1 files changed, 132 insertions, 0 deletions
diff --git a/src/lib/libcrypto/man/EVP_DigestVerifyInit.3 b/src/lib/libcrypto/man/EVP_DigestVerifyInit.3
new file mode 100644
index 0000000000..0b26eb617e
--- /dev/null
+++ b/src/lib/libcrypto/man/EVP_DigestVerifyInit.3
@@ -0,0 +1,132 @@
+.Dd $Mdocdate: November 3 2016 $
+.Dt EVP_DIGESTVERIFYINIT 3
+.Os
+.Sh NAME
+.Nm EVP_DigestVerifyInit ,
+.Nm EVP_DigestVerifyUpdate ,
+.Nm EVP_DigestVerifyFinal
+.Nd EVP signature verification functions
+.Sh SYNOPSIS
+.In openssl/evp.h
+.Ft int
+.Fo EVP_DigestVerifyInit
+.Fa "EVP_MD_CTX *ctx"
+.Fa "EVP_PKEY_CTX **pctx"
+.Fa "const EVP_MD *type"
+.Fa "ENGINE *e"
+.Fa "EVP_PKEY *pkey"
+.Fc
+.Ft int
+.Fo EVP_DigestVerifyUpdate
+.Fa "EVP_MD_CTX *ctx"
+.Fa "const void *d"
+.Fa "unsigned int cnt"
+.Fc
+.Ft int
+.Fo EVP_DigestVerifyFinal
+.Fa "EVP_MD_CTX *ctx"
+.Fa "unsigned char *sig"
+.Fa "size_t siglen"
+.Fc
+.Sh DESCRIPTION
+The EVP signature routines are a high level interface to digital
+signatures.
+.Pp
+.Fn EVP_DigestVerifyInit
+sets up verification context
+.Fa ctx
+to use digest
+.Fa type
+from
+.Vt ENGINE
+.Fa e
+and public key
+.Fa pkey .
+.Fa ctx
+must be initialized with
+.Xr EVP_MD_CTX_init 3
+before calling this function.
+If
+.Fa pctx
+is not
+.Dv NULL ,
+the
+.Vt EVP_PKEY_CTX
+of the verification operation will be written to
+.Pf * Fa pctx :
+this can be used to set alternative verification options.
+.Pp
+.Fn EVP_DigestVerifyUpdate
+hashes
+.Fa cnt
+bytes of data at
+.Fa d
+into the verification context
+.Fa ctx .
+This function can be called several times on the same
+.Fa ctx
+to include additional data.
+This function is currently implemented using a macro.
+.Pp
+.Fn EVP_DigestVerifyFinal
+verifies the data in
+.Fa ctx
+against the signature in
+.Fa sig
+of length
+.Fa siglen .
+.Pp
+The EVP interface to digital signatures should almost always be
+used in preference to the low level interfaces.
+This is because the code then becomes transparent to the algorithm used
+and much more flexible.
+.Pp
+In previous versions of OpenSSL, there was a link between message digest
+types and public key algorithms.
+This meant that "clone" digests such as
+.Xr EVP_dss1 3
+needed to be used to sign using SHA1 and DSA.
+This is no longer necessary and the use of clone digest is now
+discouraged.
+.Pp
+The call to
+.Fn EVP_DigestVerifyFinal
+internally finalizes a copy of the digest context.
+This means that calls to
+.Xr EVP_VerifyUpdate 3
+and
+.Xr EVP_VerifyFinal 3
+can be called later to digest and verify additional data.
+.Pp
+Since only a copy of the digest context is ever finalized, the context
+must be cleaned up after use by calling
+.Xr EVP_MD_CTX_cleanup 3
+or a memory leak will occur.
+.Sh RETURN VALUES
+.Fn EVP_DigestVerifyInit
+and
+.Fn EVP_DigestVerifyUpdate
+return 1 for success and 0 or a negative value for failure.
+In particular a return value of -2 indicates the operation is not
+supported by the public key algorithm.
+.Pp
+Unlike other functions, the return value 0 from
+.Fn EVP_DigestVerifyFinal
+only indicates that the signature did not verify successfully.
+That is it did not match the original data or the signature was of
+invalid form.
+It is not an indication of a more serious error.
+.Pp
+The error codes can be obtained from
+.Xr ERR_get_error 3 .
+.Sh SEE ALSO
+.Xr ERR 3 ,
+.Xr evp 3 ,
+.Xr EVP_DigestInit 3 ,
+.Xr EVP_DigestSignInit 3
+.Sh HISTORY
+.Fn EVP_DigestVerifyInit ,
+.Fn EVP_DigestVerifyUpdate ,
+and
+.Fn EVP_DigestVerifyFinal
+were first added to OpenSSL 1.0.0.

