1 files changed, 71 insertions, 7 deletions
diff --git a/src/lib/libcrypto/man/EVP_PKEY_sign.3 b/src/lib/libcrypto/man/EVP_PKEY_sign.3
index 82f4c1b8ad..4e331f9ce9 100644
--- a/src/lib/libcrypto/man/EVP_PKEY_sign.3
+++ b/src/lib/libcrypto/man/EVP_PKEY_sign.3
@@ -1,6 +1,55 @@
-.\"     $OpenBSD: EVP_PKEY_sign.3,v 1.3 2016/11/21 22:19:15 jmc Exp $
+.\"     $OpenBSD: EVP_PKEY_sign.3,v 1.4 2016/11/27 15:26:06 schwarze Exp $
+.\"     OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400
 .\"
-.Dd $Mdocdate: November 21 2016 $
+.\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
+.\" Copyright (c) 2006, 2009, 2013, 2014 The OpenSSL Project.
+.\" All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\"
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
+.\"
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in
+.\"    the documentation and/or other materials provided with the
+.\"    distribution.
+.\"
+.\" 3. All advertising materials mentioning features or use of this
+.\"    software must display the following acknowledgment:
+.\"    "This product includes software developed by the OpenSSL Project
+.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+.\"
+.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+.\"    endorse or promote products derived from this software without
+.\"    prior written permission. For written permission, please contact
+.\"    openssl-core@openssl.org.
+.\"
+.\" 5. Products derived from this software may not be called "OpenSSL"
+.\"    nor may "OpenSSL" appear in their names without prior written
+.\"    permission of the OpenSSL Project.
+.\"
+.\" 6. Redistributions of any form whatsoever must retain the following
+.\"    acknowledgment:
+.\"    "This product includes software developed by the OpenSSL Project
+.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+.\" OF THE POSSIBILITY OF SUCH DAMAGE.
+.\"
+.Dd $Mdocdate: November 27 2016 $
 .Dt EVP_PKEY_SIGN 3
 .Os
 .Sh NAME
@@ -58,10 +107,20 @@ If the call is successful the signature is written to
 and the amount of data written to
 .Fa siglen .
 .Pp
+.Fn EVP_PKEY_sign
+does not hash the data to be signed, and therefore is normally used
+to sign digests.
+For signing arbitrary messages, see the
+.Xr EVP_DigestSignInit 3
+and
+.Xr EVP_SignInit 3
+signing interfaces instead.
+.Pp
 After the call to
 .Fn EVP_PKEY_sign_init ,
 algorithm specific control operations can be performed to set any
-appropriate parameters for the operation.
+appropriate parameters for the operation; see
+.Xr EVP_PKEY_CTX_ctrl 3 .
 .Pp
 The function
 .Fn EVP_PKEY_sign
@@ -81,13 +140,17 @@ Sign data using RSA with PKCS#1 padding and SHA256 digest:
 #include <openssl/rsa.h>
 EVP_PKEY_CTX *ctx;
+/* md is a SHA-256 digest in this example. */
 unsigned char *md, *sig;
-size_t mdlen, siglen;
+size_t mdlen = 32, siglen;
 EVP_PKEY *signing_key;
-/* NB: assumes signing_key, md and mdlen are already set up
- * and that signing_key is an RSA private key
+/*
+ * NB: assumes signing_key and md are set up before the next
+ * step. signing_key must be an RSA private key and md must
+ * point to the SHA-256 digest to be signed.
 */
-ctx = EVP_PKEY_CTX_new(signing_key);
+ctx = EVP_PKEY_CTX_new(signing_key, NULL /* no engine */);
 if (!ctx)
        /* Error occurred */
 if (EVP_PKEY_sign_init(ctx) <= 0)
@@ -112,6 +175,7 @@ if (EVP_PKEY_sign(ctx, sig, &siglen, md, mdlen) <= 0)
 /* Signature is siglen bytes written to buffer sig */
 .Ed
 .Sh SEE ALSO
+.Xr EVP_PKEY_ctrl 3 ,
 .Xr EVP_PKEY_CTX_new 3 ,
 .Xr EVP_PKEY_decrypt 3 ,
 .Xr EVP_PKEY_derive 3 ,

diff --git a/src/lib/libcrypto/man/EVP_PKEY_sign.3 b/src/lib/libcrypto/man/EVP_PKEY_sign.3 index 82f4c1b8ad..4e331f9ce9 100644 --- a/src/lib/libcrypto/man/EVP_PKEY_sign.3 +++ b/src/lib/libcrypto/man/EVP_PKEY_sign.3
@@ -1,6 +1,55 @@
1	.\" $OpenBSD: EVP_PKEY_sign.3,v 1.3 2016/11/21 22:19:15 jmc Exp $	1	.\" $OpenBSD: EVP_PKEY_sign.3,v 1.4 2016/11/27 15:26:06 schwarze Exp $
		2	.\" OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400
2	.\"	3	.\"
3	.Dd $Mdocdate: November 21 2016 $	4	.\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
		5	.\" Copyright (c) 2006, 2009, 2013, 2014 The OpenSSL Project.
