1 files changed, 198 insertions, 0 deletions

diff --git a/static/freebsd/man3/EVP_PKEY_verify_recover.3 b/static/freebsd/man3/EVP_PKEY_verify_recover.3
new file mode 100644
index 00000000..f4123550
--- /dev/null
+++ b/static/freebsd/man3/EVP_PKEY_verify_recover.3
@@ -0,0 +1,198 @@
+.\" -*- mode: troff; coding: utf-8 -*-
+.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>.
+.ie n \{\
+.    ds C` ""
+.    ds C' ""
+'br\}
+.el\{\
+.    ds C`
+.    ds C'
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el       .ds Aq '
+.\"
+.\" If the F register is >0, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD.  Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
+..
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
+..
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
+.    \}
+.\}
+.rr rF
+.\"
+.\" Required to disable full justification in groff 1.23.0.
+.if n .ds AD l
+.\" ========================================================================
+.\"
+.IX Title "EVP_PKEY_VERIFY_RECOVER 3ossl"
+.TH EVP_PKEY_VERIFY_RECOVER 3ossl 2026-04-07 3.5.6 OpenSSL
+.\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH NAME
+EVP_PKEY_verify_recover_init, EVP_PKEY_verify_recover_init_ex,
+EVP_PKEY_verify_recover_init_ex2, EVP_PKEY_verify_recover
+\&\- recover signature using a public key algorithm
+.SH SYNOPSIS
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/evp.h>
+\&
+\& int EVP_PKEY_verify_recover_init(EVP_PKEY_CTX *ctx);
+\& int EVP_PKEY_verify_recover_init_ex(EVP_PKEY_CTX *ctx,
+\&                                     const OSSL_PARAM params[]);
+\& int EVP_PKEY_verify_recover_init_ex2(EVP_PKEY_CTX *ctx, EVP_SIGNATURE *algo,
+\&                                      const OSSL_PARAM params[]);
+\& int EVP_PKEY_verify_recover(EVP_PKEY_CTX *ctx,
+\&                             unsigned char *rout, size_t *routlen,
+\&                             const unsigned char *sig, size_t siglen);
+.Ve
+.SH DESCRIPTION
+.IX Header "DESCRIPTION"
+\&\fBEVP_PKEY_verify_recover_init()\fR initializes a public key algorithm context
+\&\fIctx\fR for signing using the algorithm given when the context was created
+using \fBEVP_PKEY_CTX_new\fR\|(3) or variants thereof.  The algorithm is used to
+fetch a \fBEVP_SIGNATURE\fR method implicitly, see "Implicit fetch" in \fBprovider\fR\|(7)
+for more information about implicit fetches.
+.PP
+\&\fBEVP_PKEY_verify_recover_init_ex()\fR is the same as
+\&\fBEVP_PKEY_verify_recover_init()\fR but additionally sets the passed parameters
+\&\fIparams\fR on the context before returning.
+.PP
+\&\fBEVP_PKEY_verify_recover_init_ex2()\fR is the same as \fBEVP_PKEY_verify_recover_init_ex()\fR,
+but works with an explicitly fetched \fBEVP_SIGNATURE\fR \fIalgo\fR.
+A context \fIctx\fR without a pre\-loaded key cannot be used with this function.
+Depending on what algorithm was fetched, certain details revolving around the
+treatment of the input to \fBEVP_PKEY_verify()\fR may be pre\-determined, and in that
+case, those details may normally not be changed.
+See "NOTES" below for a deeper explanation.
+.PP
+The \fBEVP_PKEY_verify_recover()\fR function recovers signed data
+using \fIctx\fR. The signature is specified using the \fIsig\fR and
+\&\fIsiglen\fR parameters. If \fIrout\fR is NULL then the maximum size of the output
+buffer is written to the \fIroutlen\fR parameter. If \fIrout\fR is not NULL then
+before the call the \fIroutlen\fR parameter should contain the length of the
+\&\fIrout\fR buffer, if the call is successful recovered data is written to
+\&\fIrout\fR and the amount of data written to \fIroutlen\fR.
