1 files changed, 179 insertions, 0 deletions

diff --git a/static/freebsd/man7/EVP_SIGNATURE-SLH-DSA.7 b/static/freebsd/man7/EVP_SIGNATURE-SLH-DSA.7
new file mode 100644
index 00000000..caed88a4
--- /dev/null
+++ b/static/freebsd/man7/EVP_SIGNATURE-SLH-DSA.7
@@ -0,0 +1,179 @@
+.\" -*- mode: troff; coding: utf-8 -*-
+.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>.
+.ie n \{\
+.    ds C` ""
+.    ds C' ""
+'br\}
+.el\{\
+.    ds C`
+.    ds C'
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el       .ds Aq '
+.\"
+.\" If the F register is >0, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD.  Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
+..
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
+..
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
+.    \}
+.\}
+.rr rF
+.\"
+.\" Required to disable full justification in groff 1.23.0.
+.if n .ds AD l
+.\" ========================================================================
+.\"
+.IX Title "EVP_SIGNATURE-SLH-DSA 7ossl"
+.TH EVP_SIGNATURE-SLH-DSA 7ossl 2026-04-07 3.5.6 OpenSSL
+.\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH NAME
+EVP_SIGNATURE\-SLH\-DSA,
+EVP_SIGNATURE\-SLH\-DSA\-SHA2\-128s, EVP_SIGNATURE\-SLH\-DSA\-SHA2\-128f,
+EVP_SIGNATURE\-SLH\-DSA\-SHA2\-192s, EVP_SIGNATURE\-SLH\-DSA\-SHA2\-192f,
+EVP_SIGNATURE\-SLH\-DSA\-SHA2\-256s, EVP_SIGNATURE\-SLH\-DSA\-SHA2\-256f,
+EVP_SIGNATURE\-SLH\-DSA\-SHAKE\-128s, EVP_SIGNATURE\-SLH\-DSA\-SHAKE\-128f,
+EVP_SIGNATURE\-SLH\-DSA\-SHAKE\-192s, EVP_SIGNATURE\-SLH\-DSA\-SHAKE\-192f,
+EVP_SIGNATURE\-SLH\-DSA\-SHAKE\-256s, EVP_SIGNATURE\-SLH\-DSA\-SHAKE\-256f
+\&\- The EVP_PKEY SLH\-DSA signature implementations
+.SH DESCRIPTION
+.IX Header "DESCRIPTION"
+The \fBSLH\-DSA\-SHA2\-128s\fR, \fBEVP_PKEY\-SLH\-DSA\-SHA2\-128f\fR,
+\&\fBSLH\-DSA\-SHA2\-192s\fR, \fBEVP_PKEY\-SLH\-DSA\-SHA2\-192f\fR,
+\&\fBSLH\-DSA\-SHA2\-256s\fR, \fBEVP_PKEY\-SLH\-DSA\-SHA2\-256f\fR,
+\&\fBSLH\-DSA\-SHAKE\-128s\fR, \fBEVP_PKEY\-SLH\-DSA\-SHAKE\-128f\fR,
+\&\fBSLH\-DSA\-SHAKE\-192s\fR, \fBEVP_PKEY\-SLH\-DSA\-SHAKE\-192f\fR,
+\&\fBSLH\-DSA\-SHAKE\-256s\fR and \fBEVP_PKEY\-SLH\-DSA\-SHAKE\-256f\fR EVP_PKEY implementations
+supports key generation, one\-shot sign and verify using the SLH\-DSA
+signature schemes described in FIPS 205.
+.PP
+The different algorithms names correspond to the parameter sets defined in
+FIPS 205 Section 11 Table 2.
+\&\f(CW\*(C`s\*(C'\fR types have smaller signature sizes, and the \f(CW\*(C`f\*(C'\fR variants are faster,
+(The signatures range from ~8K to ~50K depending on the type chosen). There are
+3 different security categories also depending on the type.
+.PP
+\&\fBEVP_SIGNATURE_fetch\fR\|(3) can be used to explicitly fetch one of the 12
+algorithms which can then be used with \fBEVP_PKEY_sign_message_init\fR\|(3),
+\&\fBEVP_PKEY_sign\fR\|(3), \fBEVP_PKEY_verify_message_init\fR\|(3), and
+\&\fBEVP_PKEY_verify\fR\|(3) to perform one\-shot message signing or verification.
+.PP
+The normal signing process (called Pure SLH\-DSA Signature Generation)
+encodes the message internally as 0x00 || len(ctx) || ctx || message.
+where \fBctx\fR is some optional value of size 0x00..0xFF.
+OpenSSL also allows the message to not be encoded which is required for
+testing. OpenSSL does not support Pre Hash SLH\-DSA Signature Generation, but this
+may be done by the user by doing Pre hash encoding externally and then choosing
+the option to not encode the message.
