1 files changed, 146 insertions, 0 deletions
diff --git a/src/lib/libcrypto/man/EVP_VerifyInit.3 b/src/lib/libcrypto/man/EVP_VerifyInit.3
new file mode 100644
index 0000000000..b1635d4cac
--- /dev/null
+++ b/src/lib/libcrypto/man/EVP_VerifyInit.3
@@ -0,0 +1,146 @@
+.Dd $Mdocdate: November 3 2016 $
+.Dt EVP_VERIFYINIT 3
+.Os
+.Sh NAME
+.Nm EVP_VerifyInit ,
+.Nm EVP_VerifyUpdate ,
+.Nm EVP_VerifyFinal
+.Nd EVP signature verification functions
+.Sh SYNOPSIS
+.In openssl/evp.h
+.Ft int
+.Fo EVP_VerifyInit_ex
+.Fa "EVP_MD_CTX *ctx"
+.Fa "const EVP_MD *type"
+.Fa "ENGINE *impl"
+.Fc
+.Ft int
+.Fo EVP_VerifyUpdate
+.Fa "EVP_MD_CTX *ctx"
+.Fa "const void *d"
+.Fa "unsigned int cnt"
+.Fc
+.Ft int
+.Fo EVP_VerifyFinal
+.Fa "EVP_MD_CTX *ctx"
+.Fa "unsigned char *sigbuf"
+.Fa "unsigned int siglen"
+.Fa "EVP_PKEY *pkey"
+.Fc
+.Ft int
+.Fo EVP_VerifyInit
+.Fa "EVP_MD_CTX *ctx"
+.Fa "const EVP_MD *type"
+.Fc
+.Sh DESCRIPTION
+The EVP signature verification routines are a high level interface to
+digital signatures.
+.Pp
+.Fn EVP_VerifyInit_ex
+sets up a verification context
+.Fa ctx
+to use the digest
+.Fa type
+from
+.Vt ENGINE
+.Fa impl .
+.Fa ctx
+must be initialized by calling
+.Xr EVP_MD_CTX_init 3
+before calling this function.
+.Pp
+.Fn EVP_VerifyUpdate
+hashes
+.Fa cnt
+bytes of data at
+.Fa d
+into the verification context
+.Fa ctx .
+This function can be called several times on the same
+.Fa ctx
+to include additional data.
+.Pp
+.Fn EVP_VerifyFinal
+verifies the data in
+.Fa ctx
+using the public key
+.Fa pkey
+and against the
+.Fa siglen
+bytes at
+.Fa sigbuf .
+.Pp
+.Fn EVP_VerifyInit
+initializes a verification context
+.Fa ctx
+to use the default implementation of digest
+.Fa type .
+.Pp
+The EVP interface to digital signatures should almost always be
+used in preference to the low level interfaces.
+This is because the code then becomes transparent to the algorithm used
+and much more flexible.
+.Pp
+Due to the link between message digests and public key algorithms, the
+correct digest algorithm must be used with the correct public key type.
+A list of algorithms and associated public key algorithms appears in
+.Xr EVP_DigestInit 3 .
+.Pp
+The call to
+.Fn EVP_VerifyFinal
+internally finalizes a copy of the digest context.
+This means that calls to
+.Fn EVP_VerifyUpdate
+and
+.Fn EVP_VerifyFinal
+can be called later to digest and verify additional data.
+.Pp
+Since only a copy of the digest context is ever finalized, the context
+must be cleaned up after use by calling
+.Xr EVP_MD_CTX_cleanup 3 ,
+or a memory leak will occur.
+.Sh RETURN VALUES
+.Fn EVP_VerifyInit_ex
+and
+.Fn EVP_VerifyUpdate
+return 1 for success and 0 for failure.
+.Pp
+.Fn EVP_VerifyFinal
+returns 1 for a correct signature, 0 for failure, and -1 if some other
+error occurred.
+.Pp
+The error codes can be obtained by
+.Xr ERR_get_error 3 .
+.Sh SEE ALSO
+.Xr ERR 3 ,
+.Xr evp 3 ,
+.Xr EVP_DigestInit 3 ,
+.Xr EVP_SignInit 3
+.Sh HISTORY
+.Fn EVP_VerifyInit ,
+.Fn EVP_VerifyUpdate ,
+and
+.Fn EVP_VerifyFinal
+are available in all versions of SSLeay and OpenSSL.
+.Pp
+.Fn EVP_VerifyInit_ex
+was added in OpenSSL 0.9.7.
+.Sh BUGS
+Older versions of this documentation wrongly stated that calls to
+.Fn EVP_VerifyUpdate
+could not be made after calling
+.Fn EVP_VerifyFinal .
+.Pp
+Since the public key is passed in the call to
+.Xr EVP_SignFinal 3 ,
+any error relating to the private key (for example an unsuitable key and
+digest combination) will not be indicated until after potentially large
+amounts of data have been passed through
+.Xr EVP_SignUpdate 3 .
+.Pp
+It is not possible to change the signing parameters using these
+functions.
+.Pp
+The previous two bugs are fixed in the newer functions of the
+.Xr EVP_DigestVerifyInit 3
+family.

