1 files changed, 103 insertions, 0 deletions
diff --git a/src/lib/libcrypto/doc/EVP_PKEY_verify_recover.pod b/src/lib/libcrypto/doc/EVP_PKEY_verify_recover.pod
new file mode 100644
index 0000000000..23a28a9c43
--- /dev/null
+++ b/src/lib/libcrypto/doc/EVP_PKEY_verify_recover.pod
@@ -0,0 +1,103 @@
+=pod
+=head1 NAME
+EVP_PKEY_verify_recover_init, EVP_PKEY_verify_recover - recover signature using a public key algorithm
+=head1 SYNOPSIS
+ #include <openssl/evp.h>
+ int EVP_PKEY_verify_recover_init(EVP_PKEY_CTX *ctx);
+ int EVP_PKEY_verify_recover(EVP_PKEY_CTX *ctx,
+                        unsigned char *rout, size_t *routlen,
+                        const unsigned char *sig, size_t siglen);
+=head1 DESCRIPTION
+The EVP_PKEY_verify_recover_init() function initializes a public key algorithm
+context using key B<pkey> for a verify recover operation.
+The EVP_PKEY_verify_recover() function recovers signed data
+using B<ctx>. The signature is specified using the B<sig> and
+B<siglen> parameters. If B<rout> is B<NULL> then the maximum size of the output
+buffer is written to the B<routlen> parameter. If B<rout> is not B<NULL> then
+before the call the B<routlen> parameter should contain the length of the
+B<rout> buffer, if the call is successful recovered data is written to
+B<rout> and the amount of data written to B<routlen>.
+=head1 NOTES
+Normally an application is only interested in whether a signature verification
+operation is successful in those cases the EVP_verify() function should be 
+used.
+Sometimes however it is useful to obtain the data originally signed using a
+signing operation. Only certain public key algorithms can recover a signature
+in this way (for example RSA in PKCS padding mode).
+After the call to EVP_PKEY_verify_recover_init() algorithm specific control
+operations can be performed to set any appropriate parameters for the
+operation.
+The function EVP_PKEY_verify_recover() can be called more than once on the same
+context if several operations are performed using the same parameters.
+=head1 RETURN VALUES
+EVP_PKEY_verify_recover_init() and EVP_PKEY_verify_recover() return 1 for success
+and 0 or a negative value for failure. In particular a return value of -2
+indicates the operation is not supported by the public key algorithm.
+=head1 EXAMPLE
+Recover digest originally signed using PKCS#1 and SHA256 digest:
+ #include <openssl/evp.h>
+ #include <openssl/rsa.h>
+ EVP_PKEY_CTX *ctx;
+ unsigned char *rout, *sig;
+ size_t routlen, siglen; 
+ EVP_PKEY *verify_key;
+ /* NB: assumes verify_key, sig and siglen are already set up
+  * and that verify_key is an RSA public key
+  */
+ ctx = EVP_PKEY_CTX_new(verify_key);
+ if (!ctx)
+        /* Error occurred */
+ if (EVP_PKEY_verify_recover_init(ctx) <= 0)
+        /* Error */
+ if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_PADDING) <= 0)
+        /* Error */
+ if (EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256()) <= 0)
+        /* Error */
+ /* Determine buffer length */
+ if (EVP_PKEY_verify_recover(ctx, NULL, &routlen, sig, siglen) <= 0)
+        /* Error */
+ rout = OPENSSL_malloc(routlen);
+ if (!rout)
+        /* malloc failure */
+ 
+ if (EVP_PKEY_verify_recover(ctx, rout, &routlen, sig, siglen) <= 0)
+        /* Error */
+ /* Recovered data is routlen bytes written to buffer rout */
+=head1 SEE ALSO
+L<EVP_PKEY_CTX_new(3)|EVP_PKEY_CTX_new(3)>,
+L<EVP_PKEY_encrypt(3)|EVP_PKEY_encrypt(3)>,
+L<EVP_PKEY_decrypt(3)|EVP_PKEY_decrypt(3)>,
+L<EVP_PKEY_sign(3)|EVP_PKEY_sign(3)>,
+L<EVP_PKEY_verify(3)|EVP_PKEY_verify(3)>,
+L<EVP_PKEY_derive(3)|EVP_PKEY_derive(3)> 
+=head1 HISTORY
+These functions were first added to OpenSSL 1.0.0.
