sync code with last improvements from OpenBSD
This commit is contained in:
parent
256236394b
commit
6b03483410
31 changed files with 409 additions and 280 deletions
|
@ -1,9 +1,26 @@
|
|||
.\" $OpenBSD: EVP_PKEY_CTX_ctrl.3,v 1.22 2019/11/01 13:53:25 schwarze Exp $
|
||||
.\" $OpenBSD: EVP_PKEY_CTX_ctrl.3,v 1.23 2023/09/13 13:32:01 schwarze Exp $
|
||||
.\" full merge up to: OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400
|
||||
.\" selective merge up to: OpenSSL df75c2bf Dec 9 01:02:36 2018 +0100
|
||||
.\" selective merge up to: OpenSSL 24a535ea Sep 22 13:14:20 2020 +0100
|
||||
.\" Parts were split out into RSA_pkey_ctx_ctrl(3).
|
||||
.\"
|
||||
.\" This file was written by Dr. Stephen Henson <steve@openssl.org>
|
||||
.\" This file is a derived work.
|
||||
.\" The changes are covered by the following Copyright and license:
|
||||
.\"
|
||||
.\" Copyright (c) 2019, 2023 Ingo Schwarze <schwarze@openbsd.org>
|
||||
.\"
|
||||
.\" Permission to use, copy, modify, and distribute this software for any
|
||||
.\" purpose with or without fee is hereby granted, provided that the above
|
||||
.\" copyright notice and this permission notice appear in all copies.
|
||||
.\"
|
||||
.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
|
||||
.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
|
||||
.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
|
||||
.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
|
||||
.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
|
||||
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
|
||||
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
|
||||
.\"
|
||||
.\" The original file was written by Dr. Stephen Henson <steve@openssl.org>
|
||||
.\" and Antoine Salon <asalon@vmware.com>.
|
||||
.\" Copyright (c) 2006, 2009, 2013, 2014, 2015, 2018 The OpenSSL Project.
|
||||
.\" All rights reserved.
|
||||
|
@ -52,7 +69,7 @@
|
|||
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
|
||||
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
.\"
|
||||
.Dd $Mdocdate: November 1 2019 $
|
||||
.Dd $Mdocdate: September 13 2023 $
|
||||
.Dt EVP_PKEY_CTX_CTRL 3
|
||||
.Os
|
||||
.Sh NAME
|
||||
|
@ -254,6 +271,20 @@ If the key is of the type
|
|||
.Dv EVP_PKEY_RSA_PSS
|
||||
and has usage restrictions, an error occurs if an attempt is made
|
||||
to set the digest to anything other than the restricted value.
|
||||
.Pp
|
||||
These two macros expand to
|
||||
.Fn EVP_PKEY_CTX_ctrl
|
||||
with an
|
||||
.Fa optype
|
||||
of
|
||||
.Dv EVP_PKEY_OP_TYPE_SIG
|
||||
and the following command arguments:
|
||||
.Pp
|
||||
.Bl -column -compact EVP_PKEY_CTRL_GET_MD EVP_PKEY_CTX_get_signature_md()
|
||||
.It Fa cmd No constant Ta corresponding macro
|
||||
.It Dv EVP_PKEY_CTRL_MD Ta Fn EVP_PKEY_CTX_set_signature_md
|
||||
.It Dv EVP_PKEY_CTRL_GET_MD Ta Fn EVP_PKEY_CTX_get_signature_md
|
||||
.El
|
||||
.Ss DSA parameters
|
||||
The macro
|
||||
.Fn EVP_PKEY_CTX_set_dsa_paramgen_bits
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
.\" $OpenBSD: EVP_PKEY_CTX_set_hkdf_md.3,v 1.2 2022/05/06 10:10:10 tb Exp $
|
||||
.\" $OpenBSD: EVP_PKEY_CTX_set_hkdf_md.3,v 1.3 2023/09/13 13:46:52 schwarze Exp $
|
||||
.\" full merge up to: OpenSSL 1cb7eff4 Sep 10 13:56:40 2019 +0100
|
||||
.\"
|
||||
.\" This file was written by Alessandro Ghedini <alessandro@ghedini.me>,
|
||||
|
@ -49,7 +49,7 @@
|
|||
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
|
||||
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
.\"
|
||||
.Dd $Mdocdate: May 6 2022 $
|
||||
.Dd $Mdocdate: September 13 2023 $
|
||||
.Dt EVP_PKEY_CTX_SET_HKDF_MD 3
|
||||
.Os
|
||||
.Sh NAME
|
||||
|
@ -90,7 +90,9 @@
|
|||
.Fa "int infolen"
|
||||
.Fc
|
||||
.Sh DESCRIPTION
|
||||
The EVP_PKEY_HKDF algorithm implements the HKDF key derivation function.
