sync code with last improvements from OpenBSD
This commit is contained in:
parent
5455e77c6b
commit
ca32125ea8
17 changed files with 271 additions and 75 deletions
|
@ -1,8 +1,9 @@
|
|||
.\" $OpenBSD: EVP_AEAD_CTX_init.3,v 1.13 2023/08/24 04:33:08 tb Exp $
|
||||
.\" $OpenBSD: EVP_AEAD_CTX_init.3,v 1.15 2023/09/12 13:58:06 schwarze Exp $
|
||||
.\"
|
||||
.\" Copyright (c) 2014, Google Inc.
|
||||
.\" Parts of the text were written by Adam Langley and David Benjamin.
|
||||
.\" Copyright (c) 2015 Reyk Floeter <reyk@openbsd.org>
|
||||
.\" Copyright (c) 2023 Ingo Schwarze <schwarze@openbsd.org>
|
||||
.\"
|
||||
.\" Permission to use, copy, modify, and/or distribute this software for any
|
||||
.\" purpose with or without fee is hereby granted, provided that the above
|
||||
|
@ -16,7 +17,7 @@
|
|||
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
|
||||
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
|
||||
.\"
|
||||
.Dd $Mdocdate: August 24 2023 $
|
||||
.Dd $Mdocdate: September 12 2023 $
|
||||
.Dt EVP_AEAD_CTX_INIT 3
|
||||
.Os
|
||||
.Sh NAME
|
||||
|
@ -147,7 +148,11 @@ argument must be
|
|||
for the default implementation;
|
||||
other values are currently not supported.
|
||||
Authentication tags may be truncated by passing a tag length.
|
||||
A tag length of zero indicates the default tag length should be used.
|
||||
A
|
||||
.Fa tag_len
|
||||
argument of
|
||||
.Dv EVP_AEAD_DEFAULT_TAG_LENGTH ,
|
||||
which has the value 0, causes the default tag length to be used.
|
||||
.Pp
|
||||
.Fn EVP_AEAD_CTX_cleanup
|
||||
frees any data allocated for the context
|
||||
|
@ -241,6 +246,18 @@ and
|
|||
provide information about the AEAD algorithm
|
||||
.Fa aead .
|
||||
.Pp
|
||||
.Fn EVP_AEAD_max_tag_len
|
||||
returns the maximum tag length that can be used with the given
|
||||
.Fa aead .
|
||||
This is the largest value that can be passed as the
|
||||
.Fa tag_len
|
||||
argument to
|
||||
.Fn EVP_AEAD_CTX_init .
|
||||
No built-in
|
||||
.Vt EVP_AEAD
|
||||
object has a maximum tag length larger than the constant
|
||||
.Dv EVP_AEAD_MAX_TAG_LENGTH .
|
||||
.Pp
|
||||
All cipher algorithms have a fixed key length unless otherwise stated.
|
||||
The following ciphers are available:
|
||||
.Bl -tag -width Ds -offset indent
|
||||
|
@ -262,6 +279,9 @@ ChaCha20 with a Poly1305 authenticator, using a
|
|||
of 32 bytes and a
|
||||
.Fa nonce_len
|
||||
of 12 bytes.
|
||||
The constant
|
||||
.Dv EVP_CHACHAPOLY_TLS_TAG_LEN
|
||||
specifies the length of the authentication tag in bytes and has a value of 16.
|
||||
.It Fn EVP_aead_xchacha20_poly1305
|
||||
XChaCha20 with a Poly1305 authenticator, using a
|
||||
.Fa key_len
|
||||
|
@ -310,8 +330,6 @@ sealing data with the AEAD.
|
|||
.Pp
|
||||
.Fn EVP_AEAD_max_tag_len
|
||||
returns the maximum tag length when using this AEAD.
|
||||
This is the largest value that can be passed as a tag length to
|
||||
.Fn EVP_AEAD_CTX_init .
|
||||
.Pp
|
||||
.Fn EVP_AEAD_nonce_length
|
||||
returns the length of the per-message nonce.