diff --git a/src/lib/libcrypto/man/EVP_DigestVerifyInit.3 b/src/lib/libcrypto/man/EVP_DigestVerifyInit.3 new file mode 100644 index 0000000000..0b26eb617e --- /dev/null +++ b/src/lib/libcrypto/man/EVP_DigestVerifyInit.3
@@ -0,0 +1,132 @@
	1	.Dd $Mdocdate: November 3 2016 $
	2	.Dt EVP_DIGESTVERIFYINIT 3
	3	.Os
	4	.Sh NAME
	5	.Nm EVP_DigestVerifyInit ,
	6	.Nm EVP_DigestVerifyUpdate ,
	7	.Nm EVP_DigestVerifyFinal
	8	.Nd EVP signature verification functions
	9	.Sh SYNOPSIS
	10	.In openssl/evp.h
	11	.Ft int
	12	.Fo EVP_DigestVerifyInit
	13	.Fa "EVP_MD_CTX *ctx"
	14	.Fa "EVP_PKEY_CTX **pctx"
	15	.Fa "const EVP_MD *type"
	16	.Fa "ENGINE *e"
	17	.Fa "EVP_PKEY *pkey"
	18	.Fc
	19	.Ft int
	20	.Fo EVP_DigestVerifyUpdate
	21	.Fa "EVP_MD_CTX *ctx"
	22	.Fa "const void *d"
	23	.Fa "unsigned int cnt"
	24	.Fc
	25	.Ft int
	26	.Fo EVP_DigestVerifyFinal
	27	.Fa "EVP_MD_CTX *ctx"
	28	.Fa "unsigned char *sig"
	29	.Fa "size_t siglen"
	30	.Fc
	31	.Sh DESCRIPTION
	32	The EVP signature routines are a high level interface to digital
	33	signatures.
	34	.Pp
	35	.Fn EVP_DigestVerifyInit
	36	sets up verification context
	37	.Fa ctx
	38	to use digest
	39	.Fa type
	40	from
	41	.Vt ENGINE
	42	.Fa e
	43	and public key
	44	.Fa pkey .
	45	.Fa ctx
	46	must be initialized with
	47	.Xr EVP_MD_CTX_init 3
	48	before calling this function.
	49	If
	50	.Fa pctx
	51	is not
	52	.Dv NULL ,
	53	the
	54	.Vt EVP_PKEY_CTX
	55	of the verification operation will be written to
	56	.Pf * Fa pctx :
	57	this can be used to set alternative verification options.
	58	.Pp
	59	.Fn EVP_DigestVerifyUpdate
	60	hashes
	61	.Fa cnt
	62	bytes of data at
	63	.Fa d
	64	into the verification context
	65	.Fa ctx .
	66	This function can be called several times on the same
	67	.Fa ctx
	68	to include additional data.
	69	This function is currently implemented using a macro.
	70	.Pp
	71	.Fn EVP_DigestVerifyFinal
	72	verifies the data in
	73	.Fa ctx
	74	against the signature in
	75	.Fa sig
	76	of length
	77	.Fa siglen .
	78	.Pp
	79	The EVP interface to digital signatures should almost always be
	80	used in preference to the low level interfaces.
	81	This is because the code then becomes transparent to the algorithm used
	82	and much more flexible.
	83	.Pp
	84	In previous versions of OpenSSL, there was a link between message digest
	85	types and public key algorithms.
	86	This meant that "clone" digests such as
	87	.Xr EVP_dss1 3
	88	needed to be used to sign using SHA1 and DSA.
	89	This is no longer necessary and the use of clone digest is now
	90	discouraged.
	91	.Pp
	92	The call to
	93	.Fn EVP_DigestVerifyFinal
	94	internally finalizes a copy of the digest context.
	95	This means that calls to
	96	.Xr EVP_VerifyUpdate 3
	97	and
	98	.Xr EVP_VerifyFinal 3
	99	can be called later to digest and verify additional data.
	100	.Pp
	101	Since only a copy of the digest context is ever finalized, the context
	102	must be cleaned up after use by calling
	103	.Xr EVP_MD_CTX_cleanup 3
	104	or a memory leak will occur.
	105	.Sh RETURN VALUES
	106	.Fn EVP_DigestVerifyInit
	107	and
	108	.Fn EVP_DigestVerifyUpdate
	109	return 1 for success and 0 or a negative value for failure.
	110	In particular a return value of -2 indicates the operation is not
	111	supported by the public key algorithm.
	112	.Pp
	113	Unlike other functions, the return value 0 from
	114	.Fn EVP_DigestVerifyFinal
	115	only indicates that the signature did not verify successfully.
	116	That is it did not match the original data or the signature was of
	117	invalid form.
	118	It is not an indication of a more serious error.
	119	.Pp
	120	The error codes can be obtained from
	121	.Xr ERR_get_error 3 .
	122	.Sh SEE ALSO
	123	.Xr ERR 3 ,
	124	.Xr evp 3 ,
	125	.Xr EVP_DigestInit 3 ,
	126	.Xr EVP_DigestSignInit 3
	127	.Sh HISTORY
	128	.Fn EVP_DigestVerifyInit ,
	129	.Fn EVP_DigestVerifyUpdate ,
	130	and
	131	.Fn EVP_DigestVerifyFinal
	132	were first added to OpenSSL 1.0.0.