From f0162bda8afd63cb58e08f1b872c8efc767d7da5 Mon Sep 17 00:00:00 2001
From: schwarze <>
Date: Sun, 27 Nov 2016 15:26:06 +0000
Subject: Add Copyright and license. Merge some additional text and
 improvements to EXAMPLES from OpenSSL.

---
 src/lib/libcrypto/man/EVP_PKEY_sign.3 | 78 +++++++++++++++++++++++++++++++----
 1 file changed, 71 insertions(+), 7 deletions(-)

diff --git a/src/lib/libcrypto/man/EVP_PKEY_sign.3 b/src/lib/libcrypto/man/EVP_PKEY_sign.3
index 82f4c1b8ad..4e331f9ce9 100644
--- a/src/lib/libcrypto/man/EVP_PKEY_sign.3
+++ b/src/lib/libcrypto/man/EVP_PKEY_sign.3
@@ -1,6 +1,55 @@
-.\"	$OpenBSD: EVP_PKEY_sign.3,v 1.3 2016/11/21 22:19:15 jmc Exp $
+.\"	$OpenBSD: EVP_PKEY_sign.3,v 1.4 2016/11/27 15:26:06 schwarze Exp $
+.\"	OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400
 .\"
-.Dd $Mdocdate: November 21 2016 $
+.\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
+.\" Copyright (c) 2006, 2009, 2013, 2014 The OpenSSL Project.
+.\" All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\"
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
+.\"
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in
+.\"    the documentation and/or other materials provided with the
+.\"    distribution.
+.\"
+.\" 3. All advertising materials mentioning features or use of this
+.\"    software must display the following acknowledgment:
+.\"    "This product includes software developed by the OpenSSL Project
+.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+.\"
+.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+.\"    endorse or promote products derived from this software without
+.\"    prior written permission. For written permission, please contact
+.\"    openssl-core@openssl.org.
+.\"
+.\" 5. Products derived from this software may not be called "OpenSSL"
+.\"    nor may "OpenSSL" appear in their names without prior written
+.\"    permission of the OpenSSL Project.
+.\"
+.\" 6. Redistributions of any form whatsoever must retain the following
+.\"    acknowledgment:
+.\"    "This product includes software developed by the OpenSSL Project
+.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+.\" OF THE POSSIBILITY OF SUCH DAMAGE.
+.\"
+.Dd $Mdocdate: November 27 2016 $
 .Dt EVP_PKEY_SIGN 3
 .Os
 .Sh NAME
@@ -58,10 +107,20 @@ If the call is successful the signature is written to
 and the amount of data written to
 .Fa siglen .
 .Pp
+.Fn EVP_PKEY_sign
+does not hash the data to be signed, and therefore is normally used
+to sign digests.
+For signing arbitrary messages, see the
+.Xr EVP_DigestSignInit 3
+and
+.Xr EVP_SignInit 3
+signing interfaces instead.
+.Pp
 After the call to
 .Fn EVP_PKEY_sign_init ,
 algorithm specific control operations can be performed to set any
-appropriate parameters for the operation.
+appropriate parameters for the operation; see
+.Xr EVP_PKEY_CTX_ctrl 3 .
 .Pp
 The function
 .Fn EVP_PKEY_sign
@@ -81,13 +140,17 @@ Sign data using RSA with PKCS#1 padding and SHA256 digest:
 #include <openssl/rsa.h>
 
 EVP_PKEY_CTX *ctx;
+/* md is a SHA-256 digest in this example. */
 unsigned char *md, *sig;
-size_t mdlen, siglen;
+size_t mdlen = 32, siglen;
 EVP_PKEY *signing_key;
-/* NB: assumes signing_key, md and mdlen are already set up
- * and that signing_key is an RSA private key
+
+/*
+ * NB: assumes signing_key and md are set up before the next
+ * step. signing_key must be an RSA private key and md must
+ * point to the SHA-256 digest to be signed.
  */
-ctx = EVP_PKEY_CTX_new(signing_key);
+ctx = EVP_PKEY_CTX_new(signing_key, NULL /* no engine */);
 if (!ctx)
 	/* Error occurred */
 if (EVP_PKEY_sign_init(ctx) <= 0)
@@ -112,6 +175,7 @@ if (EVP_PKEY_sign(ctx, sig, &siglen, md, mdlen) <= 0)
 /* Signature is siglen bytes written to buffer sig */
 .Ed
 .Sh SEE ALSO
+.Xr EVP_PKEY_ctrl 3 ,
 .Xr EVP_PKEY_CTX_new 3 ,
 .Xr EVP_PKEY_decrypt 3 ,
 .Xr EVP_PKEY_derive 3 ,
-- 
cgit v1.2.3-55-g6feb