Lines Matching +full:in +full:- +full:functions
18 .\" Set up some character translations and predefined strings. \*(-- will
22 .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
23 .\" nothing in troff, for use with C<>.
24 .tr \(*W-
27 . ds -- \(*W-
29 . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
30 . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
37 . ds -- \|\(em\|
45 .\" Escape single quotes in literal strings from groff's Unicode transform.
51 .\" entries marked with X<> in POD. Of course, you'll have to process the
52 .\" output yourself in some meaningful fashion.
71 .\" Fear. Run. Save yourself. No user-serviceable parts.
81 . ds #H ((1u-(\\\\n(.fu%2u))*.13m)
97 . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
98 . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
99 . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
100 . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
101 . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
102 . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
104 . \" troff and (daisy-wheel) nroff accents
123 . ds d- d\h'-1'\(ga
124 . ds D- D\h'-1'\(hy
133 .IX Title "PROVIDER-SIGNATURE 7ossl"
134 .TH PROVIDER-SIGNATURE 7ossl "2023-09-19" "3.0.11" "OpenSSL"
136 .\" way too many mistakes in technical documents.
140 provider\-signature \- The signature library <\-> provider functions
148 \& * None of these are actual functions, but are displayed like this for
149 \& * the function signatures for functions that are offered as function
150 \& * pointers in OSSL_DISPATCH arrays.
221 The signature (\s-1OSSL_OP_SIGNATURE\s0) operation enables providers to implement
222 signature algorithms and make them available to applications via the \s-1API\s0
223 functions \fBEVP_PKEY_sign\fR\|(3),
226 as other related functions).
228 All \*(L"functions\*(R" mentioned here are passed as function pointers between
229 \&\fIlibcrypto\fR and the provider in \s-1\fBOSSL_DISPATCH\s0\fR\|(3) arrays via
230 \&\s-1\fBOSSL_ALGORITHM\s0\fR\|(3) arrays that are returned by the provider's
232 (see \*(L"Provider Functions\*(R" in \fBprovider\-base\fR\|(7)).
234 All these \*(L"functions\*(R" have a corresponding function type definition
236 function pointer from an \s-1\fBOSSL_DISPATCH\s0\fR\|(3) element named
246 \&\s-1\fBOSSL_DISPATCH\s0\fR\|(3) arrays are indexed by numbers that are provided as
247 macros in \fBopenssl\-core_dispatch.h\fR\|(7), as follows:
284 A signature algorithm implementation may not implement all of these functions.
285 In order to be a consistent set of functions we must have at least a set of
286 context functions (OSSL_FUNC_signature_newctx and OSSL_FUNC_signature_freectx) as well as a
287 set of \*(L"signature\*(R" functions, i.e. at least one of:
308 well as the \*(L"md_params\*(R" functions. The OSSL_FUNC_signature_dupctx function is optional.
311 loading or importing keys via the key management (\s-1OSSL_OP_KEYMGMT\s0) operation.
312 See \fBprovider\-keymgmt\fR\|(7) for further details.
313 .SS "Context Management Functions"
314 .IX Subsection "Context Management Functions"
317 A pointer to this context will be passed back in a number of the other signature
325 context in the \fIctx\fR parameter.
328 \&\fBOSSL_FUNC_signature_dupctx()\fR should duplicate the provider side signature context in
330 .SS "Signing Functions"
331 .IX Subsection "Signing Functions"
333 signature context in the \fIctx\fR parameter, and a pointer to a provider key object
335 The \fIparams\fR, if not \s-1NULL,\s0 should be set on the context in a manner similar to
338 the provider using the key management (\s-1OSSL_OP_KEYMGMT\s0) operation (see
339 \&\fBprovider\-keymgmt\fR\|(7)>.
342 A previously initialised signature context is passed in the \fIctx\fR
346 Unless \fIsig\fR is \s-1NULL,\s0 the signature should be written to the location pointed
347 to by the \fIsig\fR parameter and it should not exceed \fIsigsize\fR bytes in length.
349 If \fIsig\fR is \s-1NULL\s0 then the maximum length of the signature should be written to
351 .SS "Verify Functions"
352 .IX Subsection "Verify Functions"
354 a provider side signature context in the \fIctx\fR parameter, and a pointer to a
355 provider key object in the \fIprovkey\fR parameter.
356 The \fIparams\fR, if not \s-1NULL,\s0 should be set on the context in a manner similar to
359 the provider using the key management (\s-1OSSL_OP_KEYMGMT\s0) operation (see
360 \&\fBprovider\-keymgmt\fR\|(7)>.
363 A previously initialised signature context is passed in the \fIctx\fR parameter.
368 .SS "Verify Recover Functions"
369 .IX Subsection "Verify Recover Functions"
371 signed data given a provider side signature context in the \fIctx\fR parameter, and
372 a pointer to a provider key object in the \fIprovkey\fR parameter.
373 The \fIparams\fR, if not \s-1NULL,\s0 should be set on the context in a manner similar to
376 the provider using the key management (\s-1OSSL_OP_KEYMGMT\s0) operation (see
377 \&\fBprovider\-keymgmt\fR\|(7)>.
380 A previously initialised signature context is passed in the \fIctx\fR parameter.
383 Unless \fIrout\fR is \s-1NULL,\s0 the recovered data should be written to the location
384 pointed to by \fIrout\fR which should not exceed \fIroutsize\fR bytes in length.
