1 | =pod
|
---|
2 |
|
---|
3 | =head1 NAME
|
---|
4 |
|
---|
5 | EVP_PKEY_verify_init, EVP_PKEY_verify - signature verification using a public key algorithm
|
---|
6 |
|
---|
7 | =head1 SYNOPSIS
|
---|
8 |
|
---|
9 | #include <openssl/evp.h>
|
---|
10 |
|
---|
11 | int EVP_PKEY_verify_init(EVP_PKEY_CTX *ctx);
|
---|
12 | int EVP_PKEY_verify(EVP_PKEY_CTX *ctx,
|
---|
13 | const unsigned char *sig, size_t siglen,
|
---|
14 | const unsigned char *tbs, size_t tbslen);
|
---|
15 |
|
---|
16 | =head1 DESCRIPTION
|
---|
17 |
|
---|
18 | The EVP_PKEY_verify_init() function initializes a public key algorithm
|
---|
19 | context using key B<pkey> for a signature verification operation.
|
---|
20 |
|
---|
21 | The EVP_PKEY_verify() function performs a public key verification operation
|
---|
22 | using B<ctx>. The signature is specified using the B<sig> and
|
---|
23 | B<siglen> parameters. The verified data (i.e. the data believed originally
|
---|
24 | signed) is specified using the B<tbs> and B<tbslen> parameters.
|
---|
25 |
|
---|
26 | =head1 NOTES
|
---|
27 |
|
---|
28 | After the call to EVP_PKEY_verify_init() algorithm specific control
|
---|
29 | operations can be performed to set any appropriate parameters for the
|
---|
30 | operation.
|
---|
31 |
|
---|
32 | The function EVP_PKEY_verify() can be called more than once on the same
|
---|
33 | context if several operations are performed using the same parameters.
|
---|
34 |
|
---|
35 | =head1 RETURN VALUES
|
---|
36 |
|
---|
37 | EVP_PKEY_verify_init() and EVP_PKEY_verify() return 1 if the verification was
|
---|
38 | successful and 0 if it failed. Unlike other functions the return value 0 from
|
---|
39 | EVP_PKEY_verify() only indicates that the signature did not verify
|
---|
40 | successfully (that is tbs did not match the original data or the signature was
|
---|
41 | of invalid form) it is not an indication of a more serious error.
|
---|
42 |
|
---|
43 | A negative value indicates an error other that signature verification failure.
|
---|
44 | In particular a return value of -2 indicates the operation is not supported by
|
---|
45 | the public key algorithm.
|
---|
46 |
|
---|
47 | =head1 EXAMPLES
|
---|
48 |
|
---|
49 | Verify signature using PKCS#1 and SHA256 digest:
|
---|
50 |
|
---|
51 | #include <openssl/evp.h>
|
---|
52 | #include <openssl/rsa.h>
|
---|
53 |
|
---|
54 | EVP_PKEY_CTX *ctx;
|
---|
55 | unsigned char *md, *sig;
|
---|
56 | size_t mdlen, siglen;
|
---|
57 | EVP_PKEY *verify_key;
|
---|
58 |
|
---|
59 | /*
|
---|
60 | * NB: assumes verify_key, sig, siglen md and mdlen are already set up
|
---|
61 | * and that verify_key is an RSA public key
|
---|
62 | */
|
---|
63 | ctx = EVP_PKEY_CTX_new(verify_key, NULL /* no engine */);
|
---|
64 | if (!ctx)
|
---|
65 | /* Error occurred */
|
---|
66 | if (EVP_PKEY_verify_init(ctx) <= 0)
|
---|
67 | /* Error */
|
---|
68 | if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_PADDING) <= 0)
|
---|
69 | /* Error */
|
---|
70 | if (EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256()) <= 0)
|
---|
71 | /* Error */
|
---|
72 |
|
---|
73 | /* Perform operation */
|
---|
74 | ret = EVP_PKEY_verify(ctx, sig, siglen, md, mdlen);
|
---|
75 |
|
---|
76 | /*
|
---|
77 | * ret == 1 indicates success, 0 verify failure and < 0 for some
|
---|
78 | * other error.
|
---|
79 | */
|
---|
80 |
|
---|
81 | =head1 SEE ALSO
|
---|
82 |
|
---|
83 | L<EVP_PKEY_CTX_new(3)>,
|
---|
84 | L<EVP_PKEY_encrypt(3)>,
|
---|
85 | L<EVP_PKEY_decrypt(3)>,
|
---|
86 | L<EVP_PKEY_sign(3)>,
|
---|
87 | L<EVP_PKEY_verify_recover(3)>,
|
---|
88 | L<EVP_PKEY_derive(3)>
|
---|
89 |
|
---|
90 | =head1 HISTORY
|
---|
91 |
|
---|
92 | These functions were added in OpenSSL 1.0.0.
|
---|
93 |
|
---|
94 | =head1 COPYRIGHT
|
---|
95 |
|
---|
96 | Copyright 2006-2019 The OpenSSL Project Authors. All Rights Reserved.
|
---|
97 |
|
---|
98 | Licensed under the OpenSSL license (the "License"). You may not use
|
---|
99 | this file except in compliance with the License. You can obtain a copy
|
---|
100 | in the file LICENSE in the source distribution or at
|
---|
101 | L<https://www.openssl.org/source/license.html>.
|
---|
102 |
|
---|
103 | =cut
|
---|