1 files changed, 25 insertions, 11 deletions
diff --git a/src/lib/libcrypto/doc/EVP_VerifyInit.pod b/src/lib/libcrypto/doc/EVP_VerifyInit.pod
index 736a0f4a82..80c656fde8 100644
--- a/src/lib/libcrypto/doc/EVP_VerifyInit.pod
+++ b/src/lib/libcrypto/doc/EVP_VerifyInit.pod
@@ -8,30 +8,35 @@ EVP_VerifyInit, EVP_VerifyUpdate, EVP_VerifyFinal - EVP signature verification f
 #include <openssl/evp.h>
- void EVP_VerifyInit(EVP_MD_CTX *ctx, const EVP_MD *type);
+ int EVP_VerifyInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl);
- void EVP_VerifyUpdate(EVP_MD_CTX *ctx, const void *d, unsigned int cnt);
+ int EVP_VerifyUpdate(EVP_MD_CTX *ctx, const void *d, unsigned int cnt);
 int EVP_VerifyFinal(EVP_MD_CTX *ctx,unsigned char *sigbuf, unsigned int siglen,EVP_PKEY *pkey);
+ int EVP_VerifyInit(EVP_MD_CTX *ctx, const EVP_MD *type);
 =head1 DESCRIPTION
 The EVP signature verification routines are a high level interface to digital
 signatures.
-EVP_VerifyInit() initializes a verification context B<ctx> to using digest
+EVP_VerifyInit_ex() sets up verification context B<ctx> to use digest
-B<type>: this will typically be supplied by a function such as EVP_sha1().
+B<type> from ENGINE B<impl>. B<ctx> must be initialized by calling
+EVP_MD_CTX_init() before calling this function.
 EVP_VerifyUpdate() hashes B<cnt> bytes of data at B<d> into the
 verification context B<ctx>. This function can be called several times on the
 same B<ctx> to include additional data.
 EVP_VerifyFinal() verifies the data in B<ctx> using the public key B<pkey>
-and against the B<siglen> bytes at B<sigbuf>. After calling EVP_VerifyFinal()
+and against the B<siglen> bytes at B<sigbuf>.
-no additional calls to EVP_VerifyUpdate() can be made, but EVP_VerifyInit()
-can be called to initialize a new verification operation.
+EVP_VerifyInit() initializes verification context B<ctx> to use the default
+implementation of digest B<type>.
 =head1 RETURN VALUES
-EVP_VerifyInit() and EVP_VerifyUpdate() do not return values.
+EVP_VerifyInit_ex() and EVP_VerifyUpdate() return 1 for success and 0 for
+failure.
 EVP_VerifyFinal() returns 1 for a correct signature, 0 for failure and -1 if some
 other error occurred.
@@ -49,11 +54,18 @@ digest algorithm must be used with the correct public key type. A list of
 algorithms and associated public key algorithms appears in 
 L<EVP_DigestInit(3)|EVP_DigestInit(3)>.
+The call to EVP_VerifyFinal() internally finalizes a copy of the digest context.
+This means that calls to EVP_VerifyUpdate() and EVP_VerifyFinal() can be called
+later to digest and verify additional data.
+Since only a copy of the digest context is ever finalized the context must
+be cleaned up after use by calling EVP_MD_CTX_cleanup() or a memory leak
+will occur.
 =head1 BUGS
-Several of the functions do not return values: maybe they should. Although the
+Older versions of this documentation wrongly stated that calls to 
-internal digest operations will never fail some future hardware based operations
+EVP_VerifyUpdate() could not be made after calling EVP_VerifyFinal().
-might.
 =head1 SEE ALSO
@@ -69,4 +81,6 @@ L<sha(3)|sha(3)>, L<digest(1)|digest(1)>
 EVP_VerifyInit(), EVP_VerifyUpdate() and EVP_VerifyFinal() are
 available in all versions of SSLeay and OpenSSL.
+EVP_VerifyInit_ex() was added in OpenSSL 0.9.7
 =cut

diff --git a/src/lib/libcrypto/doc/EVP_VerifyInit.pod b/src/lib/libcrypto/doc/EVP_VerifyInit.pod index 736a0f4a82..80c656fde8 100644 --- a/src/lib/libcrypto/doc/EVP_VerifyInit.pod +++ b/src/lib/libcrypto/doc/EVP_VerifyInit.pod
@@ -8,30 +8,35 @@ EVP_VerifyInit, EVP_VerifyUpdate, EVP_VerifyFinal - EVP signature verification f
8		8
9	#include <openssl/evp.h>	9	#include <openssl/evp.h>
10		10
11	void EVP_VerifyInit(EVP_MD_CTX ctx, const EVP_MD type);	11	int EVP_VerifyInit_ex(EVP_MD_CTX ctx, const EVP_MD type, ENGINE *impl);
12	void EVP_VerifyUpdate(EVP_MD_CTX ctx, const void d, unsigned int cnt);	12	int EVP_VerifyUpdate(EVP_MD_CTX ctx, const void d, unsigned int cnt);
13	int EVP_VerifyFinal(EVP_MD_CTX ctx,unsigned char sigbuf, unsigned int siglen,EVP_PKEY *pkey);	13	int EVP_VerifyFinal(EVP_MD_CTX ctx,unsigned char sigbuf, unsigned int siglen,EVP_PKEY *pkey);
14		14
		15	int EVP_VerifyInit(EVP_MD_CTX ctx, const EVP_MD type);
		16
15	=head1 DESCRIPTION	17	=head1 DESCRIPTION
16		18
17	The EVP signature verification routines are a high level interface to digital	19	The EVP signature verification routines are a high level interface to digital
18	signatures.	20	signatures.
19		21
20	EVP_VerifyInit() initializes a verification context B<ctx> to using digest	22	EVP_VerifyInit_ex() sets up verification context B<ctx> to use digest
21	B<type>: this will typically be supplied by a function such as EVP_sha1().	23	B<type> from ENGINE B<impl>. B<ctx> must be initialized by calling
		24	EVP_MD_CTX_init() before calling this function.
22		25
23	EVP_VerifyUpdate() hashes B<cnt> bytes of data at B<d> into the	26	EVP_VerifyUpdate() hashes B<cnt> bytes of data at B<d> into the
24	verification context B<ctx>. This function can be called several times on the	27	verification context B<ctx>. This function can be called several times on the
25	same B<ctx> to include additional data.	28	same B<ctx> to include additional data.
26		29
27	EVP_VerifyFinal() verifies the data in B<ctx> using the public key B<pkey>	30	EVP_VerifyFinal() verifies the data in B<ctx> using the public key B<pkey>
28	and against the B<siglen> bytes at B<sigbuf>. After calling EVP_VerifyFinal()	31	and against the B<siglen> bytes at B<sigbuf>.
29	no additional calls to EVP_VerifyUpdate() can be made, but EVP_VerifyInit()	32
30	can be called to initialize a new verification operation.	33	EVP_VerifyInit() initializes verification context B<ctx> to use the default
		34	implementation of digest B<type>.
31		35
32	=head1 RETURN VALUES	36	=head1 RETURN VALUES
33		37
34	EVP_VerifyInit() and EVP_VerifyUpdate() do not return values.	38	EVP_VerifyInit_ex() and EVP_VerifyUpdate() return 1 for success and 0 for
		39	failure.
35		40
36	EVP_VerifyFinal() returns 1 for a correct signature, 0 for failure and -1 if some	41	EVP_VerifyFinal() returns 1 for a correct signature, 0 for failure and -1 if some
37	other error occurred.	42	other error occurred.
@@ -49,11 +54,18 @@ digest algorithm must be used with the correct public key type. A list of
49	algorithms and associated public key algorithms appears in	54	algorithms and associated public key algorithms appears in
50	L<EVP_DigestInit(3)\|EVP_DigestInit(3)>.	55	L<EVP_DigestInit(3)\|EVP_DigestInit(3)>.
51		56
		57	The call to EVP_VerifyFinal() internally finalizes a copy of the digest context.
		58	This means that calls to EVP_VerifyUpdate() and EVP_VerifyFinal() can be called
		59	later to digest and verify additional data.
		60
		61	Since only a copy of the digest context is ever finalized the context must
		62	be cleaned up after use by calling EVP_MD_CTX_cleanup() or a memory leak
		63	will occur.
		64
52	=head1 BUGS	65	=head1 BUGS
53		66
54	Several of the functions do not return values: maybe they should. Although the	67	Older versions of this documentation wrongly stated that calls to
55	internal digest operations will never fail some future hardware based operations	68	EVP_VerifyUpdate() could not be made after calling EVP_VerifyFinal().
56	might.
57		69
58	=head1 SEE ALSO	70	=head1 SEE ALSO
59		71
@@ -69,4 +81,6 @@ L<sha(3)\|sha(3)>, L<digest(1)\|digest(1)>
69	EVP_VerifyInit(), EVP_VerifyUpdate() and EVP_VerifyFinal() are	81	EVP_VerifyInit(), EVP_VerifyUpdate() and EVP_VerifyFinal() are
70	available in all versions of SSLeay and OpenSSL.	82	available in all versions of SSLeay and OpenSSL.
71		83
		84	EVP_VerifyInit_ex() was added in OpenSSL 0.9.7
		85
72	=cut	86	=cut