1e71b7053SJung-uk Kim=pod 2e71b7053SJung-uk Kim 3e71b7053SJung-uk Kim=head1 NAME 4e71b7053SJung-uk Kim 5*b077aed3SPierre ProncheryEVP_PKEY_verify_recover_init, EVP_PKEY_verify_recover_init_ex, 6*b077aed3SPierre ProncheryEVP_PKEY_verify_recover 7*b077aed3SPierre Pronchery- recover signature using a public key algorithm 8e71b7053SJung-uk Kim 9e71b7053SJung-uk Kim=head1 SYNOPSIS 10e71b7053SJung-uk Kim 11e71b7053SJung-uk Kim #include <openssl/evp.h> 12e71b7053SJung-uk Kim 13e71b7053SJung-uk Kim int EVP_PKEY_verify_recover_init(EVP_PKEY_CTX *ctx); 14*b077aed3SPierre Pronchery int EVP_PKEY_verify_recover_init_ex(EVP_PKEY_CTX *ctx, 15*b077aed3SPierre Pronchery const OSSL_PARAM params[]); 16e71b7053SJung-uk Kim int EVP_PKEY_verify_recover(EVP_PKEY_CTX *ctx, 17e71b7053SJung-uk Kim unsigned char *rout, size_t *routlen, 18e71b7053SJung-uk Kim const unsigned char *sig, size_t siglen); 19e71b7053SJung-uk Kim 20e71b7053SJung-uk Kim=head1 DESCRIPTION 21e71b7053SJung-uk Kim 22*b077aed3SPierre ProncheryEVP_PKEY_verify_recover_init() initializes a public key algorithm context 23*b077aed3SPierre ProncheryI<ctx> for signing using the algorithm given when the context was created 24*b077aed3SPierre Proncheryusing L<EVP_PKEY_CTX_new(3)> or variants thereof. The algorithm is used to 25*b077aed3SPierre Proncheryfetch a B<EVP_SIGNATURE> method implicitly, see L<provider(7)/Implicit fetch> 26*b077aed3SPierre Proncheryfor more information about implicit fetches. 27*b077aed3SPierre Pronchery 28*b077aed3SPierre ProncheryEVP_PKEY_verify_recover_init_ex() is the same as 29*b077aed3SPierre ProncheryEVP_PKEY_verify_recover_init() but additionally sets the passed parameters 30*b077aed3SPierre ProncheryI<params> on the context before returning. 31e71b7053SJung-uk Kim 32e71b7053SJung-uk KimThe EVP_PKEY_verify_recover() function recovers signed data 33*b077aed3SPierre Proncheryusing I<ctx>. The signature is specified using the I<sig> and 34*b077aed3SPierre ProncheryI<siglen> parameters. If I<rout> is NULL then the maximum size of the output 35*b077aed3SPierre Proncherybuffer is written to the I<routlen> parameter. If I<rout> is not NULL then 36*b077aed3SPierre Proncherybefore the call the I<routlen> parameter should contain the length of the 37*b077aed3SPierre ProncheryI<rout> buffer, if the call is successful recovered data is written to 38*b077aed3SPierre ProncheryI<rout> and the amount of data written to I<routlen>. 39e71b7053SJung-uk Kim 40e71b7053SJung-uk Kim=head1 NOTES 41e71b7053SJung-uk Kim 42e71b7053SJung-uk KimNormally an application is only interested in whether a signature verification 43e71b7053SJung-uk Kimoperation is successful in those cases the EVP_verify() function should be 44e71b7053SJung-uk Kimused. 45e71b7053SJung-uk Kim 46e71b7053SJung-uk KimSometimes however it is useful to obtain the data originally signed using a 47e71b7053SJung-uk Kimsigning operation. Only certain public key algorithms can recover a signature 48e71b7053SJung-uk Kimin this way (for example RSA in PKCS padding mode). 49e71b7053SJung-uk Kim 50e71b7053SJung-uk KimAfter the call to EVP_PKEY_verify_recover_init() algorithm specific control 51e71b7053SJung-uk Kimoperations can be performed to set any appropriate parameters for the 52e71b7053SJung-uk Kimoperation. 53e71b7053SJung-uk Kim 54e71b7053SJung-uk KimThe function EVP_PKEY_verify_recover() can be called more than once on the same 55e71b7053SJung-uk Kimcontext if several operations are performed using the same parameters. 