2006-07-12 20:31:30 +08:00
|
|
|
=pod
|
|
|
|
|
|
|
|
=head1 NAME
|
|
|
|
|
2017-05-08 19:50:13 +08:00
|
|
|
EVP_DigestVerifyInit, EVP_DigestVerifyUpdate, EVP_DigestVerifyFinal,
|
|
|
|
EVP_DigestVerify - EVP signature verification functions
|
2006-07-12 20:31:30 +08:00
|
|
|
|
|
|
|
=head1 SYNOPSIS
|
|
|
|
|
|
|
|
#include <openssl/evp.h>
|
|
|
|
|
|
|
|
int EVP_DigestVerifyInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
|
2016-05-20 20:11:46 +08:00
|
|
|
const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey);
|
2016-10-16 04:01:25 +08:00
|
|
|
int EVP_DigestVerifyUpdate(EVP_MD_CTX *ctx, const void *d, size_t cnt);
|
2017-05-08 19:50:13 +08:00
|
|
|
int EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sig,
|
|
|
|
size_t siglen);
|
|
|
|
int EVP_DigestVerify(EVP_MD_CTX *ctx, const unsigned char *sigret,
|
|
|
|
size_t siglen, const unsigned char *tbs, size_t tbslen);
|
2006-07-12 20:31:30 +08:00
|
|
|
|
|
|
|
=head1 DESCRIPTION
|
|
|
|
|
|
|
|
The EVP signature routines are a high level interface to digital signatures.
|
|
|
|
|
|
|
|
EVP_DigestVerifyInit() sets up verification context B<ctx> to use digest
|
2015-12-01 10:19:11 +08:00
|
|
|
B<type> from ENGINE B<impl> and public key B<pkey>. B<ctx> must be created
|
|
|
|
with EVP_MD_CTX_new() before calling this function. If B<pctx> is not NULL the
|
2006-07-12 20:31:30 +08:00
|
|
|
EVP_PKEY_CTX of the verification operation will be written to B<*pctx>: this
|
|
|
|
can be used to set alternative verification options.
|
|
|
|
|
|
|
|
EVP_DigestVerifyUpdate() hashes B<cnt> bytes of data at B<d> into the
|
|
|
|
verification context B<ctx>. This function can be called several times on the
|
|
|
|
same B<ctx> to include additional data. This function is currently implemented
|
|
|
|
using a macro.
|
|
|
|
|
|
|
|
EVP_DigestVerifyFinal() verifies the data in B<ctx> against the signature in
|
|
|
|
B<sig> of length B<siglen>.
|
|
|
|
|
2017-05-08 19:50:13 +08:00
|
|
|
EVP_DogestVerify() verifies B<tbslen> bytes at B<tbs> against the signature
|
|
|
|
in B<sig> of length B<siglen>.
|
|
|
|
|
2006-07-12 20:31:30 +08:00
|
|
|
=head1 RETURN VALUES
|
|
|
|
|
|
|
|
EVP_DigestVerifyInit() and EVP_DigestVerifyUpdate() return 1 for success and 0
|
2015-08-28 00:28:08 +08:00
|
|
|
for failure.
|
2006-07-12 20:31:30 +08:00
|
|
|
|
2017-05-08 19:50:13 +08:00
|
|
|
EVP_DigestVerifyFinal() and EVP_DigestVerify() return 1 for success; any other
|
|
|
|
value indicates failure. A return value of zero indicates that the signature
|
|
|
|
did not verify successfully (that is, B<tbs> did not match the original data or
|
|
|
|
the signature had an invalid form), while other values indicate a more serious
|
|
|
|
error (and sometimes also indicate an invalid signature form).
|
2006-07-12 20:31:30 +08:00
|
|
|
|
2015-08-18 03:21:33 +08:00
|
|
|
The error codes can be obtained from L<ERR_get_error(3)>.
|
2006-07-12 20:31:30 +08:00
|
|
|
|
|
|
|
=head1 NOTES
|
|
|
|
|
|
|
|
The B<EVP> interface to digital signatures should almost always be used in
|
|
|
|
preference to the low level interfaces. This is because the code then becomes
|
|
|
|
transparent to the algorithm used and much more flexible.
|
|
|
|
|
2017-04-30 20:42:35 +08:00
|
|
|
EVP_DigesVerify() is a one shot operation which verifies a single block of
|
|
|
|
data in one function. For algorithms that support streaming it is equivalent
|
|
|
|
to calling EVP_DigestVerifyUpdate() and EVP_DigestVerifyFinal(). For
|
|
|
|
algorithms which do not support streaming (e.g. PureEdDSA) it is the only way
|
|
|
|
to verify data.
|
2017-05-08 19:50:13 +08:00
|
|
|
|
2006-07-12 20:31:30 +08:00
|
|
|
In previous versions of OpenSSL there was a link between message digest types
|
|
|
|
and public key algorithms. This meant that "clone" digests such as EVP_dss1()
|
|
|
|
needed to be used to sign using SHA1 and DSA. This is no longer necessary and
|
|
|
|
the use of clone digest is now discouraged.
|
|
|
|
|
|
|
|
For some key types and parameters the random number generator must be seeded
|
2016-05-20 20:11:46 +08:00
|
|
|
or the operation will fail.
|
2006-07-12 20:31:30 +08:00
|
|
|
|
|
|
|
The call to EVP_DigestVerifyFinal() internally finalizes a copy of the digest
|
2014-07-24 13:00:11 +08:00
|
|
|
context. This means that EVP_VerifyUpdate() and EVP_VerifyFinal() can
|
2006-07-12 20:31:30 +08:00
|
|
|
be called later to digest and verify additional data.
|
|
|
|
|
|
|
|
Since only a copy of the digest context is ever finalized the context must
|
|
|
|
be cleaned up after use by calling EVP_MD_CTX_cleanup() or a memory leak
|
|
|
|
will occur.
|
|
|
|
|
|
|
|
=head1 SEE ALSO
|
|
|
|
|
2015-08-18 03:21:33 +08:00
|
|
|
L<EVP_DigestSignInit(3)>,
|
2017-03-02 23:07:21 +08:00
|
|
|
L<EVP_DigestInit(3)>,
|
2016-11-11 16:33:09 +08:00
|
|
|
L<evp(7)>, L<HMAC(3)>, L<MD2(3)>,
|
|
|
|
L<MD5(3)>, L<MDC2(3)>, L<RIPEMD160(3)>,
|
|
|
|
L<SHA1(3)>, L<dgst(1)>
|
2006-07-12 20:31:30 +08:00
|
|
|
|
|
|
|
=head1 HISTORY
|
|
|
|
|
2016-05-20 20:11:46 +08:00
|
|
|
EVP_DigestVerifyInit(), EVP_DigestVerifyUpdate() and EVP_DigestVerifyFinal()
|
2009-10-01 07:43:01 +08:00
|
|
|
were first added to OpenSSL 1.0.0.
|
2006-07-12 20:31:30 +08:00
|
|
|
|
2016-05-18 23:44:05 +08:00
|
|
|
=head1 COPYRIGHT
|
|
|
|
|
2017-03-02 23:07:21 +08:00
|
|
|
Copyright 2006-2017 The OpenSSL Project Authors. All Rights Reserved.
|
2016-05-18 23:44:05 +08:00
|
|
|
|
|
|
|
Licensed under the OpenSSL license (the "License"). You may not use
|
|
|
|
this file except in compliance with the License. You can obtain a copy
|
|
|
|
in the file LICENSE in the source distribution or at
|
|
|
|
L<https://www.openssl.org/source/license.html>.
|
|
|
|
|
|
|
|
=cut
|