1 files changed, 131 insertions, 0 deletions
diff --git a/src/lib/libcrypto/man/EVP_PKEY_verify_recover.3 b/src/lib/libcrypto/man/EVP_PKEY_verify_recover.3
new file mode 100644
index 0000000000..fc26152ae6
--- /dev/null
+++ b/src/lib/libcrypto/man/EVP_PKEY_verify_recover.3
@@ -0,0 +1,131 @@
+.Dd $Mdocdate: November 3 2016 $
+.Dt EVP_PKEY_VERIFY_RECOVER 3
+.Os
+.Sh NAME
+.Nm EVP_PKEY_verify_recover_init ,
+.Nm EVP_PKEY_verify_recover
+.Nd recover signature using a public key algorithm
+.Sh SYNOPSIS
+.In openssl/evp.h
+.Ft int
+.Fo EVP_PKEY_verify_recover_init
+.Fa "EVP_PKEY_CTX *ctx"
+.Fc
+.Ft int
+.Fo EVP_PKEY_verify_recover
+.Fa "EVP_PKEY_CTX *ctx"
+.Fa "unsigned char *rout"
+.Fa "size_t *routlen"
+.Fa "const unsigned char *sig"
+.Fa "size_t siglen"
+.Fc
+.Sh DESCRIPTION
+The
+.Fn EVP_PKEY_verify_recover_init
+function initializes a public key algorithm context using key
+.Fa ctx->pkey
+for a verify recover operation.
+.Pp
+The
+.Fn EVP_PKEY_verify_recover
+function recovers signed data using
+.Fa ctx .
+The signature is specified using the
+.Fa sig
+and
+.Fa siglen
+parameters.
+If
+.Fa rout
+is
+.Dv NULL ,
+then the maximum size of the output buffer is written to the
+.Fa routlen
+parameter.
+If
+.Fa rout
+is not
+.Dv NULL ,
+then before the call the
+.Fa routlen
+parameter should contain the length of the
+.Fa rout
+buffer.
+If the call is successful, recovered data is written to
+.Fa rout
+and the amount of data written to
+.Fa routlen .
+.Pp
+Normally an application is only interested in whether a signature
+verification operation is successful.
+In those cases, the
+.Xr EVP_verify 3
+function should be used.
+.Pp
+Sometimes however it is useful to obtain the data originally signed
+using a signing operation.
+Only certain public key algorithms can recover a signature in this way
+(for example RSA in PKCS padding mode).
+.Pp
+After the call to
+.Fn EVP_PKEY_verify_recover_init ,
+algorithm specific control operations can be performed to set any
+appropriate parameters for the operation.
+.Pp
+The function
+.Fn EVP_PKEY_verify_recover
+can be called more than once on the same context if several operations
+are performed using the same parameters.
+.Sh RETURN VALUES
+.Fn EVP_PKEY_verify_recover_init
+and
+.Fn EVP_PKEY_verify_recover
+return 1 for success and 0 or a negative value for failure.
+In particular, a return value of -2 indicates the operation is not
+supported by the public key algorithm.
+.Sh EXAMPLES
+Recover digest originally signed using PKCS#1 and SHA256 digest:
+.Bd -literal
+#include <openssl/evp.h>
+#include <openssl/rsa.h>
+EVP_PKEY_CTX *ctx;
+unsigned char *rout, *sig;
+size_t routlen, siglen;
+EVP_PKEY *verify_key;
+/* NB: assumes verify_key, sig and siglen are already set up
+ * and that verify_key is an RSA public key
+ */
+ctx = EVP_PKEY_CTX_new(verify_key);
+if (!ctx)
+        /* Error occurred */
+if (EVP_PKEY_verify_recover_init(ctx) <= 0)
+        /* Error */
+if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_PADDING) <= 0)
+        /* Error */
+if (EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256()) <= 0)
+        /* Error */
+/* Determine buffer length */
+if (EVP_PKEY_verify_recover(ctx, NULL, &routlen, sig, siglen) <= 0)
+        /* Error */
+rout = malloc(routlen);
+if (!rout)
+        /* malloc failure */
+if (EVP_PKEY_verify_recover(ctx, rout, &routlen, sig, siglen) <= 0)
+        /* Error */
+/* Recovered data is routlen bytes written to buffer rout */
+.Ed
+.Sh SEE ALSO
+.Xr EVP_PKEY_CTX_new 3 ,
+.Xr EVP_PKEY_encrypt 3 ,
+.Xr EVP_PKEY_decrypt 3 ,
+.Xr EVP_PKEY_sign 3 ,
+.Xr EVP_PKEY_verify 3 ,
+.Xr EVP_PKEY_derive 3
+.Sh HISTORY
+These functions were first added to OpenSSL 1.0.0.

