158 lines
5.4 KiB
HTML
158 lines
5.4 KiB
HTML
|
<?xml version="1.0" ?>
|
||
|
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
|
||
|
<html xmlns="http://www.w3.org/1999/xhtml">
|
||
|
<head>
|
||
|
<title>EVP_PKEY_verify_recover</title>
|
||
|
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
|
||
|
<link rev="made" href="mailto:root@localhost" />
|
||
|
</head>
|
||
|
|
||
|
<body style="background-color: white">
|
||
|
|
||
|
|
||
|
<!-- INDEX BEGIN -->
|
||
|
<div name="index">
|
||
|
<p><a name="__index__"></a></p>
|
||
|
|
||
|
<ul>
|
||
|
|
||
|
<li><a href="#name">NAME</a></li>
|
||
|
<li><a href="#synopsis">SYNOPSIS</a></li>
|
||
|
<li><a href="#description">DESCRIPTION</a></li>
|
||
|
<li><a href="#notes">NOTES</a></li>
|
||
|
<li><a href="#return_values">RETURN VALUES</a></li>
|
||
|
<li><a href="#examples">EXAMPLES</a></li>
|
||
|
<li><a href="#see_also">SEE ALSO</a></li>
|
||
|
<li><a href="#history">HISTORY</a></li>
|
||
|
<li><a href="#copyright">COPYRIGHT</a></li>
|
||
|
</ul>
|
||
|
|
||
|
<hr name="index" />
|
||
|
</div>
|
||
|
<!-- INDEX END -->
|
||
|
|
||
|
<p>
|
||
|
</p>
|
||
|
<hr />
|
||
|
<h1><a name="name">NAME</a></h1>
|
||
|
<p>EVP_PKEY_verify_recover_init, EVP_PKEY_verify_recover
|
||
|
- recover signature using a public key algorithm</p>
|
||
|
<p>
|
||
|
</p>
|
||
|
<hr />
|
||
|
<h1><a name="synopsis">SYNOPSIS</a></h1>
|
||
|
<pre>
|
||
|
#include <openssl/evp.h></pre>
|
||
|
<pre>
|
||
|
int EVP_PKEY_verify_recover_init(EVP_PKEY_CTX *ctx);
|
||
|
int EVP_PKEY_verify_recover(EVP_PKEY_CTX *ctx,
|
||
|
unsigned char *rout, size_t *routlen,
|
||
|
const unsigned char *sig, size_t siglen);</pre>
|
||
|
<p>
|
||
|
</p>
|
||
|
<hr />
|
||
|
<h1><a name="description">DESCRIPTION</a></h1>
|
||
|
<p><code>EVP_PKEY_verify_recover_init()</code> initializes a public key algorithm context
|
||
|
<em>ctx</em> for signing using the algorithm given when the context was created
|
||
|
using <em>EVP_PKEY_CTX_new(3)</em> or variants thereof. The algorithm is used to
|
||
|
fetch a <strong>EVP_SIGNATURE</strong> method implicitly, see <em>provider(7)/Implicit fetch</em>
|
||
|
for more information about implict fetches.</p>
|
||
|
<p>The <code>EVP_PKEY_verify_recover()</code> function recovers signed data
|
||
|
using <em>ctx</em>. The signature is specified using the <em>sig</em> and
|
||
|
<em>siglen</em> parameters. If <em>rout</em> is NULL then the maximum size of the output
|
||
|
buffer is written to the <em>routlen</em> parameter. If <em>rout</em> is not NULL then
|
||
|
before the call the <em>routlen</em> parameter should contain the length of the
|
||
|
<em>rout</em> buffer, if the call is successful recovered data is written to
|
||
|
<em>rout</em> and the amount of data written to <em>routlen</em>.</p>
|
||
|
<p>
|
||
|
</p>
|
||
|
<hr />
|
||
|
<h1><a name="notes">NOTES</a></h1>
|
||
|
<p>Normally an application is only interested in whether a signature verification
|
||
|
operation is successful in those cases the <code>EVP_verify()</code> function should be
|
||
|
used.</p>
|
||
|
<p>Sometimes however it is useful to obtain the data originally signed using a
|
||
|
signing operation. Only certain public key algorithms can recover a signature
