doc/crypto/EVP_PKEY_sign.pod - chromiumos/third_party/openssl - Git at Google

 =pod

 =head1 NAME

 EVP_PKEY_sign_init, EVP_PKEY_sign - sign using a public key algorithm

 =head1 SYNOPSIS

  #include <openssl/evp.h>

  int EVP_PKEY_sign_init(EVP_PKEY_CTX *ctx);
  int EVP_PKEY_sign(EVP_PKEY_CTX *ctx,
 			unsigned char *sig, size_t *siglen,
 			const unsigned char *tbs, size_t tbslen);

 =head1 DESCRIPTION

 The EVP_PKEY_sign_init() function initializes a public key algorithm
 context using key B<pkey> for a signing operation.

 The EVP_PKEY_sign() function performs a public key signing operation
 using B<ctx>. The data to be signed is specified using the B<tbs> and
 B<tbslen> parameters. If B<sig> is B<NULL> then the maximum size of the output
 buffer is written to the B<siglen> parameter. If B<sig> is not B<NULL> then
 before the call the B<siglen> parameter should contain the length of the
 B<sig> buffer, if the call is successful the signature is written to
 B<sig> and the amount of data written to B<siglen>.

 =head1 NOTES

 After the call to EVP_PKEY_sign_init() algorithm specific control
 operations can be performed to set any appropriate parameters for the
 operation.

 The function EVP_PKEY_sign() can be called more than once on the same
 context if several operations are performed using the same parameters.

 =head1 RETURN VALUES

 EVP_PKEY_sign_init() and EVP_PKEY_sign() return 1 for success and 0
 or a negative value for failure. In particular a return value of -2
 indicates the operation is not supported by the public key algorithm.

 =head1 EXAMPLE

 Sign data using RSA with PKCS#1 padding and SHA256 digest:

  #include <openssl/evp.h>
  #include <openssl/rsa.h>

  EVP_PKEY_CTX *ctx;
  unsigned char *md, *sig;
  size_t mdlen, siglen;
  EVP_PKEY *signing_key;
  /* NB: assumes signing_key, md and mdlen are already set up
   * and that signing_key is an RSA private key
   */
  ctx = EVP_PKEY_CTX_new(signing_key);
  if (!ctx)
 	/* Error occurred */
  if (EVP_PKEY_sign_init(ctx) <= 0)
 	/* Error */
  if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_PADDING) <= 0)
 	/* Error */
  if (EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256()) <= 0)
 	/* Error */

  /* Determine buffer length */
  if (EVP_PKEY_sign(ctx, NULL, &siglen, md, mdlen) <= 0)
 	/* Error */

  sig = OPENSSL_malloc(siglen);

  if (!sig)
 	/* malloc failure */

  if (EVP_PKEY_sign(ctx, sig, &siglen, md, mdlen) <= 0)
 	/* Error */

  /* Signature is siglen bytes written to buffer sig */


 =head1 SEE ALSO

 L<EVP_PKEY_CTX_new(3)|EVP_PKEY_CTX_new(3)>,
 L<EVP_PKEY_encrypt(3)|EVP_PKEY_encrypt(3)>,
 L<EVP_PKEY_decrypt(3)|EVP_PKEY_decrypt(3)>,
 L<EVP_PKEY_verify(3)|EVP_PKEY_verify(3)>,
 L<EVP_PKEY_verify_recover(3)|EVP_PKEY_verify_recover(3)>,
 L<EVP_PKEY_derive(3)|EVP_PKEY_derive(3)>

 =head1 HISTORY

 These functions were first added to OpenSSL 1.0.0.

 =cut
	=pod

	=head1 NAME

	EVP_PKEY_sign_init, EVP_PKEY_sign - sign using a public key algorithm

	=head1 SYNOPSIS

	#include <openssl/evp.h>

	int EVP_PKEY_sign_init(EVP_PKEY_CTX *ctx);
	int EVP_PKEY_sign(EVP_PKEY_CTX *ctx,
	unsigned char sig, size_t siglen,
	const unsigned char *tbs, size_t tbslen);

	=head1 DESCRIPTION

	The EVP_PKEY_sign_init() function initializes a public key algorithm
	context using key B<pkey> for a signing operation.

	The EVP_PKEY_sign() function performs a public key signing operation
	using B<ctx>. The data to be signed is specified using the B<tbs> and
	B<tbslen> parameters. If B<sig> is B<NULL> then the maximum size of the output
	buffer is written to the B<siglen> parameter. If B<sig> is not B<NULL> then
	before the call the B<siglen> parameter should contain the length of the
	B<sig> buffer, if the call is successful the signature is written to
	B<sig> and the amount of data written to B<siglen>.

	=head1 NOTES

	After the call to EVP_PKEY_sign_init() algorithm specific control
	operations can be performed to set any appropriate parameters for the
	operation.

	The function EVP_PKEY_sign() can be called more than once on the same
	context if several operations are performed using the same parameters.

	=head1 RETURN VALUES

	EVP_PKEY_sign_init() and EVP_PKEY_sign() return 1 for success and 0
	or a negative value for failure. In particular a return value of -2
	indicates the operation is not supported by the public key algorithm.

	=head1 EXAMPLE

	Sign data using RSA with PKCS#1 padding and SHA256 digest:

	#include <openssl/evp.h>
	#include <openssl/rsa.h>

	EVP_PKEY_CTX *ctx;
	unsigned char md, sig;
	size_t mdlen, siglen;
	EVP_PKEY *signing_key;
	/* NB: assumes signing_key, md and mdlen are already set up
	* and that signing_key is an RSA private key
	*/
	ctx = EVP_PKEY_CTX_new(signing_key);
	if (!ctx)
	/* Error occurred */
	if (EVP_PKEY_sign_init(ctx) <= 0)
	/* Error */
	if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_PADDING) <= 0)
	/* Error */
	if (EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256()) <= 0)
	/* Error */

	/* Determine buffer length */
	if (EVP_PKEY_sign(ctx, NULL, &siglen, md, mdlen) <= 0)
	/* Error */

	sig = OPENSSL_malloc(siglen);

	if (!sig)
	/* malloc failure */

	if (EVP_PKEY_sign(ctx, sig, &siglen, md, mdlen) <= 0)
	/* Error */

	/* Signature is siglen bytes written to buffer sig */


	=head1 SEE ALSO

	L<EVP_PKEY_CTX_new(3)\|EVP_PKEY_CTX_new(3)>,
	L<EVP_PKEY_encrypt(3)\|EVP_PKEY_encrypt(3)>,
	L<EVP_PKEY_decrypt(3)\|EVP_PKEY_decrypt(3)>,
	L<EVP_PKEY_verify(3)\|EVP_PKEY_verify(3)>,
	L<EVP_PKEY_verify_recover(3)\|EVP_PKEY_verify_recover(3)>,
	L<EVP_PKEY_derive(3)\|EVP_PKEY_derive(3)>

	=head1 HISTORY

	These functions were first added to OpenSSL 1.0.0.

	=cut