OpenSSL EVP Series 11 --- EVP_VERIFY Series Function Introduction
--- Based on OpenSSL DOC / CRYPTO / EVP_VERIFYINIT.POD translation and its own understanding
(Author: DragonKing, Mail: wzhah@263.net, Posted on: http: //openssl.126.com of openssl professional forums, version: openssl-0.9.7)
Like the EVP_SIGN series function, the first two steps of the EVP_VERIFY series (initialization and information summary processing) are the same as the information summary algorithm, because the process of signature verification is the information summary for information, and then decrypt the resulting summary information The process of comparison is defined as follows (openssl / evp.h):
INT EVP_VERIFYINIT_EX (EVP_MD_CTX * CTX, Const EVP_MD * TYPE, ENGINE * IMPL);
INT EVP_VERIFYUPDATE (EVP_MD_CTX * CTX, Const Void * D, Unsigned INT CNT);
INT EVP_VERIFINAL (EVP_MD_CTX * CTX, Unsigned Char * Sigbuf, Unsigned Int Siglen, EVP_PKEY * PKEY);
INT EVP_VERIFYINIT (EVP_MD_CTX * CTX, Const EVP_MD * TYPE);
[EVP_VERIFYINIT_EX]
This function is a macro definition function, which is actually defined as follows:
#define evp_verifyinit_ex (a, b, c) EVP_DIGESTINIT_EX (A, B, C)
Therefore, its functions and usage methods are the same as the EVP_DIGESTINIT_EX functions described above. This function uses the algorithm library provided by parameter IMPL to set the verification structure CTX. Before calling this function, the parameter CTX must be initialized by calling EVP_MD_CTX_INIT. Successfully returned 1, failed to return 0.
[EVP_VERIFYUPDATE]
This function is also a macro definition function, which is actually defined as follows:
#define EVP_VERIFYUPDATE (A, B, C) EVP_DIGESTUPDATE (A, B, C)
Therefore, its functions and methods are the same as the EVP_DIGESTUPDATE function described above. This function saves the CNT byte data in the parameter d after the information summary is saved to the CTX, which can be called multiple times to handle more data. Successful call returns 1. Failure returns 0.
[EVP_VERIFINAL]
This function verifies the signature of the data inside SIGBUF using the information in the public key PKEY and CTX structure. In fact, the function first calls the EVP_MD_CTX_COPY_EX function to copy the original CTX, then call the EVP_DIGESTFINAL_EX function to complete the copy of the CTX information summary calculation, and finally use the public key to sign the verification work.
Because the function actually processes a copy of the original CTX function, the original CTX structure can also call EVP_VERIFYUPDATE and EVP_VERIFINAL functions for more data processing and signature verification.
After use, the CTX must use the EVP_MD_CTX_CLEANUP function to release the memory, otherwise the memory leak will be caused.
Further, as for the relationship between the information summary algorithm and the signature algorithm, refer to the description of the information summary algorithm section.
This function call successfully returns 1. If it fails, it returns 0 or -1.
[EVP_VERIFYINIT]
This function initializes the CTX structure using the default implementation algorithm. It is also a macro definition function, which is defined as follows:
#define evp_verifyinit (a, b) EVP_DIGESTINIT (A, B) So the same as the EVP_Digestinit function function and usage.
