sync code with last improvements from OpenBSD

This commit is contained in:
purplerain 2023-09-12 16:38:01 +00:00
parent 5455e77c6b
commit ca32125ea8
Signed by: purplerain
GPG key ID: F42C07F07E2E35B7
17 changed files with 271 additions and 75 deletions

View file

@ -1,8 +1,9 @@
.\" $OpenBSD: EVP_AEAD_CTX_init.3,v 1.13 2023/08/24 04:33:08 tb Exp $
.\" $OpenBSD: EVP_AEAD_CTX_init.3,v 1.15 2023/09/12 13:58:06 schwarze Exp $
.\"
.\" Copyright (c) 2014, Google Inc.
.\" Parts of the text were written by Adam Langley and David Benjamin.
.\" Copyright (c) 2015 Reyk Floeter <reyk@openbsd.org>
.\" Copyright (c) 2023 Ingo Schwarze <schwarze@openbsd.org>
.\"
.\" Permission to use, copy, modify, and/or distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
@ -16,7 +17,7 @@
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.Dd $Mdocdate: August 24 2023 $
.Dd $Mdocdate: September 12 2023 $
.Dt EVP_AEAD_CTX_INIT 3
.Os
.Sh NAME
@ -147,7 +148,11 @@ argument must be
for the default implementation;
other values are currently not supported.
Authentication tags may be truncated by passing a tag length.
A tag length of zero indicates the default tag length should be used.
A
.Fa tag_len
argument of
.Dv EVP_AEAD_DEFAULT_TAG_LENGTH ,
which has the value 0, causes the default tag length to be used.
.Pp
.Fn EVP_AEAD_CTX_cleanup
frees any data allocated for the context
@ -241,6 +246,18 @@ and
provide information about the AEAD algorithm
.Fa aead .
.Pp
.Fn EVP_AEAD_max_tag_len
returns the maximum tag length that can be used with the given
.Fa aead .
This is the largest value that can be passed as the
.Fa tag_len
argument to
.Fn EVP_AEAD_CTX_init .
No built-in
.Vt EVP_AEAD
object has a maximum tag length larger than the constant
.Dv EVP_AEAD_MAX_TAG_LENGTH .
.Pp
All cipher algorithms have a fixed key length unless otherwise stated.
The following ciphers are available:
.Bl -tag -width Ds -offset indent
@ -262,6 +279,9 @@ ChaCha20 with a Poly1305 authenticator, using a
of 32 bytes and a
.Fa nonce_len
of 12 bytes.
The constant
.Dv EVP_CHACHAPOLY_TLS_TAG_LEN
specifies the length of the authentication tag in bytes and has a value of 16.
.It Fn EVP_aead_xchacha20_poly1305
XChaCha20 with a Poly1305 authenticator, using a
.Fa key_len
@ -310,8 +330,6 @@ sealing data with the AEAD.
.Pp
.Fn EVP_AEAD_max_tag_len
returns the maximum tag length when using this AEAD.
This is the largest value that can be passed as a tag length to
.Fn EVP_AEAD_CTX_init .
.Pp
.Fn EVP_AEAD_nonce_length
returns the length of the per-message nonce.

