[dragonfly.git] / secure / lib / libcrypto / man / EVP_DigestVerifyInit.3

.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.19)
.\"
.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..
.de Vb \" Begin verbatim text
.ft CW
.nf
.ne \\$1
..
.de Ve \" End verbatim text
.ft R
.fi
..
.\" Set up some character translations and predefined strings.  \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote.  \*(C+ will
.\" give a nicer C++.  Capital omega is used to do unbreakable dashes and
.\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff,
.\" nothing in troff, for use with C<>.
.tr \(*W-
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\
.    ds -- \(*W-
.    ds PI pi
.    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
.    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch
.    ds L" ""
.    ds R" ""
.    ds C` ""
.    ds C' ""
'br\}
.el\{\
.    ds -- \|\(em\|
.    ds PI \(*p
.    ds L" ``
.    ds R" ''
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
.ie \n(.g .ds Aq \(aq
.el       .ds Aq '
.\"
.\" If the F register is turned on, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD.  Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
.ie \nF \{\
.    de IX
.    tm Index:\\$1\t\\n%\t"\\$2"
..
.    nr % 0
.    rr F
.\}
.el \{\
.    de IX
..
.\}
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear.  Run.  Save yourself.  No user-serviceable parts.
.    \" fudge factors for nroff and troff
.if n \{\
.    ds #H 0
.    ds #V .8m
.    ds #F .3m
.    ds #[ \f1
.    ds #] \fP
.\}
.if t \{\
.    ds #H ((1u-(\\\\n(.fu%2u))*.13m)
.    ds #V .6m
.    ds #F 0
.    ds #[ \&
.    ds #] \&
.\}
.    \" simple accents for nroff and troff
.if n \{\
.    ds ' \&
.    ds ` \&
.    ds ^ \&
.    ds , \&
.    ds ~ ~
.    ds /
.\}
.if t \{\
.    ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
.    ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
.    ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
.    ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
.    ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
.    ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
.\}
.    \" troff and (daisy-wheel) nroff accents
.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
.ds ae a\h'-(\w'a'u*4/10)'e
.ds Ae A\h'-(\w'A'u*4/10)'E
.    \" corrections for vroff
.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
.    \" for low resolution devices (crt and lpr)
.if \n(.H>23 .if \n(.V>19 \
\{\
.    ds : e
.    ds 8 ss
.    ds o a
.    ds d- d\h'-1'\(ga
.    ds D- D\h'-1'\(hy
.    ds th \o'bp'
.    ds Th \o'LP'
.    ds ae ae
.    ds Ae AE
.\}
.rm #[ #] #H #V #F C
.\" ========================================================================
.\"
.IX Title "EVP_DigestVerifyInit 3"
.TH EVP_DigestVerifyInit 3 "2012-01-04" "1.0.0f" "OpenSSL"
.\" For nroff, turn off justification.  Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
.nh
.SH "NAME"
EVP_DigestVerifyInit, EVP_DigestVerifyUpdate, EVP_DigestVerifyFinal \- EVP signature verification functions
.SH "SYNOPSIS"
.IX Header "SYNOPSIS"
.Vb 1
\& #include <openssl/evp.h>
\&
\& int EVP_DigestVerifyInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
\&                        const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey);
\& int EVP_DigestVerifyUpdate(EVP_MD_CTX *ctx, const void *d, unsigned int cnt);
\& int EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, unsigned char *sig, size_t siglen);
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
The \s-1EVP\s0 signature routines are a high level interface to digital signatures.
.PP
\&\fIEVP_DigestVerifyInit()\fR sets up verification context \fBctx\fR to use digest
\&\fBtype\fR from \s-1ENGINE\s0 \fBimpl\fR and public key \fBpkey\fR. \fBctx\fR must be initialized
with \fIEVP_MD_CTX_init()\fR before calling this function. If \fBpctx\fR is not \s-1NULL\s0 the
\&\s-1EVP_PKEY_CTX\s0 of the verification operation will be written to \fB*pctx\fR: this
can be used to set alternative verification options.
.PP
\&\fIEVP_DigestVerifyUpdate()\fR hashes \fBcnt\fR bytes of data at \fBd\fR into the
verification context \fBctx\fR. This function can be called several times on the
same \fBctx\fR to include additional data. This function is currently implemented
using a macro.
.PP
\&\fIEVP_DigestVerifyFinal()\fR verifies the data in \fBctx\fR against the signature in
\&\fBsig\fR of length \fBsiglen\fR.
