Current Path : /usr/opt/openssl11/share/doc/openssl/html/man3/ |
FreeBSD hs32.drive.ne.jp 9.1-RELEASE FreeBSD 9.1-RELEASE #1: Wed Jan 14 12:18:08 JST 2015 root@hs32.drive.ne.jp:/sys/amd64/compile/hs32 amd64 |
Current File : //usr/opt/openssl11/share/doc/openssl/html/man3/EVP_SignFinal.html |
<?xml version="1.0" ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title>EVP_SignInit</title> <meta http-equiv="content-type" content="text/html; charset=utf-8" /> <link rev="made" href="mailto:root@hsxx.drive.ne.jp" /> </head> <body style="background-color: white"> <!-- INDEX BEGIN --> <div name="index"> <p><a name="__index__"></a></p> <ul> <li><a href="#name">NAME</a></li> <li><a href="#synopsis">SYNOPSIS</a></li> <li><a href="#description">DESCRIPTION</a></li> <li><a href="#return_values">RETURN VALUES</a></li> <li><a href="#notes">NOTES</a></li> <li><a href="#bugs">BUGS</a></li> <li><a href="#see_also">SEE ALSO</a></li> <li><a href="#copyright">COPYRIGHT</a></li> </ul> <hr name="index" /> </div> <!-- INDEX END --> <p> </p> <hr /> <h1><a name="name">NAME</a></h1> <p>EVP_SignInit, EVP_SignInit_ex, EVP_SignUpdate, EVP_SignFinal - EVP signing functions</p> <p> </p> <hr /> <h1><a name="synopsis">SYNOPSIS</a></h1> <pre> #include <openssl/evp.h></pre> <pre> int EVP_SignInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl); int EVP_SignUpdate(EVP_MD_CTX *ctx, const void *d, unsigned int cnt); int EVP_SignFinal(EVP_MD_CTX *ctx, unsigned char *sig, unsigned int *s, EVP_PKEY *pkey);</pre> <pre> void EVP_SignInit(EVP_MD_CTX *ctx, const EVP_MD *type);</pre> <p> </p> <hr /> <h1><a name="description">DESCRIPTION</a></h1> <p>The EVP signature routines are a high-level interface to digital signatures.</p> <p><code>EVP_SignInit_ex()</code> sets up signing context <em>ctx</em> to use digest <em>type</em> from <strong>ENGINE</strong> <em>impl</em>. <em>ctx</em> must be created with <code>EVP_MD_CTX_new()</code> before calling this function.</p> <p><code>EVP_SignUpdate()</code> hashes <em>cnt</em> bytes of data at <em>d</em> into the signature context <em>ctx</em>. This function can be called several times on the same <em>ctx</em> to include additional data.</p> <p><code>EVP_SignFinal()</code> signs the data in <em>ctx</em> using the private key <em>pkey</em> and places the signature in <em>sig</em>. <em>sig</em> must be at least <code>EVP_PKEY_size(pkey)</code> bytes in size. <em>s</em> is an OUT parameter, and not used as an IN parameter. The number of bytes of data written (i.e. the length of the signature) will be written to the integer at <em>s</em>, at most <code>EVP_PKEY_size(pkey)</code> bytes will be written.</p> <p><code>EVP_SignInit()</code> initializes a signing context <em>ctx</em> to use the default implementation of digest <em>type</em>.</p> <p> </p> <hr /> <h1><a name="return_values">RETURN VALUES</a></h1> <p><code>EVP_SignInit_ex()</code>, <code>EVP_SignUpdate()</code> and <code>EVP_SignFinal()</code> return 1 for success and 0 for failure.</p> <p>The error codes can be obtained by <em>ERR_get_error(3)</em>.</p> <p> </p> <hr /> <h1><a name="notes">NOTES</a></h1> <p>The <strong>EVP</strong> interface to digital signatures should almost always be used in preference to the low-level interfaces. This is because the code then becomes transparent to the algorithm used and much more flexible.</p> <p>When signing with DSA private keys the random number generator must be seeded. If the automatic seeding or reseeding of the OpenSSL CSPRNG fails due to external circumstances (see <em>RAND(7)</em>), the operation will fail. This requirement does not hold for RSA signatures.</p> <p>The call to <code>EVP_SignFinal()</code> internally finalizes a copy of the digest context. This means that calls to <code>EVP_SignUpdate()</code> and <code>EVP_SignFinal()</code> can be called later to digest and sign additional data.</p> <p>Since only a copy of the digest context is ever finalized the context must be cleaned up after use by calling <code>EVP_MD_CTX_free()</code> or a memory leak will occur.</p> <p> </p> <hr /> <h1><a name="bugs">BUGS</a></h1> <p>Older versions of this documentation wrongly stated that calls to <code>EVP_SignUpdate()</code> could not be made after calling <code>EVP_SignFinal()</code>.</p> <p>Since the private key is passed in the call to <code>EVP_SignFinal()</code> any error relating to the private key (for example an unsuitable key and digest combination) will not be indicated until after potentially large amounts of data have been passed through <code>EVP_SignUpdate()</code>.</p> <p>It is not possible to change the signing parameters using these function.</p> <p>The previous two bugs are fixed in the newer EVP_SignDigest*() function.</p> <p> </p> <hr /> <h1><a name="see_also">SEE ALSO</a></h1> <p><em>EVP_PKEY_size(3)</em>, <em>EVP_PKEY_bits(3)</em>, <em>EVP_PKEY_security_bits(3)</em>, <em>EVP_VerifyInit(3)</em>, <em>EVP_DigestInit(3)</em>, <em>evp(7)</em>, <em>HMAC(3)</em>, <em>MD2(3)</em>, <em>MD5(3)</em>, <em>MDC2(3)</em>, <em>RIPEMD160(3)</em>, <em>SHA1(3)</em>, <em>dgst(1)</em></p> <p> </p> <hr /> <h1><a name="copyright">COPYRIGHT</a></h1> <p>Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved.</p> <p>Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at <a href="https://www.openssl.org/source/license.html">https://www.openssl.org/source/license.html</a>.</p> </body> </html>