		6	.\" All rights reserved.
		7	.\"
		8	.\" Redistribution and use in source and binary forms, with or without
		9	.\" modification, are permitted provided that the following conditions
		10	.\" are met:
		11	.\"
		12	.\" 1. Redistributions of source code must retain the above copyright
		13	.\" notice, this list of conditions and the following disclaimer.
		14	.\"
		15	.\" 2. Redistributions in binary form must reproduce the above copyright
		16	.\" notice, this list of conditions and the following disclaimer in
		17	.\" the documentation and/or other materials provided with the
		18	.\" distribution.
		19	.\"
		20	.\" 3. All advertising materials mentioning features or use of this
		21	.\" software must display the following acknowledgment:
		22	.\" "This product includes software developed by the OpenSSL Project
		23	.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
		24	.\"
		25	.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
		26	.\" endorse or promote products derived from this software without
		27	.\" prior written permission. For written permission, please contact
		28	.\" openssl-core@openssl.org.
		29	.\"
		30	.\" 5. Products derived from this software may not be called "OpenSSL"
		31	.\" nor may "OpenSSL" appear in their names without prior written
		32	.\" permission of the OpenSSL Project.
		33	.\"
		34	.\" 6. Redistributions of any form whatsoever must retain the following
		35	.\" acknowledgment:
		36	.\" "This product includes software developed by the OpenSSL Project
		37	.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)"
		38	.\"
		39	.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
		40	.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
		41	.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
		42	.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
		43	.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
		44	.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
		45	.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
		46	.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
		47	.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
		48	.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
		49	.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
		50	.\" OF THE POSSIBILITY OF SUCH DAMAGE.
		51	.\"
		52	.Dd $Mdocdate: November 27 2016 $
4	.Dt EVP_PKEY_SIGN 3	53	.Dt EVP_PKEY_SIGN 3
5	.Os	54	.Os
6	.Sh NAME	55	.Sh NAME
@@ -58,10 +107,20 @@ If the call is successful the signature is written to
58	and the amount of data written to	107	and the amount of data written to
59	.Fa siglen .	108	.Fa siglen .
60	.Pp	109	.Pp
		110	.Fn EVP_PKEY_sign
		111	does not hash the data to be signed, and therefore is normally used
		112	to sign digests.
		113	For signing arbitrary messages, see the
		114	.Xr EVP_DigestSignInit 3
		115	and
		116	.Xr EVP_SignInit 3
		117	signing interfaces instead.
		118	.Pp
61	After the call to	119	After the call to
62	.Fn EVP_PKEY_sign_init ,	120	.Fn EVP_PKEY_sign_init ,
63	algorithm specific control operations can be performed to set any	121	algorithm specific control operations can be performed to set any
64	appropriate parameters for the operation.	122	appropriate parameters for the operation; see
		123	.Xr EVP_PKEY_CTX_ctrl 3 .
65	.Pp	124	.Pp
66	The function	125	The function
67	.Fn EVP_PKEY_sign	126	.Fn EVP_PKEY_sign
@@ -81,13 +140,17 @@ Sign data using RSA with PKCS#1 padding and SHA256 digest:
81	#include <openssl/rsa.h>	140	#include <openssl/rsa.h>
82		141
83	EVP_PKEY_CTX *ctx;	142	EVP_PKEY_CTX *ctx;
		143	/* md is a SHA-256 digest in this example. */
84	unsigned char md, sig;	144	unsigned char md, sig;
85	size_t mdlen, siglen;	145	size_t mdlen = 32, siglen;
86	EVP_PKEY *signing_key;	146	EVP_PKEY *signing_key;
87	/* NB: assumes signing_key, md and mdlen are already set up	147
88	* and that signing_key is an RSA private key	148	/*
		149	* NB: assumes signing_key and md are set up before the next
		150	* step. signing_key must be an RSA private key and md must
		151	* point to the SHA-256 digest to be signed.
89	*/	152	*/
90	ctx = EVP_PKEY_CTX_new(signing_key);	153	ctx = EVP_PKEY_CTX_new(signing_key, NULL /* no engine */);
91	if (!ctx)	154	if (!ctx)
92	/* Error occurred */	155	/* Error occurred */
93	if (EVP_PKEY_sign_init(ctx) <= 0)	156	if (EVP_PKEY_sign_init(ctx) <= 0)
@@ -112,6 +175,7 @@ if (EVP_PKEY_sign(ctx, sig, &siglen, md, mdlen) <= 0)
112	/* Signature is siglen bytes written to buffer sig */	175	/* Signature is siglen bytes written to buffer sig */
113	.Ed	176	.Ed
114	.Sh SEE ALSO	177	.Sh SEE ALSO
		178	.Xr EVP_PKEY_ctrl 3 ,
115	.Xr EVP_PKEY_CTX_new 3 ,	179	.Xr EVP_PKEY_CTX_new 3 ,
116	.Xr EVP_PKEY_decrypt 3 ,	180	.Xr EVP_PKEY_decrypt 3 ,
117	.Xr EVP_PKEY_derive 3 ,	181	.Xr EVP_PKEY_derive 3 ,