provider-signature.7 - OpenGrok cross reference for /freebsd/secure/lib/libcrypto/man/man7/provider-signature.7

Lines Matching +full:side +full:- +full:by +full:- +full:side
1 .\" -*- mode: troff; coding: utf-8 -*-
2 .\" Automatically generated by Pod::Man 5.0102 (Pod::Simple 3.45)
57 .IX Title "PROVIDER-SIGNATURE 7ossl"
58 .TH PROVIDER-SIGNATURE 7ossl 2025-09-30 3.5.4 OpenSSL
64 provider\-signature \- The signature library <\-> provider functions
171 \&\fBOSSL_ALGORITHM\fR\|(3) arrays that are returned by the provider's
173 (see "Provider Functions" in \fBprovider\-base\fR\|(7)).
187 \&\fBOSSL_DISPATCH\fR\|(3) arrays are indexed by numbers that are provided as
188 macros in \fBopenssl\-core_dispatch.h\fR\|(7), as follows:
270 It is not yet used by OpenSSL.
273 When present, it should return a NULL-terminated array of strings
274 indicating the key types supported by the provider for signature operations.
281 See \fBprovider\-keymgmt\fR\|(7) for further details.
284 \&\fBOSSL_FUNC_signature_newctx()\fR should create and return a pointer to a provider side
290 string that may be (optionally) used by the provider during any "fetches" that
293 \&\fBOSSL_FUNC_signature_freectx()\fR is passed a pointer to the provider side signature
297 \&\fBOSSL_FUNC_signature_dupctx()\fR should duplicate the provider side signature context in
301 \&\fBOSSL_FUNC_signature_sign_init()\fR initialises a context for signing given a provider side
308 \&\fBprovider\-keymgmt\fR\|(7)).
316 to by the \fIsig\fR parameter and it should not exceed \fIsigsize\fR bytes in length.
324 RSA\-SHA256.
327 message given a provider side signature context in the \fIctx\fR parameter, and a
333 \&\fBprovider\-keymgmt\fR\|(7)).
335 \&\fBOSSL_FUNC_signature_sign_message_update()\fR gathers the data pointed at by
341 \&\fBOSSL_FUNC_signature_sign()\fR can be used for one-shot signature calls.  In that
347 to by \fIsig\fR, and it should not exceed \fIsigsize\fR bytes in length.
354 a provider side signature context in the \fIctx\fR parameter, and a pointer to a
360 \&\fBprovider\-keymgmt\fR\|(7)).
366 The signature is pointed to by the \fIsig\fR parameter which is \fIsiglen\fR bytes
372 accumulation, such as RSA\-SHA256.
375 a signature on a message given a provider side signature context in the \fIctx\fR
381 \&\fBprovider\-keymgmt\fR\|(7)).
383 \&\fBOSSL_FUNC_signature_verify_message_update()\fR gathers the data pointed at by
392 \&\fBOSSL_FUNC_signature_verify()\fR can be used for one-shot verification calls.  In
398 signed data given a provider side signature context in the \fIctx\fR parameter, and
404 \&\fBprovider\-keymgmt\fR\|(7)).
408 The signature is pointed to by the \fIsig\fR parameter which is \fIsiglen\fR bytes
411 pointed to by \fIrout\fR which should not exceed \fIroutsize\fR bytes in length.
418 provider side signature context in the \fIctx\fR parameter, and a pointer to a
425 key management (OSSL_OP_KEYMGMT) operation (see \fBprovider\-keymgmt\fR\|(7)).
438 signature should be written to the location pointed to by the \fIsig\fR parameter
447 the signature should be written to the location pointed to by the \fIsig\fR
454 provider side verification context in the \fIctx\fR parameter, and a pointer to a
461 key management (OSSL_OP_KEYMGMT) operation (see \fBprovider\-keymgmt\fR\|(7)).
483 See \fBOSSL_PARAM\fR\|(3) for further details on the parameters structure used by
487 given provider side signature context \fIctx\fR and stored them in \fIparams\fR.
491 given provider side signature context \fIctx\fR to \fIparams\fR.
495 Common parameters currently recognised by built-in signature algorithms are as
500 signature functions. It is required in order to calculate the "algorithm-id".
507 like RSA\-SHA256, the "digest" and "properties" parameters should not be used.
511 array that's returned by \fBOSSL_FUNC_signature_settable_ctx_params()\fR.
