new manual pages

ASN1_item_digest(3), ASN1_item_sign(3), and ASN1_item_verify(3)
author: schwarze <> 2021-11-07 15:29:01 +0000
committer: schwarze <> 2021-11-07 15:29:01 +0000
commit: 1b876ed700226e116dcaa299654f4ac0f43cfc81 (patch)
tree: 4872f37b744ee6a040a3c131d99b28bdedb95f52 /src
parent: 799657a69a1e18c0e3e5eb094ab7533af4643905 (diff)
download: openbsd-1b876ed700226e116dcaa299654f4ac0f43cfc81.tar.gz
openbsd-1b876ed700226e116dcaa299654f4ac0f43cfc81.tar.bz2
openbsd-1b876ed700226e116dcaa299654f4ac0f43cfc81.zip
6 files changed, 288 insertions, 5 deletions
diff --git a/src/lib/libcrypto/man/ASN1_item_d2i.3 b/src/lib/libcrypto/man/ASN1_item_d2i.3
index 140ea6f1ba..19b290ef63 100644
--- a/src/lib/libcrypto/man/ASN1_item_d2i.3
+++ b/src/lib/libcrypto/man/ASN1_item_d2i.3
@@ -1,4 +1,4 @@
-.\"     $OpenBSD: ASN1_item_d2i.3,v 1.10 2021/07/11 15:30:21 schwarze Exp $
+.\"     $OpenBSD: ASN1_item_d2i.3,v 1.11 2021/11/07 15:29:01 schwarze Exp $
 .\"     OpenSSL doc/man3/d2i_X509.pod b97fdb57 Nov 11 09:33:09 2016 +0100
 .\"
 .\" This file is a derived work.
@@ -65,7 +65,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: July 11 2021 $
+.Dd $Mdocdate: November 7 2021 $
 .Dt ASN1_ITEM_D2I 3
 .Os
 .Sh NAME
@@ -362,7 +362,10 @@ if (d2i_X509(&x, &p, len) == NULL)
 .Ed
 .Sh SEE ALSO
 .Xr ASN1_get_object 3 ,
+.Xr ASN1_item_digest 3 ,
 .Xr ASN1_item_new 3 ,
+.Xr ASN1_item_sign 3 ,
+.Xr ASN1_item_verify 3 ,
 .Xr ASN1_TYPE_new 3
 .Sh HISTORY
 .Fn d2i_ASN1_TYPE
diff --git a/src/lib/libcrypto/man/ASN1_item_digest.3 b/src/lib/libcrypto/man/ASN1_item_digest.3
new file mode 100644
index 0000000000..e8af779c65
--- /dev/null
+++ b/src/lib/libcrypto/man/ASN1_item_digest.3
@@ -0,0 +1,71 @@
+.\" $OpenBSD: ASN1_item_digest.3,v 1.1 2021/11/07 15:29:01 schwarze Exp $
+.\"
+.\" Copyright (c) 2021 Ingo Schwarze <schwarze@openbsd.org>
+.\"
+.\" Permission to use, copy, modify, and distribute this software for any
+.\" purpose with or without fee is hereby granted, provided that the above
+.\" copyright notice and this permission notice appear in all copies.
+.\"
+.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+.\"
+.Dd $Mdocdate: November 7 2021 $
+.Dt ASN1_ITEM_DIGEST 3
+.Os
+.Sh NAME
+.Nm ASN1_item_digest
+.Nd DER-encode and hash an ASN.1 value
+.Sh SYNOPSIS
+.In openssl/x509.h
+.Ft int
+.Fo ASN1_item_digest
+.Fa "const ASN1_ITEM *it"
+.Fa "const EVP_MD *type"
+.Fa "void *val_in"
+.Fa "unsigned char *md"
+.Fa "unsigned int *s"
+.Fc
+.Sh DESCRIPTION
+.Fn ASN1_item_digest
+assumes that that
+.Fa val_in
+is an
+.Vt ASN1_VALUE
+of the type specified by
+.Fa it ,
+encodes it into DER format by calling
+.Xr ASN1_item_i2d 3 ,
+hashes the resulting byte array using the digest
+.Fa type
+by calling
+.Xr EVP_Digest 3 ,
+places the digest value into
+.Pf * Fa md ,
+and, unless
+.Fa s
+is
+.Dv NULL ,
+places the length in bytes of the digest into
+.Pf * Fa s .