56e71b7053SJung-uk Kim 57e71b7053SJung-uk Kim=head1 RETURN VALUES 58e71b7053SJung-uk Kim 59e71b7053SJung-uk KimEVP_PKEY_verify_recover_init() and EVP_PKEY_verify_recover() return 1 for success 60e71b7053SJung-uk Kimand 0 or a negative value for failure. In particular a return value of -2 61e71b7053SJung-uk Kimindicates the operation is not supported by the public key algorithm. 62e71b7053SJung-uk Kim 63da327cd2SJung-uk Kim=head1 EXAMPLES 64e71b7053SJung-uk Kim 65e71b7053SJung-uk KimRecover digest originally signed using PKCS#1 and SHA256 digest: 66e71b7053SJung-uk Kim 67e71b7053SJung-uk Kim #include <openssl/evp.h> 68e71b7053SJung-uk Kim #include <openssl/rsa.h> 69e71b7053SJung-uk Kim 70e71b7053SJung-uk Kim EVP_PKEY_CTX *ctx; 71e71b7053SJung-uk Kim unsigned char *rout, *sig; 72e71b7053SJung-uk Kim size_t routlen, siglen; 73e71b7053SJung-uk Kim EVP_PKEY *verify_key; 74e71b7053SJung-uk Kim 75e71b7053SJung-uk Kim /* 76e71b7053SJung-uk Kim * NB: assumes verify_key, sig and siglen are already set up 77e71b7053SJung-uk Kim * and that verify_key is an RSA public key 78e71b7053SJung-uk Kim */ 79e71b7053SJung-uk Kim ctx = EVP_PKEY_CTX_new(verify_key, NULL /* no engine */); 80e71b7053SJung-uk Kim if (!ctx) 81e71b7053SJung-uk Kim /* Error occurred */ 82e71b7053SJung-uk Kim if (EVP_PKEY_verify_recover_init(ctx) <= 0) 83e71b7053SJung-uk Kim /* Error */ 84e71b7053SJung-uk Kim if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_PADDING) <= 0) 85e71b7053SJung-uk Kim /* Error */ 86e71b7053SJung-uk Kim if (EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256()) <= 0) 87e71b7053SJung-uk Kim /* Error */ 88e71b7053SJung-uk Kim 89e71b7053SJung-uk Kim /* Determine buffer length */ 90e71b7053SJung-uk Kim if (EVP_PKEY_verify_recover(ctx, NULL, &routlen, sig, siglen) <= 0) 91e71b7053SJung-uk Kim /* Error */ 92e71b7053SJung-uk Kim 93e71b7053SJung-uk Kim rout = OPENSSL_malloc(routlen); 94e71b7053SJung-uk Kim 95e71b7053SJung-uk Kim if (!rout) 96e71b7053SJung-uk Kim /* malloc failure */ 97e71b7053SJung-uk Kim 98e71b7053SJung-uk Kim if (EVP_PKEY_verify_recover(ctx, rout, &routlen, sig, siglen) <= 0) 99e71b7053SJung-uk Kim /* Error */ 100e71b7053SJung-uk Kim 101e71b7053SJung-uk Kim /* Recovered data is routlen bytes written to buffer rout */ 102e71b7053SJung-uk Kim 103e71b7053SJung-uk Kim=head1 SEE ALSO 104e71b7053SJung-uk Kim 105e71b7053SJung-uk KimL<EVP_PKEY_CTX_new(3)>, 106e71b7053SJung-uk KimL<EVP_PKEY_encrypt(3)>, 107e71b7053SJung-uk KimL<EVP_PKEY_decrypt(3)>, 108e71b7053SJung-uk KimL<EVP_PKEY_sign(3)>, 109e71b7053SJung-uk KimL<EVP_PKEY_verify(3)>, 110e71b7053SJung-uk KimL<EVP_PKEY_derive(3)> 111e71b7053SJung-uk Kim 112e71b7053SJung-uk Kim=head1 HISTORY 113e71b7053SJung-uk Kim 114*b077aed3SPierre ProncheryThe EVP_PKEY_verify_recover_init() and EVP_PKEY_verify_recover() 115*b077aed3SPierre Proncheryfunctions were added in OpenSSL 1.0.0. 116*b077aed3SPierre Pronchery 117*b077aed3SPierre ProncheryThe EVP_PKEY_verify_recover_init_ex() function was added in OpenSSL 3.0. 118e71b7053SJung-uk Kim 119e71b7053SJung-uk Kim=head1 COPYRIGHT 120e71b7053SJung-uk Kim 121*b077aed3SPierre ProncheryCopyright 2013-2021 The OpenSSL Project Authors. All Rights Reserved. 122e71b7053SJung-uk Kim 123*b077aed3SPierre ProncheryLicensed under the Apache License 2.0 (the "License"). You may not use 124e71b7053SJung-uk Kimthis file except in compliance with the License. You can obtain a copy 125e71b7053SJung-uk Kimin the file LICENSE in the source distribution or at 126e71b7053SJung-uk KimL<https://www.openssl.org/source/license.html>. 127e71b7053SJung-uk Kim 128e71b7053SJung-uk Kim=cut 129