sync code with last improvements from OpenBSD

This commit is contained in:
purplerain 2023-09-13 16:41:13 +00:00
parent 256236394b
commit 6b03483410
Signed by: purplerain
GPG key ID: F42C07F07E2E35B7
31 changed files with 409 additions and 280 deletions

View file

@ -1,9 +1,26 @@
.\" $OpenBSD: EVP_PKEY_CTX_ctrl.3,v 1.22 2019/11/01 13:53:25 schwarze Exp $
.\" $OpenBSD: EVP_PKEY_CTX_ctrl.3,v 1.23 2023/09/13 13:32:01 schwarze Exp $
.\" full merge up to: OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400
.\" selective merge up to: OpenSSL df75c2bf Dec 9 01:02:36 2018 +0100
.\" selective merge up to: OpenSSL 24a535ea Sep 22 13:14:20 2020 +0100
.\" Parts were split out into RSA_pkey_ctx_ctrl(3).
.\"
.\" This file was written by Dr. Stephen Henson <steve@openssl.org>
.\" This file is a derived work.
.\" The changes are covered by the following Copyright and license:
.\"
.\" Copyright (c) 2019, 2023 Ingo Schwarze <schwarze@openbsd.org>
.\"
.\" Permission to use, copy, modify, and distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
.\" copyright notice and this permission notice appear in all copies.
.\"
.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.\" The original file was written by Dr. Stephen Henson <steve@openssl.org>
.\" and Antoine Salon <asalon@vmware.com>.
.\" Copyright (c) 2006, 2009, 2013, 2014, 2015, 2018 The OpenSSL Project.
.\" All rights reserved.
@ -52,7 +69,7 @@
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: November 1 2019 $
.Dd $Mdocdate: September 13 2023 $
.Dt EVP_PKEY_CTX_CTRL 3
.Os
.Sh NAME
@ -254,6 +271,20 @@ If the key is of the type
.Dv EVP_PKEY_RSA_PSS
and has usage restrictions, an error occurs if an attempt is made
to set the digest to anything other than the restricted value.
.Pp
These two macros expand to
.Fn EVP_PKEY_CTX_ctrl
with an
.Fa optype
of
.Dv EVP_PKEY_OP_TYPE_SIG
and the following command arguments:
.Pp
.Bl -column -compact EVP_PKEY_CTRL_GET_MD EVP_PKEY_CTX_get_signature_md()
.It Fa cmd No constant Ta corresponding macro
.It Dv EVP_PKEY_CTRL_MD Ta Fn EVP_PKEY_CTX_set_signature_md
.It Dv EVP_PKEY_CTRL_GET_MD Ta Fn EVP_PKEY_CTX_get_signature_md
.El
.Ss DSA parameters
The macro
.Fn EVP_PKEY_CTX_set_dsa_paramgen_bits

View file

@ -1,4 +1,4 @@
.\" $OpenBSD: EVP_PKEY_CTX_set_hkdf_md.3,v 1.2 2022/05/06 10:10:10 tb Exp $
.\" $OpenBSD: EVP_PKEY_CTX_set_hkdf_md.3,v 1.3 2023/09/13 13:46:52 schwarze Exp $
.\" full merge up to: OpenSSL 1cb7eff4 Sep 10 13:56:40 2019 +0100
.\"
.\" This file was written by Alessandro Ghedini <alessandro@ghedini.me>,
@ -49,7 +49,7 @@
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: May 6 2022 $
.Dd $Mdocdate: September 13 2023 $
.Dt EVP_PKEY_CTX_SET_HKDF_MD 3
.Os
.Sh NAME
@ -90,7 +90,9 @@
.Fa "int infolen"
.Fc
.Sh DESCRIPTION
The EVP_PKEY_HKDF algorithm implements the HKDF key derivation function.
The
.Dv EVP_PKEY_HKDF
algorithm implements the HKDF key derivation function.
HKDF follows the "extract-then-expand" paradigm, where the KDF logically
consists of two modules.
The first stage takes the input keying material and "extracts" from it a
@ -106,7 +108,9 @@ There are three modes that are currently defined:
This is the default mode.
Calling
.Xr EVP_PKEY_derive 3
on an EVP_PKEY_CTX set up for HKDF will perform an extract followed by
on an
.Vt EVP_PKEY_CTX
set up for HKDF will perform an extract followed by
an expand operation in one go.
The derived key returned will be the result after the expand operation.
The intermediate fixed-length pseudorandom key K is not returned.