+.SS "SLH\-DSA Signature Parameters"
+.IX Subsection "SLH-DSA Signature Parameters"
+The \f(CW\*(C`context\-string\*(C'\fR parameter, described below, can be used for both signing
+and verification.
+It may be set by passing an OSSL_PARAM array to \fBEVP_PKEY_sign_init_ex2\fR\|(3) or
+\&\fBEVP_PKEY_verify_init_ex2\fR\|(3)
+.IP """context\-string"" (\fBOSSL_SIGNATURE_PARAM_CONTEXT_STRING\fR) <octet string>" 4
+.IX Item """context-string"" (OSSL_SIGNATURE_PARAM_CONTEXT_STRING) <octet string>"
+A string of octets with length at most 255. By default it is the empty string.
+.PP
+The following parameters can be used when signing:
+They can be set by passing an OSSL_PARAM array to \fBEVP_PKEY_sign_init_ex2\fR\|(3).
+.IP """message\-encoding"" (\fBOSSL_SIGNATURE_PARAM_MESSAGE_ENCODING\fR) <integer>" 4
+.IX Item """message-encoding"" (OSSL_SIGNATURE_PARAM_MESSAGE_ENCODING) <integer>"
+The default value of 1 uses \*(AqPure SLH\-DSA Signature Generation\*(Aq as described
+above. Setting it to 0 does not encode the message, which is used for testing,
+but can also be used for \*(AqPre Hash SLH\-DSA Signature Generation\*(Aq.
+.IP """test\-entropy"" (\fBOSSL_SIGNATURE_PARAM_TEST_ENTROPY <octet string\fR" 4
+.IX Item """test-entropy"" (OSSL_SIGNATURE_PARAM_TEST_ENTROPY <octet string"
+Used for testing to pass a optional random value.
+.IP """deterministic"" (\fBOSSL_SIGNATURE_PARAM_DETERMINISTIC\fR) <integer>" 4
+.IX Item """deterministic"" (OSSL_SIGNATURE_PARAM_DETERMINISTIC) <integer>"
+The default value of 0 generates a random value (using a DRBG) this is used when
+processing the message. Setting this to 1 causes the private key seed to be used
+instead. This value is ignored if "test\-entropy" is set.
+.PP
+See \fBEVP_PKEY\-SLH\-DSA\fR\|(7) for information related to \fBSLH\-DSA\fR keys.
+.SH NOTES
+.IX Header "NOTES"
+For backwards compatibility reasons \fBEVP_DigestSignInit_ex()\fR, \fBEVP_DigestSign()\fR,
+\&\fBEVP_DigestVerifyInit_ex()\fR and \fBEVP_DigestVerify()\fR may also be used, but the digest
+passed in \fImdname\fR must be NULL.
+.SH EXAMPLES
+.IX Header "EXAMPLES"
+To sign a message using an SLH\-DSA EVP_PKEY structure:
+.PP
+.Vb 10
+\&    void do_sign(EVP_PKEY *key, unsigned char *msg, size_t msg_len)
+\&    {
+\&        size_t sig_len;
+\&        unsigned char *sig = NULL;
+\&        const OSSL_PARAM params[] = {
+\&            OSSL_PARAM_octet_string("context\-string", (unsigned char *)"A context string", 33),
+\&            OSSL_PARAM_END
+\&        };
+\&        EVP_PKEY_CTX *sctx = EVP_PKEY_CTX_new_from_pkey(NULL, pkey, NULL);
+\&        EVP_SIGNATURE *sig_alg = EVP_SIGNATURE_fetch(NULL, "SLH\-DSA\-SHA2\-128s", NULL);
+\&
+\&        EVP_PKEY_sign_message_init(sctx, sig_alg, params);
+\&        /* Calculate the required size for the signature by passing a NULL buffer. */
+\&        EVP_PKEY_sign(sctx, NULL, &sig_len, msg, msg_len);
+\&        sig = OPENSSL_zalloc(sig_len);
+\&        EVP_PKEY_sign(sctx, sig, &sig_len, msg, msg_len);
+\&        ...
+\&        OPENSSL_free(sig);
+\&        EVP_SIGNATURE_free(sig_alg);
+\&        EVP_PKEY_CTX_free(sctx);
+\&    }
+.Ve
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fBEVP_PKEY\-SLH\-DSA\fR\|(7)
+\&\fBprovider\-signature\fR\|(7),
+\&\fBEVP_PKEY_sign\fR\|(3),
+\&\fBEVP_PKEY_verify\fR\|(3),
+.SH HISTORY
+.IX Header "HISTORY"
+This functionality was added in OpenSSL 3.5.
+.SH COPYRIGHT
+.IX Header "COPYRIGHT"
+Copyright 2024\-2026 The OpenSSL Project Authors. All Rights Reserved.
+.PP
+Licensed under the Apache License 2.0 (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+<https://www.openssl.org/source/license.html>.