|
||||
|
|
|
@ -1,8 +1,25 @@
|
|||
.\" $OpenBSD: EVP_MD_meth_new.3,v 1.3 2023/08/12 16:48:23 schwarze Exp $
|
||||
.\" $OpenBSD: EVP_MD_meth_new.3,v 1.4 2023/09/12 12:11:05 schwarze Exp $
|
||||
.\" selective merge up to:
|
||||
.\" OpenSSL man3/EVP_MD_meth_new 0388d212 Dec 14 12:47:07 2018 -0800
|
||||
.\"
|
||||
.\" This file was written by Richard Levitte <levitte@openssl.org>
|
||||
.\" This file is a derived work.
|
||||
.\" The changes are covered by the following Copyright and license:
|
||||
.\"
|
||||
.\" Copyright (c) 2023 Ingo Schwarze <schwarze@openbsd.org>
|
||||
.\"
|
||||
.\" Permission to use, copy, modify, and distribute this software for any
|
||||
.\" purpose with or without fee is hereby granted, provided that the above
|
||||
.\" copyright notice and this permission notice appear in all copies.
|
||||
.\"
|
||||
.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
|
||||
.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
|
||||
.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
|
||||
.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
|
||||
.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
|
||||
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
|
||||
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
|
||||
.\"
|
||||
.\" The original file was written by Richard Levitte <levitte@openssl.org>
|
||||
.\" Copyright (c) 2015 The OpenSSL Project. All rights reserved.
|
||||
.\"
|
||||
.\" Redistribution and use in source and binary forms, with or without
|
||||
|
@ -49,7 +66,7 @@
|
|||
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
|
||||
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
.\"
|
||||
.Dd $Mdocdate: August 12 2023 $
|
||||
.Dd $Mdocdate: September 12 2023 $
|
||||
.Dt EVP_MD_METH_NEW 3
|
||||
.Os
|
||||
.Sh NAME
|
||||
|
@ -179,26 +196,59 @@ sets the flags to describe optional behaviours in the particular
|
|||
Several flags can be or'd together.
|
||||
The available flags are:
|
||||
.Bl -tag -width Ds
|
||||
.It EVP_MD_FLAG_ONESHOT
|
||||
This digest method can only handle one block of input.
|
||||
.It EVP_MD_FLAG_DIGALGID_NULL
|
||||
When setting up a DigestAlgorithmIdentifier, this flag will have the
|
||||
parameter set to NULL by default.
|
||||
.It Dv EVP_MD_FLAG_DIGALGID_NULL
|
||||
When setting up a
|
||||
.Vt DigestAlgorithmIdentifier
|
||||
with
|
||||
.Xr X509_ALGOR_set_md 3 ,
|
||||
set the parameter type to
|
||||
.Dv V_ASN1_NULL
|
||||
and the parameter value to
|
||||
.Dv NULL .
|
||||
This is the default, which means that it takes effect for
|
||||
.Vt EVP_MD
|
||||
objects that do not have
|
||||
.Dv EVP_MD_FLAG_DIGALGID_ABSENT
|
||||
set.
|
||||
Use this for PKCS#1.
|
||||
.Em Note: if combined with EVP_MD_FLAG_DIGALGID_ABSENT, the latter will override.
|
||||
.It EVP_MD_FLAG_DIGALGID_ABSENT
|
||||
When setting up a DigestAlgorithmIdentifier, this flag will have the
|
||||
parameter be left absent by default.
|
||||
.Em Note: if combined with EVP_MD_FLAG_DIGALGID_NULL, the latter will be overridden.
|
||||
.It EVP_MD_FLAG_DIGALGID_CUSTOM
|
||||
Custom DigestAlgorithmIdentifier handling via ctrl, with
|
||||
.Sy EVP_MD_FLAG_DIGALGID_ABSENT
|
||||
as default.
|
||||
.Em Note: if combined with EVP_MD_FLAG_DIGALGID_NULL, the latter will be overridden.
|
||||
Currently unused.
|
||||
.It EVP_MD_FLAG_FIPS
|
||||
This digest method is suitable for use in FIPS mode.
|
||||
Currently unused.
|
||||
.It Dv EVP_MD_FLAG_DIGALGID_ABSENT
|
||||
When setting up a
|
||||
.Vt DigestAlgorithmIdentifier
|
||||
with
|
||||
.Xr X509_ALGOR_set_md 3 ,
|
||||
set the parameter type to
|
||||
.Dv V_ASN1_UNDEF
|
||||
and the parameter value to
|
||||
.Dv NULL .
