xref: /openbsd-src/lib/libcrypto/man/EVP_PKEY_verify.3 (revision f1c41952defc4168d000b336cecabdeb1a7edc96) 
1.\" $OpenBSD: EVP_PKEY_verify.3,v 1.8 2024/12/06 14:27:49 schwarze Exp $
2.\" full merge up to: OpenSSL 48e5119a Jan 19 10:49:22 2018 +0100
3.\"
4.\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
5.\" Copyright (c) 2006, 2009, 2010, 2013, 2018 The OpenSSL Project.
6.\" All rights reserved.
7.\"
8.\" Redistribution and use in source and binary forms, with or without
9.\" modification, are permitted provided that the following conditions
10.\" are met:
11.\"
12.\" 1. Redistributions of source code must retain the above copyright
13.\"    notice, this list of conditions and the following disclaimer.
14.\"
15.\" 2. Redistributions in binary form must reproduce the above copyright
16.\"    notice, this list of conditions and the following disclaimer in
17.\"    the documentation and/or other materials provided with the
18.\"    distribution.
19.\"
20.\" 3. All advertising materials mentioning features or use of this
21.\"    software must display the following acknowledgment:
22.\"    "This product includes software developed by the OpenSSL Project
23.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
24.\"
25.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26.\"    endorse or promote products derived from this software without
27.\"    prior written permission. For written permission, please contact
28.\"    openssl-core@openssl.org.
29.\"
30.\" 5. Products derived from this software may not be called "OpenSSL"
31.\"    nor may "OpenSSL" appear in their names without prior written
32.\"    permission of the OpenSSL Project.
33.\"
34.\" 6. Redistributions of any form whatsoever must retain the following
35.\"    acknowledgment:
36.\"    "This product includes software developed by the OpenSSL Project
37.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
38.\"
39.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
43.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50.\" OF THE POSSIBILITY OF SUCH DAMAGE.
51.\"
52.Dd $Mdocdate: December 6 2024 $
53.Dt EVP_PKEY_VERIFY 3
54.Os
55.Sh NAME
56.Nm EVP_PKEY_verify_init ,
57.Nm EVP_PKEY_verify
58.Nd signature verification using a public key algorithm
59.Sh SYNOPSIS
60.In openssl/evp.h
61.Ft int
62.Fo EVP_PKEY_verify_init
63.Fa "EVP_PKEY_CTX *ctx"
64.Fc
65.Ft int
66.Fo EVP_PKEY_verify
67.Fa "EVP_PKEY_CTX *ctx"
68.Fa "const unsigned char *sig"
69.Fa "size_t siglen"
70.Fa "const unsigned char *tbs"
71.Fa "size_t tbslen"
72.Fc
73.Sh DESCRIPTION
74The
75.Fn EVP_PKEY_verify_init
76function initializes a public key algorithm context using key
77.Fa ctx->pkey
78for a signature verification operation.
79.Pp
80The
81.Fn EVP_PKEY_verify
82function performs a public key verification operation using
83.Fa ctx .
84The signature is specified using the
85.Fa sig
86and
87.Fa siglen
88parameters.
89The verified data (i.e. the data believed originally signed) is
90specified using the
91.Fa tbs
92and
93.Fa tbslen
94parameters.
95.Pp
96After the call to
97.Fn EVP_PKEY_verify_init ,
98algorithm specific control operations can be performed to set any
99appropriate parameters for the operation.
100.Pp
101The function
102.Fn EVP_PKEY_verify
103can be called more than once on the same context if several operations
104are performed using the same parameters.
105.Sh RETURN VALUES
106.Fn EVP_PKEY_verify_init
107and
108.Fn EVP_PKEY_verify
109return 1 if the verification was successful and 0 if it failed.
110Unlike other functions the return value 0 from
111.Fn EVP_PKEY_verify
112only indicates that the signature did not verify successfully.
113That is,
114.Fa tbs
115did not match the original data or the signature was of invalid form.
116It is not an indication of a more serious error.
117.Pp
118A negative value indicates an error other that signature verification
119failure.
120In particular, a return value of -2 indicates the operation is not
121supported by the public key algorithm.
122.Sh EXAMPLES
123Verify signature using PKCS#1 and SHA256 digest:
124.Bd -literal -offset 3n
125#include <openssl/evp.h>
126#include <openssl/rsa.h>
127
128EVP_PKEY_CTX *ctx;
129unsigned char *md, *sig;
130size_t mdlen, siglen;
131EVP_PKEY *verify_key;
132
133/*
134 * Assumes that verify_key, sig, siglen, md, and mdlen are already set up
135 * and that verify_key is an RSA public key.
136 */
137ctx = EVP_PKEY_CTX_new(verify_key, NULL);
138if (!ctx)
139	/* Error occurred */
140if (EVP_PKEY_verify_init(ctx) <= 0)
141	/* Error */
142if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_PADDING) <= 0)
143	/* Error */
144if (EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256()) <= 0)
145	/* Error */
146
147/* Perform operation */
148ret = EVP_PKEY_verify(ctx, sig, siglen, md, mdlen);
149
150/*
151 * ret == 1 indicates success, 0 verify failure,
152 * and < 0 some other error.
153 */
154.Ed
155.Sh SEE ALSO
156.Xr EVP_PKEY_CTX_new 3 ,
157.Xr EVP_PKEY_decrypt 3 ,
158.Xr EVP_PKEY_derive 3 ,
159.Xr EVP_PKEY_encrypt 3 ,
160.Xr EVP_PKEY_sign 3 ,
161.Xr EVP_PKEY_verify_recover 3
162.Sh HISTORY
163.Fn EVP_PKEY_verify_init
164and
165.Fn EVP_PKEY_verify
166first appeared in OpenSSL 1.0.0 and have been available since
167.Ox 4.9 .
168