sync code with last improvements from OpenBSD

lib/libcrypto/man/EVP_PKEY_CTX_get_operation.3

@@ -0,0 +1,118 @@
+.\" $OpenBSD: EVP_PKEY_CTX_get_operation.3,v 1.1 2023/09/09 14:39:09 schwarze Exp $
+.\"
+.\" Copyright (c) 2023 Ingo Schwarze <schwarze@openbsd.org>
+.\"
+.\" Permission to use, copy, modify, and distribute this software for any
+.\" purpose with or without fee is hereby granted, provided that the above
+.\" copyright notice and this permission notice appear in all copies.
+.\"
+.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+.\"
+.Dd $Mdocdate: September 9 2023 $
+.Dt EVP_PKEY_CTX_GET_OPERATION 3
+.Os
+.Sh NAME
+.Nm EVP_PKEY_CTX_get_operation ,
+.Nm EVP_PKEY_CTX_get0_pkey
+.Nd inspect EVP_PKEY_CTX objects
+.Sh SYNOPSIS
+.In openssl/evp.h
+.Ft int
+.Fo EVP_PKEY_CTX_get_operation
+.Fa "EVP_PKEY_CTX *ctx"
+.Fc
+.Ft EVP_PKEY *
+.Fo EVP_PKEY_CTX_get0_pkey
+.Fa "EVP_PKEY_CTX *ctx"
+.Fc
+.Sh DESCRIPTION
+.Fn EVP_PKEY_CTX_get_operation
+finds out which initialization function has been called on
+.Fa ctx ,
+if any:
+.Bl -column EVP_PKEY_OP_VERIFYRECO EVP_PKEY_verify_recover_init
+.It return value             Ta initialized with            Ta e.g. for
+.It Dv EVP_PKEY_OP_DECRYPT   Ta Xr EVP_PKEY_decrypt_init  3 Ta RSA, SM2
+.It Dv EVP_PKEY_OP_DERIVE    Ta Xr EVP_PKEY_derive_init   3 Ta HKDF
+.It Dv EVP_PKEY_OP_ENCRYPT   Ta Xr EVP_PKEY_encrypt_init  3 Ta RSA, SM2
+.It Dv EVP_PKEY_OP_KEYGEN    Ta Xr EVP_PKEY_keygen_init   3 Ta almost all
+.It Dv EVP_PKEY_OP_PARAMGEN  Ta Xr EVP_PKEY_paramgen_init 3 Ta DH, DSA, EC
+.It Dv EVP_PKEY_OP_SIGN      Ta Xr EVP_PKEY_sign_init     3 Ta DSA,EC,RSA,SM2
+.It Dv EVP_PKEY_OP_SIGN      Ta Xr EVP_DigestSignInit     3 Ta ED25519
+.It Dv EVP_PKEY_OP_SIGNCTX   Ta Xr EVP_DigestSignInit     3 Ta CMAC, HMAC
+.It Dv EVP_PKEY_OP_UNDEFINED Ta not initialized             Ta NONE
+.It Dv EVP_PKEY_OP_VERIFY    Ta Xr EVP_PKEY_verify_init   3 Ta DSA,EC,RSA,SM2
+.It Dv EVP_PKEY_OP_VERIFY    Ta Xr EVP_DigestVerifyInit   3 Ta ED25519
+.It Dv EVP_PKEY_OP_VERIFYCTX Ta Xr EVP_DigestVerifyInit   3 Ta no built-in
+.It Dv EVP_PKEY_OP_VERIFYRECOVER Ta Xr EVP_PKEY_verify_recover_init 3 Ta RSA
+.El
+.Pp
+The rightmost column of the above table shows examples of algoritms
+the return values can occur for.
+For example, if
+.Xr EVP_PKEY_base_id 3
+returns
+.Dv EVP_PKEY_HKDF ,
+then calling
+.Fn EVP_PKEY_CTX_get_operation
+on a
+.Vt EVP_PKEY_CTX
+using that key may return
+.Dv EVP_PKEY_OP_DERIVE .
+.Pp
+If the return value is
+.Dv EVP_PKEY_OP_SIGNCTX
+or
+.Dv EVP_PKEY_OP_VERIFYCTX ,
+the
+.Fa ctx
+supports
+.Xr EVP_DigestSignUpdate 3
+or
+.Xr EVP_DigestVerifyUpdate 3 ,
+respectively.
+If the return value is
+.Dv EVP_PKEY_OP_SIGN
+or
+.Dv EVP_PKEY_OP_VERIFY ,
+if does not, and only one-shot signing or verification is supported.
+.Pp
+The return value
+.Dv EVP_PKEY_OP_UNDEFINED
+can for example occur if the
+.Fa ctx
+was freshly returned from
+.Xr EVP_PKEY_CTX_new 3
+or
+.Xr EVP_PKEY_CTX_new_id 3
+and not yet initialized.
+.Sh RETURN VALUES
+.Fn EVP_PKEY_CTX_get_operation
+returns one of the
+.Dv EVP_PKEY_OP_*
+constants.
+.Pp
+.Fn EVP_PKEY_CTX_get0_pkey
+returns an internal pointer to the
+.Vt EVP_PKEY
+object used by
+.Fa ctx ,
+without incrementing its reference count.
+.Sh SEE ALSO
+.Xr evp 3 ,
+.Xr EVP_PKEY_base_id 3 ,
+.Xr EVP_PKEY_CTX_ctrl 3 ,
+.Xr EVP_PKEY_CTX_new 3 ,
+.Xr EVP_PKEY_new 3
+.Sh HISTORY
+.Fn EVP_PKEY_CTX_get_operation
+and
+.Fn EVP_PKEY_CTX_get0_pkey
+first appeared in OpenSSL 1.0.0 and have been available since
+.Ox 4.9 .