|
||||
This is used by the
|
||||
.Vt EVP_MD
|
||||
objects documented in the manual page
|
||||
.Xr EVP_sha3_224 3
|
||||
and by the objects returned from
|
||||
.Xr EVP_sha512 3 ,
|
||||
.Xr EVP_sha512_256 3 ,
|
||||
.Xr EVP_sha512_224 3 ,
|
||||
.Xr EVP_sha384 3 ,
|
||||
.Xr EVP_sha256 3 ,
|
||||
.Xr EVP_sha224 3 ,
|
||||
.Xr EVP_sha1 3 ,
|
||||
and
|
||||
.Xr EVP_sm3 3 .
|
||||
.It Dv EVP_MD_FLAG_DIGALGID_CUSTOM
|
||||
This flag is reserved for used-defined
|
||||
.Vt EVP_MD
|
||||
objects supporting custom
|
||||
.Vt DigestAlgorithmIdentifier
|
||||
handling via
|
||||
.Xr EVP_MD_CTX_ctrl 3 ,
|
||||
but actually, it is ignored by both LibreSSL and OpenSSL
|
||||
and such user-defined behaviour is not supported by the libraries.
|
||||
.It Dv EVP_MD_FLAG_FIPS
|
||||
Mark the digest method as suitable for FIPS mode.
|
||||
This flag is ignored by both LibreSSL and OpenSSL.
|
||||
.It Dv EVP_MD_FLAG_ONESHOT
|
||||
Intended to indicate that the digest method can only handle one block
|
||||
of input, but actually, this flag is ignored by both LibreSSL and OpenSSL.
|
||||
.El
|
||||
.Pp
|
||||
.Fn EVP_MD_meth_set_init
|
||||
|
|
|
@ -1,10 +1,10 @@
|
|||
.\" $OpenBSD: EVP_PKEY_size.3,v 1.1 2022/07/13 19:10:40 schwarze Exp $
|
||||
.\" $OpenBSD: EVP_PKEY_size.3,v 1.2 2023/09/12 15:29:03 schwarze Exp $
|
||||
.\" full merge up to: OpenSSL eed9d03b Jan 8 11:04:15 2020 +0100
|
||||
.\"
|
||||
.\" This file is a derived work.
|
||||
.\" The changes are covered by the following Copyright and license:
|
||||
.\"
|
||||
.\" Copyright (c) 2022 Ingo Schwarze <schwarze@openbsd.org>
|
||||
.\" Copyright (c) 2022, 2023 Ingo Schwarze <schwarze@openbsd.org>
|
||||
.\"
|
||||
.\" Permission to use, copy, modify, and distribute this software for any
|
||||
.\" purpose with or without fee is hereby granted, provided that the above
|
||||
|
@ -65,7 +65,7 @@
|
|||
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
|
||||
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
.\"
|
||||
.Dd $Mdocdate: July 13 2022 $
|
||||
.Dd $Mdocdate: September 12 2023 $
|
||||
.Dt EVP_PKEY_SIZE 3
|
||||
.Os
|
||||
.Sh NAME
|
||||
|
@ -137,17 +137,26 @@ where it's desirable to know the upper limit in advance.
|
|||
By default,
|
||||
.Fn EVP_PKEY_size
|
||||
is supported for the following algorithms:
|
||||
.Bl -column GOST01 "EVP_MAX_BLOCK_LENGTH = 32"
|
||||
.Bl -column ED25519 "EVP_MAX_BLOCK_LENGTH = 32"
|
||||
.It Ta same result as from:
|
||||
.It CMAC Ta Dv EVP_MAX_BLOCK_LENGTH No = 32
|
||||
.It DH Ta Xr DH_size 3
|
||||
.It DSA Ta Xr DSA_size 3
|
||||
.It EC Ta Xr ECDSA_size 3
|
||||
.It ED25519 Ta 64, but see below
|
||||
.It GOST01 Ta 64 or 128
|
||||
.It HMAC Ta Dv EVP_MAX_MD_SIZE No = 64
|
||||
.It RSA Ta Xr RSA_size 3
|
||||
.It X25519 Ta Dv X25519_KEYLEN No = 32
|
||||
.El
|
||||
.Pp
|
||||
For
|
||||
.Dv EVP_PKEY_ED25519 ,
|
||||
the situation is special: while the key size is
|
||||
.Dv ED25519_KEYLEN No = 32 bytes ,
|
||||
.Fn EVP_PKEY_size
|
||||
returns 64 because the signature is longer than the keys.
