EVP_DigestSignInit (3)
Leading comments
Automatically generated by Pod::Man 4.07 (Pod::Simple 3.32) Standard preamble: ========================================================================
NAME
EVP_DigestSignInit, EVP_DigestSignUpdate, EVP_DigestSignFinal - EVP signing functionsSYNOPSIS
#include <openssl/evp.h> int EVP_DigestSignInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey); int EVP_DigestSignUpdate(EVP_MD_CTX *ctx, const void *d, unsigned int cnt); int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sig, size_t *siglen);
DESCRIPTION
TheEVP_DigestSignInit() sets up signing context ctx to use digest type from
EVP_DigestSignUpdate() hashes cnt bytes of data at d into the signature context ctx. This function can be called several times on the same ctx to include additional data. This function is currently implemented usig a macro.
EVP_DigestSignFinal() signs the data in ctx places the signature in sig. If sig is
RETURN VALUES
EVP_DigestSignInit() EVP_DigestSignUpdate() and EVP_DigestSignaFinal() return 1 for success and 0 or a negative value for failure. In particular a return value of -2 indicates the operation is not supported by the public key algorithm.The error codes can be obtained from ERR_get_error(3).
NOTES
TheIn previous versions of OpenSSL there was a link between message digest types and public key algorithms. This meant that ``clone'' digests such as EVP_dss1() needed to be used to sign using
For some key types and parameters the random number generator must be seeded or the operation will fail.
The call to EVP_DigestSignFinal() internally finalizes a copy of the digest context. This means that calls to EVP_DigestSignUpdate() and EVP_DigestSignFinal() can be called later to digest and sign additional data.
Since only a copy of the digest context is ever finalized the context must be cleaned up after use by calling EVP_MD_CTX_cleanup() or a memory leak will occur.
The use of EVP_PKEY_size() with these functions is discouraged because some signature operations may have a signature length which depends on the parameters set. As a result EVP_PKEY_size() would have to return a value which indicates the maximum possible signature for any set of parameters.