You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
91 lines
2.7 KiB
91 lines
2.7 KiB
=pod |
|
|
|
=head1 NAME |
|
|
|
EVP_PKEY_verify_init, EVP_PKEY_verify - signature verification using a public key algorithm |
|
|
|
=head1 SYNOPSIS |
|
|
|
#include <openssl/evp.h> |
|
|
|
int EVP_PKEY_verify_init(EVP_PKEY_CTX *ctx); |
|
int EVP_PKEY_verify(EVP_PKEY_CTX *ctx, |
|
const unsigned char *sig, size_t siglen, |
|
const unsigned char *tbs, size_t tbslen); |
|
|
|
=head1 DESCRIPTION |
|
|
|
The EVP_PKEY_verify_init() function initializes a public key algorithm |
|
context using key B<pkey> for a signature verification operation. |
|
|
|
The EVP_PKEY_verify() function performs a public key verification operation |
|
using B<ctx>. The signature is specified using the B<sig> and |
|
B<siglen> parameters. The verified data (i.e. the data believed originally |
|
signed) is specified using the B<tbs> and B<tbslen> parameters. |
|
|
|
=head1 NOTES |
|
|
|
After the call to EVP_PKEY_verify_init() algorithm specific control |
|
operations can be performed to set any appropriate parameters for the |
|
operation. |
|
|
|
The function EVP_PKEY_verify() can be called more than once on the same |
|
context if several operations are performed using the same parameters. |
|
|
|
=head1 RETURN VALUES |
|
|
|
EVP_PKEY_verify_init() and EVP_PKEY_verify() return 1 if the verification was |
|
successful and 0 if it failed. Unlike other functions the return value 0 from |
|
EVP_PKEY_verify() only indicates that the signature did not not verify |
|
successfully (that is tbs did not match the original data or the signature was |
|
of invalid form) it is not an indication of a more serious error. |
|
|
|
A negative value indicates an error other that signature verification failure. |
|
In particular a return value of -2 indicates the operation is not supported by |
|
the public key algorithm. |
|
|
|
=head1 EXAMPLE |
|
|
|
Verify signature using PKCS#1 and SHA256 digest: |
|
|
|
#include <openssl/evp.h> |
|
#include <openssl/rsa.h> |
|
|
|
EVP_PKEY_CTX *ctx; |
|
unsigned char *md, *sig; |
|
size_t mdlen, siglen; |
|
EVP_PKEY *verify_key; |
|
/* NB: assumes verify_key, sig, siglen md and mdlen are already set up |
|
* and that verify_key is an RSA public key |
|
*/ |
|
ctx = EVP_PKEY_CTX_new(verify_key); |
|
if (!ctx) |
|
/* Error occurred */ |
|
if (EVP_PKEY_verify_init(ctx) <= 0) |
|
/* Error */ |
|
if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_PADDING) <= 0) |
|
/* Error */ |
|
if (EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256()) <= 0) |
|
/* Error */ |
|
|
|
/* Perform operation */ |
|
ret = EVP_PKEY_verify(ctx, sig, siglen, md, mdlen); |
|
|
|
/* ret == 1 indicates success, 0 verify failure and < 0 for some |
|
* other error. |
|
*/ |
|
|
|
=head1 SEE ALSO |
|
|
|
L<EVP_PKEY_CTX_new(3)|EVP_PKEY_CTX_new(3)>, |
|
L<EVP_PKEY_encrypt(3)|EVP_PKEY_encrypt(3)>, |
|
L<EVP_PKEY_decrypt(3)|EVP_PKEY_decrypt(3)>, |
|
L<EVP_PKEY_sign(3)|EVP_PKEY_sign(3)>, |
|
L<EVP_PKEY_verify_recover(3)|EVP_PKEY_verify_recover(3)>, |
|
L<EVP_PKEY_derive(3)|EVP_PKEY_derive(3)> |
|
|
|
=head1 HISTORY |
|
|
|
These functions were first added to OpenSSL 1.0.0. |
|
|
|
=cut
|
|
|