diff --git a/src/lib/libcrypto/man/EVP_VerifyInit.3 b/src/lib/libcrypto/man/EVP_VerifyInit.3 new file mode 100644 index 0000000000..b1635d4cac --- /dev/null +++ b/src/lib/libcrypto/man/EVP_VerifyInit.3
@@ -0,0 +1,146 @@
	1	.Dd $Mdocdate: November 3 2016 $
	2	.Dt EVP_VERIFYINIT 3
	3	.Os
	4	.Sh NAME
	5	.Nm EVP_VerifyInit ,
	6	.Nm EVP_VerifyUpdate ,
	7	.Nm EVP_VerifyFinal
	8	.Nd EVP signature verification functions
	9	.Sh SYNOPSIS
	10	.In openssl/evp.h
	11	.Ft int
	12	.Fo EVP_VerifyInit_ex
	13	.Fa "EVP_MD_CTX *ctx"
	14	.Fa "const EVP_MD *type"
	15	.Fa "ENGINE *impl"
	16	.Fc
	17	.Ft int
	18	.Fo EVP_VerifyUpdate
	19	.Fa "EVP_MD_CTX *ctx"
	20	.Fa "const void *d"
	21	.Fa "unsigned int cnt"
	22	.Fc
	23	.Ft int
	24	.Fo EVP_VerifyFinal
	25	.Fa "EVP_MD_CTX *ctx"
	26	.Fa "unsigned char *sigbuf"
	27	.Fa "unsigned int siglen"
	28	.Fa "EVP_PKEY *pkey"
	29	.Fc
	30	.Ft int
	31	.Fo EVP_VerifyInit
	32	.Fa "EVP_MD_CTX *ctx"
	33	.Fa "const EVP_MD *type"
	34	.Fc
	35	.Sh DESCRIPTION
	36	The EVP signature verification routines are a high level interface to
	37	digital signatures.
	38	.Pp
	39	.Fn EVP_VerifyInit_ex
	40	sets up a verification context
	41	.Fa ctx
	42	to use the digest
	43	.Fa type
	44	from
	45	.Vt ENGINE
	46	.Fa impl .
	47	.Fa ctx
	48	must be initialized by calling
	49	.Xr EVP_MD_CTX_init 3
	50	before calling this function.
	51	.Pp
	52	.Fn EVP_VerifyUpdate
	53	hashes
	54	.Fa cnt
	55	bytes of data at
	56	.Fa d
	57	into the verification context
	58	.Fa ctx .
	59	This function can be called several times on the same
	60	.Fa ctx
	61	to include additional data.
	62	.Pp
	63	.Fn EVP_VerifyFinal
	64	verifies the data in
	65	.Fa ctx
	66	using the public key
	67	.Fa pkey
	68	and against the
	69	.Fa siglen
	70	bytes at
	71	.Fa sigbuf .
	72	.Pp
	73	.Fn EVP_VerifyInit
	74	initializes a verification context
	75	.Fa ctx
	76	to use the default implementation of digest
	77	.Fa type .
	78	.Pp
	79	The EVP interface to digital signatures should almost always be
	80	used in preference to the low level interfaces.
	81	This is because the code then becomes transparent to the algorithm used
	82	and much more flexible.
	83	.Pp
	84	Due to the link between message digests and public key algorithms, the
	85	correct digest algorithm must be used with the correct public key type.
	86	A list of algorithms and associated public key algorithms appears in
	87	.Xr EVP_DigestInit 3 .
	88	.Pp
	89	The call to
	90	.Fn EVP_VerifyFinal
	91	internally finalizes a copy of the digest context.
	92	This means that calls to
	93	.Fn EVP_VerifyUpdate
	94	and
	95	.Fn EVP_VerifyFinal
	96	can be called later to digest and verify additional data.
	97	.Pp
	98	Since only a copy of the digest context is ever finalized, the context
	99	must be cleaned up after use by calling
	100	.Xr EVP_MD_CTX_cleanup 3 ,
	101	or a memory leak will occur.
	102	.Sh RETURN VALUES
	103	.Fn EVP_VerifyInit_ex
	104	and
	105	.Fn EVP_VerifyUpdate
	106	return 1 for success and 0 for failure.
	107	.Pp
	108	.Fn EVP_VerifyFinal
	109	returns 1 for a correct signature, 0 for failure, and -1 if some other
	110	error occurred.
	111	.Pp
	112	The error codes can be obtained by
	113	.Xr ERR_get_error 3 .
	114	.Sh SEE ALSO
	115	.Xr ERR 3 ,
	116	.Xr evp 3 ,
	117	.Xr EVP_DigestInit 3 ,
	118	.Xr EVP_SignInit 3
	119	.Sh HISTORY
	120	.Fn EVP_VerifyInit ,
	121	.Fn EVP_VerifyUpdate ,
	122	and
	123	.Fn EVP_VerifyFinal
	124	are available in all versions of SSLeay and OpenSSL.
	125	.Pp
	126	.Fn EVP_VerifyInit_ex
	127	was added in OpenSSL 0.9.7.
	128	.Sh BUGS
	129	Older versions of this documentation wrongly stated that calls to
	130	.Fn EVP_VerifyUpdate
	131	could not be made after calling
	132	.Fn EVP_VerifyFinal .
	133	.Pp
	134	Since the public key is passed in the call to
	135	.Xr EVP_SignFinal 3 ,
	136	any error relating to the private key (for example an unsuitable key and
	137	digest combination) will not be indicated until after potentially large
	138	amounts of data have been passed through
	139	.Xr EVP_SignUpdate 3 .
	140	.Pp
	141	It is not possible to change the signing parameters using these
	142	functions.
	143	.Pp
	144	The previous two bugs are fixed in the newer functions of the
	145	.Xr EVP_DigestVerifyInit 3
	146	family.