View file

@ -1,8 +1,25 @@
.\" $OpenBSD: EVP_MD_meth_new.3,v 1.3 2023/08/12 16:48:23 schwarze Exp $
.\" $OpenBSD: EVP_MD_meth_new.3,v 1.4 2023/09/12 12:11:05 schwarze Exp $
.\" selective merge up to:
.\" OpenSSL man3/EVP_MD_meth_new 0388d212 Dec 14 12:47:07 2018 -0800
.\"
.\" This file was written by Richard Levitte <levitte@openssl.org>
.\" This file is a derived work.
.\" The changes are covered by the following Copyright and license:
.\"
.\" Copyright (c) 2023 Ingo Schwarze <schwarze@openbsd.org>
.\"
.\" Permission to use, copy, modify, and distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
.\" copyright notice and this permission notice appear in all copies.
.\"
.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.\" The original file was written by Richard Levitte <levitte@openssl.org>
.\" Copyright (c) 2015 The OpenSSL Project. All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
@ -49,7 +66,7 @@
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: August 12 2023 $
.Dd $Mdocdate: September 12 2023 $
.Dt EVP_MD_METH_NEW 3
.Os
.Sh NAME
@ -179,26 +196,59 @@ sets the flags to describe optional behaviours in the particular
Several flags can be or'd together.
The available flags are:
.Bl -tag -width Ds
.It EVP_MD_FLAG_ONESHOT
This digest method can only handle one block of input.
.It EVP_MD_FLAG_DIGALGID_NULL
When setting up a DigestAlgorithmIdentifier, this flag will have the
parameter set to NULL by default.
.It Dv EVP_MD_FLAG_DIGALGID_NULL
When setting up a
.Vt DigestAlgorithmIdentifier
with
.Xr X509_ALGOR_set_md 3 ,
set the parameter type to
.Dv V_ASN1_NULL
and the parameter value to
.Dv NULL .
This is the default, which means that it takes effect for
.Vt EVP_MD
objects that do not have
.Dv EVP_MD_FLAG_DIGALGID_ABSENT
set.
Use this for PKCS#1.
.Em Note: if combined with EVP_MD_FLAG_DIGALGID_ABSENT, the latter will override.
.It EVP_MD_FLAG_DIGALGID_ABSENT
When setting up a DigestAlgorithmIdentifier, this flag will have the
parameter be left absent by default.
.Em Note: if combined with EVP_MD_FLAG_DIGALGID_NULL, the latter will be overridden.
.It EVP_MD_FLAG_DIGALGID_CUSTOM
Custom DigestAlgorithmIdentifier handling via ctrl, with
.Sy EVP_MD_FLAG_DIGALGID_ABSENT
as default.
.Em Note: if combined with EVP_MD_FLAG_DIGALGID_NULL, the latter will be overridden.
Currently unused.
.It EVP_MD_FLAG_FIPS
This digest method is suitable for use in FIPS mode.
Currently unused.
.It Dv EVP_MD_FLAG_DIGALGID_ABSENT
When setting up a
.Vt DigestAlgorithmIdentifier
with
.Xr X509_ALGOR_set_md 3 ,
set the parameter type to
.Dv V_ASN1_UNDEF
and the parameter value to
.Dv NULL .
This is used by the
.Vt EVP_MD
objects documented in the manual page
.Xr EVP_sha3_224 3
and by the objects returned from
.Xr EVP_sha512 3 ,
.Xr EVP_sha512_256 3 ,
.Xr EVP_sha512_224 3 ,
.Xr EVP_sha384 3 ,
.Xr EVP_sha256 3 ,
.Xr EVP_sha224 3 ,
.Xr EVP_sha1 3 ,
and
.Xr EVP_sm3 3 .
.It Dv EVP_MD_FLAG_DIGALGID_CUSTOM
This flag is reserved for used-defined
.Vt EVP_MD
objects supporting custom
.Vt DigestAlgorithmIdentifier
handling via
.Xr EVP_MD_CTX_ctrl 3 ,
but actually, it is ignored by both LibreSSL and OpenSSL
and such user-defined behaviour is not supported by the libraries.
.It Dv EVP_MD_FLAG_FIPS
Mark the digest method as suitable for FIPS mode.
This flag is ignored by both LibreSSL and OpenSSL.
.It Dv EVP_MD_FLAG_ONESHOT
Intended to indicate that the digest method can only handle one block
of input, but actually, this flag is ignored by both LibreSSL and OpenSSL.
.El
.Pp
.Fn EVP_MD_meth_set_init

View file

@ -1,10 +1,10 @@
.\" $OpenBSD: EVP_PKEY_size.3,v 1.1 2022/07/13 19:10:40 schwarze Exp $
.\" $OpenBSD: EVP_PKEY_size.3,v 1.2 2023/09/12 15:29:03 schwarze Exp $
.\" full merge up to: OpenSSL eed9d03b Jan 8 11:04:15 2020 +0100
.\"
.\" This file is a derived work.
.\" The changes are covered by the following Copyright and license:
.\"
.\" Copyright (c) 2022 Ingo Schwarze <schwarze@openbsd.org>
.\" Copyright (c) 2022, 2023 Ingo Schwarze <schwarze@openbsd.org>
.\"
.\" Permission to use, copy, modify, and distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
@ -65,7 +65,7 @@
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: July 13 2022 $
.Dd $Mdocdate: September 12 2023 $
.Dt EVP_PKEY_SIZE 3
.Os
.Sh NAME
@ -137,17 +137,26 @@ where it's desirable to know the upper limit in advance.
By default,
.Fn EVP_PKEY_size
is supported for the following algorithms:
.Bl -column GOST01 "EVP_MAX_BLOCK_LENGTH = 32"
.Bl -column ED25519 "EVP_MAX_BLOCK_LENGTH = 32"
.It Ta same result as from:
.It CMAC Ta Dv EVP_MAX_BLOCK_LENGTH No = 32
.It DH Ta Xr DH_size 3
.It DSA Ta Xr DSA_size 3
.It EC Ta Xr ECDSA_size 3
.It ED25519 Ta 64, but see below
.It GOST01 Ta 64 or 128
.It HMAC Ta Dv EVP_MAX_MD_SIZE No = 64
.It RSA Ta Xr RSA_size 3
.It X25519 Ta Dv X25519_KEYLEN No = 32
.El
.Pp
For
.Dv EVP_PKEY_ED25519 ,
the situation is special: while the key size is
.Dv ED25519_KEYLEN No = 32 bytes ,
.Fn EVP_PKEY_size
returns 64 because the signature is longer than the keys.
.Pp
The application program can support additional algorithms by calling
.Xr EVP_PKEY_asn1_set_public 3 .
.Pp
@ -157,14 +166,16 @@ returns the cryptographic length of the cryptosystem to which the key in
belongs, in bits.
The definition of cryptographic length is specific to the key cryptosystem.
By default, the following algorithms are supported:
.Bl -column GOST01 "the public domain parameter p" DSA_bits(3)
.Bl -column ED25519 "the public domain parameter p" DSA_bits(3)
.It Ta cryptographic length = Ta same result as from:
.It Ta significant bits in ... Ta
.It DH Ta the public domain parameter Fa p Ta Xr DH_bits 3
.It DSA Ta the public domain parameter Fa p Ta Xr DSA_bits 3
.It EC Ta the order of the group Ta Xr EC_GROUP_order_bits 3
.It ED25519 Ta 253 Ta \(em
.It GOST01 Ta 256 or 512 Ta \(em
.It RSA Ta the public modulus Ta Xr RSA_bits 3
.It X25519 Ta 253 Ta \(em
.El
.Pp
The application program can support additional algorithms by calling
@ -175,13 +186,15 @@ returns the security strength measured in bits of the given
.Fa pkey
as defined in NIST SP800-57.
By default, the following algorithms are supported:
.Bl -column GOST01 DSA_security_bits(3)
.Bl -column ED25519 DSA_security_bits(3)
.It Ta same result as from:
.It DH Ta Xr DH_security_bits 3
.It DSA Ta Xr DSA_security_bits 3
.It EC Ta Xr EC_GROUP_order_bits 3 divided by 2
.It ED25519 Ta 128
.It GOST01 Ta not supported, return value is \-2
.It RSA Ta Xr RSA_security_bits 3
.It X25519 Ta 128
.El
.Pp
For EC keys, if the result is greater than 80, it is rounded down

View file

@ -1,4 +1,4 @@
.\" $OpenBSD: EVP_chacha20.3,v 1.6 2023/08/24 04:33:08 tb Exp $
.\" $OpenBSD: EVP_chacha20.3,v 1.7 2023/09/12 13:58:06 schwarze Exp $
.\" full merge up to: OpenSSL 35fd9953 May 28 14:49:38 2019 +0200
.\"
.\" This file is a derived work.
@ -65,7 +65,7 @@
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: August 24 2023 $
.Dd $Mdocdate: September 12 2023 $
.Dt EVP_CHACHA20 3
.Os
.Sh NAME
@ -135,6 +135,9 @@ argument of 32 bytes = 256 bits and an
argument of 12 bytes = 96 bits.
This supports additional authenticated data (AAD) and produces a 128-bit
authentication tag.
The constant
.Dv EVP_CHACHAPOLY_TLS_TAG_LEN
specifies the length of the authentication tag in bytes and has a value of 16.
.Pp
The following
.Fa type