|
||||
The
|
||||
.Dv EVP_PKEY_HKDF
|
||||
algorithm implements the HKDF key derivation function.
|
||||
HKDF follows the "extract-then-expand" paradigm, where the KDF logically
|
||||
consists of two modules.
|
||||
The first stage takes the input keying material and "extracts" from it a
|
||||
|
@ -106,7 +108,9 @@ There are three modes that are currently defined:
|
|||
This is the default mode.
|
||||
Calling
|
||||
.Xr EVP_PKEY_derive 3
|
||||
on an EVP_PKEY_CTX set up for HKDF will perform an extract followed by
|
||||
on an
|
||||
.Vt EVP_PKEY_CTX
|
||||
set up for HKDF will perform an extract followed by
|
||||
an expand operation in one go.
|
||||
The derived key returned will be the result after the expand operation.
|
||||
The intermediate fixed-length pseudorandom key K is not returned.
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
.\" $OpenBSD: EVP_PKEY_asn1_get_count.3,v 1.6 2023/08/27 13:23:12 schwarze Exp $
|
||||
.\" $OpenBSD: EVP_PKEY_asn1_get_count.3,v 1.7 2023/09/13 13:55:50 schwarze Exp $
|
||||
.\" full merge up to: OpenSSL 72a7a702 Feb 26 14:05:09 2019 +0000
|
||||
.\"
|
||||
.\" This file is a derived work.
|
||||
|
@ -65,7 +65,7 @@
|
|||
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
|
||||
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
.\"
|
||||
.Dd $Mdocdate: August 27 2023 $
|
||||
.Dd $Mdocdate: September 13 2023 $
|
||||
.Dt EVP_PKEY_ASN1_GET_COUNT 3
|
||||
.Os
|
||||
.Sh NAME
|
||||
|
@ -169,9 +169,55 @@ retrieves the public key ID as returned by
|
|||
the base public key ID as returned by
|
||||
.Xr EVP_PKEY_base_id 3
|
||||
.Pq both NIDs ,
|
||||
any flags, the method description,
|
||||
and the PEM type string associated with
|
||||
.Fa ameth .
|
||||
any flags, and internal pointers owned by
|
||||
.Fa ameth
|
||||
pointing to its method description string and its PEM type string.
|
||||
.Pp
|
||||
The following flags bits can occur, OR'ed together in
|
||||
.Pf * Fa ppkey_flags :
|
||||
.Bl -tag -width Ds
|
||||
.It Dv ASN1_PKEY_ALIAS
|
||||
This
|
||||
.Fa ameth
|
||||
object serves as an alias for another
|
||||
.Vt EVP_PKEY_ASN1_METHOD
|
||||
object and will never be returned from
|
||||
.Fn EVP_PKEY_asn1_find
|
||||
or
|
||||
.Fn EVP_PKEY_asn1_find_str .
|
||||
It is either an alias built into the library, or it was created with
|
||||
.Xr EVP_PKEY_asn1_add_alias 3 .
|
||||
.It Dv ASN1_PKEY_DYNAMIC
|
||||
This
|
||||
.Fa ameth
|
||||
object is marked as dynamically allocated.
