Automatically generated by Pod::Man 5.0102 (Pod::Simple 3.45)
Standard preamble:
========================================================================
..
.... \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>.
. ds C` "" . ds C' "" 'br\} . ds C` . ds C' 'br\}
Escape single quotes in literal strings from groff's Unicode transform.
If the F register is >0, we'll generate index entries on stderr for
titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
entries marked with X<> in POD. Of course, you'll have to process the
output yourself in some meaningful fashion.
Avoid warning from groff about undefined register 'F'.
.. .nr rF 0 . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF ========================================================================
Title "EVP_PKEY_SIGN 3ossl"
way too many mistakes in technical documents.
\fBEVP_PKEY_sign_init_ex() is the same as EVP_PKEY_sign_init() but additionally sets the passed parameters params on the context before returning.
\fBEVP_PKEY_sign_init_ex2() initializes a public key algorithm context ctx for signing a pre-computed message digest using the algorithm given by algo and the key given through EVP_PKEY_CTX_new\|(3) or EVP_PKEY_CTX_new_from_pkey\|(3). A context ctx without a pre-loaded key cannot be used with this function. This function provides almost the same functionality as EVP_PKEY_sign_init_ex(), but is uniquely intended to be used with a pre-computed message digest, and allows pre-determining the exact conditions for that message digest, if a composite signature algorithm (such as RSA-SHA256) was fetched. Following a call to this function, setting parameters that modifies the digest implementation or padding is not normally supported.
\fBEVP_PKEY_sign_message_init() initializes a public key algorithm context ctx for signing an unlimited size message using the algorithm given by algo and the key given through EVP_PKEY_CTX_new\|(3) or EVP_PKEY_CTX_new_from_pkey\|(3). Passing the message is supported both in a one-shot fashion using \fBEVP_PKEY_sign(), and through the combination of EVP_PKEY_sign_message_update() and EVP_PKEY_sign_message_final(). This function enables using algorithms that can process input of arbitrary length, such as ED25519, RSA-SHA256 and similar.
\fBEVP_PKEY_sign_message_update() adds inlen bytes from in to the data to be processed for signature. The signature algorithm specification and implementation determine how the input bytes are processed and if there's a limit on the total size of the input. See "NOTES" below for a deeper explanation.
\fBEVP_PKEY_sign_message_final() signs the processed data and places the data in \fIsig, and the number of signature bytes in *siglen, if the number of bytes doesn't surpass the size given by sigsize. \fIsig may be NULL, and in that case, only *siglen is updated with the number of signature bytes.
\fBEVP_PKEY_sign() is a one-shot function that can be used with all the init functions above. When initialization was done with EVP_PKEY_sign_init(), EVP_PKEY_sign_init_ex() or EVP_PKEY_sign_init_ex2(), the data specified by tbs and tbslen is signed after appropriate padding. When initialization was done with EVP_PKEY_sign_message_init(), the data specified by tbs and tbslen is digested by the implied message digest algorithm, and the result is signed after appropriate padding. If sig is NULL then the maximum size of the output buffer is written to the \fIsiglen parameter. If sig is not NULL, then before the call the siglen parameter should contain the length of the sig buffer, and if the call is successful the signature is written to sig and the amount of data written to siglen.
For example, an RSA implementation can be expected to only expect a message digest as input, while ED25519 can be expected to process the input with a hash, i.e. to produce the message digest internally, and while RSA-SHA256 can be expected to handle either mode of operation, depending on if the operation was initialized with EVP_PKEY_sign_init_ex2() or with EVP_PKEY_sign_message_init().
Similarly, an RSA implementation usually expects additional details to be set, like the message digest algorithm that the input is supposed to be digested with, as well as the padding mode (see EVP_PKEY_CTX_set_signature_md\|(3) and \fBEVP_PKEY_CTX_set_rsa_padding\|(3) and similar others), while an RSA-SHA256 implementation usually has these details pre-set and immutable.
The functions described here can't be used to combine separate algorithms. In particular, neither EVP_PKEY_CTX_set_signature_md\|(3) nor the OSSL_PARAM parameter "digest" (OSSL_SIGNATURE_PARAM_DIGEST) can be used to combine a signature algorithm with a hash algorithm to process the input. In other words, it's not possible to specify a ctx pre-loaded with an RSA pkey, or an algo that fetched \*(C`RSA\*(C' and try to specify SHA256 separately to get the functionality of RSA-SHA256. If combining algorithms in that manner is desired, please use EVP_DigestSignInit\|(3) and associated functions.
When initialized using EVP_PKEY_sign_message_init(), it's not possible to call EVP_PKEY_sign() multiple times.
In particular, EVP_PKEY_sign_init() and its other variants may return -2 to indicate that the operation is not supported by the public key algorithm.
