Current Path : /usr/opt/openssl11/share/doc/openssl/html/man3/ |
FreeBSD hs32.drive.ne.jp 9.1-RELEASE FreeBSD 9.1-RELEASE #1: Wed Jan 14 12:18:08 JST 2015 root@hs32.drive.ne.jp:/sys/amd64/compile/hs32 amd64 |
Current File : //usr/opt/openssl11/share/doc/openssl/html/man3/EVP_DigestSignFinal.html |
<?xml version="1.0" ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title>EVP_DigestSignInit</title> <meta http-equiv="content-type" content="text/html; charset=utf-8" /> <link rev="made" href="mailto:root@hsxx.drive.ne.jp" /> </head> <body style="background-color: white"> <!-- INDEX BEGIN --> <div name="index"> <p><a name="__index__"></a></p> <ul> <li><a href="#name">NAME</a></li> <li><a href="#synopsis">SYNOPSIS</a></li> <li><a href="#description">DESCRIPTION</a></li> <li><a href="#return_values">RETURN VALUES</a></li> <li><a href="#notes">NOTES</a></li> <li><a href="#see_also">SEE ALSO</a></li> <li><a href="#history">HISTORY</a></li> <li><a href="#copyright">COPYRIGHT</a></li> </ul> <hr name="index" /> </div> <!-- INDEX END --> <p> </p> <hr /> <h1><a name="name">NAME</a></h1> <p>EVP_DigestSignInit, EVP_DigestSignUpdate, EVP_DigestSignFinal, EVP_DigestSign - EVP signing functions</p> <p> </p> <hr /> <h1><a name="synopsis">SYNOPSIS</a></h1> <pre> #include <openssl/evp.h></pre> <pre> int EVP_DigestSignInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey); int EVP_DigestSignUpdate(EVP_MD_CTX *ctx, const void *d, size_t cnt); int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sig, size_t *siglen);</pre> <pre> int EVP_DigestSign(EVP_MD_CTX *ctx, unsigned char *sigret, size_t *siglen, const unsigned char *tbs, size_t tbslen);</pre> <p> </p> <hr /> <h1><a name="description">DESCRIPTION</a></h1> <p>The EVP signature routines are a high-level interface to digital signatures.</p> <p><code>EVP_DigestSignInit()</code> sets up signing context <strong>ctx</strong> to use digest <strong>type</strong> from ENGINE <strong>e</strong> and private key <strong>pkey</strong>. <strong>ctx</strong> must be created with <code>EVP_MD_CTX_new()</code> before calling this function. If <strong>pctx</strong> is not NULL, the EVP_PKEY_CTX of the signing operation will be written to <strong>*pctx</strong>: this can be used to set alternative signing options. Note that any existing value in <strong>*pctx</strong> is overwritten. The EVP_PKEY_CTX value returned must not be freed directly by the application if <strong>ctx</strong> is not assigned an EVP_PKEY_CTX value before being passed to <code>EVP_DigestSignInit()</code> (which means the EVP_PKEY_CTX is created inside <code>EVP_DigestSignInit()</code> and it will be freed automatically when the EVP_MD_CTX is freed).</p> <p>The digest <strong>type</strong> may be NULL if the signing algorithm supports it.</p> <p>No <strong>EVP_PKEY_CTX</strong> will be created by <code>EVP_DigestSignInit()</code> if the passed <strong>ctx</strong> has already been assigned one via <em>EVP_MD_CTX_set_pkey_ctx(3)</em>. See also <em>SM2(7)</em>.</p> <p>Only EVP_PKEY types that support signing can be used with these functions. This includes MAC algorithms where the MAC generation is considered as a form of "signing". Built-in EVP_PKEY types supported by these functions are CMAC, Poly1305, DSA, ECDSA, HMAC, RSA, SipHash, Ed25519 and Ed448.</p> <p>Not all digests can be used for all key types. The following combinations apply.</p> <dl> <dt><strong><a name="dsa" class="item">DSA</a></strong></dt> <dd> <p>Supports SHA1, SHA224, SHA256, SHA384 and SHA512</p> </dd> <dt><strong><a name="ecdsa" class="item">ECDSA</a></strong></dt> <dd> <p>Supports SHA1, SHA224, SHA256, SHA384, SHA512 and SM3</p> </dd> <dt><strong><a name="rsa_with_no_padding" class="item">RSA with no padding</a></strong></dt> <dd> <p>Supports no digests (the digest <strong>type</strong> must be NULL)</p> </dd> <dt><strong><a name="rsa_with_x931_padding" class="item">RSA with X931 padding</a></strong></dt> <dd> <p>Supports SHA1, SHA256, SHA384 and SHA512</p> </dd> <dt><strong><a name="all_other_rsa_padding_types" class="item">All other RSA padding types</a></strong></dt> <dd> <p>Support SHA1, SHA224, SHA256, SHA384, SHA512, MD5, MD5_SHA1, MD2, MD4, MDC2, SHA3-224, SHA3-256, SHA3-384, SHA3-512</p> </dd> <dt><strong><a name="ed25519_and_ed448" class="item">Ed25519 and Ed448</a></strong></dt> <dd> <p>Support no digests (the digest <strong>type</strong> must be NULL)</p> </dd> <dt><strong><a name="hmac" class="item">HMAC</a></strong></dt> <dd> <p>Supports any digest</p> </dd> <dt><strong><a name="cmac_poly1305_and_siphash" class="item">CMAC, Poly1305 and SipHash</a></strong></dt> <dd> <p>Will ignore any digest provided.