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"
\&\fIEVP_DigestVerifyInit()\fR and \fIEVP_DigestVerifyUpdate()\fR return 1 for success and 0
or a negative value for failure. In particular a return value of \-2 indicates
the operation is not supported by the public key algorithm.
.PP
Unlike other functions the return value 0 from \fIEVP_DigestVerifyFinal()\fR only
indicates that the signature did not not verify successfully (that is tbs did
not match the original data or the signature was of invalid form) it is not an
indication of a more serious error.
.PP
The error codes can be obtained from \fIERR_get_error\fR\|(3).
.SH "NOTES"
.IX Header "NOTES"
The \fB\s-1EVP\s0\fR interface to digital signatures should almost always be used in
preference to the low level interfaces. This is because the code then becomes
transparent to the algorithm used and much more flexible.
.PP
In previous versions of OpenSSL there was a link between message digest types
and public key algorithms. This meant that \*(L"clone\*(R" digests such as \fIEVP_dss1()\fR
needed to be used to sign using \s-1SHA1\s0 and \s-1DSA\s0. This is no longer necessary and
the use of clone digest is now discouraged.
.PP
For some key types and parameters the random number generator must be seeded
or the operation will fail.
.PP
The call to \fIEVP_DigestVerifyFinal()\fR internally finalizes a copy of the digest
context. This means that calls to \fIEVP_VerifyUpdate()\fR and \fIEVP_VerifyFinal()\fR can
be called later to digest and verify additional data.
.PP
Since only a copy of the digest context is ever finalized the context must
be cleaned up after use by calling \fIEVP_MD_CTX_cleanup()\fR or a memory leak
will occur.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\fIEVP_DigestSignInit\fR\|(3),
\&\fIEVP_DigestInit\fR\|(3), \fIerr\fR\|(3),
\&\fIevp\fR\|(3), \fIhmac\fR\|(3), \fImd2\fR\|(3),
\&\fImd5\fR\|(3), \fImdc2\fR\|(3), \fIripemd\fR\|(3),
\&\fIsha\fR\|(3), \fIdgst\fR\|(1)
.SH "HISTORY"
.IX Header "HISTORY"
\&\fIEVP_DigestVerifyInit()\fR, \fIEVP_DigestVerifyUpdate()\fR and \fIEVP_DigestVerifyFinal()\fR 
were first added to OpenSSL 1.0.0.
Commit	Line	Data
e3261593	1	.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.19)
01185282 PA	2	.\"
	3	.\" Standard preamble:
	4	.\" ========================================================================
	5	.de Sp \" Vertical space (when we can't use .PP)
	6	.if t .sp .5v
	7	.if n .sp
	8	..
	9	.de Vb \" Begin verbatim text
	10	.ft CW
	11	.nf
	12	.ne \\$1
	13	..
	14	.de Ve \" End verbatim text
	15	.ft R
	16	.fi
	17	..
	18	.\" Set up some character translations and predefined strings. \*(-- will
	19	.\" give an unbreakable dash, \(PI will give pi, \(L" will give a left
	20	.\" double quote, and \(R" will give a right double quote. \(C+ will
	21	.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
	22	.\" therefore won't be available. \(C` and \(C' expand to `' in nroff,
	23	.\" nothing in troff, for use with C<>.
	24	.tr \(*W-
	25	.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
	26	.ie n \{\
	27	. ds -- \(*W-
	28	. ds PI pi
	29	. if (\n(.H=4u)&(1m=24u) .ds -- \(W\h'-12u'\(W\h'-12u'-\" diablo 10 pitch
	30	. if (\n(.H=4u)&(1m=20u) .ds -- \(W\h'-12u'\(W\h'-8u'-\" diablo 12 pitch
	31	. ds L" ""
	32	. ds R" ""
	33	. ds C` ""
	34	. ds C' ""
	35	'br\}
	36	.el\{\
	37	. ds -- \\|\(em\\|
	38	. ds PI \(*p
	39	. ds L" ``
	40	. ds R" ''
	41	'br\}
	42	.\"
	43	.\" Escape single quotes in literal strings from groff's Unicode transform.
	44	.ie \n(.g .ds Aq \(aq
	45	.el .ds Aq '
	46	.\"
	47	.\" If the F register is turned on, we'll generate index entries on stderr for
	48	.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
	49	.\" entries marked with X<> in POD. Of course, you'll have to process the
	50	.\" output yourself in some meaningful fashion.
