216 lines
10 KiB
HTML
216 lines
10 KiB
HTML
|
<?xml version="1.0" ?>
|
||
|
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
|
||
|
<html xmlns="http://www.w3.org/1999/xhtml">
|
||
|
<head>
|
||
|
<title>EVP_DigestVerifyInit</title>
|
||
|
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
|
||
|
<link rev="made" href="mailto:root@localhost" />
|
||
|
</head>
|
||
|
|
||
|
<body style="background-color: white">
|
||
|
|
||
|
|
||
|
<!-- INDEX BEGIN -->
|
||
|
<div name="index">
|
||
|
<p><a name="__index__"></a></p>
|
||
|
|
||
|
<ul>
|
||
|
|
||
|
<li><a href="#name">NAME</a></li>
|
||
|
<li><a href="#synopsis">SYNOPSIS</a></li>
|
||
|
<li><a href="#description">DESCRIPTION</a></li>
|
||
|
<li><a href="#return_values">RETURN VALUES</a></li>
|
||
|
<li><a href="#notes">NOTES</a></li>
|
||
|
<li><a href="#see_also">SEE ALSO</a></li>
|
||
|
<li><a href="#history">HISTORY</a></li>
|
||
|
<li><a href="#copyright">COPYRIGHT</a></li>
|
||
|
</ul>
|
||
|
|
||
|
<hr name="index" />
|
||
|
</div>
|
||
|
<!-- INDEX END -->
|
||
|
|
||
|
<p>
|
||
|
</p>
|
||
|
<hr />
|
||
|
<h1><a name="name">NAME</a></h1>
|
||
|
<p>EVP_DigestVerifyInit_ex, EVP_DigestVerifyInit, EVP_DigestVerifyUpdate,
|
||
|
EVP_DigestVerifyFinal, EVP_DigestVerify - EVP signature verification functions</p>
|
||
|
<p>
|
||
|
</p>
|
||
|
<hr />
|
||
|
<h1><a name="synopsis">SYNOPSIS</a></h1>
|
||
|
<pre>
|
||
|
#include <openssl/evp.h></pre>
|
||
|
<pre>
|
||
|
int EVP_DigestVerifyInit_ex(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
|
||
|
const char *mdname, const char *props,
|
||
|
EVP_PKEY *pkey, EVP_SIGNATURE *signature);
|
||
|
int EVP_DigestVerifyInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
|
||
|
const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey);
|
||
|
int EVP_DigestVerifyUpdate(EVP_MD_CTX *ctx, const void *d, size_t cnt);
|
||
|
int EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sig,
|
||
|
size_t siglen);
|
||
|
int EVP_DigestVerify(EVP_MD_CTX *ctx, const unsigned char *sigret,
|
||
|
size_t siglen, const unsigned char *tbs, size_t tbslen);</pre>
|
||
|
<p>
|
||
|
</p>
|
||
|
<hr />
|
||
|
<h1><a name="description">DESCRIPTION</a></h1>
|
||
|
<p>The EVP signature routines are a high level interface to digital signatures.
|
||
|
Input data is digested first before the signature verification takes place.</p>
|
||
|
<p><code>EVP_DigestVerifyInit_ex()</code> sets up verification context <strong>ctx</strong> to use a digest
|
||
|
with the name <strong>mdname</strong> and public key <strong>pkey</strong>. The signature algorithm
|
||
|
<strong>signature</strong> will be used for the actual signature verification which must be
|
||
|
compatible with the public key. The name of the digest to be used is passed to
|
||
|
the provider of the signature algorithm in use. How that provider interprets the
|
||
|
digest name is provider specific. The provider may implement that digest
|
||
|
directly itself or it may (optionally) choose to fetch it (which could result in
|
||
|
a digest from a different provider being selected). If the provider supports
|
||
|
fetching the digest then it may use the <strong>props</strong> argument for the properties to
|
||
|
be used during the fetch.</p>
|
||
|
<p>The <strong>signature</strong> parameter may be NULL in which case a suitable signature
|
||
|
algorithm implementation will be implicitly fetched based on the type of key in
|
||
|
use. See <em>provider(7)</em> for further information about providers and fetching
|
||
|
algorithms.</p>
|
||
|
<p>The OpenSSL default and legacy providers support fetching digests and can fetch
|
||
|
those digests from any available provider. The OpenSSL fips provider also
|
||
|
supports fetching digests but will only fetch digests that are themselves
|
||
|
implemented inside the fips provider.</p>
|
||
|
<p><strong>ctx</strong> must be created with <code>EVP_MD_CTX_new()</code> before calling this function. If
|
||
|
<strong>pctx</strong> is not NULL, the EVP_PKEY_CTX of the verification operation will be
|
||
|
written to <strong>*pctx</strong>: this can be used to set alternative verification options.