lib/libcrypto/man/EVP_PKEY_CTX_new.3

@@ -1,4 +1,4 @@
-.\" $OpenBSD: EVP_PKEY_CTX_new.3,v 1.12 2022/07/13 21:51:35 schwarze Exp $
+.\" $OpenBSD: EVP_PKEY_CTX_new.3,v 1.13 2023/09/09 14:39:09 schwarze Exp $
 .\" full merge up to: OpenSSL df75c2bf Dec 9 01:02:36 2018 +0100
 .\"
 .\" This file is a derived work.
@@ -65,7 +65,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: July 13 2022 $
+.Dd $Mdocdate: September 9 2023 $
 .Dt EVP_PKEY_CTX_NEW 3
 .Os
 .Sh NAME
@@ -159,6 +159,8 @@ if an error occurred.
 .Xr EVP_PKEY_base_id 3 ,
 .Xr EVP_PKEY_check 3 ,
 .Xr EVP_PKEY_CTX_ctrl 3 ,
+.Xr EVP_PKEY_CTX_get_operation 3 ,
+.Xr EVP_PKEY_CTX_hkdf_mode 3 ,
 .Xr EVP_PKEY_decrypt 3 ,
 .Xr EVP_PKEY_derive 3 ,
 .Xr EVP_PKEY_encrypt 3 ,

