1 files changed, 152 insertions, 0 deletions
diff --git a/src/lib/libcrypto/man/EVP_DigestSignInit.3 b/src/lib/libcrypto/man/EVP_DigestSignInit.3
new file mode 100644
index 0000000000..89a2d7afbd
--- /dev/null
+++ b/src/lib/libcrypto/man/EVP_DigestSignInit.3
@@ -0,0 +1,152 @@
+.Dd $Mdocdate: November 3 2016 $
+.Dt EVP_DIGESTSIGNINIT 3
+.Os
+.Sh NAME
+.Nm EVP_DigestSignInit ,
+.Nm EVP_DigestSignUpdate ,
+.Nm EVP_DigestSignFinal
+.Nd EVP signing functions
+.Sh SYNOPSIS
+.In openssl/evp.h
+.Ft int
+.Fo EVP_DigestSignInit
+.Fa "EVP_MD_CTX *ctx"
+.Fa "EVP_PKEY_CTX **pctx"
+.Fa "const EVP_MD *type"
+.Fa "ENGINE *e"
+.Fa "EVP_PKEY *pkey"
+.Fc
+.Ft int
+.Fo EVP_DigestSignUpdate
+.Fa "EVP_MD_CTX *ctx"
+.Fa "const void *d"
+.Fa "unsigned int cnt"
+.Fc
+.Ft int
+.Fo EVP_DigestSignFinal
+.Fa "EVP_MD_CTX *ctx"
+.Fa "unsigned char *sig"
+.Fa "size_t *siglen"
+.Fc
+.Sh DESCRIPTION
+The EVP signature routines are a high level interface to digital
+signatures.
+.Pp
+.Fn EVP_DigestSignInit
+sets up the signing context
+.Fa ctx
+to use the digest
+.Fa type
+from
+.Vt ENGINE
+.Fa e
+and private key
+.Fa pkey .
+.Fa ctx
+must be initialized with
+.Xr EVP_MD_CTX_init 3
+before calling this function.
+If
+.Fa pctx
+is not
+.Dv NULL ,
+the
+.Vt EVP_PKEY_CTX
+of the signing operation will be written to
+.Pf * Fa pctx :
+this can be used to set alternative signing options.
+.Pp
+.Fn EVP_DigestSignUpdate
+hashes
+.Fa cnt
+bytes of data at
+.Fa d
+into the signature context
+.Fa ctx .
+This function can be called several times on the same
+.Fa ctx
+to include additional data.
+This function is currently implemented using a macro.
+.Pp
+.Fn EVP_DigestSignFinal
+signs the data in
+.Fa ctx
+and places the signature in
+.Fa sig .
+If
+.Fa sig
+is
+.Dv NULL ,
+then the maximum size of the output buffer is written to
+.Pf * Fa siglen .
+If
+.Fa sig
+is not
+.Dv NULL ,
+then before the call
+.Fa siglen
+should contain the length of the
+.Fa sig
+buffer.
+If the call is successful, the signature is written to
+.Fa sig
+and the amount of data written to
+.Fa siglen .
+.Pp
+The EVP interface to digital signatures should almost always be
+used in preference to the low level interfaces.
+This is because the code then becomes transparent to the algorithm used
+and much more flexible.
+.Pp
+In previous versions of OpenSSL, there was a link between message digest
+types and public key algorithms.
+This meant that "clone" digests such as
+.Xr EVP_dss1 3
+needed to be used to sign using SHA1 and DSA.
+This is no longer necessary and the use of clone digest is now
+discouraged.
+.Pp
+The call to
+.Fn EVP_DigestSignFinal
+internally finalizes a copy of the digest context.
+This means that
+.Fn EVP_DigestSignUpdate
+and
+.Fn EVP_DigestSignFinal
+can be called later to digest and sign additional data.
+.Pp
+Since only a copy of the digest context is ever finalized, the context
+must be cleaned up after use by calling
+.Xr EVP_MD_CTX_cleanup 3 ,
+or a memory leak will occur.
+.Pp
+The use of
+.Xr EVP_PKEY_size 3
+with these functions is discouraged because some signature operations
+may have a signature length which depends on the parameters set.
+As a result,
+.Xr EVP_PKEY_size 3
+would have to return a value which indicates the maximum possible
+signature for any set of parameters.
+.Sh RETURN VALUES
+.Fn EVP_DigestSignInit ,
+.Fn EVP_DigestSignUpdate ,
+and
+.Fn EVP_DigestSignFinal
+return 1 for success and 0 or a negative value for failure.
+In particular, a return value of -2 indicates the operation is not
+supported by the public key algorithm.
+.Pp
+The error codes can be obtained from
+.Xr ERR_get_error 3 .
+.Sh SEE ALSO
+.Xr ERR 3 ,
+.Xr evp 3 ,
+.Xr EVP_DigestInit 3 ,
+.Xr EVP_DigestVerifyInit 3
+.Sh HISTORY
+.Fn EVP_DigestSignInit ,
+.Fn EVP_DigestSignUpdate ,
+and
+.Fn EVP_DigestSignFinal
+were first added to OpenSSL 1.0.0.

