DOC HOME SITE MAP MAN PAGES GNU INFO SEARCH PRINT BOOK
 

/usr/man/cat.3/EVP_DigestSignFinal.3(/usr/man/cat.3/EVP_DigestSignFinal.3)




EVP_DigestSignInit(3)        OpenSSL        EVP_DigestSignInit(3)


NAME

     EVP_DigestSignInit, EVP_DigestSignUpdate,
     EVP_DigestSignFinal - EVP signing functions


SYNOPSIS

      #include <openssl/evp.h>

      int EVP_DigestSignInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
                             const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey);
      int EVP_DigestSignUpdate(EVP_MD_CTX *ctx, const void *d, size_t cnt);
      int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sig, size_t *siglen);


DESCRIPTION

     The EVP signature routines are a high level interface to
     digital signatures.

     EVP_DigestSignInit() sets up signing context ctx to use
     digest type from ENGINE impl and private key pkey. ctx must
     be initialized with EVP_MD_CTX_init() before calling this
     function. If pctx is not NULL, the EVP_PKEY_CTX of the
     signing operation will be written to *pctx: this can be used
     to set alternative signing options. Note that any existing
     value in *pctx is overwritten. The EVP_PKEY_CTX value
     returned must not be freed directly by the application (it
     will be freed automatically when the EVP_MD_CTX is freed).
     The digest type may be NULL if the signing algorithm
     supports it.

     EVP_DigestSignUpdate() hashes cnt bytes of data at d into
     the signature context ctx. This function can be called
     several times on the same ctx to include additional data.
     This function is currently implemented usig a macro.

     EVP_DigestSignFinal() signs the data in ctx places the
     signature in sig.  If sig is NULL then the maximum size of
     the output buffer is written to the siglen parameter. If sig
     is not NULL then before the call the siglen parameter should
     contain the length of the sig buffer, if the call is
     successful the signature is written to sig and the amount of
     data written to siglen.


RETURN VALUES

     EVP_DigestSignInit() EVP_DigestSignUpdate() and
     EVP_DigestSignaFinal() return 1 for success and 0 or a
     negative value for failure. In particular a return value of
     -2 indicates the operation is not supported by the public
     key algorithm.

     The error codes can be obtained from ERR_get_error(3).


NOTES

     The EVP interface to digital signatures should almost always

1.0.2t               Last change: 2019-09-10                    1

EVP_DigestSignInit(3)        OpenSSL        EVP_DigestSignInit(3)

     be used in preference to the low level interfaces. This is
     because the code then becomes transparent to the algorithm
     used and much more flexible.

     In previous versions of OpenSSL there was a link between
     message digest types and public key algorithms. This meant
     that "clone" digests such as EVP_dss1() needed to be used to
     sign using SHA1 and DSA. This is no longer necessary and the
     use of clone digest is now discouraged.

     For some key types and parameters the random number
     generator must be seeded or the operation will fail.

     The call to EVP_DigestSignFinal() internally finalizes a
     copy of the digest context. This means that calls to
     EVP_DigestSignUpdate() and EVP_DigestSignFinal() can be
     called later to digest and sign additional data.

     Since only a copy of the digest context is ever finalized
     the context must be cleaned up after use by calling
     EVP_MD_CTX_cleanup() or a memory leak will occur.

     The use of EVP_PKEY_size() with these functions is
     discouraged because some signature operations may have a
     signature length which depends on the parameters set. As a
     result EVP_PKEY_size() would have to return a value which
     indicates the maximum possible signature for any set of
     parameters.


SEE ALSO

     EVP_DigestVerifyInit(3), EVP_DigestInit(3), err(3), evp(3),
     hmac(3), md2(3), md5(3), mdc2(3), ripemd(3), sha(3), dgst(1)


HISTORY

     EVP_DigestSignInit(), EVP_DigestSignUpdate() and
     EVP_DigestSignFinal() were first added to OpenSSL 1.0.0.

1.0.2t               Last change: 2019-09-10                    2

See also EVP_DigestSignInit(3)
See also EVP_DigestSignUpdate(3)

Man(1) output converted with man2html