1=pod 2 3=head1 NAME 4 5EVP_PKEY_verify_init, EVP_PKEY_verify - signature verification using a public key algorithm 6 7=head1 SYNOPSIS 8 9 #include <openssl/evp.h> 10 11 int EVP_PKEY_verify_init(EVP_PKEY_CTX *ctx); 12 int EVP_PKEY_verify(EVP_PKEY_CTX *ctx, 13 const unsigned char *sig, size_t siglen, 14 const unsigned char *tbs, size_t tbslen); 15 16=head1 DESCRIPTION 17 18The EVP_PKEY_verify_init() function initializes a public key algorithm 19context using key B<pkey> for a signature verification operation. 20 21The EVP_PKEY_verify() function performs a public key verification operation 22using B<ctx>. The signature is specified using the B<sig> and 23B<siglen> parameters. The verified data (i.e. the data believed originally 24signed) is specified using the B<tbs> and B<tbslen> parameters. 25 26=head1 NOTES 27 28After the call to EVP_PKEY_verify_init() algorithm specific control 29operations can be performed to set any appropriate parameters for the 30operation. 31 32The function EVP_PKEY_verify() can be called more than once on the same 33context if several operations are performed using the same parameters. 34 35=head1 RETURN VALUES 36 37EVP_PKEY_verify_init() and EVP_PKEY_verify() return 1 if the verification was 38successful and 0 if it failed. Unlike other functions the return value 0 from 39EVP_PKEY_verify() only indicates that the signature did not not verify 40successfully (that is tbs did not match the original data or the signature was 41of invalid form) it is not an indication of a more serious error. 42 43A negative value indicates an error other that signature verification failure. 44In particular a return value of -2 indicates the operation is not supported by 45the public key algorithm. 46 47=head1 EXAMPLE 48 49Verify signature using PKCS#1 and SHA256 digest: 50 51 #include <openssl/evp.h> 52 #include <openssl/rsa.h> 53 54 EVP_PKEY_CTX *ctx; 55 unsigned char *md, *sig; 56 size_t mdlen, siglen; 57 EVP_PKEY *verify_key; 58 /* NB: assumes verify_key, sig, siglen md and mdlen are already set up 59 * and that verify_key is an RSA public key 60 */ 61 ctx = EVP_PKEY_CTX_new(verify_key); 62 if (!ctx) 63 /* Error occurred */ 64 if (EVP_PKEY_verify_init(ctx) <= 0) 65 /* Error */ 66 if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_PADDING) <= 0) 67 /* Error */ 68 if (EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256()) <= 0) 69 /* Error */ 70 71 /* Perform operation */ 72 ret = EVP_PKEY_verify(ctx, sig, siglen, md, mdlen); 73 74 /* ret == 1 indicates success, 0 verify failure and < 0 for some 75 * other error. 76 */ 77 78=head1 SEE ALSO 79 80L<EVP_PKEY_CTX_new(3)|EVP_PKEY_CTX_new(3)>, 81L<EVP_PKEY_encrypt(3)|EVP_PKEY_encrypt(3)>, 82L<EVP_PKEY_decrypt(3)|EVP_PKEY_decrypt(3)>, 83L<EVP_PKEY_sign(3)|EVP_PKEY_sign(3)>, 84L<EVP_PKEY_verify_recover(3)|EVP_PKEY_verify_recover(3)>, 85L<EVP_PKEY_derive(3)|EVP_PKEY_derive(3)> 86 87=head1 HISTORY 88 89These functions were first added to OpenSSL 1.0.0. 90 91=cut 92