|
||
|
Note that any existing value in <strong>*pctx</strong> is overwritten. The EVP_PKEY_CTX value
|
||
|
returned must not be freed directly by the application if <strong>ctx</strong> is not assigned
|
||
|
an EVP_PKEY_CTX value before being passed to <code>EVP_DigestVerifyInit_ex()</code> (which
|
||
|
means the EVP_PKEY_CTX is created inside <code>EVP_DigestVerifyInit_ex()</code> and it will
|
||
|
be freed automatically when the EVP_MD_CTX is freed).</p>
|
||
|
<p>No <strong>EVP_PKEY_CTX</strong> will be created by <code>EVP_DigestSignInit_ex()</code> if the passed
|
||
|
<strong>ctx</strong> has already been assigned one via <em>EVP_MD_CTX_set_pkey_ctx(3)</em>. See also
|
||
|
<em>SM2(7)</em>.</p>
|
||
|
<p>Not all digests can be used for all key types. The following combinations apply.</p>
|
||
|
<dl>
|
||
|
<dt><strong><a name="dsa" class="item">DSA</a></strong></dt>
|
||
|
|
||
|
<dd>
|
||
|
<p>Supports SHA1, SHA224, SHA256, SHA384 and SHA512</p>
|
||
|
</dd>
|
||
|
<dt><strong><a name="ecdsa" class="item">ECDSA</a></strong></dt>
|
||
|
|
||
|
<dd>
|
||
|
<p>Supports SHA1, SHA224, SHA256, SHA384, SHA512 and SM3</p>
|
||
|
</dd>
|
||
|
<dt><strong><a name="rsa_with_no_padding" class="item">RSA with no padding</a></strong></dt>
|
||
|
|
||
|
<dd>
|
||
|
<p>Supports no digests (the digest <strong>type</strong> must be NULL)</p>
|
||
|
</dd>
|
||
|
<dt><strong><a name="rsa_with_x931_padding" class="item">RSA with X931 padding</a></strong></dt>
|
||
|
|
||
|
<dd>
|
||
|
<p>Supports SHA1, SHA256, SHA384 and SHA512</p>
|
||
|
</dd>
|
||
|
<dt><strong><a name="all_other_rsa_padding_types" class="item">All other RSA padding types</a></strong></dt>
|
||
|
|
||
|
<dd>
|
||
|
<p>Support SHA1, SHA224, SHA256, SHA384, SHA512, MD5, MD5_SHA1, MD2, MD4, MDC2,
|
||
|
SHA3-224, SHA3-256, SHA3-384, SHA3-512</p>
|
||
|
</dd>
|
||
|
<dt><strong><a name="ed25519_and_ed448" class="item">Ed25519 and Ed448</a></strong></dt>
|
||
|
|
||
|
<dd>
|
||
|
<p>Support no digests (the digest <strong>type</strong> must be NULL)</p>
|
||
|
</dd>
|
||
|
<dt><strong><a name="hmac" class="item">HMAC</a></strong></dt>
|
||
|
|
||
|
<dd>
|
||
|
<p>Supports any digest</p>
|
||
|
</dd>
|
||
|
<dt><strong><a name="cmac_poly1305_and_siphash" class="item">CMAC, Poly1305 and SipHash</a></strong></dt>
|
||
|
|
||
|
<dd>
|
||
|
<p>Will ignore any digest provided.</p>
|
||
|
</dd>
|
||
|
</dl>
|
||
|
<p>If RSA-PSS is used and restrictions apply then the digest must match.</p>
|
||
|
<p><code>EVP_DigestVerifyInit()</code> works in the same way as <code>EVP_DigestVerifyInit_ex()</code> except
|
||
|
that the <strong>mdname</strong> parameter will be inferred from the supplied digest <strong>type</strong>,
|
||
|
and <strong>props</strong> will be NULL. Where supplied the ENGINE <strong>e</strong> will be used for the
|
||
|
signature verification and digest algorithm implementations. <strong>e</strong> may be NULL.</p>
|
||
|
<p><code>EVP_DigestVerifyUpdate()</code> hashes <strong>cnt</strong> bytes of data at <strong>d</strong> into the
|
||
|
verification context <strong>ctx</strong>. This function can be called several times on the
|
||
|
same <strong>ctx</strong> to include additional data.</p>
|
||
|
<p><code>EVP_DigestVerifyFinal()</code> verifies the data in <strong>ctx</strong> against the signature in
|
||
|
<strong>sig</strong> of length <strong>siglen</strong>.</p>
|
||
|
<p><code>EVP_DigestVerify()</code> verifies <strong>tbslen</strong> bytes at <strong>tbs</strong> against the signature
|
||
|
in <strong>sig</strong> of length <strong>siglen</strong>.</p>
|
||
|
<p>
|
||
|
</p>
|
||
|
<hr />
|
||
|
<h1><a name="return_values">RETURN VALUES</a></h1>
|
||
|
<p><code>EVP_DigestVerifyInit()</code> and <code>EVP_DigestVerifyUpdate()</code> return 1 for success and 0
|
||
|
for failure.</p>
|
||
|
<p><code>EVP_DigestVerifyFinal()</code> and <code>EVP_DigestVerify()</code> return 1 for success; any other
|
||
|
value indicates failure. A return value of zero indicates that the signature
|
||
|
did not verify successfully (that is, <strong>tbs</strong> did not match the original data or
|
||
|
the signature had an invalid form), while other values indicate a more serious
|
||
|
error (and sometimes also indicate an invalid signature form).</p>
|
||
|
<p>The error codes can be obtained from <em>ERR_get_error(3)</em>.</p>
|
||
|
<p>
|
||
|
</p>
|
||
|
<hr />
|
||
|
<h1><a name="notes">NOTES</a></h1>
|
||
|
<p>The <strong>EVP</strong> interface to digital signatures should almost always be used in
|
||
|
preference to the low level interfaces. This is because the code then becomes
|
||
|
transparent to the algorithm used and much more flexible.</p>
|
||
|
<p><code>EVP_DigestVerify()</code> is a one shot operation which verifies a single block of
|
||
|
data in one function. For algorithms that support streaming it is equivalent
|
||
|
to calling <code>EVP_DigestVerifyUpdate()</code> and <code>EVP_DigestVerifyFinal()</code>. For
|
||
|
algorithms which do not support streaming (e.g. PureEdDSA) it is the only way
|
||
|
to verify data.</p>
|
||
|
<p>In previous versions of OpenSSL there was a link between message digest types
|
||
|
and public key algorithms. This meant that "clone" digests such as EVP_dss1()
|
||
|
needed to be used to sign using SHA1 and DSA. This is no longer necessary and
|
||
|
the use of clone digest is now discouraged.</p>
|
||
|
<p>For some key types and parameters the random number generator must be seeded.
|
||
|
If the automatic seeding or reseeding of the OpenSSL CSPRNG fails due to
|
||
|
external circumstances (see <em>RAND(7)</em>), the operation will fail.</p>
|
||
|
<p>The call to <code>EVP_DigestVerifyFinal()</code> internally finalizes a copy of the digest
|
||
|
context. This means that <code>EVP_VerifyUpdate()</code> and <code>EVP_VerifyFinal()</code> can
|
||
|
be called later to digest and verify additional data.</p>
|
||
|
<p>Since only a copy of the digest context is ever finalized, the context must
|
||
|
be cleaned up after use by calling <code>EVP_MD_CTX_free()</code> or a memory leak
|
||
|
will occur.</p>
|
||
|
<p>
|
||
|
</p>
|
||
|
<hr />
|
||
|
<h1><a name="see_also">SEE ALSO</a></h1>
|
||
|
<p><em>EVP_DigestSignInit(3)</em>,
|
||
|
<em>EVP_DigestInit(3)</em>,
|
||
|
<em>evp(7)</em>, <a href="#hmac">HMAC(3)</a>, <em>MD2(3)</em>,
|
||
|
<em>MD5(3)</em>, <em>MDC2(3)</em>, <em>RIPEMD160(3)</em>,
|
||
|
<em>SHA1(3)</em>, <em>openssl-dgst(1)</em>,
|
||
|
<em>RAND(7)</em></p>
|
||
|
<p>
|
||
|
</p>
|
||
|
<hr />
|
||
|
<h1><a name="history">HISTORY</a></h1>
|
||
|
<p><code>EVP_DigestVerifyInit()</code>, <code>EVP_DigestVerifyUpdate()</code> and <code>EVP_DigestVerifyFinal()</code>
|
||
|
were added in OpenSSL 1.0.0.</p>
|
||
|
<p><code>EVP_DigestVerifyInit_ex()</code> was added in OpenSSL 3.0.</p>
|
||
|
<p><code>EVP_DigestVerifyUpdate()</code> was converted from a macro to a function in OpenSSL
|
||
|
3.0.</p>
|
||
|
<p>
|
||
|
</p>
|
||
|
<hr />
|
||
|
<h1><a name="copyright">COPYRIGHT</a></h1>
|
||
|
<p>Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved.</p>
|
||
|
<p>Licensed under the Apache License 2.0 (the "License"). You may not use
|
||
|
this file except in compliance with the License. You can obtain a copy
|
||
|
in the file LICENSE in the source distribution or at
|
||
|
<a href="https://www.openssl.org/source/license.html">https://www.openssl.org/source/license.html</a>.</p>
|
||
|
|
||
|
</body>
|
||
|
|
||
|
</html>
|