[thirdparty/openssl.git] / doc / man3 / EVP_DigestVerifyInit.pod

=pod

=head1 NAME

EVP_DigestVerifyInit, EVP_DigestVerifyUpdate, EVP_DigestVerifyFinal,
EVP_DigestVerify - EVP signature verification functions

=head1 SYNOPSIS

 #include <openssl/evp.h>

 int EVP_DigestVerifyInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
                          const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey);
 int EVP_DigestVerifyUpdate(EVP_MD_CTX *ctx, const void *d, size_t cnt);
 int EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sig,
                           size_t siglen);
 int EVP_DigestVerify(EVP_MD_CTX *ctx, const unsigned char *sigret,
                      size_t siglen, const unsigned char *tbs, size_t tbslen);

=head1 DESCRIPTION

The EVP signature routines are a high level interface to digital signatures.

EVP_DigestVerifyInit() sets up verification context B<ctx> to use digest
B<type> from ENGINE B<e> and public key B<pkey>. B<ctx> must be created
with EVP_MD_CTX_new() before calling this function. If B<pctx> is not NULL, the
EVP_PKEY_CTX of the verification operation will be written to B<*pctx>: this
can be used to set alternative verification options. Note that any existing
value in B<*pctx> is overwritten. The EVP_PKEY_CTX value returned must not be freed
directly by the application if B<ctx> is not assigned an EVP_PKEY_CTX value before
being passed to EVP_DigestVerifyInit() (which means the EVP_PKEY_CTX is created
inside EVP_DigestVerifyInit() and it will be freed automatically when the
EVP_MD_CTX is freed).

No B<EVP_PKEY_CTX> will be created by EVP_DigestSignInit() if the passed B<ctx>
has already been assigned one via L<EVP_MD_CTX_set_pkey_ctx(3)>. See also L<SM2(7)>.

EVP_DigestVerifyUpdate() hashes B<cnt> bytes of data at B<d> into the
verification context B<ctx>. This function can be called several times on the
same B<ctx> to include additional data. This function is currently implemented
using a macro.

EVP_DigestVerifyFinal() verifies the data in B<ctx> against the signature in
B<sig> of length B<siglen>.

EVP_DigestVerify() verifies B<tbslen> bytes at B<tbs> against the signature
in B<sig> of length B<siglen>.

=head1 RETURN VALUES

EVP_DigestVerifyInit() and EVP_DigestVerifyUpdate() return 1 for success and 0
for failure.

EVP_DigestVerifyFinal() and EVP_DigestVerify() return 1 for success; any other
value indicates failure.  A return value of zero indicates that the signature
did not verify successfully (that is, B<tbs> did not match the original data or
the signature had an invalid form), while other values indicate a more serious
error (and sometimes also indicate an invalid signature form).

The error codes can be obtained from L<ERR_get_error(3)>.

=head1 NOTES

The B<EVP> interface to digital signatures should almost always be used in
preference to the low level interfaces. This is because the code then becomes
transparent to the algorithm used and much more flexible.

EVP_DigestVerify() is a one shot operation which verifies a single block of
data in one function. For algorithms that support streaming it is equivalent
to calling EVP_DigestVerifyUpdate() and EVP_DigestVerifyFinal(). For
algorithms which do not support streaming (e.g. PureEdDSA) it is the only way
to verify data.

In previous versions of OpenSSL there was a link between message digest types
and public key algorithms. This meant that "clone" digests such as EVP_dss1()
needed to be used to sign using SHA1 and DSA. This is no longer necessary and
the use of clone digest is now discouraged.

For some key types and parameters the random number generator must be seeded.
If the automatic seeding or reseeding of the OpenSSL CSPRNG fails due to
external circumstances (see L<RAND(7)>), the operation will fail.

The call to EVP_DigestVerifyFinal() internally finalizes a copy of the digest
context. This means that EVP_VerifyUpdate() and EVP_VerifyFinal() can
be called later to digest and verify additional data.

Since only a copy of the digest context is ever finalized, the context must
be cleaned up after use by calling EVP_MD_CTX_free() or a memory leak
will occur.

=head1 SEE ALSO

L<EVP_DigestSignInit(3)>,
L<EVP_DigestInit(3)>,
L<evp(7)>, L<HMAC(3)>, L<MD2(3)>,
L<MD5(3)>, L<MDC2(3)>, L<RIPEMD160(3)>,
L<SHA1(3)>, L<dgst(1)>,
L<RAND(7)>

=head1 HISTORY

EVP_DigestVerifyInit(), EVP_DigestVerifyUpdate() and EVP_DigestVerifyFinal()
were added in OpenSSL 1.0.0.

=head1 COPYRIGHT

Copyright 2006-2019 The OpenSSL Project Authors. All Rights Reserved.

Licensed under the OpenSSL license (the "License").  You may not use
this file except in compliance with the License.  You can obtain a copy
in the file LICENSE in the source distribution or at
L<https://www.openssl.org/source/license.html>.

=cut
Commit	Line	Data
29cf84c6 DSH	1	=pod
	2
	3	=head1 NAME
	4
75394189 DSH	5	EVP_DigestVerifyInit, EVP_DigestVerifyUpdate, EVP_DigestVerifyFinal,
75394189 DSH	6	EVP_DigestVerify - EVP signature verification functions
29cf84c6 DSH	7
	8	=head1 SYNOPSIS
	9
	10	#include <openssl/evp.h>
	11
	12	int EVP_DigestVerifyInit(EVP_MD_CTX ctx, EVP_PKEY_CTX *pctx,
e9b77246	13	const EVP_MD type, ENGINE e, EVP_PKEY *pkey);
8bdce8d1	14	int EVP_DigestVerifyUpdate(EVP_MD_CTX ctx, const void d, size_t cnt);
75394189 DSH	15	int EVP_DigestVerifyFinal(EVP_MD_CTX ctx, const unsigned char sig,
	16	size_t siglen);
	17	int EVP_DigestVerify(EVP_MD_CTX ctx, const unsigned char sigret,
	18	size_t siglen, const unsigned char *tbs, size_t tbslen);
29cf84c6 DSH	19
	20	=head1 DESCRIPTION
	21
	22	The EVP signature routines are a high level interface to digital signatures.
	23
	24	EVP_DigestVerifyInit() sets up verification context B<ctx> to use digest
0c714ba2	25	B<type> from ENGINE B<e> and public key B<pkey>. B<ctx> must be created
f097e875	26	with EVP_MD_CTX_new() before calling this function. If B<pctx> is not NULL, the
29cf84c6	27	EVP_PKEY_CTX of the verification operation will be written to B<*pctx>: this
f097e875	28	can be used to set alternative verification options. Note that any existing
675f4cee PY	29	value in B<*pctx> is overwritten. The EVP_PKEY_CTX value returned must not be freed
675f4cee PY	30	directly by the application if B<ctx> is not assigned an EVP_PKEY_CTX value before
4045f688 NT	31	being passed to EVP_DigestVerifyInit() (which means the EVP_PKEY_CTX is created
4045f688 NT	32	inside EVP_DigestVerifyInit() and it will be freed automatically when the
f097e875	33	EVP_MD_CTX is freed).
29cf84c6	34
a5c83db4	35	No B<EVP_PKEY_CTX> will be created by EVP_DigestSignInit() if the passed B<ctx>
ca7c9828	36	has already been assigned one via L<EVP_MD_CTX_set_pkey_ctx(3)>. See also L<SM2(7)>.
675f4cee	37
29cf84c6 DSH	38	EVP_DigestVerifyUpdate() hashes B<cnt> bytes of data at B<d> into the
	39	verification context B<ctx>. This function can be called several times on the
	40	same B<ctx> to include additional data. This function is currently implemented
	41	using a macro.
	42
	43	EVP_DigestVerifyFinal() verifies the data in B<ctx> against the signature in
	44	B<sig> of length B<siglen>.
	45
27b138e9	46	EVP_DigestVerify() verifies B<tbslen> bytes at B<tbs> against the signature
75394189 DSH	47	in B<sig> of length B<siglen>.
