EVP_DigestSignInit.pod 3.5 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687
  1. =pod
  2. =head1 NAME
  3. EVP_DigestSignInit, EVP_DigestSignUpdate, EVP_DigestSignFinal - EVP signing functions
  4. =head1 SYNOPSIS
  5. #include <openssl/evp.h>
  6. int EVP_DigestSignInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
  7. const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey);
  8. int EVP_DigestSignUpdate(EVP_MD_CTX *ctx, const void *d, unsigned int cnt);
  9. int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sig, size_t *siglen);
  10. =head1 DESCRIPTION
  11. The EVP signature routines are a high level interface to digital signatures.
  12. EVP_DigestSignInit() sets up signing context B<ctx> to use digest B<type> from
  13. ENGINE B<impl> and private key B<pkey>. B<ctx> must be initialized with
  14. EVP_MD_CTX_init() before calling this function. If B<pctx> is not NULL the
  15. EVP_PKEY_CTX of the signing operation will be written to B<*pctx>: this can
  16. be used to set alternative signing options.
  17. EVP_DigestSignUpdate() hashes B<cnt> bytes of data at B<d> into the
  18. signature context B<ctx>. This function can be called several times on the
  19. same B<ctx> to include additional data. This function is currently implemented
  20. usig a macro.
  21. EVP_DigestSignFinal() signs the data in B<ctx> places the signature in B<sig>.
  22. If B<sig> is B<NULL> then the maximum size of the output buffer is written to
  23. the B<siglen> parameter. If B<sig> is not B<NULL> then before the call the
  24. B<siglen> parameter should contain the length of the B<sig> buffer, if the
  25. call is successful the signature is written to B<sig> and the amount of data
  26. written to B<siglen>.
  27. =head1 RETURN VALUES
  28. EVP_DigestSignInit() EVP_DigestSignUpdate() and EVP_DigestSignaFinal() return
  29. 1 for success and 0 or a negative value for failure. In particular a return
  30. value of -2 indicates the operation is not supported by the public key
  31. algorithm.
  32. The error codes can be obtained from L<ERR_get_error(3)|ERR_get_error(3)>.
  33. =head1 NOTES
  34. The B<EVP> interface to digital signatures should almost always be used in
  35. preference to the low level interfaces. This is because the code then becomes
  36. transparent to the algorithm used and much more flexible.
  37. In previous versions of OpenSSL there was a link between message digest types
  38. and public key algorithms. This meant that "clone" digests such as EVP_dss1()
  39. needed to be used to sign using SHA1 and DSA. This is no longer necessary and
  40. the use of clone digest is now discouraged.
  41. For some key types and parameters the random number generator must be seeded
  42. or the operation will fail.
  43. The call to EVP_DigestSignFinal() internally finalizes a copy of the digest
  44. context. This means that calls to EVP_DigestSignUpdate() and
  45. EVP_DigestSignFinal() can be called later to digest and sign additional data.
  46. Since only a copy of the digest context is ever finalized the context must
  47. be cleaned up after use by calling EVP_MD_CTX_cleanup() or a memory leak
  48. will occur.
  49. The use of EVP_PKEY_size() with these functions is discouraged because some
  50. signature operations may have a signature length which depends on the
  51. parameters set. As a result EVP_PKEY_size() would have to return a value
  52. which indicates the maximum possible signature for any set of parameters.
  53. =head1 SEE ALSO
  54. L<EVP_DigestVerifyInit(3)|EVP_DigestVerifyInit(3)>,
  55. L<EVP_DigestInit(3)|EVP_DigestInit(3)>, L<err(3)|err(3)>,
  56. L<evp(3)|evp(3)>, L<hmac(3)|hmac(3)>, L<md2(3)|md2(3)>,
  57. L<md5(3)|md5(3)>, L<mdc2(3)|mdc2(3)>, L<ripemd(3)|ripemd(3)>,
  58. L<sha(3)|sha(3)>, L<dgst(1)|dgst(1)>
  59. =head1 HISTORY
  60. EVP_DigestSignInit(), EVP_DigestSignUpdate() and EVP_DigestSignFinal()
  61. were first added to OpenSSL 0.9.9.
  62. =cut