lib/libcrypto/man/EVP_PKEY_derive.3

@@ -1,7 +1,24 @@
-.\" $OpenBSD: EVP_PKEY_derive.3,v 1.8 2018/03/23 04:34:23 schwarze Exp $
+.\" $OpenBSD: EVP_PKEY_derive.3,v 1.9 2023/09/09 14:26:35 schwarze Exp $
 .\" full merge up to: OpenSSL 48e5119a Jan 19 10:49:22 2018 +0100
 .\"
-.\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
+.\" This file is a derived work.
+.\" The changes are covered by the following Copyright and license:
+.\"
+.\" Copyright (c) 2023 Ingo Schwarze <schwarze@openbsd.org>
+.\"
+.\" Permission to use, copy, modify, and distribute this software for any
+.\" purpose with or without fee is hereby granted, provided that the above
+.\" copyright notice and this permission notice appear in all copies.
+.\"
+.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+.\"
+.\" The original file was written by Dr. Stephen Henson <steve@openssl.org>.
 .\" Copyright (c) 2006, 2009, 2013, 2018 The OpenSSL Project.
 .\" All rights reserved.
 .\"
@@ -49,12 +66,13 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: March 23 2018 $
+.Dd $Mdocdate: September 9 2023 $
 .Dt EVP_PKEY_DERIVE 3
 .Os
 .Sh NAME
 .Nm EVP_PKEY_derive_init ,
 .Nm EVP_PKEY_derive_set_peer ,
+.Nm EVP_PKEY_CTX_get0_peerkey ,
 .Nm EVP_PKEY_derive
 .Nd derive public key algorithm shared secret
 .Sh SYNOPSIS
@@ -66,7 +84,11 @@
 .Ft int
 .Fo EVP_PKEY_derive_set_peer
 .Fa "EVP_PKEY_CTX *ctx"
-.Fa "EVP_PKEY *peer"
+.Fa "EVP_PKEY *peerkey"
+.Fc
+.Ft EVP_PKEY *
+.Fo EVP_PKEY_CTX_get0_peerkey
+.Fa "EVP_PKEY_CTX *ctx"
 .Fc
 .Ft int
 .Fo EVP_PKEY_derive
@@ -75,19 +97,51 @@
 .Fa "size_t *keylen"
 .Fc
 .Sh DESCRIPTION
-The
 .Fn EVP_PKEY_derive_init
-function initializes a public key algorithm context using key
-.Fa ctx->pkey
-for shared secret derivation.
+initializes the public key algorithm context
+.Fa ctx
+for shared secret derivation using the
+.Vt EVP_PKEY
+object already stored in
+.Fa ctx .
+The library provides built-in support for keys with an
+.Xr EVP_PKEY_base_id 3
+of
+.Dv EVP_PKEY_DH ,
+.Dv EVP_PKEY_EC ,
+.Dv EVP_PKEY_GOSTR01 ,
+.Dv EVP_PKEY_HKDF ,
+and
+.Dv EVP_PKEY_X25519 .
+.Pp
+After the call to
+.Fn EVP_PKEY_derive_init ,
+algorithm specific control operations can optionally be performed
+to set any appropriate parameters for the operation.
 .Pp
-The
 .Fn EVP_PKEY_derive_set_peer
-function sets the peer key: this will normally be a public key.
+configures the
+.Fa ctx ,
+which already needs to be initialized with
+.Fn EVP_PKEY_derive_init ,
+.Xr EVP_PKEY_encrypt_init 3 ,
+or
+.Xr EVP_PKEY_decrypt_init 3 ,
+to use the
+.Fa peerkey ,
+which is normally a public key.
+In case of success, the reference count of the
+.Fa peerkey
+is incremented by one.
+Consequently, the caller needs to call
+.Xr EVP_PKEY_free 3
+on the
+.Fa peerkey
+when the caller no longer needs it, even if it is still in use by
+.Fa ctx .
 .Pp
-The
 .Fn EVP_PKEY_derive
-function derives a shared secret using
+derives a shared secret using
 .Fa ctx .
 If
 .Fa key
@@ -110,22 +164,45 @@ If the call is successful, the shared secret is written to
 and the amount of data written to
 .Fa keylen .
 .Pp
-After the call to
-.Fn EVP_PKEY_derive_init ,
-algorithm specific control operations can be performed to set any
-appropriate parameters for the operation.
-.Pp
 The function
 .Fn EVP_PKEY_derive
 can be called more than once on the same context if several operations
 are performed using the same parameters.
 .Sh RETURN VALUES
-.Fn EVP_PKEY_derive_init
+.Fn EVP_PKEY_derive_init ,
+.Fn EVP_PKEY_derive_set_peer ,
 and
 .Fn EVP_PKEY_derive
 return 1 for success and 0 or a negative value for failure.
-In particular, a return value of -2 indicates the operation is not
+In particular, a return value of \-2 indicates the operation is not
 supported by the public key algorithm.
+.Pp
+For
+.Fn EVP_PKEY_derive_set_peer ,
+a return value of \-1 can for example occur if
+.Fa ctx
+is not properly initialized, does not contain an
+.Vt EVP_PKEY
+that can be retrieved with
+.Xr EVP_PKEY_CTX_get0_pkey 3 ,
+the
+.Xr EVP_PKEY_id 3
+of both keys mismatch, or
+.Xr EVP_PKEY_cmp_parameters 3
+reports mismatching key parameters.
+.Pp
+.Fn EVP_PKEY_derive
+fails with a return value of \-1 for example if
+.Fa ctx
+has not been successfully initialized with
+.Fn EVP_PKEY_derive_init .
+.Pp
+.Fn EVP_PKEY_CTX_get0_peerkey
+returns an internal pointer to the
+.Fa peerkey
+used by
+.Fa ctx
+without incrementing its reference count.
 .Sh EXAMPLES
 Derive shared secret (for example DH or EC keys):
 .Bd -literal -offset indent
@@ -173,6 +250,7 @@ if (EVP_PKEY_derive(ctx, skey, &skeylen) <= 0)
 .Sh HISTORY
 .Fn EVP_PKEY_derive_init ,
 .Fn EVP_PKEY_derive_set_peer ,
+.Fn EVP_PKEY_CTX_get0_peerkey ,
 and
 .Fn EVP_PKEY_derive
 first appeared in OpenSSL 1.0.0 and have been available since