View file

@ -1,4 +1,4 @@
.\" $OpenBSD: EVP_PKEY_asn1_get_count.3,v 1.6 2023/08/27 13:23:12 schwarze Exp $
.\" $OpenBSD: EVP_PKEY_asn1_get_count.3,v 1.7 2023/09/13 13:55:50 schwarze Exp $
.\" full merge up to: OpenSSL 72a7a702 Feb 26 14:05:09 2019 +0000
.\"
.\" This file is a derived work.
@ -65,7 +65,7 @@
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: August 27 2023 $
.Dd $Mdocdate: September 13 2023 $
.Dt EVP_PKEY_ASN1_GET_COUNT 3
.Os
.Sh NAME
@ -169,9 +169,55 @@ retrieves the public key ID as returned by
the base public key ID as returned by
.Xr EVP_PKEY_base_id 3
.Pq both NIDs ,
any flags, the method description,
and the PEM type string associated with
.Fa ameth .
any flags, and internal pointers owned by
.Fa ameth
pointing to its method description string and its PEM type string.
.Pp
The following flags bits can occur, OR'ed together in
.Pf * Fa ppkey_flags :
.Bl -tag -width Ds
.It Dv ASN1_PKEY_ALIAS
This
.Fa ameth
object serves as an alias for another
.Vt EVP_PKEY_ASN1_METHOD
object and will never be returned from
.Fn EVP_PKEY_asn1_find
or
.Fn EVP_PKEY_asn1_find_str .
It is either an alias built into the library, or it was created with
.Xr EVP_PKEY_asn1_add_alias 3 .
.It Dv ASN1_PKEY_DYNAMIC
This
.Fa ameth
object is marked as dynamically allocated.
If this flag is set,
.Xr EVP_PKEY_asn1_free 3
can free
.Fa ameth ;
otherwise,
.Xr EVP_PKEY_asn1_free 3
has no effect on it.
.It Dv ASN1_PKEY_SIGPARAM_NULL
If the signing
.Fa ctx
uses an
.Vt EVP_PKEY
private key associated with this
.Fa ameth ,
instruct
.Xr ASN1_item_sign_ctx 3
to use a parameter type of
.Dv V_ASN1_NULL
instead of the default
.Dv V_ASN1_UNDEF
when encoding the ASN.1
.Vt AlgorithmIdentifier
objects with
.Xr X509_ALGOR_set0 3 .
In particular, this is used for
.Dv EVP_PKEY_RSA .
.El
.Pp
.Fn EVP_PKEY_asn1_get_count ,
.Fn EVP_PKEY_asn1_get0 ,

View file

@ -1,8 +1,25 @@
.\" $OpenBSD: EVP_PKEY_asn1_new.3,v 1.9 2023/08/27 13:15:29 schwarze Exp $
.\" $OpenBSD: EVP_PKEY_asn1_new.3,v 1.10 2023/09/13 14:18:21 schwarze Exp $
.\" selective merge up to:
.\" OpenSSL man3/EVP_PKEY_ASN1_METHOD b0004708 Nov 1 00:45:24 2017 +0800
.\"
.\" This file was written by Richard Levitte <levitte@openssl.org>
.\" This file is a derived work.
.\" The changes are covered by the following Copyright and license:
.\"
.\" Copyright (c) 2023 Ingo Schwarze <schwarze@openbsd.org>
.\"
.\" Permission to use, copy, modify, and distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
.\" copyright notice and this permission notice appear in all copies.
.\"
.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.\" The original file was written by Richard Levitte <levitte@openssl.org>
.\" and Paul Yang <yang.yang@baishancloud.com>.
.\" Copyright (c) 2017 The OpenSSL Project. All rights reserved.
.\"
@ -50,7 +67,7 @@
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: August 27 2023 $
.Dd $Mdocdate: September 13 2023 $
.Dt EVP_PKEY_ASN1_NEW 3
.Os
.Sh NAME
@ -345,11 +362,34 @@ and
.Ed
.Pp
Add extra algorithm specific control.
This method is called by
.Xr EVP_PKEY_get_default_digest_nid 3 ,
.Pp
If the
.Fa op
argument is
.Dv ASN1_PKEY_CTRL_DEFAULT_MD_NID ,
the
.Fa pkey_ctrl
method is supposed to write the message digest NID
for public key signature operations with the given
.Fa pkey
to
.Pf * Fa arg2
as documented in the
.Xr EVP_PKEY_get_default_digest_nid 3
manual page.
.Pp
The
.Fa pkey_ctrl
method is also called by
.Fn PKCS7_SIGNER_INFO_set ,
.Fn PKCS7_RECIP_INFO_set ,
and other functions.
.\" TODO:
.\" ASN1_PKEY_CTRL_CMS_ENVELOPE in cms_env.c rsa_ameth.c
.\" ASN1_PKEY_CTRL_CMS_RI_TYPE in cms_env.c dsa_ameth.c ec_ameth.c rsa_ameth.c
.\" ASN1_PKEY_CTRL_CMS_SIGN in cms_sd.c dsa_ameth.c ec_ameth.c rsa_ameth.c
.\" ASN1_PKEY_CTRL_PKCS7_ENCRYPT in pk7_lib.c rsa_ameth.c
.\" ASN1_PKEY_CTRL_PKCS7_SIGN in pk7_lib.c dsa_ameth.c ec_ameth.c rsa_ameth.c
.Bd -unfilled
.Ft int Fn (*pkey_check) "const EVP_PKEY *pk"
.Ft int Fn (*pkey_public_check) "const EVP_PKEY *pk"
@ -378,7 +418,7 @@ It is called by
.Fn EVP_PKEY_asn1_new
creates and returns a new
.Vt EVP_PKEY_ASN1_METHOD
object, and associates the given
object, marks it as dynamically allocated, and associates the given
.Fa id ,
.Fa flags ,
.Fa pem_str
@ -404,20 +444,28 @@ See
for more information.
.Pp
.Fn EVP_PKEY_asn1_copy
copies an
.Vt EVP_PKEY_ASN1_METHOD
object from
copies all function pointers from
.Fa src
to
.Fa dst .
The data in
.Fa dst
that can be set with
.Fn EVP_PKEY_asn1_new
\(em NIDs, flags, and strings \(em
remains unchanged.
This function is not thread safe, it is recommended to only use this when
initializing the application.
.Pp
.Fn EVP_PKEY_asn1_free
frees an existing
.Vt EVP_PKEY_ASN1_METHOD
pointed by
.Fa ameth .
frees the dynamically allocated
.Fa ameth
including all memory it refers to.
If
.Fa ameth
is
.Dv NULL
of not marked as dynamically allocated, no action occurs.
.Pp
.Fn EVP_PKEY_asn1_add0
adds
@ -456,11 +504,11 @@ set the diverse methods of the given
object.
.Sh RETURN VALUES
.Fn EVP_PKEY_asn1_new
returns a pointer to an
returns a pointer to the new
.Vt EVP_PKEY_ASN1_METHOD
object or
.Dv NULL
on error.
if memory allocation fails.
.Pp
.Fn EVP_PKEY_asn1_add0
and