+Providing a buffer
+.Pf * Fa md
+large enough to contain the digest is the responsibility of the caller;
+providing a buffer of
+.Dv EVP_MAX_MD_SIZE
+bytes is recommended.
+.Sh RETURN VALUES
+.Fn ASN1_item_digest
+returns 1 for success or 0 if encoding or hashing fails.
+.Sh SEE ALSO
+.Xr ASN1_item_i2d 3 ,
+.Xr ASN1_item_sign 3 ,
+.Xr EVP_Digest 3
+.Sh HISTORY
+.Fn ASN1_item_digest
+first appeared in OpenSSL 0.9.7 and has been available since
+.Ox 3.1 .
diff --git a/src/lib/libcrypto/man/ASN1_item_new.3 b/src/lib/libcrypto/man/ASN1_item_new.3
index a5bf8aa58f..fd967bfc3f 100644
--- a/src/lib/libcrypto/man/ASN1_item_new.3
+++ b/src/lib/libcrypto/man/ASN1_item_new.3
@@ -1,4 +1,4 @@
-.\"     $OpenBSD: ASN1_item_new.3,v 1.6 2021/07/11 15:30:21 schwarze Exp $
+.\" $OpenBSD: ASN1_item_new.3,v 1.7 2021/11/07 15:29:01 schwarze Exp $
 .\"
 .\" Copyright (c) 2016, 2018 Ingo Schwarze <schwarze@openbsd.org>
 .\"
@@ -14,7 +14,7 @@
 .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 .\"
-.Dd $Mdocdate: July 11 2021 $
+.Dd $Mdocdate: November 7 2021 $
 .Dt ASN1_ITEM_NEW 3
 .Os
 .Sh NAME
@@ -107,6 +107,9 @@ is returned and an error code can be retrieved with
 .Sh SEE ALSO
 .Xr ASN1_get_object 3 ,
 .Xr ASN1_item_d2i 3 ,
+.Xr ASN1_item_digest 3 ,
+.Xr ASN1_item_sign 3 ,
+.Xr ASN1_item_verify 3 ,
 .Xr ASN1_TYPE_new 3 ,
 .Xr d2i_ASN1_NULL 3 ,
 .Xr OBJ_nid2obj 3
diff --git a/src/lib/libcrypto/man/ASN1_item_sign.3 b/src/lib/libcrypto/man/ASN1_item_sign.3
new file mode 100644
index 0000000000..9dfc346fcc
--- /dev/null
+++ b/src/lib/libcrypto/man/ASN1_item_sign.3
@@ -0,0 +1,127 @@
+.\" $OpenBSD: ASN1_item_sign.3,v 1.1 2021/11/07 15:29:01 schwarze Exp $
+.\"
+.\" Copyright (c) 2021 Ingo Schwarze <schwarze@openbsd.org>
+.\"
+.\" Permission to use, copy, modify, and distribute this software for any
+.\" purpose with or without fee is hereby granted, provided that the above
+.\" copyright notice and this permission notice appear in all copies.
+.\"
+.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+.\"
+.Dd $Mdocdate: November 7 2021 $
+.Dt ASN1_ITEM_SIGN 3
+.Os
+.Sh NAME
+.Nm ASN1_item_sign ,
+.Nm ASN1_item_sign_ctx
+.Nd DER-encode and sign an ASN.1 value
+.Sh SYNOPSIS
+.In openssl/x509.h
+.Ft int
+.Fo ASN1_item_sign
+.Fa "const ASN1_ITEM *it"
+.Fa "X509_ALGOR *algor1"
+.Fa "X509_ALGOR *algor2"
+.Fa "ASN1_BIT_STRING *sig_out"
+.Fa "void *val_in"
+.Fa "EVP_PKEY *pkey"
+.Fa "const EVP_MD *type"
+.Fc
+.Ft int
+.Fo ASN1_item_sign_ctx
+.Fa "const ASN1_ITEM *it"
+.Fa "X509_ALGOR *algor1"
+.Fa "X509_ALGOR *algor2"
+.Fa "ASN1_BIT_STRING *sig_out"
+.Fa "void *val_in"
+.Fa "EVP_MD_CTX *ctx"
+.Fc
+.Sh DESCRIPTION
+.Fn ASN1_item_sign
+assumes that
+.Fa val_in
+is an
+.Vt ASN1_VALUE
+of the type specified by
+.Fa it ,
+encodes it into DER format by calling
+.Xr ASN1_item_i2d 3 ,
+and signs the resulting byte array in a way similar to
+.Xr EVP_DigestSign 3 ,
+using a signing context created with
+.Xr EVP_DigestSignInit 3
+for the given digest
+.Fa type
+and private key
+.Fa pkey .
+The created signature is placed into the
+.Fa sig_out
+object provided by the caller,
+freeing and replacing any data already contained in that object.
+.Pp
+.Fn ASN1_item_sign_ctx
+is similar except that the provided
+.Ft ctx
+is used rather than creating a new one.
+No matter whether
+.Fn ASN1_item_sign_ctx
+succeeds or fails,
+.Xr EVP_MD_CTX_cleanup 3
+is called on
+.Fa ctx
+before returning.
+.Pp
+For both functions, unless
+.Fa algor1
+is
+.Dv NULL ,
+its algorithm OID and parameter type are set according to the digest
+.Fa type
+used, and its parameter value is cleared.
+In RSA-PSS mode, the parameter value is also copied into
+.Fa algor1 .
+Unless
+.Fa algor2
+is
+.Dv NULL ,
+the same data is copied into it.
+.\" The following is not yet supported by LibreSSL
+.\" because we do not provide EVP_PKEY_asn1_set_item(3).
+.\" except that user-defined key types set up with
+.\" .Xr EVP_PKEY_asn1_new 3
+.\" may optionally provide information about a second algorithm in
+.\" .Fa algor2 .
+.Sh RETURN VALUES
+These functions return the length of the signature in bytes
+or 0 if memory allocation, encoding, or signing fails.
+.Pp
+.Fn ASN1_item_sign_ctx
+also fails and returns 0 if
+.Fa ctx
+is not fully initialized.
+.Sh SEE ALSO
+.Xr ASN1_BIT_STRING_new 3 ,
+.Xr ASN1_item_digest 3 ,
+.Xr ASN1_item_i2d 3 ,
+.Xr ASN1_item_verify 3 ,
+.Xr EVP_Digest 3 ,
+.Xr EVP_DigestSign 3 ,
+.Xr EVP_MD_CTX_new 3 ,
+.\" We do not provide EVP_PKEY_asn1_set_item(3).
+.\" .Xr EVP_PKEY_asn1_new 3 ,
+.Xr EVP_PKEY_new 3 ,
+.Xr X509_ALGOR_new 3
+.Sh HISTORY
+.Fn ASN1_item_sign
+first appeared in OpenSSL 0.9.7 and has been available since
+.Ox 3.1 .
+.Pp
+.Fn ASN1_item_sign_ctx
+first appeared in OpenSSL 1.0.1 and has been available since
+.Ox 5.3 .
diff --git a/src/lib/libcrypto/man/ASN1_item_verify.3 b/src/lib/libcrypto/man/ASN1_item_verify.3
new file mode 100644
index 0000000000..3e32558e7b
--- /dev/null
+++ b/src/lib/libcrypto/man/ASN1_item_verify.3
@@ -0,0 +1,76 @@
+.\" $OpenBSD: ASN1_item_verify.3,v 1.1 2021/11/07 15:29:01 schwarze Exp $
+.\"
+.\" Copyright (c) 2021 Ingo Schwarze <schwarze@openbsd.org>
+.\"
+.\" Permission to use, copy, modify, and distribute this software for any
+.\" purpose with or without fee is hereby granted, provided that the above
+.\" copyright notice and this permission notice appear in all copies.
