Document i2d_re_X509_REQ_tbs() and i2d_re_X509_CRL_tbs().

[openssl.git] / doc / crypto / EVP_PKEY_verify.pod

diff --git a/doc/crypto/EVP_PKEY_verify.pod b/doc/crypto/EVP_PKEY_verify.pod
index c6c7654176ecff59b8a674b650fc1ff433f0127d..4952b7f4165ee4195b97d24e46bbc78bd0c0e5e5 100644 (file)
--- a/doc/crypto/EVP_PKEY_verify.pod
+++ b/doc/crypto/EVP_PKEY_verify.pod
@@ -34,11 +34,11 @@ context if several operations are performed using the same parameters.
 
 =head1 RETURN VALUES
 
-EVP_PKEY_verify_init() and EVP_PKEY_verify() return 1 if the verification
-was successful and 0 if it failed. Unlike other functions the return value
-0 only indicates that the signature did not not verify successfully (that is
-tbs did not match the original data or the signature was of invalid form)
-it is not an indication of a more serious error.
+EVP_PKEY_verify_init() and EVP_PKEY_verify() return 1 if the verification was
+successful and 0 if it failed. Unlike other functions the return value 0 from
+EVP_PKEY_verify() only indicates that the signature did not not verify
+successfully (that is tbs did not match the original data or the signature was
+of invalid form) it is not an indication of a more serious error.
 
 A negative value indicates an error other that signature verification failure.
 In particular a return value of -2 indicates the operation is not supported by
@@ -48,19 +48,44 @@ the public key algorithm.
 
 Verify signature using PKCS#1 and SHA256 digest:
 
-[to be added]
+ #include <openssl/evp.h>
+ #include <openssl/rsa.h>
+
+ EVP_PKEY_CTX *ctx;
+ unsigned char *md, *sig;
+ size_t mdlen, siglen; 
+ EVP_PKEY *verify_key;
+ /* NB: assumes verify_key, sig, siglen md and mdlen are already set up
+  * and that verify_key is an RSA public key
+  */
+ ctx = EVP_PKEY_CTX_new(verify_key);
+ if (!ctx)
+       /* Error occurred */
+ if (EVP_PKEY_verify_init(ctx) <= 0)
+       /* Error */
+ if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_PADDING) <= 0)
+       /* Error */
+ if (EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256()) <= 0)
+       /* Error */
+
+ /* Perform operation */
+ ret = EVP_PKEY_verify(ctx, sig, siglen, md, mdlen);
+
+ /* ret == 1 indicates success, 0 verify failure and < 0 for some
+  * other error.
+  */
 
 =head1 SEE ALSO
 
-L<EVP_PKEY_CTX_new(3)|EVP_PKEY_CTX_new(3)>,
-L<EVP_PKEY_encrypt(3)|EVP_PKEY_encrypt(3)>,
-L<EVP_PKEY_decrypt(3)|EVP_PKEY_decrypt(3)>,
-L<EVP_PKEY_sign(3)|EVP_PKEY_sign(3)>,
-L<EVP_PKEY_verifyrecover(3)|EVP_PKEY_verifyrecover(3)>,
-L<EVP_PKEY_derive(3)|EVP_PKEY_derive(3)> 
+L<EVP_PKEY_CTX_new(3)>,
+L<EVP_PKEY_encrypt(3)>,
+L<EVP_PKEY_decrypt(3)>,
+L<EVP_PKEY_sign(3)>,
+L<EVP_PKEY_verify_recover(3)>,
+L<EVP_PKEY_derive(3)> 
 
 =head1 HISTORY
 
-These functions were first added to OpenSSL 0.9.9.
+These functions were first added to OpenSSL 1.0.0.
 
 =cut