+=cut

diff --git a/src/lib/libcrypto/doc/EVP_PKEY_verify_recover.pod b/src/lib/libcrypto/doc/EVP_PKEY_verify_recover.pod new file mode 100644 index 0000000000..23a28a9c43 --- /dev/null +++ b/src/lib/libcrypto/doc/EVP_PKEY_verify_recover.pod
@@ -0,0 +1,103 @@
	1	=pod
	2
	3	=head1 NAME
	4
	5	EVP_PKEY_verify_recover_init, EVP_PKEY_verify_recover - recover signature using a public key algorithm
	6
	7	=head1 SYNOPSIS
	8
	9	#include <openssl/evp.h>
	10
	11	int EVP_PKEY_verify_recover_init(EVP_PKEY_CTX *ctx);
	12	int EVP_PKEY_verify_recover(EVP_PKEY_CTX *ctx,
	13	unsigned char rout, size_t routlen,
	14	const unsigned char *sig, size_t siglen);
	15
	16	=head1 DESCRIPTION
	17
	18	The EVP_PKEY_verify_recover_init() function initializes a public key algorithm
	19	context using key B<pkey> for a verify recover operation.
	20
	21	The EVP_PKEY_verify_recover() function recovers signed data
	22	using B<ctx>. The signature is specified using the B<sig> and
	23	B<siglen> parameters. If B<rout> is B<NULL> then the maximum size of the output
	24	buffer is written to the B<routlen> parameter. If B<rout> is not B<NULL> then
	25	before the call the B<routlen> parameter should contain the length of the
	26	B<rout> buffer, if the call is successful recovered data is written to
	27	B<rout> and the amount of data written to B<routlen>.
	28
	29	=head1 NOTES
	30
	31	Normally an application is only interested in whether a signature verification
	32	operation is successful in those cases the EVP_verify() function should be
	33	used.
	34
	35	Sometimes however it is useful to obtain the data originally signed using a
	36	signing operation. Only certain public key algorithms can recover a signature
	37	in this way (for example RSA in PKCS padding mode).
	38
	39	After the call to EVP_PKEY_verify_recover_init() algorithm specific control
	40	operations can be performed to set any appropriate parameters for the
	41	operation.
	42
	43	The function EVP_PKEY_verify_recover() can be called more than once on the same
	44	context if several operations are performed using the same parameters.
	45
	46	=head1 RETURN VALUES
	47
	48	EVP_PKEY_verify_recover_init() and EVP_PKEY_verify_recover() return 1 for success
	49	and 0 or a negative value for failure. In particular a return value of -2
	50	indicates the operation is not supported by the public key algorithm.
	51
	52	=head1 EXAMPLE
	53
	54	Recover digest originally signed using PKCS#1 and SHA256 digest:
	55
	56	#include <openssl/evp.h>
	57	#include <openssl/rsa.h>
	58
	59	EVP_PKEY_CTX *ctx;
	60	unsigned char rout, sig;
	61	size_t routlen, siglen;
	62	EVP_PKEY *verify_key;
	63	/* NB: assumes verify_key, sig and siglen are already set up
	64	* and that verify_key is an RSA public key
	65	*/
	66	ctx = EVP_PKEY_CTX_new(verify_key);
	67	if (!ctx)
	68	/* Error occurred */
	69	if (EVP_PKEY_verify_recover_init(ctx) <= 0)
	70	/* Error */
	71	if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_PADDING) <= 0)
	72	/* Error */
	73	if (EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256()) <= 0)
	74	/* Error */
	75
	76	/* Determine buffer length */
	77	if (EVP_PKEY_verify_recover(ctx, NULL, &routlen, sig, siglen) <= 0)
	78	/* Error */
	79
	80	rout = OPENSSL_malloc(routlen);
	81
	82	if (!rout)
	83	/* malloc failure */
	84
	85	if (EVP_PKEY_verify_recover(ctx, rout, &routlen, sig, siglen) <= 0)
	86	/* Error */
	87
	88	/* Recovered data is routlen bytes written to buffer rout */
	89
	90	=head1 SEE ALSO
	91
	92	L<EVP_PKEY_CTX_new(3)\|EVP_PKEY_CTX_new(3)>,
	93	L<EVP_PKEY_encrypt(3)\|EVP_PKEY_encrypt(3)>,
	94	L<EVP_PKEY_decrypt(3)\|EVP_PKEY_decrypt(3)>,
	95	L<EVP_PKEY_sign(3)\|EVP_PKEY_sign(3)>,
	96	L<EVP_PKEY_verify(3)\|EVP_PKEY_verify(3)>,
	97	L<EVP_PKEY_derive(3)\|EVP_PKEY_derive(3)>
	98
	99	=head1 HISTORY
	100
	101	These functions were first added to OpenSSL 1.0.0.
	102
	103	=cut