| =pod |
| |
| =head1 NAME |
| |
| EVP_DigestVerifyInit, EVP_DigestVerifyUpdate, EVP_DigestVerifyFinal - EVP signature verification functions |
| |
| =head1 SYNOPSIS |
| |
| #include <openssl/evp.h> |
| |
| int EVP_DigestVerifyInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, |
| const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey); |
| int EVP_DigestVerifyUpdate(EVP_MD_CTX *ctx, const void *d, unsigned int cnt); |
| int EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sig, size_t siglen); |
| |
| =head1 DESCRIPTION |
| |
| The EVP signature routines are a high level interface to digital signatures. |
| |
| EVP_DigestVerifyInit() sets up verification context B<ctx> to use digest |
| B<type> from ENGINE B<impl> and public key B<pkey>. B<ctx> must be created |
| with EVP_MD_CTX_new() before calling this function. If B<pctx> is not NULL the |
| EVP_PKEY_CTX of the verification operation will be written to B<*pctx>: this |
| can be used to set alternative verification options. |
| |
| EVP_DigestVerifyUpdate() hashes B<cnt> bytes of data at B<d> into the |
| verification context B<ctx>. This function can be called several times on the |
| same B<ctx> to include additional data. This function is currently implemented |
| using a macro. |
| |
| EVP_DigestVerifyFinal() verifies the data in B<ctx> against the signature in |
| B<sig> of length B<siglen>. |
| |
| =head1 RETURN VALUES |
| |
| EVP_DigestVerifyInit() and EVP_DigestVerifyUpdate() return 1 for success and 0 |
| for failure. |
| |
| EVP_DigestVerifyFinal() returns 1 for success; any other value indicates |
| failure. A return value of zero indicates that the signature did not verify |
| successfully (that is, tbs did not match the original data or the signature had |
| an invalid form), while other values indicate a more serious error (and |
| sometimes also indicate an invalid signature form). |
| |
| The error codes can be obtained from L<ERR_get_error(3)>. |
| |
| =head1 NOTES |
| |
| The B<EVP> interface to digital signatures should almost always be used in |
| preference to the low level interfaces. This is because the code then becomes |
| transparent to the algorithm used and much more flexible. |
| |
| In previous versions of OpenSSL there was a link between message digest types |
| and public key algorithms. This meant that "clone" digests such as EVP_dss1() |
| needed to be used to sign using SHA1 and DSA. This is no longer necessary and |
| the use of clone digest is now discouraged. |
| |
| For some key types and parameters the random number generator must be seeded |
| or the operation will fail. |
| |
| The call to EVP_DigestVerifyFinal() internally finalizes a copy of the digest |
| context. This means that EVP_VerifyUpdate() and EVP_VerifyFinal() can |
| be called later to digest and verify additional data. |
| |
| Since only a copy of the digest context is ever finalized the context must |
| be cleaned up after use by calling EVP_MD_CTX_cleanup() or a memory leak |
| will occur. |
| |
| =head1 SEE ALSO |
| |
| L<EVP_DigestSignInit(3)>, |
| L<EVP_DigestInit(3)>, L<err(3)>, |
| L<evp(3)>, L<hmac(3)>, L<md2(3)>, |
| L<md5(3)>, L<mdc2(3)>, L<ripemd(3)>, |
| L<sha(3)>, L<dgst(1)> |
| |
| =head1 HISTORY |
| |
| EVP_DigestVerifyInit(), EVP_DigestVerifyUpdate() and EVP_DigestVerifyFinal() |
| were first added to OpenSSL 1.0.0. |
| |
| =cut |
