;
}
--
pub 4096R/0E4BD0AB 2003-03-18 <people.fccf.net/danchev/key pgp.mit.edu>
signature.asc
Description: This is a digitally signed message part.