386 If \fIrout\fR is \s-1NULL\s0 then the maximum size of the output buffer is written to
388 .SS "Digest Sign Functions"
389 .IX Subsection "Digest Sign Functions"
391 provider side signature context in the \fIctx\fR parameter, and a pointer to a
392 provider key object in the \fIprovkey\fR parameter.
393 The \fIparams\fR, if not \s-1NULL,\s0 should be set on the context in a manner similar to
398 key management (\s-1OSSL_OP_KEYMGMT\s0) operation (see \fBprovider\-keymgmt\fR\|(7)>.
399 The name of the digest to be used will be in the \fImdname\fR parameter.
401 \&\fBOSSL_FUNC_signature_digest_sign_update()\fR provides data to be signed in the \fIdata\fR
403 signature context is passed in the \fIctx\fR parameter. This function may be called
410 signature context is passed in the \fIctx\fR parameter. Unless \fIsig\fR is \s-1NULL,\s0 the
412 and it should not exceed \fIsigsize\fR bytes in length. The length of the signature
413 should be written to \fI*siglen\fR. If \fIsig\fR is \s-1NULL\s0 then the maximum length of
418 initialised signature context is passed in the \fIctx\fR parameter. The data to be
419 signed is in \fItbs\fR which should be \fItbslen\fR bytes long. Unless \fIsig\fR is \s-1NULL,\s0
421 parameter and it should not exceed \fIsigsize\fR bytes in length. The length of the
422 signature should be written to \fI*siglen\fR. If \fIsig\fR is \s-1NULL\s0 then the maximum
424 .SS "Digest Verify Functions"
425 .IX Subsection "Digest Verify Functions"
427 provider side verification context in the \fIctx\fR parameter, and a pointer to a
428 provider key object in the \fIprovkey\fR parameter.
429 The \fIparams\fR, if not \s-1NULL,\s0 should be set on the context in a manner similar to
434 key management (\s-1OSSL_OP_KEYMGMT\s0) operation (see \fBprovider\-keymgmt\fR\|(7)>.
435 The name of the digest to be used will be in the \fImdname\fR parameter.
437 \&\fBOSSL_FUNC_signature_digest_verify_update()\fR provides data to be verified in the \fIdata\fR
439 verification context is passed in the \fIctx\fR parameter. This function may be
446 verification context is passed in the \fIctx\fR parameter. The signature to be
447 verified is in \fIsig\fR which is \fIsiglen\fR bytes long.
451 initialised verification context is passed in the \fIctx\fR parameter. The data to be
452 verified is in \fItbs\fR which should be \fItbslen\fR bytes long. The signature to be
453 verified is in \fIsig\fR which is \fIsiglen\fR bytes long.
456 See \s-1\fBOSSL_PARAM\s0\fR\|(3) for further details on the parameters structure used by
457 …fBOSSL_FUNC_signature_get_ctx_params()\fR and \fBOSSL_FUNC_signature_set_ctx_params()\fR functions.
460 given provider side signature context \fIctx\fR and stored them in \fIparams\fR.
461 Passing \s-1NULL\s0 for \fIparams\fR should return true.
466 Passing \s-1NULL\s0 for \fIparams\fR should return true.
468 Common parameters currently recognised by built-in signature algorithms are as
474 signature functions. It is required in order to calculate the \*(L"algorithm-id\*(R".
479 \&\s-1NULL\s0 is used if this optional value is not set.
482 .IX Item "digest-size (OSSL_SIGNATURE_PARAM_DIGEST_SIZE) <unsigned integer>"
484 signature functions.
485 The length of the \*(L"digest-size\*(R" parameter should not exceed that of a \fBsize_t\fR.
488 .IX Item "algorithm-id (OSSL_SIGNATURE_PARAM_ALGORITHM_ID) <octet string>"
489 Gets the \s-1DER\s0 encoded AlgorithmIdentifier that corresponds to the combination of
496 In the normal mode of operation \- new random values are chosen until the
506 constant \s-1\fBOSSL_PARAM\s0\fR\|(3) array that describes the gettable and settable parameters,
509 .SS "\s-1MD\s0 parameters"
511 See \s-1\fBOSSL_PARAM\s0\fR\|(3) for further details on the parameters structure used by
513 functions.
516 given provider side digest signature context \fIctx\fR and stores them in \fIparams\fR.
517 Passing \s-1NULL\s0 for \fIparams\fR should return true.
522 Passing \s-1NULL\s0 for \fIparams\fR should return true.
524 Parameters currently recognised by built-in signature algorithms are the same
525 as those for built-in digest algorithms. See
526 \&\*(L"Digest Parameters\*(R" in \fBprovider\-digest\fR\|(7) for further information.
529 get a constant \s-1\fBOSSL_PARAM\s0\fR\|(3) array that describes the gettable and settable
536 provider side signature context, or \s-1NULL\s0 on failure.
540 return the gettable or settable parameters in a constant \s-1\fBOSSL_PARAM\s0\fR\|(3) array.
542 All other functions should return 1 for success or 0 on error.
548 The provider \s-1SIGNATURE\s0 interface was introduced in OpenSSL 3.0.
551 Copyright 2019\-2023 The OpenSSL Project Authors. All Rights Reserved.
554 this file except in compliance with the License. You can obtain a copy
555 in the file \s-1LICENSE\s0 in the source distribution or at