DOC: New file for EVP_PKEY_size(), EVP_PKEY_bits() and EVP_PKEY_security_bits()

[openssl.git] / doc / man3 / EVP_SignInit.pod

diff --git a/doc/man3/EVP_SignInit.pod b/doc/man3/EVP_SignInit.pod
index 2fcceb1cb0825d1b559b8c0ce5c68ae36f405dac..65ef22d31845c4de0b15ad3263cff73ff6d4fe07 100644 (file)
--- a/doc/man3/EVP_SignInit.pod
+++ b/doc/man3/EVP_SignInit.pod
@@ -2,10 +2,8 @@
 
 =head1 NAME
 
-EVP_PKEY_size,
-EVP_SignInit, EVP_SignInit_ex, EVP_SignUpdate, EVP_SignFinal,
-EVP_PKEY_security_bits - EVP signing
-functions
+EVP_SignInit, EVP_SignInit_ex, EVP_SignUpdate, EVP_SignFinal
+- EVP signing functions
 
 =head1 SYNOPSIS
 
@@ -17,9 +15,6 @@ functions
 
  void EVP_SignInit(EVP_MD_CTX *ctx, const EVP_MD *type);
 
- int EVP_PKEY_size(EVP_PKEY *pkey);
- int EVP_PKEY_security_bits(const EVP_PKEY *pkey);
-
 =head1 DESCRIPTION
 
 The EVP signature routines are a high level interface to digital
@@ -34,41 +29,32 @@ signature context B<ctx>. This function can be called several times on the
 same B<ctx> to include additional data.
 
 EVP_SignFinal() signs the data in B<ctx> using the private key B<pkey> and
-places the signature in B<sig>. B<sig> must be at least EVP_PKEY_size(pkey)
+places the signature in B<sig>. B<sig> must be at least C<EVP_PKEY_size(pkey)>
 bytes in size. B<s> is an OUT parameter, and not used as an IN parameter.
 The number of bytes of data written (i.e. the length of the signature)
-will be written to the integer at B<s>, at most EVP_PKEY_size(pkey) bytes
+will be written to the integer at B<s>, at most C<EVP_PKEY_size(pkey)> bytes
 will be written.
 
 EVP_SignInit() initializes a signing context B<ctx> to use the default
 implementation of digest B<type>.
 
-EVP_PKEY_size() returns the maximum size of a signature in bytes. The actual
-signature returned by EVP_SignFinal() may be smaller.
-
-EVP_PKEY_security_bits() returns the number of security bits of the given B<pkey>,
-bits of security is defined in NIST SP800-57.
-
 =head1 RETURN VALUES
 
 EVP_SignInit_ex(), EVP_SignUpdate() and EVP_SignFinal() return 1
 for success and 0 for failure.
 
-EVP_PKEY_size() returns the maximum size of a signature in bytes.
-
 The error codes can be obtained by L<ERR_get_error(3)>.
 
-EVP_PKEY_security_bits() returns the number of security bits.
-
 =head1 NOTES
 
 The B<EVP> interface to digital signatures should almost always be used in
 preference to the low level interfaces. This is because the code then becomes
 transparent to the algorithm used and much more flexible.
 
-When signing with DSA private keys the random number generator must be seeded
-or the operation will fail. The random number generator does not need to be
-seeded for RSA signatures.
+When signing with DSA private keys the random number generator must be seeded.
+If the automatic seeding or reseeding of the OpenSSL CSPRNG fails due to
+external circumstances (see L<RAND(7)>), the operation will fail.
+This requirement does not hold for RSA signatures.
 
 The call to EVP_SignFinal() internally finalizes a copy of the digest context.
 This means that calls to EVP_SignUpdate() and EVP_SignFinal() can be called
@@ -94,11 +80,12 @@ The previous two bugs are fixed in the newer EVP_SignDigest*() function.
 
 =head1 SEE ALSO
 
+L<EVP_PKEY_size(3)>, L<EVP_PKEY_bits(3)>, L<EVP_PKEY_security_bits(3)>,
 L<EVP_VerifyInit(3)>,
 L<EVP_DigestInit(3)>,
 L<evp(7)>, L<HMAC(3)>, L<MD2(3)>,
 L<MD5(3)>, L<MDC2(3)>, L<RIPEMD160(3)>,
-L<SHA1(3)>, L<dgst(1)>
+L<SHA1(3)>, L<openssl-dgst(1)>
 
 =head1 COPYRIGHT