2023-11-20 03:38:22 +01:00
|
|
|
.\" $OpenBSD: EVP_SignInit.3,v 1.17 2023/11/16 20:27:43 schwarze Exp $
|
2023-04-30 03:15:27 +02:00
|
|
|
.\" full merge up to: OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
|
|
|
|
.\" selective merge up to: OpenSSL 79b49fb0 Mar 20 10:03:10 2018 +1000
|
|
|
|
.\"
|
|
|
|
.\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
|
|
|
|
.\" Copyright (c) 2000-2002, 2005, 2006, 2014-2016 The OpenSSL Project.
|
|
|
|
.\" All rights reserved.
|
|
|
|
.\"
|
|
|
|
.\" Redistribution and use in source and binary forms, with or without
|
|
|
|
.\" modification, are permitted provided that the following conditions
|
|
|
|
.\" are met:
|
|
|
|
.\"
|
|
|
|
.\" 1. Redistributions of source code must retain the above copyright
|
|
|
|
.\" notice, this list of conditions and the following disclaimer.
|
|
|
|
.\"
|
|
|
|
.\" 2. Redistributions in binary form must reproduce the above copyright
|
|
|
|
.\" notice, this list of conditions and the following disclaimer in
|
|
|
|
.\" the documentation and/or other materials provided with the
|
|
|
|
.\" distribution.
|
|
|
|
.\"
|
|
|
|
.\" 3. All advertising materials mentioning features or use of this
|
|
|
|
.\" software must display the following acknowledgment:
|
|
|
|
.\" "This product includes software developed by the OpenSSL Project
|
|
|
|
.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
|
|
|
|
.\"
|
|
|
|
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
|
|
|
|
.\" endorse or promote products derived from this software without
|
|
|
|
.\" prior written permission. For written permission, please contact
|
|
|
|
.\" openssl-core@openssl.org.
|
|
|
|
.\"
|
|
|
|
.\" 5. Products derived from this software may not be called "OpenSSL"
|
|
|
|
.\" nor may "OpenSSL" appear in their names without prior written
|
|
|
|
.\" permission of the OpenSSL Project.
|
|
|
|
.\"
|
|
|
|
.\" 6. Redistributions of any form whatsoever must retain the following
|
|
|
|
.\" acknowledgment:
|
|
|
|
.\" "This product includes software developed by the OpenSSL Project
|
|
|
|
.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)"
|
|
|
|
.\"
|
|
|
|
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
|
|
|
|
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
|
|
|
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
|
|
|
|
.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
|
|
|
|
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
|
|
|
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
|
|
|
|
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
|
|
|
|
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
|
|
|
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
|
|
|
|
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
|
|
|
|
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
|
|
|
|
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
|
|
.\"
|
2023-11-20 03:38:22 +01:00
|
|
|
.Dd $Mdocdate: November 16 2023 $
|
2023-04-30 03:15:27 +02:00
|
|
|
.Dt EVP_SIGNINIT 3
|
|
|
|
.Os
|
|
|
|
.Sh NAME
|
|
|
|
.Nm EVP_SignInit_ex ,
|
|
|
|
.Nm EVP_SignUpdate ,
|
|
|
|
.Nm EVP_SignFinal ,
|
|
|
|
.Nm EVP_SignInit
|
|
|
|
.Nd EVP signing functions
|
|
|
|
.Sh SYNOPSIS
|
|
|
|
.In openssl/evp.h
|
|
|
|
.Ft int
|
|
|
|
.Fo EVP_SignInit_ex
|
|
|
|
.Fa "EVP_MD_CTX *ctx"
|
|
|
|
.Fa "const EVP_MD *type"
|
|
|
|
.Fa "ENGINE *impl"
|
|
|
|
.Fc
|
|
|
|
.Ft int
|
|
|
|
.Fo EVP_SignUpdate
|
|
|
|
.Fa "EVP_MD_CTX *ctx"
|
|
|
|
.Fa "const void *d"
|
|
|
|
.Fa "unsigned int cnt"
|
|
|
|
.Fc
|
|
|
|
.Ft int
|
|
|
|
.Fo EVP_SignFinal
|
|
|
|
.Fa "EVP_MD_CTX *ctx"
|
|
|
|
.Fa "unsigned char *sig"
|
|
|
|
.Fa "unsigned int *s"
|
|
|
|
.Fa "EVP_PKEY *pkey"
|
|
|
|
.Fc
|
|
|
|
.Ft void
|
|
|
|
.Fo EVP_SignInit
|
|
|
|
.Fa "EVP_MD_CTX *ctx"
|
|
|
|
.Fa "const EVP_MD *type"
|
|
|
|
.Fc
|
|
|
|
.Sh DESCRIPTION
|
|
|
|
The EVP signature routines are a high level interface to digital
|
|
|
|
signatures.
|
|
|
|
.Pp
|
|
|
|
.Fn EVP_SignInit_ex
|
|
|
|
sets up a signing context
|
|
|
|
.Fa ctx
|
|
|
|
to use the digest
|
|
|
|
.Fa type
|
|
|
|
from
|
|
|
|
.Vt ENGINE
|
|
|
|
.Fa impl .
|
|
|
|
.Fa ctx
|
|
|
|
must be initialized with
|
|
|
|
.Xr EVP_MD_CTX_init 3
|
|
|
|
before calling this function.