</p> </dd> </dl> <p>If RSA-PSS is used and restrictions apply then the digest must match.</p> <p><code>EVP_DigestSignUpdate()</code> hashes <strong>cnt</strong> bytes of data at <strong>d</strong> into the signature context <strong>ctx</strong>. This function can be called several times on the same <strong>ctx</strong> to include additional data. This function is currently implemented using a macro.</p> <p><code>EVP_DigestSignFinal()</code> signs the data in <strong>ctx</strong> and places the signature in <strong>sig</strong>. If <strong>sig</strong> is <strong>NULL</strong> then the maximum size of the output buffer is written to the <strong>siglen</strong> parameter. If <strong>sig</strong> is not <strong>NULL</strong> then before the call the <strong>siglen</strong> parameter should contain the length of the <strong>sig</strong> buffer. If the call is successful the signature is written to <strong>sig</strong> and the amount of data written to <strong>siglen</strong>.</p> <p><code>EVP_DigestSign()</code> signs <strong>tbslen</strong> bytes of data at <strong>tbs</strong> and places the signature in <strong>sig</strong> and its length in <strong>siglen</strong> in a similar way to <code>EVP_DigestSignFinal()</code>.</p> <p> </p> <hr /> <h1><a name="return_values">RETURN VALUES</a></h1> <p><code>EVP_DigestSignInit()</code>, <code>EVP_DigestSignUpdate()</code>, <code>EVP_DigestSignFinal()</code> and <code>EVP_DigestSign()</code> return 1 for success and 0 for failure.</p> <p>The error codes can be obtained from <em>ERR_get_error(3)</em>.</p> <p> </p> <hr /> <h1><a name="notes">NOTES</a></h1> <p>The <strong>EVP</strong> interface to digital signatures should almost always be used in preference to the low-level interfaces. This is because the code then becomes transparent to the algorithm used and much more flexible.</p> <p><code>EVP_DigestSign()</code> is a one shot operation which signs a single block of data in one function. For algorithms that support streaming it is equivalent to calling <code>EVP_DigestSignUpdate()</code> and <code>EVP_DigestSignFinal()</code>. For algorithms which do not support streaming (e.g. PureEdDSA) it is the only way to sign data.</p> <p>In previous versions of OpenSSL there was a link between message digest types and public key algorithms. This meant that "clone" digests such as EVP_dss1() needed to be used to sign using SHA1 and DSA. This is no longer necessary and the use of clone digest is now discouraged.</p> <p>For some key types and parameters the random number generator must be seeded. If the automatic seeding or reseeding of the OpenSSL CSPRNG fails due to external circumstances (see <em>RAND(7)</em>), the operation will fail.</p> <p>The call to <code>EVP_DigestSignFinal()</code> internally finalizes a copy of the digest context. This means that calls to <code>EVP_DigestSignUpdate()</code> and <code>EVP_DigestSignFinal()</code> can be called later to digest and sign additional data.</p> <p>Since only a copy of the digest context is ever finalized, the context must be cleaned up after use by calling <code>EVP_MD_CTX_free()</code> or a memory leak will occur.</p> <p>The use of <code>EVP_PKEY_size()</code> with these functions is discouraged because some signature operations may have a signature length which depends on the parameters set. As a result <code>EVP_PKEY_size()</code> would have to return a value which indicates the maximum possible signature for any set of parameters.</p> <p> </p> <hr /> <h1><a name="see_also">SEE ALSO</a></h1> <p><em>EVP_DigestVerifyInit(3)</em>, <em>EVP_DigestInit(3)</em>, <em>evp(7)</em>, <a href="#hmac">HMAC(3)</a>, <em>MD2(3)</em>, <em>MD5(3)</em>, <em>MDC2(3)</em>, <em>RIPEMD160(3)</em>, <em>SHA1(3)</em>, <em>dgst(1)</em>, <em>RAND(7)</em></p> <p> </p> <hr /> <h1><a name="history">HISTORY</a></h1> <p><code>EVP_DigestSignInit()</code>, <code>EVP_DigestSignUpdate()</code> and <code>EVP_DigestSignFinal()</code> were added in OpenSSL 1.0.0.</p> <p> </p> <hr /> <h1><a name="copyright">COPYRIGHT</a></h1> <p>Copyright 2006-2020 The OpenSSL Project Authors. All Rights Reserved.</p> <p>Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at <a href="https://www.openssl.org/source/license.html">https://www.openssl.org/source/license.html</a>.</p> </body> </html>