=head1 NAME
-EVP_DigestSignInit, EVP_DigestSignUpdate, EVP_DigestSignFinal,
-EVP_DigestSign - EVP signing functions
+EVP_DigestSignInit_ex, EVP_DigestSignInit, EVP_DigestSignUpdate,
+EVP_DigestSignFinal, EVP_DigestSign - EVP signing functions
=head1 SYNOPSIS
#include <openssl/evp.h>
+ int EVP_DigestSignInit_ex(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
+ const char *mdname, OSSL_LIB_CTX *libctx,
+ const char *props, EVP_PKEY *pkey);
int EVP_DigestSignInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey);
int EVP_DigestSignUpdate(EVP_MD_CTX *ctx, const void *d, size_t cnt);
=head1 DESCRIPTION
-The EVP signature routines are a high level interface to digital signatures.
-
-EVP_DigestSignInit() sets up signing context B<ctx> to use digest B<type> from
-ENGINE B<e> and private key B<pkey>. B<ctx> must be created with
-EVP_MD_CTX_new() before calling this function. If B<pctx> is not NULL the
-EVP_PKEY_CTX of the signing operation will be written to B<*pctx>: this can
-be used to set alternative signing options. The digest B<type> may be NULL if
-the signing algorithm supports it.
+The EVP signature routines are a high-level interface to digital signatures.
+Input data is digested first before the signing takes place.
+
+EVP_DigestSignInit_ex() sets up signing context I<ctx> to use a digest
+with the name I<mdname> and private key I<pkey>. The name of the digest to be
+used is passed to the provider of the signature algorithm in use. How that
+provider interprets the digest name is provider specific. The provider may
+implement that digest directly itself or it may (optionally) choose to fetch it
+(which could result in a digest from a different provider being selected). If the
+provider supports fetching the digest then it may use the I<props> argument for
+the properties to be used during the fetch.
+
+The I<pkey> algorithm is used to fetch a B<EVP_SIGNATURE> method implicitly, to
+be used for the actual signing. See L<provider(7)/Implicit fetch> for
+more information about implicit fetches.
+
+The OpenSSL default and legacy providers support fetching digests and can fetch
+those digests from any available provider. The OpenSSL fips provider also
+supports fetching digests but will only fetch digests that are themselves
+implemented inside the fips provider.
+
+I<ctx> must be created with EVP_MD_CTX_new() before calling this function. If
+I<pctx> is not NULL, the EVP_PKEY_CTX of the signing operation will be written
+to I<*pctx>: this can be used to set alternative signing options. Note that any
+existing value in I<*pctx> is overwritten. The EVP_PKEY_CTX value returned must
+not be freed directly by the application if I<ctx> is not assigned an
+EVP_PKEY_CTX value before being passed to EVP_DigestSignInit_ex()
+(which means the EVP_PKEY_CTX is created inside EVP_DigestSignInit_ex()
+and it will be freed automatically when the EVP_MD_CTX is freed). If the
+EVP_PKEY_CTX to be used is created by EVP_DigestSignInit_ex then it
+will use the B<OSSL_LIB_CTX> specified in I<libctx> and the property query string
+specified in I<props>.
+
+The digest I<mdname> may be NULL if the signing algorithm supports it. The
+I<props> argument can always be NULL.
+
+No B<EVP_PKEY_CTX> will be created by EVP_DigestSignInit_ex() if the
+passed I<ctx> has already been assigned one via L<EVP_MD_CTX_set_pkey_ctx(3)>.
+See also L<SM2(7)>.
Only EVP_PKEY types that support signing can be used with these functions. This
includes MAC algorithms where the MAC generation is considered as a form of
=item RSA with no padding
-Supports no digests (the digest B<type> must be NULL)
+Supports no digests (the digest I<type> must be NULL)
=item RSA with X931 padding
=item Ed25519 and Ed448
-Support no digests (the digest B<type> must be NULL)
+Support no digests (the digest I<type> must be NULL)
=item HMAC
If RSA-PSS is used and restrictions apply then the digest must match.
-EVP_DigestSignUpdate() hashes B<cnt> bytes of data at B<d> into the
-signature context B<ctx>. This function can be called several times on the
-same B<ctx> to include additional data. This function is currently implemented
-using a macro.
-
-EVP_DigestSignFinal() signs the data in B<ctx> and places the signature in B<sig>.
-If B<sig> is B<NULL> then the maximum size of the output buffer is written to
-the B<siglen> parameter. If B<sig> is not B<NULL> then before the call the
-B<siglen> parameter should contain the length of the B<sig> buffer. If the
-call is successful the signature is written to B<sig> and the amount of data
-written to B<siglen>.
-
-EVP_DigestSign() signs B<tbslen> bytes of data at B<tbs> and places the
-signature in B<sig> and its length in B<siglen> in a similar way to
+EVP_DigestSignInit() works in the same way as EVP_DigestSignInit_ex()
+except that the I<mdname> parameter will be inferred from the supplied
+digest I<type>, and I<props> will be NULL. Where supplied the ENGINE I<e> will
+be used for the signing and digest algorithm implementations. I<e> may be NULL.
+
+EVP_DigestSignUpdate() hashes I<cnt> bytes of data at I<d> into the
+signature context I<ctx>. This function can be called several times on the
+same I<ctx> to include additional data.
+
+Unless I<sig> is NULL EVP_DigestSignFinal() signs the data in I<ctx>
+and places the signature in I<sig>.
+Otherwise the maximum necessary size of the output buffer is written to
+the I<siglen> parameter. If I<sig> is not NULL then before the call the
+I<siglen> parameter should contain the length of the I<sig> buffer. If the
+call is successful the signature is written to I<sig> and the amount of data
+written to I<siglen>.
+
+EVP_DigestSign() signs I<tbslen> bytes of data at I<tbs> and places the
+signature in I<sig> and its length in I<siglen> in a similar way to
EVP_DigestSignFinal().
=head1 RETURN VALUES
-EVP_DigestSignInit(), EVP_DigestSignUpdate(), EVP_DigestSignaFinal() and
-EVP_DigestSign() return 1 for success and 0 or a negative value for failure. In
-particular, a return value of -2 indicates the operation is not supported by the
-public key algorithm.
+EVP_DigestSignInit(), EVP_DigestSignUpdate(), EVP_DigestSignFinal() and
+EVP_DigestSign() return 1 for success and 0 for failure.
The error codes can be obtained from L<ERR_get_error(3)>.
=head1 NOTES
The B<EVP> interface to digital signatures should almost always be used in
-preference to the low level interfaces. This is because the code then becomes
+preference to the low-level interfaces. This is because the code then becomes
transparent to the algorithm used and much more flexible.
EVP_DigestSign() is a one shot operation which signs a single block of data
needed to be used to sign using SHA1 and DSA. This is no longer necessary and
the use of clone digest is now discouraged.
-For some key types and parameters the random number generator must be seeded
-or the operation will fail.
+For some key types and parameters the random number generator must be seeded.
+If the automatic seeding or reseeding of the OpenSSL CSPRNG fails due to
+external circumstances (see L<RAND(7)>), the operation will fail.
The call to EVP_DigestSignFinal() internally finalizes a copy of the digest
context. This means that calls to EVP_DigestSignUpdate() and
be cleaned up after use by calling EVP_MD_CTX_free() or a memory leak
will occur.
-The use of EVP_PKEY_size() with these functions is discouraged because some
+The use of EVP_PKEY_get_size() with these functions is discouraged because some
signature operations may have a signature length which depends on the
-parameters set. As a result EVP_PKEY_size() would have to return a value
+parameters set. As a result EVP_PKEY_get_size() would have to return a value
which indicates the maximum possible signature for any set of parameters.
=head1 SEE ALSO
L<EVP_DigestInit(3)>,
L<evp(7)>, L<HMAC(3)>, L<MD2(3)>,
L<MD5(3)>, L<MDC2(3)>, L<RIPEMD160(3)>,
-L<SHA1(3)>, L<dgst(1)>
+L<SHA1(3)>, L<openssl-dgst(1)>,
+L<RAND(7)>
=head1 HISTORY
EVP_DigestSignInit(), EVP_DigestSignUpdate() and EVP_DigestSignFinal()
-were first added to OpenSSL 1.0.0.
+were added in OpenSSL 1.0.0.
+
+EVP_DigestSignInit_ex() was added in OpenSSL 3.0.
+
+EVP_DigestSignUpdate() was converted from a macro to a function in OpenSSL 3.0.
=head1 COPYRIGHT
-Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2006-2020 The OpenSSL Project Authors. All Rights Reserved.
-Licensed under the OpenSSL license (the "License"). You may not use
+Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
in the file LICENSE in the source distribution or at
L<https://www.openssl.org/source/license.html>.
projects / openssl.git / blobdiff