|
|
|
|
.Pp
|
|
|
|
.Fn EVP_SignUpdate
|
|
|
|
hashes
|
|
|
|
.Fa cnt
|
|
|
|
bytes of data at
|
|
|
|
.Fa d
|
|
|
|
into the signature context
|
|
|
|
.Fa ctx .
|
|
|
|
This function can be called several times on the same
|
|
|
|
.Fa ctx
|
|
|
|
to include additional data.
|
|
|
|
.Pp
|
|
|
|
.Fn EVP_SignFinal
|
|
|
|
signs the data in
|
|
|
|
.Fa ctx
|
|
|
|
using the private key
|
|
|
|
.Fa pkey
|
|
|
|
and places the signature in
|
|
|
|
.Fa sig .
|
|
|
|
.Fa sig
|
|
|
|
must be at least
|
|
|
|
.Xr EVP_PKEY_size 3
|
|
|
|
bytes in size.
|
|
|
|
.Fa s
|
|
|
|
is an OUT parameter, and not used as an IN parameter.
|
|
|
|
The number of bytes of data written (i.e.\&
|
|
|
|
the length of the signature) will be written to the integer at
|
|
|
|
.Fa s .
|
|
|
|
At most
|
|
|
|
.Xr EVP_PKEY_size 3
|
|
|
|
bytes will be written.
|
|
|
|
.Pp
|
|
|
|
.Fn EVP_SignInit
|
|
|
|
initializes a signing context
|
|
|
|
.Fa ctx
|
|
|
|
to use the default implementation of digest
|
|
|
|
.Fa type .
|
|
|
|
.Pp
|
|
|
|
The EVP interface to digital signatures should almost always be
|
|
|
|
used in preference to the low level interfaces.
|
|
|
|
This is because the code then becomes transparent to the algorithm used
|
|
|
|
and much more flexible.
|
|
|
|
.Pp
|
|
|
|
The call to
|
|
|
|
.Fn EVP_SignFinal
|
|
|
|
internally finalizes a copy of the digest context.
|
|
|
|
This means that calls to
|
|
|
|
.Fn EVP_SignUpdate
|
|
|
|
and
|
|
|
|
.Fn EVP_SignFinal
|
|
|
|
can be called later to digest and sign additional data.
|
|
|
|
.Pp
|
|
|
|
Since only a copy of the digest context is ever finalized, the context
|
|
|
|
must be cleaned up after use by calling
|
|
|
|
.Xr EVP_MD_CTX_free 3
|
|
|
|
or a memory leak will occur.
|
2023-11-20 03:38:22 +01:00
|
|
|
.Pp
|
|
|
|
.Fn EVP_SignInit_ex ,
|
|
|
|
.Fn EVP_SignUpdate ,
|
|
|
|
and
|
|
|
|
.Fn EVP_SignInit
|
|
|
|
are implemented as macros.
|
2023-04-30 03:15:27 +02:00
|
|
|
.Sh RETURN VALUES
|
|
|
|
.Fn EVP_SignInit_ex ,
|
|
|
|
.Fn EVP_SignUpdate ,
|
|
|
|
and
|
|
|
|
.Fn EVP_SignFinal
|
|
|
|
return 1 for success and 0 for failure.
|
|
|
|
.Pp
|
|
|
|
The error codes can be obtained by
|
|
|
|
.Xr ERR_get_error 3 .
|
|
|
|
.Sh SEE ALSO
|
|
|
|
.Xr evp 3 ,
|
|
|
|
.Xr EVP_DigestInit 3 ,
|
|
|
|
.Xr EVP_PKEY_asn1_set_public 3 ,
|
|
|
|
.Xr EVP_PKEY_size 3 ,
|
|
|
|
.Xr EVP_VerifyInit 3
|
|
|
|
.Sh HISTORY
|
|
|
|
.Fn EVP_SignInit ,
|
|
|
|
.Fn EVP_SignUpdate ,
|
|
|
|
and
|
|
|
|
.Fn EVP_SignFinal
|
|
|
|
first appeared in SSLeay 0.5.1 and have been available since
|
|
|
|
.Ox 2.4 .
|
|
|
|
.Pp
|
|
|
|
.Fn EVP_SignInit_ex
|
|
|
|
first appeared in OpenSSL 0.9.7 and has been available since
|
|
|
|
.Ox 3.2 .
|
|
|
|
.Sh BUGS
|
|
|
|
Older versions of this documentation wrongly stated that calls to
|
|
|
|
.Fn EVP_SignUpdate
|
|
|
|
could not be made after calling
|
|
|
|
.Fn EVP_SignFinal .
|
|
|
|
.Pp
|
|
|
|
Since the private key is passed in the call to
|
|
|
|
.Fn EVP_SignFinal ,
|
|
|
|
any error relating to the private key (for example an unsuitable key and
|
|
|
|
digest combination) will not be indicated until after potentially large
|
|
|
|
amounts of data have been passed through
|
|
|
|
.Fn EVP_SignUpdate .
|
|
|
|
.Pp
|
|
|
|
It is not possible to change the signing parameters using these
|
|
|
|
function.
|
|
|
|
.Pp
|
|
|
|
The previous two bugs are fixed in the newer EVP_DigestSign* function.
|