summaryrefslogtreecommitdiff
path: root/lib/libcrypto
diff options
context:
space:
mode:
authorTheo Buehler <tb@cvs.openbsd.org>2021-05-11 15:26:22 +0000
committerTheo Buehler <tb@cvs.openbsd.org>2021-05-11 15:26:22 +0000
commit7fe8c9e6ac65b0e41c6f1df12165e9ccbd5877df (patch)
treecdd86a18fb227cdbf5f14ddf7224109b99b52ab3 /lib/libcrypto
parentc79bc3a8514d66ec21f1153e60b4cf2fe57da7b8 (diff)
Merge documentation for EVP_DigestVerify() from OpenSSL 1.1.1.
Diffstat (limited to 'lib/libcrypto')
-rw-r--r--lib/libcrypto/man/EVP_DigestVerifyInit.341
1 files changed, 37 insertions, 4 deletions
diff --git a/lib/libcrypto/man/EVP_DigestVerifyInit.3 b/lib/libcrypto/man/EVP_DigestVerifyInit.3
index dc212cf1298..3ff7ef81e83 100644
--- a/lib/libcrypto/man/EVP_DigestVerifyInit.3
+++ b/lib/libcrypto/man/EVP_DigestVerifyInit.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: EVP_DigestVerifyInit.3,v 1.8 2019/06/10 14:58:48 schwarze Exp $
+.\" $OpenBSD: EVP_DigestVerifyInit.3,v 1.9 2021/05/11 15:26:21 tb Exp $
.\" OpenSSL fb552ac6 Sep 30 23:43:01 2009 +0000
.\"
.\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
@@ -49,13 +49,14 @@
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.Dd $Mdocdate: June 10 2019 $
+.Dd $Mdocdate: May 11 2021 $
.Dt EVP_DIGESTVERIFYINIT 3
.Os
.Sh NAME
.Nm EVP_DigestVerifyInit ,
.Nm EVP_DigestVerifyUpdate ,
-.Nm EVP_DigestVerifyFinal
+.Nm EVP_DigestVerifyFinal ,
+.Nm EVP_DigestVerify
.Nd EVP signature verification functions
.Sh SYNOPSIS
.In openssl/evp.h
@@ -79,6 +80,14 @@
.Fa "const unsigned char *sig"
.Fa "size_t siglen"
.Fc
+.Ft int
+.Fo EVP_DigestVerify
+.Fa "EVP_MD_CTX *ctx"
+.Fa "const unsigned char *sig"
+.Fa "size_t siglen"
+.Fa "const unsigned char *tbs"
+.Fa "size_t *tbslen"
+.Fc
.Sh DESCRIPTION
The EVP signature routines are a high level interface to digital
signatures.
@@ -127,6 +136,26 @@ against the signature in
of length
.Fa siglen .
.Pp
+.Fn EVP_DigestVerify
+verifies
+.Fa tbslen
+bytes at
+.Fa tbs
+against the signature in
+.Fa sig
+of length
+.Fa siglen
+.Fn EVP_DigestVerify
+is a one shot operation which verifies a single block of data
+in one function call.
+For algorithms that support streaming it is equivalent to calling
+.Fn EVP_DigestVerifyUpdate
+and
+.Fn EVP_DigestVerifyFinal .
+.\" For algorithms which do not support streaming
+.\" (e.g. PureEdDSA)
+.\" it is the only way to verify data.
+.Pp
The EVP interface to digital signatures should almost always be
used in preference to the low level interfaces.
This is because the code then becomes transparent to the algorithm used
@@ -162,7 +191,8 @@ In particular a return value of -2 indicates the operation is not
supported by the public key algorithm.
.Pp
.Fn EVP_DigestVerifyFinal
-returns 1 for success; any other value indicates failure.
+.Fn EVP_DigestVerify
+return 1 for success; any other value indicates failure.
A return value of 0 indicates that the signature did not verify
successfully (that is, the signature did not match the original
data or the signature had an invalid form), while other values
@@ -183,3 +213,6 @@ and
.Fn EVP_DigestVerifyFinal
first appeared in OpenSSL 1.0.0 and have been available since
.Ox 4.9 .
+.Fn EVP_DigestVerify
+first appeared in OpenSSL 1.1.1 and has been available since
+.Ox 7.0 .