-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hello David,
WCR wrote:
> also Goetz,
>
>> Doing digest and sign in two steps is very unusual.
>> Usually you process the digest and generate the signature
>> in one step.
>
> Unfortunately, I think I do need both the digest and the signature to stuff
> my xml message as in example attached in previous posts.
If you really need the digest and the signature,
you can do a EVP_MD_CTX_copy() before signing:
[...]
EVP_MD_CTX *ctx_work, *ctx_dgst;
ctx_work = EVP_MD_CTX_create();
ctx_dgst = EVP_MD_CTX_create();
char dgst_data[EVP_MAX_MD_SIZE];
int dgst_size = EVP_MAX_MD_SIZE;
int sign_size = EVP_PKEY_size(key);
char*sign_data = OPENSSL_malloc(sign_size);
[...]
error = EVP_SignInit(ctx_work,EVP_sha1());
while((length = read_data(buffer)) > 0)
error = EVP_SignUpdate(ctx_work,buffer,length);
[...]
error = EVP_MD_CTX_copy_ex(ctx_dgst,ctx_work);
error = EVP_DigestFinal(ctx_dgst,dgst,dgst_size);
EVP_MD_CTX_destroy(ctx_dgst);
error = EVP_SignFinal(ctx_work,sign_data,&sign_size,key);
EVP_MD_CTX_destroy(ctx_work);
[...]
OPENSSL_free(sign_data);
[...]
WARNING:
this code is untested.
It was written from my memory how openssl works and
after consulting some man pages of the development head.
Release versions may have a slightly different interface...
Bye
Goetz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org
iD8DBQFF5I432iGqZUF3qPYRAhk6AKCB9MV3uP7eG6i52nzaJcLp2EVjlgCfYw8f
9aFddvGxRhdpwEib8wLWCRc=
=hvVf
-----END PGP SIGNATURE-----
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