75394189 DSH	48
29cf84c6 DSH	49	=head1 RETURN VALUES
	50
	51	EVP_DigestVerifyInit() and EVP_DigestVerifyUpdate() return 1 for success and 0
c03726ca	52	for failure.
29cf84c6	53
75394189 DSH	54	EVP_DigestVerifyFinal() and EVP_DigestVerify() return 1 for success; any other
	55	value indicates failure. A return value of zero indicates that the signature
	56	did not verify successfully (that is, B<tbs> did not match the original data or
	57	the signature had an invalid form), while other values indicate a more serious
	58	error (and sometimes also indicate an invalid signature form).
29cf84c6	59
9b86974e	60	The error codes can be obtained from L<ERR_get_error(3)>.
29cf84c6 DSH	61
	62	=head1 NOTES
	63
	64	The B<EVP> interface to digital signatures should almost always be used in
	65	preference to the low level interfaces. This is because the code then becomes
	66	transparent to the algorithm used and much more flexible.
	67
27b138e9	68	EVP_DigestVerify() is a one shot operation which verifies a single block of
74e78361 DSH	69	data in one function. For algorithms that support streaming it is equivalent
	70	to calling EVP_DigestVerifyUpdate() and EVP_DigestVerifyFinal(). For
	71	algorithms which do not support streaming (e.g. PureEdDSA) it is the only way
	72	to verify data.
75394189	73
29cf84c6 DSH	74	In previous versions of OpenSSL there was a link between message digest types
	75	and public key algorithms. This meant that "clone" digests such as EVP_dss1()
	76	needed to be used to sign using SHA1 and DSA. This is no longer necessary and
	77	the use of clone digest is now discouraged.
	78
f987a4dd DMSP	79	For some key types and parameters the random number generator must be seeded.
	80	If the automatic seeding or reseeding of the OpenSSL CSPRNG fails due to
	81	external circumstances (see L<RAND(7)>), the operation will fail.
29cf84c6 DSH	82
29cf84c6 DSH	83	The call to EVP_DigestVerifyFinal() internally finalizes a copy of the digest
2dd8cb3b	84	context. This means that EVP_VerifyUpdate() and EVP_VerifyFinal() can
29cf84c6 DSH	85	be called later to digest and verify additional data.
29cf84c6 DSH	86
fa332bba	87	Since only a copy of the digest context is ever finalized, the context must
c12a2d27	88	be cleaned up after use by calling EVP_MD_CTX_free() or a memory leak
29cf84c6 DSH	89	will occur.
	90
	91	=head1 SEE ALSO
	92
9b86974e	93	L<EVP_DigestSignInit(3)>,
73fb82b7	94	L<EVP_DigestInit(3)>,
b97fdb57 RL	95	L<evp(7)>, L<HMAC(3)>, L<MD2(3)>,
b97fdb57 RL	96	L<MD5(3)>, L<MDC2(3)>, L<RIPEMD160(3)>,
f987a4dd DMSP	97	L<SHA1(3)>, L<dgst(1)>,
f987a4dd DMSP	98	L<RAND(7)>
29cf84c6 DSH	99
	100	=head1 HISTORY
	101
1bc74519	102	EVP_DigestVerifyInit(), EVP_DigestVerifyUpdate() and EVP_DigestVerifyFinal()
df75c2bf	103	were added in OpenSSL 1.0.0.
29cf84c6	104
e2f92610 RS	105	=head1 COPYRIGHT
e2f92610 RS	106
35fd9953	107	Copyright 2006-2019 The OpenSSL Project Authors. All Rights Reserved.
e2f92610 RS	108
	109	Licensed under the OpenSSL license (the "License"). You may not use
	110	this file except in compliance with the License. You can obtain a copy
	111	in the file LICENSE in the source distribution or at
	112	L<https://www.openssl.org/source/license.html>.
	113
	114	=cut