	51	.ie \nF \{\
	52	. de IX
	53	. tm Index:\\$1\t\\n%\t"\\$2"
	54	..
	55	. nr % 0
	56	. rr F
	57	.\}
	58	.el \{\
	59	. de IX
	60	..
	61	.\}
	62	.\"
	63	.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
	64	.\" Fear. Run. Save yourself. No user-serviceable parts.
	65	. \" fudge factors for nroff and troff
66	.if n \{\
67	. ds #H 0
68	. ds #V .8m
69	. ds #F .3m
70	. ds #[ \f1
71	. ds #] \fP
72	.\}
73	.if t \{\
74	. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
75	. ds #V .6m
76	. ds #F 0
77	. ds #[ \&
78	. ds #] \&
79	.\}
80	. \" simple accents for nroff and troff
81	.if n \{\
82	. ds ' \&
83	. ds ` \&
84	. ds ^ \&
85	. ds , \&
86	. ds ~ ~
87	. ds /
88	.\}
89	.if t \{\
90	. ds ' \\k:\h'-(\\n(.wu8/10-\(#H)'\'\h"\|\\n:u"
91	. ds ` \\k:\h'-(\\n(.wu8/10-\(#H)'\`\h'\|\\n:u'
92	. ds ^ \\k:\h'-(\\n(.wu10/11-\(#H)'^\h'\|\\n:u'
93	. ds , \\k:\h'-(\\n(.wu*8/10)',\h'\|\\n:u'
94	. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'\|\\n:u'
95	. ds / \\k:\h'-(\\n(.wu8/10-\(#H)'\z\(sl\h'\|\\n:u'
96	.\}
97	. \" troff and (daisy-wheel) nroff accents
98	.ds : \\k:\h'-(\\n(.wu8/10-\(#H+.1m+\(#F)'\v'-\(#V'\z.\h'.2m+\(#F'.\h'\|\\n:u'\v'\(#V'
99	.ds 8 \h'\(#H'\(b\h'-\*(#H'
100	.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\(#H)/2u'\v'-.3n'\(#[\z\(de\v'.3n'\h'\|\\n:u'\*(#]
101	.ds d- \h'\(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\(#H'
102	.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'\|\\n:u'
103	.ds th \(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u2/3)'\s-1o\s+1\*(#]
104	.ds Th \(#[\s+2I\s-2\h'-\w'I'u3/5'\v'-.3m'o\v'.3m'\*(#]
105	.ds ae a\h'-(\w'a'u*4/10)'e
106	.ds Ae A\h'-(\w'A'u*4/10)'E
107	. \" corrections for vroff
108	.if v .ds ~ \\k:\h'-(\\n(.wu9/10-\(#H)'\s-2\u~\d\s+2\h'\|\\n:u'
109	.if v .ds ^ \\k:\h'-(\\n(.wu10/11-\(#H)'\v'-.4m'^\v'.4m'\h'\|\\n:u'
110	. \" for low resolution devices (crt and lpr)
111	.if \n(.H>23 .if \n(.V>19 \
112	\{\
113	. ds : e
114	. ds 8 ss
115	. ds o a
116	. ds d- d\h'-1'\(ga
117	. ds D- D\h'-1'\(hy
118	. ds th \o'bp'
119	. ds Th \o'LP'
120	. ds ae ae
121	. ds Ae AE
122	.\}
123	.rm #[ #] #H #V #F C
124	.\" ========================================================================
125	.\"
126	.IX Title "EVP_DigestVerifyInit 3"
e3261593	127	.TH EVP_DigestVerifyInit 3 "2012-01-04" "1.0.0f" "OpenSSL"
01185282 PA	128	.\" For nroff, turn off justification. Always turn off hyphenation; it makes
	129	.\" way too many mistakes in technical documents.
