| yuezonghe | 824eb0c | 2024-06-27 02:32:26 -0700 | [diff] [blame^] | 1 | =pod |
| 2 | |
| 3 | =head1 NAME |
| 4 | |
| 5 | EVP_VerifyInit_ex, |
| 6 | EVP_VerifyInit, EVP_VerifyUpdate, EVP_VerifyFinal |
| 7 | - EVP signature verification functions |
| 8 | |
| 9 | =head1 SYNOPSIS |
| 10 | |
| 11 | #include <openssl/evp.h> |
| 12 | |
| 13 | int EVP_VerifyInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl); |
| 14 | int EVP_VerifyUpdate(EVP_MD_CTX *ctx, const void *d, unsigned int cnt); |
| 15 | int EVP_VerifyFinal(EVP_MD_CTX *ctx, unsigned char *sigbuf, unsigned int siglen, |
| 16 | EVP_PKEY *pkey); |
| 17 | |
| 18 | int EVP_VerifyInit(EVP_MD_CTX *ctx, const EVP_MD *type); |
| 19 | |
| 20 | =head1 DESCRIPTION |
| 21 | |
| 22 | The EVP signature verification routines are a high-level interface to digital |
| 23 | signatures. |
| 24 | |
| 25 | EVP_VerifyInit_ex() sets up verification context B<ctx> to use digest |
| 26 | B<type> from ENGINE B<impl>. B<ctx> must be created by calling |
| 27 | EVP_MD_CTX_new() before calling this function. |
| 28 | |
| 29 | EVP_VerifyUpdate() hashes B<cnt> bytes of data at B<d> into the |
| 30 | verification context B<ctx>. This function can be called several times on the |
| 31 | same B<ctx> to include additional data. |
| 32 | |
| 33 | EVP_VerifyFinal() verifies the data in B<ctx> using the public key B<pkey> |
| 34 | and against the B<siglen> bytes at B<sigbuf>. |
| 35 | |
| 36 | EVP_VerifyInit() initializes verification context B<ctx> to use the default |
| 37 | implementation of digest B<type>. |
| 38 | |
| 39 | =head1 RETURN VALUES |
| 40 | |
| 41 | EVP_VerifyInit_ex() and EVP_VerifyUpdate() return 1 for success and 0 for |
| 42 | failure. |
| 43 | |
| 44 | EVP_VerifyFinal() returns 1 for a correct signature, 0 for failure and -1 if some |
| 45 | other error occurred. |
| 46 | |
| 47 | The error codes can be obtained by L<ERR_get_error(3)>. |
| 48 | |
| 49 | =head1 NOTES |
| 50 | |
| 51 | The B<EVP> interface to digital signatures should almost always be used in |
| 52 | preference to the low-level interfaces. This is because the code then becomes |
| 53 | transparent to the algorithm used and much more flexible. |
| 54 | |
| 55 | The call to EVP_VerifyFinal() internally finalizes a copy of the digest context. |
| 56 | This means that calls to EVP_VerifyUpdate() and EVP_VerifyFinal() can be called |
| 57 | later to digest and verify additional data. |
| 58 | |
| 59 | Since only a copy of the digest context is ever finalized the context must |
| 60 | be cleaned up after use by calling EVP_MD_CTX_free() or a memory leak |
| 61 | will occur. |
| 62 | |
| 63 | =head1 BUGS |
| 64 | |
| 65 | Older versions of this documentation wrongly stated that calls to |
| 66 | EVP_VerifyUpdate() could not be made after calling EVP_VerifyFinal(). |
| 67 | |
| 68 | Since the public key is passed in the call to EVP_SignFinal() any error |
| 69 | relating to the private key (for example an unsuitable key and digest |
| 70 | combination) will not be indicated until after potentially large amounts of |
| 71 | data have been passed through EVP_SignUpdate(). |
| 72 | |
| 73 | It is not possible to change the signing parameters using these function. |
| 74 | |
| 75 | The previous two bugs are fixed in the newer EVP_DigestVerify*() function. |
| 76 | |
| 77 | =head1 SEE ALSO |
| 78 | |
| 79 | L<evp(7)>, |
| 80 | L<EVP_SignInit(3)>, |
| 81 | L<EVP_DigestInit(3)>, |
| 82 | L<evp(7)>, L<HMAC(3)>, L<MD2(3)>, |
| 83 | L<MD5(3)>, L<MDC2(3)>, L<RIPEMD160(3)>, |
| 84 | L<SHA1(3)>, L<dgst(1)> |
| 85 | |
| 86 | =head1 COPYRIGHT |
| 87 | |
| 88 | Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. |
| 89 | |
| 90 | Licensed under the OpenSSL license (the "License"). You may not use |
| 91 | this file except in compliance with the License. You can obtain a copy |
| 92 | in the file LICENSE in the source distribution or at |
| 93 | L<https://www.openssl.org/source/license.html>. |
| 94 | |
| 95 | =cut |