1 files changed, 117 insertions, 0 deletions

diff --git a/src/lib/libcrypto/man/EVP_PKEY_decrypt.3 b/src/lib/libcrypto/man/EVP_PKEY_decrypt.3
new file mode 100644
index 0000000000..28c343838d
--- /dev/null
+++ b/src/lib/libcrypto/man/EVP_PKEY_decrypt.3
@@ -0,0 +1,117 @@
+.Dd $Mdocdate: November 3 2016 $
+.Dt EVP_PKEY_DECRYPT 3
+.Os
+.Sh NAME
+.Nm EVP_PKEY_decrypt_init ,
+.Nm EVP_PKEY_decrypt
+.Nd decrypt using a public key algorithm
+.Sh SYNOPSIS
+.In openssl/evp.h
+.Ft int
+.Fo EVP_PKEY_decrypt_init
+.Fa "EVP_PKEY_CTX *ctx"
+.Fc
+.Ft int
+.Fo EVP_PKEY_decrypt
+.Fa "EVP_PKEY_CTX *ctx"
+.Fa "unsigned char *out"
+.Fa "size_t *outlen"
+.Fa "const unsigned char *in"
+.Fa "size_t inlen"
+.Fc
+.Sh DESCRIPTION
+The
+.Fn EVP_PKEY_decrypt_init
+function initializes a public key algorithm context using key
+.Fa ctx->pkey
+for a decryption operation.
+.Pp
+The
+.Fn EVP_PKEY_decrypt
+function performs a public key decryption operation using
+.Fa ctx .
+The data to be decrypted is specified using the
+.Fa in
+and
+.Fa inlen
+parameters.
+If
+.Fa out
+is
+.Dv NULL
+then the maximum size of the output buffer is written to the
+.Fa outlen
+parameter.
+If
+.Fa out
+is not
+.Dv NULL
+then before the call the
+.Fa outlen
+parameter should contain the length of the
+.Fa out
+buffer, if the call is successful the decrypted data is written to
+.Fa out
+and the amount of data written to
+.Fa outlen .
+.Pp
+After the call to
+.Fn EVP_PKEY_decrypt_init ,
+algorithm specific control operations can be performed to set any
+appropriate parameters for the operation.
+.Pp
+The function
+.Fn EVP_PKEY_decrypt
+can be called more than once on the same context if several operations
+are performed using the same parameters.
+.Sh RETURN VALUES
+.Fn EVP_PKEY_decrypt_init
+and
+.Fn EVP_PKEY_decrypt
+return 1 for success and 0 or a negative value for failure.
+In particular, a return value of -2 indicates the operation is not
+supported by the public key algorithm.
+.Sh EXAMPLE
+Decrypt data using OAEP (for RSA keys):
+.Bd -literal
+#include <openssl/evp.h>
+#include <openssl/rsa.h>
+
+EVP_PKEY_CTX *ctx;
+unsigned char *out, *in;
+size_t outlen, inlen;
+EVP_PKEY *key;
+/* NB: assumes key in, inlen are already set up
+ * and that key is an RSA private key
+ */
+ctx = EVP_PKEY_CTX_new(key);
+if (!ctx)
+        /* Error occurred */
+if (EVP_PKEY_decrypt_init(ctx) <= 0)
+        /* Error */
+if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_OAEP_PADDING) <= 0)
+        /* Error */
+
+/* Determine buffer length */
+if (EVP_PKEY_decrypt(ctx, NULL, &outlen, in, inlen) <= 0)
+        /* Error */
+
+out = malloc(outlen);
+
+if (!out)
+        /* malloc failure */
+
+if (EVP_PKEY_decrypt(ctx, out, &outlen, in, inlen) <= 0)
+        /* Error */
+
+/* Decrypted data is outlen bytes written to buffer out */
+.Ed
+.Sh SEE ALSO
+.Xr EVP_PKEY_CTX_new 3 ,
+.Xr EVP_PKEY_derive 3 ,
+.Xr EVP_PKEY_encrypt 3 ,
+.Xr EVP_PKEY_sign 3 ,
+.Xr EVP_PKEY_verify 3 ,
+.Xr EVP_PKEY_verify_recover 3
+.Sh HISTORY
+These functions were first added to OpenSSL 1.0.0.