|
||||
If this flag is set,
|
||||
.Xr EVP_PKEY_asn1_free 3
|
||||
can free
|
||||
.Fa ameth ;
|
||||
otherwise,
|
||||
.Xr EVP_PKEY_asn1_free 3
|
||||
has no effect on it.
|
||||
.It Dv ASN1_PKEY_SIGPARAM_NULL
|
||||
If the signing
|
||||
.Fa ctx
|
||||
uses an
|
||||
.Vt EVP_PKEY
|
||||
private key associated with this
|
||||
.Fa ameth ,
|
||||
instruct
|
||||
.Xr ASN1_item_sign_ctx 3
|
||||
to use a parameter type of
|
||||
.Dv V_ASN1_NULL
|
||||
instead of the default
|
||||
.Dv V_ASN1_UNDEF
|
||||
when encoding the ASN.1
|
||||
.Vt AlgorithmIdentifier
|
||||
objects with
|
||||
.Xr X509_ALGOR_set0 3 .
|
||||
In particular, this is used for
|
||||
.Dv EVP_PKEY_RSA .
|
||||
.El
|
||||
.Pp
|
||||
.Fn EVP_PKEY_asn1_get_count ,
|
||||
.Fn EVP_PKEY_asn1_get0 ,
|
||||
|
|
|
@ -1,8 +1,25 @@
|
|||
.\" $OpenBSD: EVP_PKEY_asn1_new.3,v 1.9 2023/08/27 13:15:29 schwarze Exp $
|
||||
.\" $OpenBSD: EVP_PKEY_asn1_new.3,v 1.10 2023/09/13 14:18:21 schwarze Exp $
|
||||
.\" selective merge up to:
|
||||
.\" OpenSSL man3/EVP_PKEY_ASN1_METHOD b0004708 Nov 1 00:45:24 2017 +0800
|
||||
.\"
|
||||
.\" This file was written by Richard Levitte <levitte@openssl.org>
|
||||
.\" This file is a derived work.
|
||||
.\" The changes are covered by the following Copyright and license:
|
||||
.\"
|
||||
.\" Copyright (c) 2023 Ingo Schwarze <schwarze@openbsd.org>
|
||||
.\"
|
||||
.\" Permission to use, copy, modify, and distribute this software for any
|
||||
.\" purpose with or without fee is hereby granted, provided that the above
|
||||
.\" copyright notice and this permission notice appear in all copies.
|
||||
.\"
|
||||
.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
|
||||
.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
|
||||
.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
|
||||
.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
|
||||
.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
|
||||
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
|
||||
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
|
||||
.\"
|
||||
.\" The original file was written by Richard Levitte <levitte@openssl.org>
|
||||
.\" and Paul Yang <yang.yang@baishancloud.com>.
|
||||
.\" Copyright (c) 2017 The OpenSSL Project. All rights reserved.
|
||||
.\"
|
||||
|
@ -50,7 +67,7 @@
|
|||
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
|
||||
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
.\"
|
||||
.Dd $Mdocdate: August 27 2023 $
|
||||
.Dd $Mdocdate: September 13 2023 $
|
||||
.Dt EVP_PKEY_ASN1_NEW 3
|
||||
.Os
|
||||
.Sh NAME
|
||||
|
@ -345,11 +362,34 @@ and
|
|||
.Ed
|
||||
.Pp
|
||||
Add extra algorithm specific control.
|
||||
This method is called by
|
||||
.Xr EVP_PKEY_get_default_digest_nid 3 ,
|
||||
.Pp
|
||||
If the
|
||||
.Fa op
|
||||
argument is
|
||||
.Dv ASN1_PKEY_CTRL_DEFAULT_MD_NID ,
|
||||
the
|
||||
.Fa pkey_ctrl
|
||||
method is supposed to write the message digest NID
|
||||
for public key signature operations with the given
|
||||
.Fa pkey
|
||||
to
|
||||
.Pf * Fa arg2
|
||||
as documented in the
|
||||
.Xr EVP_PKEY_get_default_digest_nid 3
|
||||
manual page.