diff --git a/src/lib/libcrypto/man/EVP_PKEY_verify_recover.3 b/src/lib/libcrypto/man/EVP_PKEY_verify_recover.3 new file mode 100644 index 0000000000..fc26152ae6 --- /dev/null +++ b/src/lib/libcrypto/man/EVP_PKEY_verify_recover.3
@@ -0,0 +1,131 @@
	1	.Dd $Mdocdate: November 3 2016 $
	2	.Dt EVP_PKEY_VERIFY_RECOVER 3
	3	.Os
	4	.Sh NAME
	5	.Nm EVP_PKEY_verify_recover_init ,
	6	.Nm EVP_PKEY_verify_recover
	7	.Nd recover signature using a public key algorithm
	8	.Sh SYNOPSIS
	9	.In openssl/evp.h
	10	.Ft int
	11	.Fo EVP_PKEY_verify_recover_init
	12	.Fa "EVP_PKEY_CTX *ctx"
	13	.Fc
	14	.Ft int
	15	.Fo EVP_PKEY_verify_recover
	16	.Fa "EVP_PKEY_CTX *ctx"
	17	.Fa "unsigned char *rout"
	18	.Fa "size_t *routlen"
	19	.Fa "const unsigned char *sig"
	20	.Fa "size_t siglen"
	21	.Fc
	22	.Sh DESCRIPTION
	23	The
	24	.Fn EVP_PKEY_verify_recover_init
	25	function initializes a public key algorithm context using key
	26	.Fa ctx->pkey
	27	for a verify recover operation.
	28	.Pp
	29	The
	30	.Fn EVP_PKEY_verify_recover
	31	function recovers signed data using
	32	.Fa ctx .
	33	The signature is specified using the
	34	.Fa sig
	35	and
	36	.Fa siglen
	37	parameters.
	38	If
	39	.Fa rout
	40	is
	41	.Dv NULL ,
	42	then the maximum size of the output buffer is written to the
	43	.Fa routlen
	44	parameter.
	45	If
	46	.Fa rout
	47	is not
	48	.Dv NULL ,
	49	then before the call the
	50	.Fa routlen
	51	parameter should contain the length of the
	52	.Fa rout
	53	buffer.
	54	If the call is successful, recovered data is written to
	55	.Fa rout
	56	and the amount of data written to
	57	.Fa routlen .
	58	.Pp
	59	Normally an application is only interested in whether a signature
	60	verification operation is successful.
	61	In those cases, the
	62	.Xr EVP_verify 3
	63	function should be used.
	64	.Pp
	65	Sometimes however it is useful to obtain the data originally signed
	66	using a signing operation.
	67	Only certain public key algorithms can recover a signature in this way
	68	(for example RSA in PKCS padding mode).
	69	.Pp
	70	After the call to
	71	.Fn EVP_PKEY_verify_recover_init ,
	72	algorithm specific control operations can be performed to set any
	73	appropriate parameters for the operation.
	74	.Pp
	75	The function
	76	.Fn EVP_PKEY_verify_recover
	77	can be called more than once on the same context if several operations
	78	are performed using the same parameters.
	79	.Sh RETURN VALUES
	80	.Fn EVP_PKEY_verify_recover_init
	81	and
	82	.Fn EVP_PKEY_verify_recover
	83	return 1 for success and 0 or a negative value for failure.
	84	In particular, a return value of -2 indicates the operation is not
	85	supported by the public key algorithm.
	86	.Sh EXAMPLES
	87	Recover digest originally signed using PKCS#1 and SHA256 digest:
	88	.Bd -literal
	89	#include <openssl/evp.h>
	90	#include <openssl/rsa.h>
	91
	92	EVP_PKEY_CTX *ctx;
	93	unsigned char rout, sig;
	94	size_t routlen, siglen;
	95	EVP_PKEY *verify_key;
	96	/* NB: assumes verify_key, sig and siglen are already set up
	97	* and that verify_key is an RSA public key
	98	*/
	99	ctx = EVP_PKEY_CTX_new(verify_key);
	100	if (!ctx)
	101	/* Error occurred */
	102	if (EVP_PKEY_verify_recover_init(ctx) <= 0)
	103	/* Error */
	104	if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_PADDING) <= 0)
	105	/* Error */
	106	if (EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256()) <= 0)
	107	/* Error */
	108
	109	/* Determine buffer length */
	110	if (EVP_PKEY_verify_recover(ctx, NULL, &routlen, sig, siglen) <= 0)
	111	/* Error */
	112
	113	rout = malloc(routlen);
	114
	115	if (!rout)
	116	/* malloc failure */
	117
	118	if (EVP_PKEY_verify_recover(ctx, rout, &routlen, sig, siglen) <= 0)
	119	/* Error */
	120
	121	/* Recovered data is routlen bytes written to buffer rout */
	122	.Ed
	123	.Sh SEE ALSO
	124	.Xr EVP_PKEY_CTX_new 3 ,
	125	.Xr EVP_PKEY_encrypt 3 ,
	126	.Xr EVP_PKEY_decrypt 3 ,
	127	.Xr EVP_PKEY_sign 3 ,
	128	.Xr EVP_PKEY_verify 3 ,
	129	.Xr EVP_PKEY_derive 3
	130	.Sh HISTORY
	131	These functions were first added to OpenSSL 1.0.0.