lib/libcrypto/man/EVP_PKEY_keygen.3

@@ -1,8 +1,24 @@
-.\" $OpenBSD: EVP_PKEY_keygen.3,v 1.11 2023/04/25 16:50:33 tb Exp $
-.\" full merge up to: OpenSSL e9b77246 Jan 20 19:58:49 2017 +0100
-.\" selective merge up to: OpenSSL 48e5119a Jan 19 10:49:22 2018 +0100
+.\" $OpenBSD: EVP_PKEY_keygen.3,v 1.12 2023/09/09 14:31:38 schwarze Exp $
+.\" full merge up to: OpenSSL 24a535ea Sep 22 13:14:20 2020 +0100
 .\"
-.\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
+.\" This file is a derived work.
+.\" The changes are covered by the following Copyright and license:
+.\"
+.\" Copyright (c) 2023 Ingo Schwarze <schwarze@openbsd.org>
+.\"
+.\" Permission to use, copy, modify, and distribute this software for any
+.\" purpose with or without fee is hereby granted, provided that the above
+.\" copyright notice and this permission notice appear in all copies.
+.\"
+.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+.\"
+.\" The original file was written by Dr. Stephen Henson <steve@openssl.org>.
 .\" Copyright (c) 2006, 2009, 2013, 2015, 2016, 2018 The OpenSSL Project.
 .\" All rights reserved.
 .\"
@@ -50,7 +66,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: April 25 2023 $
+.Dd $Mdocdate: September 9 2023 $
 .Dt EVP_PKEY_KEYGEN 3
 .Os
 .Sh NAME
@@ -61,6 +77,7 @@
 .Nm EVP_PKEY_gen_cb ,
 .Nm EVP_PKEY_CTX_set_cb ,
 .Nm EVP_PKEY_CTX_get_cb ,
+.Nm EVP_PKEY_CTX_set0_keygen_info ,
 .Nm EVP_PKEY_CTX_get_keygen_info ,
 .Nm EVP_PKEY_CTX_set_app_data ,
 .Nm EVP_PKEY_CTX_get_app_data
@@ -98,6 +115,12 @@
 .Fo EVP_PKEY_CTX_get_cb
 .Fa "EVP_PKEY_CTX *ctx"
 .Fc
+.Ft void
+.Fo EVP_PKEY_CTX_set0_keygen_info
+.Fa "EVP_PKEY_CTX *ctx"
+.Fa "int *dat"
+.Fa "int datlen"
+.Fc
 .Ft int
 .Fo EVP_PKEY_CTX_get_keygen_info
 .Fa "EVP_PKEY_CTX *ctx"
@@ -131,13 +154,22 @@ and
 .Fn EVP_PKEY_paramgen
 are similar except parameters are generated.
 .Pp
-The function
+The functions
 .Fn EVP_PKEY_CTX_set_cb
-sets the key or parameter generation callback to
-.Fa cb .
-The function
+and
 .Fn EVP_PKEY_CTX_get_cb
-returns the key or parameter generation callback.
+set and retrieve the key or parameter generation callback, respectively.
+.Pp
+The function
+.Fn EVP_PKEY_CTX_set0_keygen_info
+sets the parameters associated with the generation operation to the array
+.Fa dat
+containing
+.Ft datlen
+integer parameters.
+The caller retains ownership of the
+.Fa dat
+array; it will never be freed by the library.
 .Pp
 The function
 .Fn EVP_PKEY_CTX_get_keygen_info
@@ -209,6 +241,23 @@ and
 return 1 for success and 0 or a negative value for failure.
 In particular, a return value of -2 indicates the operation is not
 supported by the public key algorithm.
+.Pp
+Callback functions of the type
+.Fn EVP_PKEY_gen_cb
+are supposed to return 1 on success or 0 on error.
+.Pp
+.Fn EVP_PKEY_CTX_get_cb
+returns a function pointer to the currently installed callback function or
+.Dv NULL
+if no callback function is installed.
+.Pp
+.Fn EVP_PKEY_CTX_get_keygen_info
+retuns the number of available parameters if
+.Fa idx
+is \-1, one of these parameters if
+.Fa idx
+is greater than or equal to zero but less than the number
+of available parameters, or 0 otherwise.
 .Sh EXAMPLES
 Generate a 2048-bit RSA key:
 .Bd -literal -offset indent