|
||||
.Pp
|
||||
The
|
||||
.Fa pkey_ctrl
|
||||
method is also called by
|
||||
.Fn PKCS7_SIGNER_INFO_set ,
|
||||
.Fn PKCS7_RECIP_INFO_set ,
|
||||
and other functions.
|
||||
.\" TODO:
|
||||
.\" ASN1_PKEY_CTRL_CMS_ENVELOPE in cms_env.c rsa_ameth.c
|
||||
.\" ASN1_PKEY_CTRL_CMS_RI_TYPE in cms_env.c dsa_ameth.c ec_ameth.c rsa_ameth.c
|
||||
.\" ASN1_PKEY_CTRL_CMS_SIGN in cms_sd.c dsa_ameth.c ec_ameth.c rsa_ameth.c
|
||||
.\" ASN1_PKEY_CTRL_PKCS7_ENCRYPT in pk7_lib.c rsa_ameth.c
|
||||
.\" ASN1_PKEY_CTRL_PKCS7_SIGN in pk7_lib.c dsa_ameth.c ec_ameth.c rsa_ameth.c
|
||||
.Bd -unfilled
|
||||
.Ft int Fn (*pkey_check) "const EVP_PKEY *pk"
|
||||
.Ft int Fn (*pkey_public_check) "const EVP_PKEY *pk"
|
||||
|
@ -378,7 +418,7 @@ It is called by
|
|||
.Fn EVP_PKEY_asn1_new
|
||||
creates and returns a new
|
||||
.Vt EVP_PKEY_ASN1_METHOD
|
||||
object, and associates the given
|
||||
object, marks it as dynamically allocated, and associates the given
|
||||
.Fa id ,
|
||||
.Fa flags ,
|
||||
.Fa pem_str
|
||||
|
@ -404,20 +444,28 @@ See
|
|||
for more information.
|
||||
.Pp
|
||||
.Fn EVP_PKEY_asn1_copy
|
||||
copies an
|
||||
.Vt EVP_PKEY_ASN1_METHOD
|
||||
object from
|
||||
copies all function pointers from
|
||||
.Fa src
|
||||
to
|
||||
.Fa dst .
|
||||
The data in
|
||||
.Fa dst
|
||||
that can be set with
|
||||
.Fn EVP_PKEY_asn1_new
|
||||
\(em NIDs, flags, and strings \(em
|
||||
remains unchanged.
|
||||
This function is not thread safe, it is recommended to only use this when
|
||||
initializing the application.
|
||||
.Pp
|
||||
.Fn EVP_PKEY_asn1_free
|
||||
frees an existing
|
||||
.Vt EVP_PKEY_ASN1_METHOD
|
||||
pointed by
|
||||
.Fa ameth .
|
||||
frees the dynamically allocated
|
||||
.Fa ameth
|
||||
including all memory it refers to.
|
||||
If
|
||||
.Fa ameth
|
||||
is
|
||||
.Dv NULL
|
||||
of not marked as dynamically allocated, no action occurs.
|
||||
.Pp
|
||||
.Fn EVP_PKEY_asn1_add0
|
||||
adds
|
||||
|
@ -456,11 +504,11 @@ set the diverse methods of the given
|
|||
object.
|
||||
.Sh RETURN VALUES
|
||||
.Fn EVP_PKEY_asn1_new
|
||||
returns a pointer to an
|
||||
returns a pointer to the new
|
||||
.Vt EVP_PKEY_ASN1_METHOD
|
||||
object or
|
||||
.Dv NULL
|
||||
on error.
|
||||
if memory allocation fails.
