OLD | NEW |
(Empty) | |
| 1 =pod |
| 2 |
| 3 =head1 NAME |
| 4 |
| 5 EVP_PKEY_verify_init, EVP_PKEY_verify - signature verification using a public ke
y algorithm |
| 6 |
| 7 =head1 SYNOPSIS |
| 8 |
| 9 #include <openssl/evp.h> |
| 10 |
| 11 int EVP_PKEY_verify_init(EVP_PKEY_CTX *ctx); |
| 12 int EVP_PKEY_verify(EVP_PKEY_CTX *ctx, |
| 13 const unsigned char *sig, size_t siglen, |
| 14 const unsigned char *tbs, size_t tbslen); |
| 15 |
| 16 =head1 DESCRIPTION |
| 17 |
| 18 The EVP_PKEY_verify_init() function initializes a public key algorithm |
| 19 context using key B<pkey> for a signature verification operation. |
| 20 |
| 21 The EVP_PKEY_verify() function performs a public key verification operation |
| 22 using B<ctx>. The signature is specified using the B<sig> and |
| 23 B<siglen> parameters. The verified data (i.e. the data believed originally |
| 24 signed) is specified using the B<tbs> and B<tbslen> parameters. |
| 25 |
| 26 =head1 NOTES |
| 27 |
| 28 After the call to EVP_PKEY_verify_init() algorithm specific control |
| 29 operations can be performed to set any appropriate parameters for the |
| 30 operation. |
| 31 |
| 32 The function EVP_PKEY_verify() can be called more than once on the same |
| 33 context if several operations are performed using the same parameters. |
| 34 |
| 35 =head1 RETURN VALUES |
| 36 |
| 37 EVP_PKEY_verify_init() and EVP_PKEY_verify() return 1 if the verification was |
| 38 successful and 0 if it failed. Unlike other functions the return value 0 from |
| 39 EVP_PKEY_verify() only indicates that the signature did not not verify |
| 40 successfully (that is tbs did not match the original data or the signature was |
| 41 of invalid form) it is not an indication of a more serious error. |
| 42 |
| 43 A negative value indicates an error other that signature verification failure. |
| 44 In particular a return value of -2 indicates the operation is not supported by |
| 45 the public key algorithm. |
| 46 |
| 47 =head1 EXAMPLE |
| 48 |
| 49 Verify signature using PKCS#1 and SHA256 digest: |
| 50 |
| 51 #include <openssl/evp.h> |
| 52 #include <openssl/rsa.h> |
| 53 |
| 54 EVP_PKEY_CTX *ctx; |
| 55 unsigned char *md, *sig; |
| 56 size_t mdlen, siglen; |
| 57 EVP_PKEY *verify_key; |
| 58 /* NB: assumes verify_key, sig, siglen md and mdlen are already set up |
| 59 * and that verify_key is an RSA public key |
| 60 */ |
| 61 ctx = EVP_PKEY_CTX_new(verify_key); |
| 62 if (!ctx) |
| 63 /* Error occurred */ |
| 64 if (EVP_PKEY_verify_init(ctx) <= 0) |
| 65 /* Error */ |
| 66 if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_PADDING) <= 0) |
| 67 /* Error */ |
| 68 if (EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256()) <= 0) |
| 69 /* Error */ |
| 70 |
| 71 /* Perform operation */ |
| 72 ret = EVP_PKEY_verify(ctx, sig, siglen, md, mdlen); |
| 73 |
| 74 /* ret == 1 indicates success, 0 verify failure and < 0 for some |
| 75 * other error. |
| 76 */ |
| 77 |
| 78 =head1 SEE ALSO |
| 79 |
| 80 L<EVP_PKEY_CTX_new(3)|EVP_PKEY_CTX_new(3)>, |
| 81 L<EVP_PKEY_encrypt(3)|EVP_PKEY_encrypt(3)>, |
| 82 L<EVP_PKEY_decrypt(3)|EVP_PKEY_decrypt(3)>, |
| 83 L<EVP_PKEY_sign(3)|EVP_PKEY_sign(3)>, |
| 84 L<EVP_PKEY_verifyrecover(3)|EVP_PKEY_verifyrecover(3)>, |
| 85 L<EVP_PKEY_derive(3)|EVP_PKEY_derive(3)> |
| 86 |
| 87 =head1 HISTORY |
| 88 |
| 89 These functions were first added to OpenSSL 1.0.0. |
| 90 |
| 91 =cut |
OLD | NEW |