Update docs.

3 files changed, 67 insertions, 2 deletions

diff --git a/doc/crypto/EVP_PKEY_decrypt.pod b/doc/crypto/EVP_PKEY_decrypt.pod
index 6690e1fd6e..989247bf09 100644
--- a/doc/crypto/EVP_PKEY_decrypt.pod
+++ b/doc/crypto/EVP_PKEY_decrypt.pod
@@ -38,7 +38,8 @@ context if several operations are performed using the same parameters.
 =head1 RETURN VALUES
 
 EVP_PKEY_decrypt_init() and EVP_PKEY_decrypt() return 1 for success and 0
-or a negative value for failure.
+or a negative value for failure. In particular a return value of -2
+indicates the operation is not supported by the public key algorithm.
 
 =head1 EXAMPLE
 
diff --git a/doc/crypto/EVP_PKEY_encrypt.pod b/doc/crypto/EVP_PKEY_encrypt.pod
index 72673aa8b4..6d91039f45 100644
--- a/doc/crypto/EVP_PKEY_encrypt.pod
+++ b/doc/crypto/EVP_PKEY_encrypt.pod
@@ -38,7 +38,8 @@ context if several operations are performed using the same parameters.
 =head1 RETURN VALUES
 
 EVP_PKEY_encrypt_init() and EVP_PKEY_encrypt() return 1 for success and 0
-or a negative value for failure.
+or a negative value for failure. In particular a return value of -2
+indicates the operation is not supported by the public key algorithm.
 
 =head1 EXAMPLE
 
diff --git a/doc/crypto/EVP_PKEY_sign.pod b/doc/crypto/EVP_PKEY_sign.pod
new file mode 100644
index 0000000000..63d41c9b05
--- /dev/null
+++ b/doc/crypto/EVP_PKEY_sign.pod
@@ -0,0 +1,63 @@
+=pod
+
+=head1 NAME
+
+EVP_PKEY_encrypt_init, EVP_PKEY_encrypt - encrypt using a public key algorithm
+
+=head1 SYNOPSIS
+
+ #include <openssl/evp.h>
+
+ int EVP_PKEY_sign_init(EVP_PKEY_CTX *ctx);
+ int EVP_PKEY_sign(EVP_PKEY_CTX *ctx,
+			unsigned char *sig, size_t *siglen,
+			const unsigned char *tbs, size_t tbslen);
+
+=head1 DESCRIPTION
+
+The EVP_PKEY_sign_init() function initializes a public key algorithm
+context using key B<pkey> for a signing operation.
+
+The EVP_PKEY_sign() function performs a public key signing operation
+using B<ctx>. The data to be signed is specified using the B<tbs> and
+B<tbslen> parameters. If B<sig> is B<NULL> then the maximum size of the output
+buffer is written to the B<siglen> parameter. If B<sig> is not B<NULL> then
+before the call the B<siglen> parameter should contain the length of the
+B<sig> buffer, if the call is successful the signature is written to
+B<sig> and the amount of data written to B<siglen>.
+
+=head1 NOTES
+
+After the call to EVP_PKEY_sign_init() algorithm specific control
+operations can be performed to set any appropriate parameters for the
+operation.
+
+The function EVP_PKEY_sign() can be called more than once on the same
+context if several operations are performed using the same parameters.
+
+=head1 RETURN VALUES
+
+EVP_PKEY_sign_init() and EVP_PKEY_sign() return 1 for success and 0
+or a negative value for failure. In particular a return value of -2
+indicates the operation is not supported by the public key algorithm.
+
+=head1 EXAMPLE
+
+Sign data using PKCS#1 and SHA256 digest:
+
+[to be added]
+
+=head1 SEE ALSO
+
+L<EVP_PKEY_CTX_new(3)|EVP_PKEY_CTX_new(3)>,
+L<EVP_PKEY_encrypt(3)|EVP_PKEY_encrypt(3)>,
+L<EVP_PKEY_decrypt(3)|EVP_PKEY_decrypt(3)>,
+L<EVP_PKEY_verify(3)|EVP_PKEY_verify(3)>,
+L<EVP_PKEY_verifyrecover(3)|EVP_PKEY_verifyrecover(3)>,
+L<EVP_PKEY_derive(3)|EVP_PKEY_derive(3)> 
+
+=head1 HISTORY
+
+These functions were first added to OpenSSL 0.9.9.
+
+=cut