diff options
| author | Emilia Kasper <emilia@openssl.org> | 2014-08-22 13:16:55 +0200 |
|---|---|---|
| committer | Emilia Kasper <emilia@openssl.org> | 2014-08-22 15:06:26 +0200 |
| commit | dd5d7447c1a17ddd4e56dfb49f9691c8b970edfd (patch) | |
| tree | 6c42608b23e86eaf6ff0d4ce716cd09cbf47c0da | |
| parent | 4ff9cbe635c28109bc395346c25148170b4d491b (diff) | |
Improve EVP_PKEY_sign documentation
Clarify the intended use of EVP_PKEY_sign. Make the code example compile.
Reviewed-by: Dr Stephen Henson <steve@openssl.org>
(cherry picked from commit d64c533a207f7b6d86c3bc8ffb053e5f4d0c1ca0)
| -rw-r--r-- | doc/crypto/EVP_PKEY_sign.pod | 20 |
1 files changed, 15 insertions, 5 deletions
diff --git a/doc/crypto/EVP_PKEY_sign.pod b/doc/crypto/EVP_PKEY_sign.pod index a044f2c131..21974b4b1a 100644 --- a/doc/crypto/EVP_PKEY_sign.pod +++ b/doc/crypto/EVP_PKEY_sign.pod @@ -28,9 +28,14 @@ B<sig> and the amount of data written to B<siglen>. =head1 NOTES +EVP_PKEY_sign() does not hash the data to be signed, and therefore is +normally used to sign digests. For signing arbitrary messages, see the +L<EVP_DigestSignInit(3)|EVP_DigestSignInit(3)> and +L<EVP_SignInit(3)|EVP_SignInit(3)> signing interfaces instead. + After the call to EVP_PKEY_sign_init() algorithm specific control operations can be performed to set any appropriate parameters for the -operation. +operation (see L<EVP_PKEY_CTX_ctrl(3)|EVP_PKEY_CTX_ctrl(3)>). The function EVP_PKEY_sign() can be called more than once on the same context if several operations are performed using the same parameters. @@ -49,13 +54,17 @@ Sign data using RSA with PKCS#1 padding and SHA256 digest: #include <openssl/rsa.h> EVP_PKEY_CTX *ctx; + /* md is a SHA-256 digest in this example. */ unsigned char *md, *sig; - size_t mdlen, siglen; + size_t mdlen = 32, siglen; EVP_PKEY *signing_key; - /* NB: assumes signing_key, md and mdlen are already set up - * and that signing_key is an RSA private key + + /* + * NB: assumes signing_key and md are set up before the next + * step. signing_key must be an RSA private key and md must + * point to the SHA-256 digest to be signed. */ - ctx = EVP_PKEY_CTX_new(signing_key); + ctx = EVP_PKEY_CTX_new(signing_key, NULL /* no engine */); if (!ctx) /* Error occurred */ if (EVP_PKEY_sign_init(ctx) <= 0) @@ -83,6 +92,7 @@ Sign data using RSA with PKCS#1 padding and SHA256 digest: =head1 SEE ALSO L<EVP_PKEY_CTX_new(3)|EVP_PKEY_CTX_new(3)>, +L<EVP_PKEY_CTX_ctrl(3)|EVP_PKEY_CTX_ctrl(3)>, L<EVP_PKEY_encrypt(3)|EVP_PKEY_encrypt(3)>, L<EVP_PKEY_decrypt(3)|EVP_PKEY_decrypt(3)>, L<EVP_PKEY_verify(3)|EVP_PKEY_verify(3)>, |