diff --git a/src/lib/libcrypto/man/EVP_DigestSignInit.3 b/src/lib/libcrypto/man/EVP_DigestSignInit.3 new file mode 100644 index 0000000000..89a2d7afbd --- /dev/null +++ b/src/lib/libcrypto/man/EVP_DigestSignInit.3
@@ -0,0 +1,152 @@
	1	.Dd $Mdocdate: November 3 2016 $
	2	.Dt EVP_DIGESTSIGNINIT 3
	3	.Os
	4	.Sh NAME
	5	.Nm EVP_DigestSignInit ,
	6	.Nm EVP_DigestSignUpdate ,
	7	.Nm EVP_DigestSignFinal
	8	.Nd EVP signing functions
	9	.Sh SYNOPSIS
	10	.In openssl/evp.h
	11	.Ft int
	12	.Fo EVP_DigestSignInit
	13	.Fa "EVP_MD_CTX *ctx"
	14	.Fa "EVP_PKEY_CTX **pctx"
	15	.Fa "const EVP_MD *type"
	16	.Fa "ENGINE *e"
	17	.Fa "EVP_PKEY *pkey"
	18	.Fc
	19	.Ft int
	20	.Fo EVP_DigestSignUpdate
	21	.Fa "EVP_MD_CTX *ctx"
	22	.Fa "const void *d"
	23	.Fa "unsigned int cnt"
	24	.Fc
	25	.Ft int
	26	.Fo EVP_DigestSignFinal
	27	.Fa "EVP_MD_CTX *ctx"
	28	.Fa "unsigned char *sig"
	29	.Fa "size_t *siglen"
	30	.Fc
	31	.Sh DESCRIPTION
	32	The EVP signature routines are a high level interface to digital
	33	signatures.
	34	.Pp
	35	.Fn EVP_DigestSignInit
	36	sets up the signing context
	37	.Fa ctx
	38	to use the digest
	39	.Fa type
	40	from
	41	.Vt ENGINE
	42	.Fa e
	43	and private key
	44	.Fa pkey .
	45	.Fa ctx
	46	must be initialized with
	47	.Xr EVP_MD_CTX_init 3
	48	before calling this function.
	49	If
	50	.Fa pctx
	51	is not
	52	.Dv NULL ,
	53	the
	54	.Vt EVP_PKEY_CTX
	55	of the signing operation will be written to
	56	.Pf * Fa pctx :
	57	this can be used to set alternative signing options.
	58	.Pp
	59	.Fn EVP_DigestSignUpdate
	60	hashes
	61	.Fa cnt
	62	bytes of data at
	63	.Fa d
	64	into the signature context
	65	.Fa ctx .
	66	This function can be called several times on the same
	67	.Fa ctx
	68	to include additional data.
	69	This function is currently implemented using a macro.
	70	.Pp
	71	.Fn EVP_DigestSignFinal
	72	signs the data in
	73	.Fa ctx
	74	and places the signature in
	75	.Fa sig .
	76	If
	77	.Fa sig
	78	is
	79	.Dv NULL ,
	80	then the maximum size of the output buffer is written to
	81	.Pf * Fa siglen .
	82	If
	83	.Fa sig
	84	is not
	85	.Dv NULL ,
	86	then before the call
	87	.Fa siglen
	88	should contain the length of the
	89	.Fa sig
	90	buffer.
	91	If the call is successful, the signature is written to
	92	.Fa sig
	93	and the amount of data written to
	94	.Fa siglen .
	95	.Pp
	96	The EVP interface to digital signatures should almost always be
	97	used in preference to the low level interfaces.
	98	This is because the code then becomes transparent to the algorithm used
	99	and much more flexible.
	100	.Pp
	101	In previous versions of OpenSSL, there was a link between message digest
	102	types and public key algorithms.
	103	This meant that "clone" digests such as
	104	.Xr EVP_dss1 3
	105	needed to be used to sign using SHA1 and DSA.
	106	This is no longer necessary and the use of clone digest is now
	107	discouraged.
	108	.Pp
	109	The call to
	110	.Fn EVP_DigestSignFinal
	111	internally finalizes a copy of the digest context.
	112	This means that
	113	.Fn EVP_DigestSignUpdate
	114	and
	115	.Fn EVP_DigestSignFinal
	116	can be called later to digest and sign additional data.
	117	.Pp
	118	Since only a copy of the digest context is ever finalized, the context
	119	must be cleaned up after use by calling
	120	.Xr EVP_MD_CTX_cleanup 3 ,
	121	or a memory leak will occur.
	122	.Pp
	123	The use of
	124	.Xr EVP_PKEY_size 3
	125	with these functions is discouraged because some signature operations
	126	may have a signature length which depends on the parameters set.
	127	As a result,
	128	.Xr EVP_PKEY_size 3
	129	would have to return a value which indicates the maximum possible
	130	signature for any set of parameters.
	131	.Sh RETURN VALUES
	132	.Fn EVP_DigestSignInit ,
	133	.Fn EVP_DigestSignUpdate ,
	134	and
	135	.Fn EVP_DigestSignFinal
	136	return 1 for success and 0 or a negative value for failure.
	137	In particular, a return value of -2 indicates the operation is not
	138	supported by the public key algorithm.
	139	.Pp
	140	The error codes can be obtained from
	141	.Xr ERR_get_error 3 .
	142	.Sh SEE ALSO
	143	.Xr ERR 3 ,
	144	.Xr evp 3 ,
	145	.Xr EVP_DigestInit 3 ,
	146	.Xr EVP_DigestVerifyInit 3
	147	.Sh HISTORY
	148	.Fn EVP_DigestSignInit ,
	149	.Fn EVP_DigestSignUpdate ,
	150	and
	151	.Fn EVP_DigestSignFinal
	152	were first added to OpenSSL 1.0.0.