EVP_SignInit.pod revision 109998
159191Skris=pod 259191Skris 359191Skris=head1 NAME 459191Skris 559191SkrisEVP_SignInit, EVP_SignUpdate, EVP_SignFinal - EVP signing functions 659191Skris 759191Skris=head1 SYNOPSIS 859191Skris 959191Skris #include <openssl/evp.h> 1059191Skris 11109998Smarkm int EVP_SignInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl); 12109998Smarkm int EVP_SignUpdate(EVP_MD_CTX *ctx, const void *d, unsigned int cnt); 1359191Skris int EVP_SignFinal(EVP_MD_CTX *ctx,unsigned char *sig,unsigned int *s, EVP_PKEY *pkey); 1459191Skris 15109998Smarkm void EVP_SignInit(EVP_MD_CTX *ctx, const EVP_MD *type); 16109998Smarkm 1759191Skris int EVP_PKEY_size(EVP_PKEY *pkey); 1859191Skris 1959191Skris=head1 DESCRIPTION 2059191Skris 2159191SkrisThe EVP signature routines are a high level interface to digital 2259191Skrissignatures. 2359191Skris 24109998SmarkmEVP_SignInit_ex() sets up signing context B<ctx> to use digest 25109998SmarkmB<type> from ENGINE B<impl>. B<ctx> must be initialized with 26109998SmarkmEVP_MD_CTX_init() before calling this function. 2759191Skris 2859191SkrisEVP_SignUpdate() hashes B<cnt> bytes of data at B<d> into the 2968651Skrissignature context B<ctx>. This function can be called several times on the 3059191Skrissame B<ctx> to include additional data. 3159191Skris 3259191SkrisEVP_SignFinal() signs the data in B<ctx> using the private key B<pkey> 3359191Skrisand places the signature in B<sig>. If the B<s> parameter is not NULL 3459191Skristhen the number of bytes of data written (i.e. the length of the signature) 3559191Skriswill be written to the integer at B<s>, at most EVP_PKEY_size(pkey) bytes 36109998Smarkmwill be written. 3759191Skris 38109998SmarkmEVP_SignInit() initializes a signing context B<ctx> to use the default 39109998Smarkmimplementation of digest B<type>. 40109998Smarkm 4159191SkrisEVP_PKEY_size() returns the maximum size of a signature in bytes. The actual 4259191Skrissignature returned by EVP_SignFinal() may be smaller. 4359191Skris 4459191Skris=head1 RETURN VALUES 4559191Skris 46109998SmarkmEVP_SignInit_ex(), EVP_SignUpdate() and EVP_SignFinal() return 1 47109998Smarkmfor success and 0 for failure. 4859191Skris 4959191SkrisEVP_PKEY_size() returns the maximum size of a signature in bytes. 5059191Skris 5159191SkrisThe error codes can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>. 5259191Skris 5359191Skris=head1 NOTES 5459191Skris 5559191SkrisThe B<EVP> interface to digital signatures should almost always be used in 5659191Skrispreference to the low level interfaces. This is because the code then becomes 5759191Skristransparent to the algorithm used and much more flexible. 5859191Skris 5959191SkrisDue to the link between message digests and public key algorithms the correct 6059191Skrisdigest algorithm must be used with the correct public key type. A list of 6159191Skrisalgorithms and associated public key algorithms appears in 6259191SkrisL<EVP_DigestInit(3)|EVP_DigestInit(3)>. 6359191Skris 6459191SkrisWhen signing with DSA private keys the random number generator must be seeded 6559191Skrisor the operation will fail. The random number generator does not need to be 6659191Skrisseeded for RSA signatures. 6759191Skris 68109998SmarkmThe call to EVP_SignFinal() internally finalizes a copy of the digest context. 69109998SmarkmThis means that calls to EVP_SignUpdate() and EVP_SignFinal() can be called 70109998Smarkmlater to digest and sign additional data. 71109998Smarkm 72109998SmarkmSince only a copy of the digest context is ever finalized the context must 73109998Smarkmbe cleaned up after use by calling EVP_MD_CTX_cleanup() or a memory leak 74109998Smarkmwill occur. 75109998Smarkm 7659191Skris=head1 BUGS 7759191Skris 78109998SmarkmOlder versions of this documentation wrongly stated that calls to 79109998SmarkmEVP_SignUpdate() could not be made after calling EVP_SignFinal(). 8059191Skris 8159191Skris=head1 SEE ALSO 8259191Skris 8359191SkrisL<EVP_VerifyInit(3)|EVP_VerifyInit(3)>, 8459191SkrisL<EVP_DigestInit(3)|EVP_DigestInit(3)>, L<err(3)|err(3)>, 8559191SkrisL<evp(3)|evp(3)>, L<hmac(3)|hmac(3)>, L<md2(3)|md2(3)>, 8659191SkrisL<md5(3)|md5(3)>, L<mdc2(3)|mdc2(3)>, L<ripemd(3)|ripemd(3)>, 87100936SnectarL<sha(3)|sha(3)>, L<dgst(1)|dgst(1)> 8859191Skris 8959191Skris=head1 HISTORY 9059191Skris 9159191SkrisEVP_SignInit(), EVP_SignUpdate() and EVP_SignFinal() are 9259191Skrisavailable in all versions of SSLeay and OpenSSL. 9359191Skris 94109998SmarkmEVP_SignInit_ex() was added in OpenSSL 0.9.7. 95109998Smarkm 9659191Skris=cut 97