View file

@ -1,8 +1,26 @@
.\" $OpenBSD: EVP_PKEY_get_default_digest_nid.3,v 1.5 2019/06/06 01:06:58 schwarze Exp $
.\" OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400
.\" $OpenBSD: EVP_PKEY_get_default_digest_nid.3,v 1.7 2023/09/13 14:57:21 schwarze Exp $
.\" full merge up to: OpenSSL df75c2bf Dec 9 01:02:36 2018 +0100
.\"
.\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
.\" Copyright (c) 2006, 2009, 2013 The OpenSSL Project. All rights reserved.
.\" This file is a derived work.
.\" The changes are covered by the following Copyright and license:
.\"
.\" Copyright (c) 2023 Ingo Schwarze <schwarze@openbsd.org>
.\"
.\" Permission to use, copy, modify, and distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
.\" copyright notice and this permission notice appear in all copies.
.\"
.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.\" The original file was written by Dr. Stephen Henson <steve@openssl.org>.
.\" Copyright (c) 2006, 2009, 2013, 2018 The OpenSSL Project.
.\" All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
@ -48,7 +66,7 @@
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: June 6 2019 $
.Dd $Mdocdate: September 13 2023 $
.Dt EVP_PKEY_GET_DEFAULT_DIGEST_NID 3
.Os
.Sh NAME
@ -65,12 +83,31 @@
The
.Fn EVP_PKEY_get_default_digest_nid
function sets
.Fa pnid
.Pf * Fa pnid
to the default message digest NID for the public key signature
operations associated with key
operations associated with
.Fa pkey .
.Pp
For all current standard OpenSSL public key algorithms, SHA1 is returned.
Some signature algorithms, for example
.Dv EVP_PKEY_ED25519 ,
do not use a digest during signing.
In this case,
.Pf * Fa pnid
is set to
.Dv NID_undef .
.Pp
Support for the following public key algorithms is built into the library:
.Pp
.Bl -column -compact EVP_PKEY_base_id(3) NID_id_Gost28147_89_MAC mandatory
.It Xr EVP_PKEY_base_id 3 Ta Pf * Fa pnid Ta return value
.It Dv EVP_PKEY_DSA Ta Dv NID_sha1 Ta mandatory
.It Dv EVP_PKEY_EC Ta Dv NID_sha1 Ta mandatory
.It Dv EVP_PKEY_ED25519 Ta Dv NID_undef Ta mandatory
.It Dv EVP_PKEY_GOSTIMIT Ta Dv NID_id_Gost28147_89_MAC Ta mandatory
.It Dv EVP_PKEY_GOSTR01 Ta variable Ta mandatory
.It Dv EVP_PKEY_HMAC Ta Dv NID_sha1 Ta advisory
.It Dv EVP_PKEY_RSA Ta Dv NID_sha256 Ta advisory
.El
.Sh RETURN VALUES
The
.Fn EVP_PKEY_get_default_digest_nid