	130	.if n .ad l
	131	.nh
	132	.SH "NAME"
	133	EVP_DigestVerifyInit, EVP_DigestVerifyUpdate, EVP_DigestVerifyFinal \- EVP signature verification functions
	134	.SH "SYNOPSIS"
	135	.IX Header "SYNOPSIS"
	136	.Vb 1
	137	\& #include <openssl/evp.h>
	138	\&
	139	\& int EVP_DigestVerifyInit(EVP_MD_CTX ctx, EVP_PKEY_CTX *pctx,
	140	\& const EVP_MD type, ENGINE e, EVP_PKEY *pkey);
	141	\& int EVP_DigestVerifyUpdate(EVP_MD_CTX ctx, const void d, unsigned int cnt);
	142	\& int EVP_DigestVerifyFinal(EVP_MD_CTX ctx, unsigned char sig, size_t siglen);
	143	.Ve
	144	.SH "DESCRIPTION"
	145	.IX Header "DESCRIPTION"
	146	The \s-1EVP\s0 signature routines are a high level interface to digital signatures.
	147	.PP
	148	\&\fIEVP_DigestVerifyInit()\fR sets up verification context \fBctx\fR to use digest
	149	\&\fBtype\fR from \s-1ENGINE\s0 \fBimpl\fR and public key \fBpkey\fR. \fBctx\fR must be initialized
	150	with \fIEVP_MD_CTX_init()\fR before calling this function. If \fBpctx\fR is not \s-1NULL\s0 the
	151	\&\s-1EVP_PKEY_CTX\s0 of the verification operation will be written to \fB*pctx\fR: this
	152	can be used to set alternative verification options.
	153	.PP
	154	\&\fIEVP_DigestVerifyUpdate()\fR hashes \fBcnt\fR bytes of data at \fBd\fR into the
	155	verification context \fBctx\fR. This function can be called several times on the
	156	same \fBctx\fR to include additional data. This function is currently implemented
	157	using a macro.
	158	.PP
	159	\&\fIEVP_DigestVerifyFinal()\fR verifies the data in \fBctx\fR against the signature in
	160	\&\fBsig\fR of length \fBsiglen\fR.
	161	.SH "RETURN VALUES"
	162	.IX Header "RETURN VALUES"
	163	\&\fIEVP_DigestVerifyInit()\fR and \fIEVP_DigestVerifyUpdate()\fR return 1 for success and 0
	164	or a negative value for failure. In particular a return value of \-2 indicates
	165	the operation is not supported by the public key algorithm.
	166	.PP
	167	Unlike other functions the return value 0 from \fIEVP_DigestVerifyFinal()\fR only
	168	indicates that the signature did not not verify successfully (that is tbs did
	169	not match the original data or the signature was of invalid form) it is not an
	170	indication of a more serious error.
	171	.PP
	172	The error codes can be obtained from \fIERR_get_error\fR\\|(3).
	173	.SH "NOTES"
	174	.IX Header "NOTES"
	175	The \fB\s-1EVP\s0\fR interface to digital signatures should almost always be used in
	176	preference to the low level interfaces. This is because the code then becomes
	177	transparent to the algorithm used and much more flexible.
	178	.PP
	179	In previous versions of OpenSSL there was a link between message digest types
	180	and public key algorithms. This meant that \(L"clone\(R" digests such as \fIEVP_dss1()\fR
	181	needed to be used to sign using \s-1SHA1\s0 and \s-1DSA\s0. This is no longer necessary and
	182	the use of clone digest is now discouraged.
	183	.PP
	184	For some key types and parameters the random number generator must be seeded
	185	or the operation will fail.
	186	.PP
	187	The call to \fIEVP_DigestVerifyFinal()\fR internally finalizes a copy of the digest
	188	context. This means that calls to \fIEVP_VerifyUpdate()\fR and \fIEVP_VerifyFinal()\fR can
	189	be called later to digest and verify additional data.
	190	.PP
	191	Since only a copy of the digest context is ever finalized the context must
192	be cleaned up after use by calling \fIEVP_MD_CTX_cleanup()\fR or a memory leak
193	will occur.
194	.SH "SEE ALSO"
195	.IX Header "SEE ALSO"
196	\&\fIEVP_DigestSignInit\fR\\|(3),
197	\&\fIEVP_DigestInit\fR\\|(3), \fIerr\fR\\|(3),
198	\&\fIevp\fR\\|(3), \fIhmac\fR\\|(3), \fImd2\fR\\|(3),
199	\&\fImd5\fR\\|(3), \fImdc2\fR\\|(3), \fIripemd\fR\\|(3),
200	\&\fIsha\fR\\|(3), \fIdgst\fR\\|(1)
201	.SH "HISTORY"
202	.IX Header "HISTORY"
203	\&\fIEVP_DigestVerifyInit()\fR, \fIEVP_DigestVerifyUpdate()\fR and \fIEVP_DigestVerifyFinal()\fR
204	were first added to OpenSSL 1.0.0.