516 .IP """digest-size"" (\fBOSSL_SIGNATURE_PARAM_DIGEST_SIZE\fR) <unsigned integer>" 4
517 .IX Item """digest-size"" (OSSL_SIGNATURE_PARAM_DIGEST_SIZE) <unsigned integer>"
520 The length of the "digest-size" parameter should not exceed that of a \fBsize_t\fR.
521 .IP """algorithm-id"" (\fBOSSL_SIGNATURE_PARAM_ALGORITHM_ID\fR) <octet string>" 4
522 .IX Item """algorithm-id"" (OSSL_SIGNATURE_PARAM_ALGORITHM_ID) <octet string>"
523 Gets the DER-encoded AlgorithmIdentifier for the signature operation.
527 The \fBASN1_item_sign_ctx\fR\|(3) function relies on this operation and is used by
530 .IP """nonce-type"" (\fBOSSL_SIGNATURE_PARAM_NONCE_TYPE\fR) <unsigned integer>" 4
531 .IX Item """nonce-type"" (OSSL_SIGNATURE_PARAM_NONCE_TYPE) <unsigned integer>"
538 "nonce-type" is 0 and results in a random value being used for the
539 nonce \fBk\fR as defined in FIPS 186\-4 Section 6.3 "Secret Number
547 In the normal mode of operation \- new random values are chosen until the
556 The following parameters are used by the OpenSSL FIPS provider:
557 .IP """fips-indicator"" (\fBOSSL_SIGNATURE_PARAM_FIPS_APPROVED_INDICATOR\fR) <integer>" 4
558 .IX Item """fips-indicator"" (OSSL_SIGNATURE_PARAM_FIPS_APPROVED_INDICATOR) <integer>"
561 return 0 if either the "digest-check", "key-check", or "sign-check" are set to 0.
562 .IP """verify-message"" (\fBOSSL_SIGNATURE_PARAM_FIPS_VERIFY_MESSAGE\fR <integer>" 4
563 .IX Item """verify-message"" (OSSL_SIGNATURE_PARAM_FIPS_VERIFY_MESSAGE <integer>"
566 indicates likely non-approved usage of the FIPS provider.  This flag is
569 compliance.  See FIPS 140\-3 IG 2.4.B for further information.
570 .IP """key-check"" (\fBOSSL_SIGNATURE_PARAM_FIPS_KEY_CHECK\fR) <integer>" 4
571 .IX Item """key-check"" (OSSL_SIGNATURE_PARAM_FIPS_KEY_CHECK) <integer>"
577 This option breaks FIPS compliance if it causes the approved "fips-indicator"
579 .IP """digest-check"" (\fBOSSL_SIGNATURE_PARAM_FIPS_DIGEST_CHECK\fR) <integer>" 4
580 .IX Item """digest-check"" (OSSL_SIGNATURE_PARAM_FIPS_DIGEST_CHECK) <integer>"
584 the error and set the approved "fips-indicator" to 0.
585 This option breaks FIPS compliance if it causes the approved "fips-indicator"
587 .IP """sign-check"" (\fBOSSL_SIGNATURE_PARAM_FIPS_SIGN_CHECK\fR) <integer>" 4
588 .IX Item """sign-check"" (OSSL_SIGNATURE_PARAM_FIPS_SIGN_CHECK) <integer>"
591 is triggered by deprecated signing algorithms).
592 Setting this to 0 will ignore the error and set the approved "fips-indicator" to 0.
593 This option breaks FIPS compliance if it causes the approved "fips-indicator" to
595 .IP """sign\-x931\-pad\-check"" (\fBOSSL_SIGNATURE_PARAM_FIPS_SIGN_X931_PAD_CHECK\fR) <integer>" 4
596 .IX Item """sign-x931-pad-check"" (OSSL_SIGNATURE_PARAM_FIPS_SIGN_X931_PAD_CHECK) <integer>"
600 approved "fips-indicator" to 0.
601 This option breaks FIPS compliance if it causes the approved "fips-indicator"
610 See \fBOSSL_PARAM\fR\|(3) for further details on the parameters structure used by
615 given provider side digest signature context \fIctx\fR and stores them in \fIparams\fR.
619 given provider side digest signature context \fIctx\fR to \fIparams\fR.
623 Parameters currently recognised by built-in signature algorithms are the same
624 as those for built-in digest algorithms. See
625 "Digest Parameters" in \fBprovider\-digest\fR\|(7) for further information.
635 provider side signature context, or NULL on failure.
641 \&\fBOSSL_FUNC_signature_query_key_types()\fR should return a NULL-terminated array of strings.
644 0 for a non-matching signature, and a negative value for operation failure.
650 \&\fBprovider\fR\|(7), "Provider Functions" in \fBprovider\-base\fR\|(7),
657 The Signature Parameters "fips-indicator", "key-check" and "digest-check"
661 Copyright 2019\-2025 The OpenSSL Project Authors. All Rights Reserved.