|
||||
.Pp
|
||||
The application program can support additional algorithms by calling
|
||||
.Xr EVP_PKEY_asn1_set_public 3 .
|
||||
.Pp
|
||||
|
@ -157,14 +166,16 @@ returns the cryptographic length of the cryptosystem to which the key in
|
|||
belongs, in bits.
|
||||
The definition of cryptographic length is specific to the key cryptosystem.
|
||||
By default, the following algorithms are supported:
|
||||
.Bl -column GOST01 "the public domain parameter p" DSA_bits(3)
|
||||
.Bl -column ED25519 "the public domain parameter p" DSA_bits(3)
|
||||
.It Ta cryptographic length = Ta same result as from:
|
||||
.It Ta significant bits in ... Ta
|
||||
.It DH Ta the public domain parameter Fa p Ta Xr DH_bits 3
|
||||
.It DSA Ta the public domain parameter Fa p Ta Xr DSA_bits 3
|
||||
.It EC Ta the order of the group Ta Xr EC_GROUP_order_bits 3
|
||||
.It ED25519 Ta 253 Ta \(em
|
||||
.It GOST01 Ta 256 or 512 Ta \(em
|
||||
.It RSA Ta the public modulus Ta Xr RSA_bits 3
|
||||
.It X25519 Ta 253 Ta \(em
|
||||
.El
|
||||
.Pp
|
||||
The application program can support additional algorithms by calling
|
||||
|
@ -175,13 +186,15 @@ returns the security strength measured in bits of the given
|
|||
.Fa pkey
|
||||
as defined in NIST SP800-57.
|
||||
By default, the following algorithms are supported:
|
||||
.Bl -column GOST01 DSA_security_bits(3)
|
||||
.Bl -column ED25519 DSA_security_bits(3)
|
||||
.It Ta same result as from:
|
||||
.It DH Ta Xr DH_security_bits 3
|
||||
.It DSA Ta Xr DSA_security_bits 3
|
||||
.It EC Ta Xr EC_GROUP_order_bits 3 divided by 2
|
||||
.It ED25519 Ta 128
|
||||
.It GOST01 Ta not supported, return value is \-2
|
||||
.It RSA Ta Xr RSA_security_bits 3
|
||||
.It X25519 Ta 128
|
||||
.El
|
||||
.Pp
|
||||
For EC keys, if the result is greater than 80, it is rounded down
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
.\" $OpenBSD: EVP_chacha20.3,v 1.6 2023/08/24 04:33:08 tb Exp $
|
||||
.\" $OpenBSD: EVP_chacha20.3,v 1.7 2023/09/12 13:58:06 schwarze Exp $
|
||||
.\" full merge up to: OpenSSL 35fd9953 May 28 14:49:38 2019 +0200
|
||||
.\"
|
||||
.\" This file is a derived work.
|
||||
|
@ -65,7 +65,7 @@
|
|||
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
|
||||
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
.\"
|
||||
.Dd $Mdocdate: August 24 2023 $
|
||||
.Dd $Mdocdate: September 12 2023 $
|
||||
.Dt EVP_CHACHA20 3
|
||||
.Os
|
||||
.Sh NAME
|
||||
|
@ -135,6 +135,9 @@ argument of 32 bytes = 256 bits and an
|
|||
argument of 12 bytes = 96 bits.
|
||||
This supports additional authenticated data (AAD) and produces a 128-bit
|
||||
authentication tag.
|
||||
The constant
|
||||
.Dv EVP_CHACHAPOLY_TLS_TAG_LEN
|
||||
specifies the length of the authentication tag in bytes and has a value of 16.
|
||||
.Pp
|
||||
The following
|
||||
.Fa type
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue