1: =pod
    2: 
    3: =head1 NAME
    4: 
    5: EVP_VerifyInit, EVP_VerifyUpdate, EVP_VerifyFinal - EVP signature verification functions
    6: 
    7: =head1 SYNOPSIS
    8: 
    9:  #include <openssl/evp.h>
   10: 
   11:  int EVP_VerifyInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl);
   12:  int EVP_VerifyUpdate(EVP_MD_CTX *ctx, const void *d, unsigned int cnt);
   13:  int EVP_VerifyFinal(EVP_MD_CTX *ctx,unsigned char *sigbuf, unsigned int siglen,EVP_PKEY *pkey);
   14: 
   15:  int EVP_VerifyInit(EVP_MD_CTX *ctx, const EVP_MD *type);
   16: 
   17: =head1 DESCRIPTION
   18: 
   19: The EVP signature verification routines are a high level interface to digital
   20: signatures.
   21: 
   22: EVP_VerifyInit_ex() sets up verification context B<ctx> to use digest
   23: B<type> from ENGINE B<impl>. B<ctx> must be initialized by calling
   24: EVP_MD_CTX_init() before calling this function.
   25: 
   26: EVP_VerifyUpdate() hashes B<cnt> bytes of data at B<d> into the
   27: verification context B<ctx>. This function can be called several times on the
   28: same B<ctx> to include additional data.
   29: 
   30: EVP_VerifyFinal() verifies the data in B<ctx> using the public key B<pkey>
   31: and against the B<siglen> bytes at B<sigbuf>.
   32: 
   33: EVP_VerifyInit() initializes verification context B<ctx> to use the default
   34: implementation of digest B<type>.
   35: 
   36: =head1 RETURN VALUES
   37: 
   38: EVP_VerifyInit_ex() and EVP_VerifyUpdate() return 1 for success and 0 for
   39: failure.
   40: 
   41: EVP_VerifyFinal() returns 1 for a correct signature, 0 for failure and -1 if some
   42: other error occurred.
   43: 
   44: The error codes can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>.
   45: 
   46: =head1 NOTES
   47: 
   48: The B<EVP> interface to digital signatures should almost always be used in
   49: preference to the low level interfaces. This is because the code then becomes
   50: transparent to the algorithm used and much more flexible.
   51: 
   52: Due to the link between message digests and public key algorithms the correct
   53: digest algorithm must be used with the correct public key type. A list of
   54: algorithms and associated public key algorithms appears in 
   55: L<EVP_DigestInit(3)|EVP_DigestInit(3)>.
   56: 
   57: The call to EVP_VerifyFinal() internally finalizes a copy of the digest context.
   58: This means that calls to EVP_VerifyUpdate() and EVP_VerifyFinal() can be called
   59: later to digest and verify additional data.
   60: 
   61: Since only a copy of the digest context is ever finalized the context must
   62: be cleaned up after use by calling EVP_MD_CTX_cleanup() or a memory leak
   63: will occur.
   64: 
   65: =head1 BUGS
   66: 
   67: Older versions of this documentation wrongly stated that calls to 
   68: EVP_VerifyUpdate() could not be made after calling EVP_VerifyFinal().
   69: 
   70: =head1 SEE ALSO
   71: 
   72: L<evp(3)|evp(3)>,
   73: L<EVP_SignInit(3)|EVP_SignInit(3)>,
   74: L<EVP_DigestInit(3)|EVP_DigestInit(3)>, L<err(3)|err(3)>,
   75: L<evp(3)|evp(3)>, L<hmac(3)|hmac(3)>, L<md2(3)|md2(3)>,
   76: L<md5(3)|md5(3)>, L<mdc2(3)|mdc2(3)>, L<ripemd(3)|ripemd(3)>,
   77: L<sha(3)|sha(3)>, L<dgst(1)|dgst(1)>
   78: 
   79: =head1 HISTORY
   80: 
   81: EVP_VerifyInit(), EVP_VerifyUpdate() and EVP_VerifyFinal() are
   82: available in all versions of SSLeay and OpenSSL.
   83: 
   84: EVP_VerifyInit_ex() was added in OpenSSL 0.9.7
   85: 
   86: =cut