From: tb Date: Tue, 11 May 2021 15:26:21 +0000 (+0000) Subject: Merge documentation for EVP_DigestVerify() from OpenSSL 1.1.1. X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=0c09ad40403d870dd8aace5c6c428ca213ef93e5;p=openbsd Merge documentation for EVP_DigestVerify() from OpenSSL 1.1.1. --- diff --git a/lib/libcrypto/man/EVP_DigestVerifyInit.3 b/lib/libcrypto/man/EVP_DigestVerifyInit.3 index dc212cf1298..3ff7ef81e83 100644 --- a/lib/libcrypto/man/EVP_DigestVerifyInit.3 +++ b/lib/libcrypto/man/EVP_DigestVerifyInit.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: EVP_DigestVerifyInit.3,v 1.8 2019/06/10 14:58:48 schwarze Exp $ +.\" $OpenBSD: EVP_DigestVerifyInit.3,v 1.9 2021/05/11 15:26:21 tb Exp $ .\" OpenSSL fb552ac6 Sep 30 23:43:01 2009 +0000 .\" .\" This file was written by Dr. Stephen Henson . @@ -49,13 +49,14 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: June 10 2019 $ +.Dd $Mdocdate: May 11 2021 $ .Dt EVP_DIGESTVERIFYINIT 3 .Os .Sh NAME .Nm EVP_DigestVerifyInit , .Nm EVP_DigestVerifyUpdate , -.Nm EVP_DigestVerifyFinal +.Nm EVP_DigestVerifyFinal , +.Nm EVP_DigestVerify .Nd EVP signature verification functions .Sh SYNOPSIS .In openssl/evp.h @@ -79,6 +80,14 @@ .Fa "const unsigned char *sig" .Fa "size_t siglen" .Fc +.Ft int +.Fo EVP_DigestVerify +.Fa "EVP_MD_CTX *ctx" +.Fa "const unsigned char *sig" +.Fa "size_t siglen" +.Fa "const unsigned char *tbs" +.Fa "size_t *tbslen" +.Fc .Sh DESCRIPTION The EVP signature routines are a high level interface to digital signatures. @@ -127,6 +136,26 @@ against the signature in of length .Fa siglen . .Pp +.Fn EVP_DigestVerify +verifies +.Fa tbslen +bytes at +.Fa tbs +against the signature in +.Fa sig +of length +.Fa siglen +.Fn EVP_DigestVerify +is a one shot operation which verifies a single block of data +in one function call. +For algorithms that support streaming it is equivalent to calling +.Fn EVP_DigestVerifyUpdate +and +.Fn EVP_DigestVerifyFinal . +.\" For algorithms which do not support streaming +.\" (e.g. PureEdDSA) +.\" it is the only way to verify data. +.Pp The EVP interface to digital signatures should almost always be used in preference to the low level interfaces. This is because the code then becomes transparent to the algorithm used @@ -162,7 +191,8 @@ In particular a return value of -2 indicates the operation is not supported by the public key algorithm. .Pp .Fn EVP_DigestVerifyFinal -returns 1 for success; any other value indicates failure. +.Fn EVP_DigestVerify +return 1 for success; any other value indicates failure. A return value of 0 indicates that the signature did not verify successfully (that is, the signature did not match the original data or the signature had an invalid form), while other values @@ -183,3 +213,6 @@ and .Fn EVP_DigestVerifyFinal first appeared in OpenSSL 1.0.0 and have been available since .Ox 4.9 . +.Fn EVP_DigestVerify +first appeared in OpenSSL 1.1.1 and has been available since +.Ox 7.0 .