lib/libcrypto/man/EVP_PKEY_meth_new.3

@@ -1,7 +1,24 @@
-.\" $OpenBSD: EVP_PKEY_meth_new.3,v 1.5 2022/07/13 19:10:40 schwarze Exp $
-.\" selective merge up to: OpenSSL 335a587b May 7 11:59:11 2019 +0200
+.\" $OpenBSD: EVP_PKEY_meth_new.3,v 1.6 2023/09/09 14:35:23 schwarze Exp $
+.\" selective merge up to: OpenSSL 35fd9953 May 28 14:49:38 2019 +0200
 .\"
-.\" This file was written by Paul Yang <yang.yang@baishancloud.com>
+.\" This file is a derived work.
+.\" The changes are covered by the following Copyright and license:
+.\"
+.\" Copyright (c) 2023 Ingo Schwarze <schwarze@openbsd.org>
+.\"
+.\" Permission to use, copy, modify, and distribute this software for any
+.\" purpose with or without fee is hereby granted, provided that the above
+.\" copyright notice and this permission notice appear in all copies.
+.\"
+.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+.\"
+.\" The original file was written by Paul Yang <yang.yang@baishancloud.com>.
 .\" Copyright (c) 2017 The OpenSSL Project.  All rights reserved.
 .\"
 .\" Redistribution and use in source and binary forms, with or without
@@ -48,7 +65,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: July 13 2022 $
+.Dd $Mdocdate: September 9 2023 $
 .Dt EVP_PKEY_METH_NEW 3
 .Os
 .Sh NAME
@@ -73,7 +90,9 @@
 .Nm EVP_PKEY_meth_set_ctrl ,
 .Nm EVP_PKEY_meth_set_check ,
 .Nm EVP_PKEY_meth_set_public_check ,
-.Nm EVP_PKEY_meth_set_param_check
+.Nm EVP_PKEY_meth_set_param_check ,
+.Nm EVP_PKEY_CTX_get_data ,
+.Nm EVP_PKEY_CTX_set_data
 .Nd manipulate an EVP_PKEY_METHOD structure
 .Sh SYNOPSIS
 .In openssl/evp.h
@@ -202,6 +221,15 @@
 .Fa "EVP_PKEY_METHOD *pmeth"
 .Fa "int (*param_check)(EVP_PKEY *pkey)"
 .Fc
+.Ft void *
+.Fo EVP_PKEY_CTX_get_data
+.Fa "EVP_PKEY_CTX *ctx"
+.Fc
+.Ft void
+.Fo EVP_PKEY_CTX_set_data
+.Fa "EVP_PKEY_CTX *ctx"
+.Fa "void *data"
+.Fc
 .Sh DESCRIPTION
 The
 .Vt EVP_PKEY_METHOD
@@ -539,6 +567,24 @@ The
 functions set the corresponding fields of
 .Fa pmeth
 to the arguments passed.
+.Pp
+.Fn EVP_PKEY_CTX_get_data
+retrieves algorithm- and implementation-specific private key data from
+.Fa ctx .
+Public key algorithm implementations typically allocate and initialize
+this data automatically in their
+.Fn init
+function.
+.Pp
+.Fn EVP_PKEY_CTX_set_data
+transfers ownership of the given
+.Fa data
+to
+.Fa ctx ,
+replacing the existing algorithm- and implementation-specific
+private key data.
+It is the responsibility of the caller to free the existing data
+before calling this function.
 .Sh RETURN VALUES
 .Fn EVP_PKEY_meth_new
 returns a pointer to a new
@@ -556,6 +602,10 @@ if no matching object is found.
 .Pp
 .Fn EVP_PKEY_meth_add0
 returns 1 if the method is added successfully or 0 if an error occurred.
+.Pp
+.Fn EVP_PKEY_CTX_get_data
+returns an internal pointer owned by
+.Fa ctx .
 .Sh SEE ALSO
 .Xr EVP_DigestInit 3 ,
 .Xr EVP_PKEY_meth_get0_info 3 ,
@@ -578,8 +628,10 @@ returns 1 if the method is added successfully or 0 if an error occurred.
 .Fn EVP_PKEY_meth_set_encrypt ,
 .Fn EVP_PKEY_meth_set_decrypt ,
 .Fn EVP_PKEY_meth_set_derive ,
+.Fn EVP_PKEY_meth_set_ctrl ,
+.Fn EVP_PKEY_CTX_get_data ,
 and
-.Fn EVP_PKEY_meth_set_ctrl
+.Fn EVP_PKEY_CTX_set_data
 first appeared in OpenSSL 1.0.0 and have been available since
 .Ox 4.9 .
 .Pp