|
||
|
in this way (for example RSA in PKCS padding mode).</p>
|
||
|
<p>After the call to <code>EVP_PKEY_verify_recover_init()</code> algorithm specific control
|
||
|
operations can be performed to set any appropriate parameters for the
|
||
|
operation.</p>
|
||
|
<p>The function <code>EVP_PKEY_verify_recover()</code> can be called more than once on the same
|
||
|
context if several operations are performed using the same parameters.</p>
|
||
|
<p>
|
||
|
</p>
|
||
|
<hr />
|
||
|
<h1><a name="return_values">RETURN VALUES</a></h1>
|
||
|
<p><code>EVP_PKEY_verify_recover_init()</code> and <code>EVP_PKEY_verify_recover()</code> return 1 for success
|
||
|
and 0 or a negative value for failure. In particular a return value of -2
|
||
|
indicates the operation is not supported by the public key algorithm.</p>
|
||
|
<p>
|
||
|
</p>
|
||
|
<hr />
|
||
|
<h1><a name="examples">EXAMPLES</a></h1>
|
||
|
<p>Recover digest originally signed using PKCS#1 and SHA256 digest:</p>
|
||
|
<pre>
|
||
|
#include <openssl/evp.h>
|
||
|
#include <openssl/rsa.h></pre>
|
||
|
<pre>
|
||
|
EVP_PKEY_CTX *ctx;
|
||
|
unsigned char *rout, *sig;
|
||
|
size_t routlen, siglen;
|
||
|
EVP_PKEY *verify_key;</pre>
|
||
|
<pre>
|
||
|
/*
|
||
|
* NB: assumes verify_key, sig and siglen are already set up
|
||
|
* and that verify_key is an RSA public key
|
||
|
*/
|
||
|
ctx = EVP_PKEY_CTX_new(verify_key, NULL /* no engine */);
|
||
|
if (!ctx)
|
||
|
/* Error occurred */
|
||
|
if (EVP_PKEY_verify_recover_init(ctx) <= 0)
|
||
|
/* Error */
|
||
|
if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_PADDING) <= 0)
|
||
|
/* Error */
|
||
|
if (EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256()) <= 0)
|
||
|
/* Error */</pre>
|
||
|
<pre>
|
||
|
/* Determine buffer length */
|
||
|
if (EVP_PKEY_verify_recover(ctx, NULL, &routlen, sig, siglen) <= 0)
|
||
|
/* Error */</pre>
|
||
|
<pre>
|
||
|
rout = OPENSSL_malloc(routlen);</pre>
|
||
|
<pre>
|
||
|
if (!rout)
|
||
|
/* malloc failure */</pre>
|
||
|
<pre>
|
||
|
if (EVP_PKEY_verify_recover(ctx, rout, &routlen, sig, siglen) <= 0)
|
||
|
/* Error */</pre>
|
||
|
<pre>
|
||
|
/* Recovered data is routlen bytes written to buffer rout */</pre>
|
||
|
<p>
|
||
|
</p>
|
||
|
<hr />
|
||
|
<h1><a name="see_also">SEE ALSO</a></h1>
|
||
|
<p><em>EVP_PKEY_CTX_new(3)</em>,
|
||
|
<em>EVP_PKEY_encrypt(3)</em>,
|
||
|
<em>EVP_PKEY_decrypt(3)</em>,
|
||
|
<em>EVP_PKEY_sign(3)</em>,
|
||
|
<em>EVP_PKEY_verify(3)</em>,
|
||
|
<em>EVP_PKEY_derive(3)</em></p>
|
||
|
<p>
|
||
|
</p>
|
||
|
<hr />
|
||
|
<h1><a name="history">HISTORY</a></h1>
|
||
|
<p>These functions were added in OpenSSL 1.0.0.</p>
|
||
|
<p>
|
||
|
</p>
|
||
|
<hr />
|
||
|
<h1><a name="copyright">COPYRIGHT</a></h1>
|
||
|
<p>Copyright 2013-2018 The OpenSSL Project Authors. All Rights Reserved.</p>
|
||
|
<p>Licensed under the Apache License 2.0 (the "License"). You may not use
|
||
|
this file except in compliance with the License. You can obtain a copy
|
||
|
in the file LICENSE in the source distribution or at
|
||
|
<a href="https://www.openssl.org/source/license.html">https://www.openssl.org/source/license.html</a>.</p>
|
||
|
|
||
|
</body>
|
||
|
|
||
|
</html>
|