2
0

EVP_PKEY_verify.pod 3.6 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114
  1. =pod
  2. =head1 NAME
  3. EVP_PKEY_verify_init, EVP_PKEY_verify_init_ex, EVP_PKEY_verify
  4. - signature verification using a public key algorithm
  5. =head1 SYNOPSIS
  6. #include <openssl/evp.h>
  7. int EVP_PKEY_verify_init(EVP_PKEY_CTX *ctx);
  8. int EVP_PKEY_verify_init_ex(EVP_PKEY_CTX *ctx, const OSSL_PARAM params[]);
  9. int EVP_PKEY_verify(EVP_PKEY_CTX *ctx,
  10. const unsigned char *sig, size_t siglen,
  11. const unsigned char *tbs, size_t tbslen);
  12. =head1 DESCRIPTION
  13. EVP_PKEY_verify_init() initializes a public key algorithm context I<ctx> for
  14. signing using the algorithm given when the context was created
  15. using L<EVP_PKEY_CTX_new(3)> or variants thereof. The algorithm is used to
  16. fetch a B<EVP_SIGNATURE> method implicitly, see L<provider(7)/Implicit fetch>
  17. for more information about implicit fetches.
  18. EVP_PKEY_verify_init_ex() is the same as EVP_PKEY_verify_init() but additionally
  19. sets the passed parameters I<params> on the context before returning.
  20. The EVP_PKEY_verify() function performs a public key verification operation
  21. using I<ctx>. The signature is specified using the I<sig> and
  22. I<siglen> parameters. The verified data (i.e. the data believed originally
  23. signed) is specified using the I<tbs> and I<tbslen> parameters.
  24. =head1 NOTES
  25. After the call to EVP_PKEY_verify_init() algorithm specific control
  26. operations can be performed to set any appropriate parameters for the
  27. operation.
  28. The function EVP_PKEY_verify() can be called more than once on the same
  29. context if several operations are performed using the same parameters.
  30. =head1 RETURN VALUES
  31. EVP_PKEY_verify_init() and EVP_PKEY_verify() return 1 if the verification was
  32. successful and 0 if it failed. Unlike other functions the return value 0 from
  33. EVP_PKEY_verify() only indicates that the signature did not verify
  34. successfully (that is tbs did not match the original data or the signature was
  35. of invalid form) it is not an indication of a more serious error.
  36. A negative value indicates an error other that signature verification failure.
  37. In particular a return value of -2 indicates the operation is not supported by
  38. the public key algorithm.
  39. =head1 EXAMPLES
  40. Verify signature using PKCS#1 and SHA256 digest:
  41. #include <openssl/evp.h>
  42. #include <openssl/rsa.h>
  43. EVP_PKEY_CTX *ctx;
  44. unsigned char *md, *sig;
  45. size_t mdlen, siglen;
  46. EVP_PKEY *verify_key;
  47. /*
  48. * NB: assumes verify_key, sig, siglen md and mdlen are already set up
  49. * and that verify_key is an RSA public key
  50. */
  51. ctx = EVP_PKEY_CTX_new(verify_key, NULL /* no engine */);
  52. if (!ctx)
  53. /* Error occurred */
  54. if (EVP_PKEY_verify_init(ctx) <= 0)
  55. /* Error */
  56. if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_PADDING) <= 0)
  57. /* Error */
  58. if (EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256()) <= 0)
  59. /* Error */
  60. /* Perform operation */
  61. ret = EVP_PKEY_verify(ctx, sig, siglen, md, mdlen);
  62. /*
  63. * ret == 1 indicates success, 0 verify failure and < 0 for some
  64. * other error.
  65. */
  66. =head1 SEE ALSO
  67. L<EVP_PKEY_CTX_new(3)>,
  68. L<EVP_PKEY_encrypt(3)>,
  69. L<EVP_PKEY_decrypt(3)>,
  70. L<EVP_PKEY_sign(3)>,
  71. L<EVP_PKEY_verify_recover(3)>,
  72. L<EVP_PKEY_derive(3)>
  73. =head1 HISTORY
  74. The EVP_PKEY_verify_init() and EVP_PKEY_verify() functions were added in
  75. OpenSSL 1.0.0.
  76. The EVP_PKEY_verify_init_ex() function was added in OpenSSL 3.0.
  77. =head1 COPYRIGHT
  78. Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved.
  79. Licensed under the Apache License 2.0 (the "License"). You may not use
  80. this file except in compliance with the License. You can obtain a copy
  81. in the file LICENSE in the source distribution or at
  82. L<https://www.openssl.org/source/license.html>.
  83. =cut