lib/libcrypto/man/Makefile

@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.267 2023/09/07 14:22:11 schwarze Exp $
+# $OpenBSD: Makefile,v 1.268 2023/09/09 14:39:09 schwarze Exp $
 
 .include <bsd.own.mk>
 
@@ -181,6 +181,7 @@ MAN=	\
 	EVP_OpenInit.3 \
 	EVP_PKCS82PKEY.3 \
 	EVP_PKEY_CTX_ctrl.3 \
+	EVP_PKEY_CTX_get_operation.3 \
 	EVP_PKEY_CTX_new.3 \
 	EVP_PKEY_CTX_set_hkdf_md.3 \
 	EVP_PKEY_add1_attr.3 \

lib/libcrypto/man/evp.3

@@ -1,4 +1,4 @@
-.\" $OpenBSD: evp.3,v 1.23 2023/09/07 14:22:11 schwarze Exp $
+.\" $OpenBSD: evp.3,v 1.24 2023/09/09 14:39:09 schwarze Exp $
 .\" full merge up to: OpenSSL man7/evp 24a535ea Sep 22 13:14:20 2020 +0100
 .\"
 .\" This file was written by Ulf Moeller <ulf@openssl.org>,
@@ -51,7 +51,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: September 7 2023 $
+.Dd $Mdocdate: September 9 2023 $
 .Dt EVP 3
 .Os
 .Sh NAME
@@ -222,6 +222,7 @@ operations are more efficient using the high-level interfaces.
 .Xr EVP_PKEY_check 3 ,
 .Xr EVP_PKEY_cmp 3 ,
 .Xr EVP_PKEY_CTX_ctrl 3 ,
+.Xr EVP_PKEY_CTX_get_operation 3 ,
 .Xr EVP_PKEY_CTX_new 3 ,
 .Xr EVP_PKEY_CTX_set_hkdf_md 3 ,
 .Xr EVP_PKEY_decrypt 3 ,