provider-signature.7 - OpenGrok cross reference for /freebsd/secure/lib/libcrypto/man/man7/provider-signature.7

Lines Matching full:signature
57 .IX Title "PROVIDER-SIGNATURE 7ossl"
58 .TH PROVIDER-SIGNATURE 7ossl 2025-09-30 3.5.4 OpenSSL
64 provider\-signature \- The signature library <\-> provider functions
82 \& /* Get the key types that a signature algorithm supports */
107 \&  * OSSL_FUNC_signature_verify_message_final requires that the signature to be
108 \&  * verified is specified via a "signature" OSSL_PARAM, which is given with a
146 \& /* Signature parameters */
164 The signature (OSSL_OP_SIGNATURE) operation enables providers to implement
165 signature algorithms and make them available to applications via the API
233 A signature algorithm implementation may not implement all of these functions.
236 set of "signature" functions, i.e. at least one of:
274 indicating the key types supported by the provider for signature operations.
275 Otherwise the signature algorithm name must match the given key
276 or match the default signature algorithm name of the key,
279 A signature algorithm must also implement some mechanism for generating,
285 structure for holding context information during a signature operation.
286 A pointer to this context will be passed back in a number of the other signature
293 \&\fBOSSL_FUNC_signature_freectx()\fR is passed a pointer to the provider side signature
297 \&\fBOSSL_FUNC_signature_dupctx()\fR should duplicate the provider side signature context in
302 signature context in the \fIctx\fR parameter, and a pointer to a provider key object
311 A previously initialised signature context is passed in the \fIctx\fR
315 Unless \fIsig\fR is NULL, the signature should be written to the location pointed
317 The length of the signature should be written to \fI*siglen\fR.
318 If \fIsig\fR is NULL then the maximum length of the signature should be written to
327 message given a provider side signature context in the \fIctx\fR parameter, and a
341 \&\fBOSSL_FUNC_signature_sign()\fR can be used for one-shot signature calls.  In that
346 if \fIsig\fR is not NULL, the signature should be written to the location pointed
348 The length of the signature should be written to \fI*siglen\fR.
349 If \fIsig\fR is NULL then the maximum length of the signature should be written to
353 \&\fBOSSL_FUNC_signature_verify_init()\fR initialises a context for verifying a signature given
354 a provider side signature context in the \fIctx\fR parameter, and a pointer to a
363 A previously initialised signature context is passed in the \fIctx\fR parameter.
364 The data that the signature covers is pointed to be the \fItbs\fR parameter which
366 The signature is pointed to by the \fIsig\fR parameter which is \fIsiglen\fR bytes
371 accumulate a full message and verify a signature on the result of that
375 a signature on a message given a provider side signature context in the \fIctx\fR
388 The signature itself must have been passed through the "signature"
389 (\fBOSSL_SIGNATURE_PARAM_SIGNATURE\fR) Signature parameter
398 signed data given a provider side signature context in the \fIctx\fR parameter, and
407 A previously initialised signature context is passed in the \fIctx\fR parameter.
408 The signature is pointed to by the \fIsig\fR parameter which is \fIsiglen\fR bytes
418 provider side signature context in the \fIctx\fR parameter, and a pointer to a
430 signature context is passed in the \fIctx\fR parameter. This function may be called
433 \&\fBOSSL_FUNC_signature_digest_sign_final()\fR finalises a signature operation previously
437 signature context is passed in the \fIctx\fR parameter. Unless \fIsig\fR is NULL, the
438 signature should be written to the location pointed to by the \fIsig\fR parameter
439 and it should not exceed \fIsigsize\fR bytes in length. The length of the signature
441 the signature should be written to \fI*siglen\fR.
445 initialised signature context is passed in the \fIctx\fR parameter. The data to be
447 the signature should be written to the location pointed to by the \fIsig\fR
449 signature should be written to \fI*siglen\fR. If \fIsig\fR is NULL then the maximum
450 length of the signature should be written to \fI*siglen\fR.
473 verification context is passed in the \fIctx\fR parameter. The signature to be
479 verified is in \fItbs\fR which should be \fItbslen\fR bytes long. The signature to be
481 .SS "Signature parameters"
482 .IX Subsection "Signature parameters"
486 \&\fBOSSL_FUNC_signature_get_ctx_params()\fR gets signature parameters associated with the
487 given provider side signature context \fIctx\fR and stored them in \fIparams\fR.
490 \&\fBOSSL_FUNC_signature_set_ctx_params()\fR sets the signature parameters associated with the
491 given provider side signature context \fIctx\fR to \fIparams\fR.
495 Common parameters currently recognised by built-in signature algorithms are as
500 signature functions. It is required in order to calculate the "algorithm-id".
506 Note that when implementing a signature algorithm that gathers a full message,
512 .IP """signature"" (\fBOSSL_SIGNATURE_PARAM_SIGNATURE\fR) <octet string>" 4
513 .IX Item """signature"" (OSSL_SIGNATURE_PARAM_SIGNATURE) <octet string>"
514 Sets the signature to verify, specifically when
519 signature functions.
523 Gets the DER-encoded AlgorithmIdentifier for the signature operation.
525 with a purely asymmetric signature algorithm, such as SHA256WithECDSA.
532 Set this to 1 to use deterministic digital signature generation with
536 deterministic digital signature generation, please read RFC 6979
542 The FIPS provider does not support deterministic digital signature generation.
546 calculated signature is invalid.
548 signature operation succeeds.
549 By default it retries until a signature is calculated.
564 A getter that returns 1 if a signature verification operation acted on
567 set when any signature verification initialisation function is called.
581 If required this parameter should be set before the signature digest is set.
615 given provider side digest signature context \fIctx\fR and stores them in \fIparams\fR.
619 given provider side digest signature context \fIctx\fR to \fIparams\fR.
623 Parameters currently recognised by built-in signature algorithms are the same
635 provider side signature context, or NULL on failure.
644 0 for a non-matching signature, and a negative value for operation failure.
656 The provider SIGNATURE interface was introduced in OpenSSL 3.0.
657 The Signature Parameters "fips-indicator", "key-check" and "digest-check"