.Vb 2 #include <openssl/evp.h> #include <openssl/rsa.h> \& EVP_PKEY_CTX *ctx; /* md is a SHA-256 digest in this example. */ unsigned char *md, *sig; size_t mdlen = 32, siglen; EVP_PKEY *signing_key; \& /* * NB: assumes signing_key and md are set up before the next * step. signing_key must be an RSA private key and md must * point to the SHA-256 digest to be signed. */ ctx = EVP_PKEY_CTX_new(signing_key, NULL /* no engine */); if (ctx == NULL) /* Error occurred */ if (EVP_PKEY_sign_init(ctx) <= 0) /* Error */ if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_PADDING) <= 0) /* Error */ if (EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256()) <= 0) /* Error */ \& /* Determine buffer length */ if (EVP_PKEY_sign(ctx, NULL, &siglen, md, mdlen) <= 0) /* Error */ \& sig = OPENSSL_malloc(siglen); \& if (sig == NULL) /* malloc failure */ \& if (EVP_PKEY_sign(ctx, sig, &siglen, md, mdlen) <= 0) /* Error */ \& /* Signature is siglen bytes written to buffer sig */ .Ve
.Vb 2 #include <openssl/evp.h> #include <openssl/rsa.h> \& EVP_PKEY_CTX *ctx; /* md is a SHA-256 digest in this example. */ unsigned char *md, *sig; size_t mdlen = 32, siglen; EVP_PKEY *signing_key; \& /* * NB: assumes signing_key and md are set up before the next * step. signing_key must be an RSA private key and md must * point to the SHA-256 digest to be signed. */ ctx = EVP_PKEY_CTX_new(signing_key, NULL /* no engine */); alg = EVP_SIGNATURE_fetch(NULL, "RSA-SHA256", NULL); \& if (ctx == NULL) /* Error occurred */ if (EVP_PKEY_sign_init_ex2(ctx, alg, NULL) <= 0) /* Error */ \& /* Determine buffer length */ if (EVP_PKEY_sign(ctx, NULL, &siglen, md, mdlen) <= 0) /* Error */ \& sig = OPENSSL_malloc(siglen); \& if (sig == NULL) /* malloc failure */ \& if (EVP_PKEY_sign(ctx, sig, &siglen, md, mdlen) <= 0) /* Error */ \& /* Signature is siglen bytes written to buffer sig */ .Ve
.Vb 2 #include <openssl/evp.h> #include <openssl/rsa.h> \& EVP_PKEY_CTX *ctx; /* in is the input in this example. */ unsigned char *in, *sig; /* inlen is the length of the input in this example. */ size_t inlen, siglen; EVP_PKEY *signing_key; EVP_SIGNATURE *alg; \& /* * NB: assumes signing_key, in and inlen are set up before * the next step. signing_key must be an RSA private key, * in must point to data to be digested and signed, and * inlen must be the size of the data in bytes. */ ctx = EVP_PKEY_CTX_new(signing_key, NULL /* no engine */); alg = EVP_SIGNATURE_fetch(NULL, "RSA-SHA256", NULL); \& if (ctx == NULL || alg == NULL) /* Error occurred */ if (EVP_PKEY_sign_message_init(ctx, alg, NULL) <= 0) /* Error */ \& /* Determine sig buffer length */ if (EVP_PKEY_sign(ctx, NULL, &siglen, in, inlen) <= 0) /* Error */ \& sig = OPENSSL_malloc(siglen); \& if (sig == NULL) /* malloc failure */ \& if (EVP_PKEY_sign(ctx, sig, &siglen, in, inlen) <= 0) /* Error */ \& /* Signature is siglen bytes written to buffer sig */ .Ve
.Vb 2 #include <openssl/evp.h> #include <openssl/rsa.h> \& EVP_PKEY_CTX *ctx; /* in is the input in this example. */ unsigned char *in, *sig; /* inlen is the length of the input in this example. */ size_t inlen, siglen; EVP_PKEY *signing_key; EVP_SIGNATURE *alg; \& /* * NB: assumes signing_key, in and inlen are set up before * the next step. signing_key must be an RSA private key, * in must point to data to be digested and signed, and * inlen must be the size of the data in bytes. */ ctx = EVP_PKEY_CTX_new(signing_key, NULL /* no engine */); alg = EVP_SIGNATURE_fetch(NULL, "RSA-SHA256", NULL); \& if (ctx == NULL || alg == NULL) /* Error occurred */ if (EVP_PKEY_sign_message_init(ctx, alg, NULL) <= 0) /* Error */ \& while (inlen > 0) { if (EVP_PKEY_sign_message_update(ctx, in, inlen)) <= 0) /* Error */ if (inlen > 256) { inlen -= 256; in += 256; } else { inlen = 0; } } \& /* Determine sig buffer length */ if (EVP_PKEY_sign_message_final(ctx, NULL, &siglen) <= 0) /* Error */ \& sig = OPENSSL_malloc(siglen); \& if (sig == NULL) /* malloc failure */ \& if (EVP_PKEY_sign_message_final(ctx, sig, &siglen) <= 0) /* Error */ \& /* Signature is siglen bytes written to buffer sig */ .Ve
The EVP_PKEY_sign_init_ex() function was added in OpenSSL 3.0.
The EVP_PKEY_sign_init_ex2(), EVP_PKEY_sign_message_init(), \fBEVP_PKEY_sign_message_update() and EVP_PKEY_sign_message_final() functions where added in OpenSSL 3.4.
Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at <https://www.openssl.org/source/license.html>.