+.SH NOTES
+.IX Header "NOTES"
+Normally an application is only interested in whether a signature verification
+operation is successful in those cases the \fBEVP_verify()\fR function should be
+used.
+.PP
+Sometimes however it is useful to obtain the data originally signed using a
+signing operation. Only certain public key algorithms can recover a signature
+in this way (for example RSA in PKCS padding mode).
+.PP
+After the call to \fBEVP_PKEY_verify_recover_init()\fR algorithm specific control
+operations can be performed to set any appropriate parameters for the
+operation.
+.PP
+After the call to \fBEVP_PKEY_verify_recover_init_ex2()\fR, algorithm specific control
+operations may not be needed if the chosen algorithm implies that those controls
+pre\-set (and immutable).
+.PP
+The function \fBEVP_PKEY_verify_recover()\fR can be called more than once on the same
+context if several operations are performed using the same parameters.
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+\&\fBEVP_PKEY_verify_recover_init()\fR and \fBEVP_PKEY_verify_recover()\fR return 1 for success
+and 0 or a negative value for failure. In particular a return value of \-2
+indicates the operation is not supported by the public key algorithm.
+.SH EXAMPLES
+.IX Header "EXAMPLES"
+Recover digest originally signed using PKCS#1 and SHA256 digest:
+.PP
+.Vb 2
+\& #include <openssl/evp.h>
+\& #include <openssl/rsa.h>
+\&
+\& EVP_PKEY_CTX *ctx;
+\& unsigned char *rout, *sig;
+\& size_t routlen, siglen;
+\& EVP_PKEY *verify_key;
+\&
+\& /*
+\&  * NB: assumes verify_key, sig and siglen are already set up
+\&  * and that verify_key is an RSA public key
+\&  */
+\& ctx = EVP_PKEY_CTX_new(verify_key, NULL /* no engine */);
+\& if (!ctx)
+\&     /* Error occurred */
+\& if (EVP_PKEY_verify_recover_init(ctx) <= 0)
+\&     /* Error */
+\& if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_PADDING) <= 0)
+\&     /* Error */
+\& if (EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256()) <= 0)
+\&     /* Error */
+\&
+\& /* Determine buffer length */
+\& if (EVP_PKEY_verify_recover(ctx, NULL, &routlen, sig, siglen) <= 0)
+\&     /* Error */
+\&
+\& rout = OPENSSL_malloc(routlen);
+\&
+\& if (!rout)
+\&     /* malloc failure */
+\&
+\& if (EVP_PKEY_verify_recover(ctx, rout, &routlen, sig, siglen) <= 0)
+\&     /* Error */
+\&
+\& /* Recovered data is routlen bytes written to buffer rout */
+.Ve
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fBEVP_PKEY_CTX_new\fR\|(3),
+\&\fBEVP_PKEY_encrypt\fR\|(3),
+\&\fBEVP_PKEY_decrypt\fR\|(3),
+\&\fBEVP_PKEY_sign\fR\|(3),
+\&\fBEVP_PKEY_verify\fR\|(3),
+\&\fBEVP_PKEY_derive\fR\|(3)
+.SH HISTORY
+.IX Header "HISTORY"
+The \fBEVP_PKEY_verify_recover_init()\fR and \fBEVP_PKEY_verify_recover()\fR
+functions were added in OpenSSL 1.0.0.
+.PP
+The \fBEVP_PKEY_verify_recover_init_ex()\fR function was added in OpenSSL 3.0.
+.SH COPYRIGHT
+.IX Header "COPYRIGHT"
+Copyright 2013\-2024 The OpenSSL Project Authors. All Rights Reserved.
+.PP
+Licensed under the Apache License 2.0 (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+<https://www.openssl.org/source/license.html>.