EVP_DigestSignInit(3) OpenSSL EVP_DigestSignInit(3) NNAAMMEE EVP_DigestSignInit, EVP_DigestSignUpdate, EVP_DigestSignFinal - EVP signing functions SSYYNNOOPPSSIISS #include int EVP_DigestSignInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey); int EVP_DigestSignUpdate(EVP_MD_CTX *ctx, const void *d, size_t cnt); int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sig, size_t *siglen); DDEESSCCRRIIPPTTIIOONN The EVP signature routines are a high level interface to digital signa- tures. _E_V_P___D_i_g_e_s_t_S_i_g_n_I_n_i_t_(_) sets up signing context ccttxx to use digest ttyyppee from ENGINE iimmppll and private key ppkkeeyy. ccttxx must be initialized with _E_V_P___M_D___C_T_X___i_n_i_t_(_) before calling this function. If ppccttxx is not NULL, the EVP_PKEY_CTX of the signing operation will be written to **ppccttxx: this can be used to set alternative signing options. Note that any existing value in **ppccttxx is overwritten. The EVP_PKEY_CTX value returned must not be freed directly by the application (it will be freed auto- matically when the EVP_MD_CTX is freed). The digest ttyyppee may be NULL if the signing algorithm supports it. _E_V_P___D_i_g_e_s_t_S_i_g_n_U_p_d_a_t_e_(_) hashes ccnntt bytes of data at dd into the signature context ccttxx. This function can be called several times on the same ccttxx to include additional data. This function is currently implemented usig a macro. _E_V_P___D_i_g_e_s_t_S_i_g_n_F_i_n_a_l_(_) signs the data in ccttxx places the signature in ssiigg. If ssiigg is NNUULLLL then the maximum size of the output buffer is written to the ssiigglleenn parameter. If ssiigg is not NNUULLLL then before the call the ssiigglleenn parameter should contain the length of the ssiigg buffer, if the call is successful the signature is written to ssiigg and the amount of data written to ssiigglleenn. RREETTUURRNN VVAALLUUEESS _E_V_P___D_i_g_e_s_t_S_i_g_n_I_n_i_t_(_) _E_V_P___D_i_g_e_s_t_S_i_g_n_U_p_d_a_t_e_(_) and _E_V_P___D_i_g_e_s_t_S_i_g_n_a_F_i_n_a_l_(_) return 1 for success and 0 or a negative value for failure. In particu- lar a return value of -2 indicates the operation is not supported by the public key algorithm. The error codes can be obtained from _E_R_R___g_e_t___e_r_r_o_r(3). NNOOTTEESS The EEVVPP interface to digital signatures should almost always be used in preference to the low level interfaces. This is because the code then becomes transparent to the algorithm used and much more flexible. In previous versions of OpenSSL there was a link between message digest types and public key algorithms. This meant that "clone" digests such as _E_V_P___d_s_s_1_(_) needed to be used to sign using SHA1 and DSA. This is no longer necessary and the use of clone digest is now discouraged. For some key types and parameters the random number generator must be seeded or the operation will fail. The call to _E_V_P___D_i_g_e_s_t_S_i_g_n_F_i_n_a_l_(_) internally finalizes a copy of the digest context. This means that calls to _E_V_P___D_i_g_e_s_t_S_i_g_n_U_p_d_a_t_e_(_) and _E_V_P___D_i_g_e_s_t_S_i_g_n_F_i_n_a_l_(_) can be called later to digest and sign additional data. Since only a copy of the digest context is ever finalized the context must be cleaned up after use by calling _E_V_P___M_D___C_T_X___c_l_e_a_n_u_p_(_) or a mem- ory leak will occur. The use of _E_V_P___P_K_E_Y___s_i_z_e_(_) with these functions is discouraged because some signature operations may have a signature length which depends on the parameters set. As a result _E_V_P___P_K_E_Y___s_i_z_e_(_) would have to return a value which indicates the maximum possible signature for any set of parameters. SSEEEE AALLSSOO _E_V_P___D_i_g_e_s_t_V_e_r_i_f_y_I_n_i_t(3), _E_V_P___D_i_g_e_s_t_I_n_i_t(3), _e_r_r(3), _e_v_p(3), _h_m_a_c(3), _m_d_2(3), _m_d_5(3), _m_d_c_2(3), _r_i_p_e_m_d(3), _s_h_a(3), _d_g_s_t(1) HHIISSTTOORRYY _E_V_P___D_i_g_e_s_t_S_i_g_n_I_n_i_t_(_), _E_V_P___D_i_g_e_s_t_S_i_g_n_U_p_d_a_t_e_(_) and _E_V_P___D_i_g_e_s_t_S_i_g_n_F_i_n_a_l_(_) were first added to OpenSSL 1.0.0. 1.0.2u 2019-12-20 EVP_DigestSignInit(3)