|
||||
.Pp
|
||||
.Fn EVP_PKEY_asn1_add0
|
||||
and
|
||||
|
|
|
@ -1,8 +1,26 @@
|
|||
.\" $OpenBSD: EVP_PKEY_get_default_digest_nid.3,v 1.5 2019/06/06 01:06:58 schwarze Exp $
|
||||
.\" OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400
|
||||
.\" $OpenBSD: EVP_PKEY_get_default_digest_nid.3,v 1.7 2023/09/13 14:57:21 schwarze Exp $
|
||||
.\" full merge up to: OpenSSL df75c2bf Dec 9 01:02:36 2018 +0100
|
||||
.\"
|
||||
.\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
|
||||
.\" Copyright (c) 2006, 2009, 2013 The OpenSSL Project. All rights reserved.
|
||||
.\" This file is a derived work.
|
||||
.\" The changes are covered by the following Copyright and license:
|
||||
.\"
|
||||
.\" Copyright (c) 2023 Ingo Schwarze <schwarze@openbsd.org>
|
||||
.\"
|
||||
.\" Permission to use, copy, modify, and distribute this software for any
|
||||
.\" purpose with or without fee is hereby granted, provided that the above
|
||||
.\" copyright notice and this permission notice appear in all copies.
|
||||
.\"
|
||||
.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
|
||||
.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
|
||||
.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
|
||||
.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
|
||||
.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
|
||||
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
|
||||
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
|
||||
.\"
|
||||
.\" The original file was written by Dr. Stephen Henson <steve@openssl.org>.
|
||||
.\" Copyright (c) 2006, 2009, 2013, 2018 The OpenSSL Project.
|
||||
.\" All rights reserved.
|
||||
.\"
|
||||
.\" Redistribution and use in source and binary forms, with or without
|
||||
.\" modification, are permitted provided that the following conditions
|
||||
|
@ -48,7 +66,7 @@
|
|||
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
|
||||
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
.\"
|
||||
.Dd $Mdocdate: June 6 2019 $
|
||||
.Dd $Mdocdate: September 13 2023 $
|
||||
.Dt EVP_PKEY_GET_DEFAULT_DIGEST_NID 3
|
||||
.Os
|
||||
.Sh NAME
|
||||
|
@ -65,12 +83,31 @@
|
|||
The
|
||||
.Fn EVP_PKEY_get_default_digest_nid
|
||||
function sets
|
||||
.Fa pnid
|
||||
.Pf * Fa pnid
|
||||
to the default message digest NID for the public key signature
|
||||
operations associated with key
|
||||
operations associated with
|
||||
.Fa pkey .
|
||||
.Pp
|
||||
For all current standard OpenSSL public key algorithms, SHA1 is returned.
|
||||
Some signature algorithms, for example
|
||||
.Dv EVP_PKEY_ED25519 ,
|
||||
do not use a digest during signing.
|
||||
In this case,
|
||||
.Pf * Fa pnid
|
||||
is set to
|
||||
.Dv NID_undef .
|
||||
.Pp
|
||||
Support for the following public key algorithms is built into the library:
|
||||
.Pp
|
||||
.Bl -column -compact EVP_PKEY_base_id(3) NID_id_Gost28147_89_MAC mandatory
|
||||
.It Xr EVP_PKEY_base_id 3 Ta Pf * Fa pnid Ta return value
|
||||
.It Dv EVP_PKEY_DSA Ta Dv NID_sha1 Ta mandatory
|
||||
.It Dv EVP_PKEY_EC Ta Dv NID_sha1 Ta mandatory
|
||||
.It Dv EVP_PKEY_ED25519 Ta Dv NID_undef Ta mandatory
|
||||
.It Dv EVP_PKEY_GOSTIMIT Ta Dv NID_id_Gost28147_89_MAC Ta mandatory
|
||||
.It Dv EVP_PKEY_GOSTR01 Ta variable Ta mandatory
|
||||
.It Dv EVP_PKEY_HMAC Ta Dv NID_sha1 Ta advisory
|
||||
.It Dv EVP_PKEY_RSA Ta Dv NID_sha256 Ta advisory
|
||||
.El
|
||||
.Sh RETURN VALUES
|
||||
The
|
||||
.Fn EVP_PKEY_get_default_digest_nid
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue