> I am extracting raw digest by using then below command. > > /* decrypt the content using the RSA pub key */ > elen = RSA_public_decrypt(sLen, sData, ebuf, rsaKey, RSA_PKCS1_PADDING); > > /* comuptes SHA1 hash*/ > SHA1_Init(&ctx); > SHA1_Update(&ctx, dataBlk, dataLen); > SHA1_Final(hash, &ctx); > > /* compare the signed data from phone and locally generated one */ > if (memcmp(hash, ebuf, elen) == 0) > authenticated = true;
Off topic... > if (memcmp(hash, ebuf, elen) == 0) > authenticated = true; You might want to use CRYPTO_memcmp. See "EVP Signing and Verifying" on the OpenSSL wiki at http://wiki.openssl.org/index.php/EVP_Signing_and_Verifying. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
