Ensure EC private keys retain leading zeros

[oweals/openssl.git] / doc / crypto / PKCS7_verify.pod

diff --git a/doc/crypto/PKCS7_verify.pod b/doc/crypto/PKCS7_verify.pod
index f5200a23ecf253355ac2ef87bebdc6ab373170b8..f083306b0dc34b21e1c90b3163f7ae536df9aea0 100644 (file)
--- a/doc/crypto/PKCS7_verify.pod
+++ b/doc/crypto/PKCS7_verify.pod
@@ -2,13 +2,15 @@
 
 =head1 NAME
 
-PKCS7_verify - verify a PKCS#7 signedData structure
+PKCS7_verify, PKCS7_get0_signers - verify a PKCS#7 signedData structure
 
 =head1 SYNOPSIS
 
-int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, BIO *indata, BIO *out, int flags);
+ #include <openssl/pkcs7.h>
 
-int PKCS7_get0_signers(PKCS7 *p7, STACK_OF(X509) *certs, int flags);
+ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, BIO *indata, BIO *out, int flags);
+
+ STACK_OF(X509) *PKCS7_get0_signers(PKCS7 *p7, STACK_OF(X509) *certs, int flags);
 
 =head1 DESCRIPTION
 
@@ -89,8 +91,8 @@ timestamp).
 
 =head1 RETURN VALUES
 
-PKCS7_verify() returns 1 for a successful verification and zero or a negative
-value if an error occurs.
+PKCS7_verify() returns one for a successful verification and zero
+if an error occurs.
 
 PKCS7_get0_signers() returns all signers or B<NULL> if an error occurred.
 
@@ -102,12 +104,15 @@ The trusted certificate store is not searched for the signers certificate,
 this is primarily due to the inadequacies of the current B<X509_STORE>
 functionality.
 
+The lack of single pass processing and need to hold all data in memory as
+mentioned in PKCS7_sign() also applies to PKCS7_verify().
+
 =head1 SEE ALSO
 
 L<ERR_get_error(3)|ERR_get_error(3)>, L<PKCS7_sign(3)|PKCS7_sign(3)>
 
 =head1 HISTORY
 
-TBA
+PKCS7_verify() was added to OpenSSL 0.9.5
 
 =cut