OpenSSL EVP Series 10 --- EVP_SIGN Series Function Introduction
--- Translation according to OpenSSL DOC / CRYPTO / EVP_SIGNIT.POD
(Author: DragonKing, Mail: wzhah@263.net, released in:
Http://openssl.126.com OpenSSL Professional Forum, Version: OpenSSL-0.9.7)
The infrastructure used by the EVP_SIGN series function is the same as the infrastructure used by the information summary algorithm, and the two operation steps in front of the previous operation (information summary) are also the same as the information summary algorithm, the only difference is The last step, this series of functions makes a signature, and the information summary series function is just a simple handling of abstract information. In fact, this is a matter of easy understanding, because the signature algorithm is the process of signing with the private key after the information summary. This series of functions are defined as follows (OpenSSL / EVP.H):
INT EVP_SIGNIT_EX (EVP_MD_CTX * CTX, Const EVP_MD * TYPE, ENGINE * IMPL);
INT EVP_SIGNUPDATE (EVP_MD_CTX * CTX, Const Void * D, UNSIGNED INT CNT);
INT EVP_SIGNFINAL (EVP_MD_CTX * CTX, Unsigned Char * SIG, UNSIGNED INT * S, EVP_PKEY * PKEY);
Void EVP_SIGNIT (EVP_MD_CTX * CTX, Const EVP_MD * TYPE);
INT EVP_PKEY_SIZE (EVP_PKEY * PKEY);
[EVP_SIGNIT_EX]
This function is a macro definition function, which is actually defined as follows:
#define evp_signinit_ex (a, b, c) EVP_DIGESTINIT_EX (A, B, C)
It can be seen that the function is the same as the functionality and use of EVP_DigestNit_ex described above, which is the implementation function function represented by Engine parameter IMPL to set the structure CTX. Before calling this function, the parameter CTX must initialize the EVP_MD_CTX_INIT function. Detailed usage methods See the previous article. Successfully returned 1, failed to return 0.
[EVP_SIGNUPDATE]
This function is also a macro definition function, which is actually defined as follows:
#define evp_signupdate (A, B, C) EVP_DIGESTUPDATE (A, B, C)
The function use method and feature is also the same as the EVP_DIGESTUPDATE function described above, stores the data of the CNT byte by the information summary operation to the structural CTX, which can be used in one of the same CTX multiple times to implement more data. Information summary work. Successfully returned 1, failed to return 0.
[EVP_SIGNFINAL]
This function is different from the front two functions, which is where the signature series functions starts with the information summary function. In fact, the function is copying a summary structure CTX that will operate the signature operation, and then call EVP_DIGESTFINAL_EX to complete the information summary work, then start Sign with the private key PKEY and save the signature information in the parameter SIG. If the parameter S is not null, the length of the signature information data is saved in this parameter, and the data typically written is EVP_PKEY_SIZE (KEY).
Because the operation is copying a CTX, the original CTX structure can continue to use the EVP_SIGNUPDATE and EVP_SIGNFINAL functions to complete the signature of more information. However, the end must be used to clear and release the CTX structure using the EVP_MD_CTX_CLEANUP function, otherwise the memory leak will be caused. In addition, when using the DSA private key signature, be sure to seed seeding work (SEEDED), otherwise the operation will fail. The RSA algorithm does not necessarily need this. As for the relationship of the signature algorithm used with the summary algorithm, there is already a detailed description in the EVP_Digest series, which is no longer repeated.
This function is successfully returned to 1, otherwise it returns 0.
[EVP_SIGNIT]
This function is also a macro definition function, which is defined as follows:
#define evp_signinit (a, b) EVP_Digestinit (A, B)
Therefore, its function and usage are exactly the same as the previously described EVP_Digestinit function, using the default implementation algorithm to initialize the algorithm structure CTX.
[EVP_PKEY_SIZE]
This function returns the maximum length of signature information (unit bytes). The length of the actual signature information is returned by the above function EVP_SIGNFINAL, which is likely to be smaller than this.
All of the above functions have an error, you can get an error code using the Err_Get_Error function.