+.\"
+.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+.\"
+.Dd $Mdocdate: November 7 2021 $
+.Dt ASN1_ITEM_VERIFY 3
+.Os
+.Sh NAME
+.Nm ASN1_item_verify
+.Nd signature verification for ASN.1 values
+.Sh SYNOPSIS
+.In openssl/x509.h
+.Ft int
+.Fo ASN1_item_verify
+.Fa "const ASN1_ITEM *it"
+.Fa "X509_ALGOR *algor1"
+.Fa "ASN1_BIT_STRING *sig_in"
+.Fa "void *val_in"
+.Fa "EVP_PKEY *pkey"
+.Fc
+.Sh DESCRIPTION
+.Fn ASN1_item_verify
+assumes that
+.Fa val_in
+is an
+.Ft ASN1_VALUE
+of the type specified by
+.Fa it ,
+encodes it into DER format by calling
+.Xr ASN1_item_i2d 3 ,
+and verifies in a way similar to
+.Xr EVP_DigestVerify 3
+that
+.Fa sig_in
+contains a valid signature of the resulting byte array,
+a signature that was created with the digest type
+.Fa algor1
+and the private key corresponding to the public key
+.Fa pkey .
+.Sh RETURN VALUES
+.Fn ASN1_item_verify
+returns 1 if signure verification succeds, 0 if signature verification
+fails, or \-1 if
+.Fa pkey
+is
+.Dv NULL ,
+if
+.Fa sig_in
+contains invalid flags, or if
+.Fa algor1
+requests an invalid or unsupported digest algorithm
+or does not work with the given
+.Fa pkey .
+.Sh SEE ALSO
+.Xr ASN1_BIT_STRING_new 3 ,
+.Xr ASN1_item_i2d 3 ,
+.Xr ASN1_item_sign 3 ,
+.Xr EVP_DigestVerify 3 ,
+.Xr EVP_PKEY_new 3 ,
+.Xr X509_ALGOR_new 3
+.Sh HISTORY
+.Fn ASN1_item_verify
+first appeared in OpenSSL 0.9.7 and has been available since
+.Ox 3.1 .
diff --git a/src/lib/libcrypto/man/Makefile b/src/lib/libcrypto/man/Makefile
index 1e2c626d0c..53d20760eb 100644
--- a/src/lib/libcrypto/man/Makefile
+++ b/src/lib/libcrypto/man/Makefile
@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.208 2021/10/30 16:20:35 schwarze Exp $
+# $OpenBSD: Makefile,v 1.209 2021/11/07 15:29:01 schwarze Exp $
 .include <bsd.own.mk>
@@ -16,7 +16,10 @@ MAN=	\
        ASN1_generate_nconf.3 \
        ASN1_get_object.3 \
        ASN1_item_d2i.3 \
+        ASN1_item_digest.3 \
        ASN1_item_new.3 \
+        ASN1_item_sign.3 \
+        ASN1_item_verify.3 \
        ASN1_mbstring_copy.3 \
        ASN1_parse_dump.3 \
        ASN1_put_object.3 \
author	schwarze <>	2021-11-07 15:29:01 +0000
committer	schwarze <>	2021-11-07 15:29:01 +0000
commit	1b876ed700226e116dcaa299654f4ac0f43cfc81 (patch)
tree	4872f37b744ee6a040a3c131d99b28bdedb95f52 /src
parent	799657a69a1e18c0e3e5eb094ab7533af4643905 (diff)
download	openbsd-1b876ed700226e116dcaa299654f4ac0f43cfc81.tar.gz openbsd-1b876ed700226e116dcaa299654f4ac0f43cfc81.tar.bz2 openbsd-1b876ed700226e116dcaa299654f4ac0f43cfc81.zip

diff --git a/src/lib/libcrypto/man/ASN1_item_d2i.3 b/src/lib/libcrypto/man/ASN1_item_d2i.3 index 140ea6f1ba..19b290ef63 100644 --- a/src/lib/libcrypto/man/ASN1_item_d2i.3 +++ b/src/lib/libcrypto/man/ASN1_item_d2i.3
@@ -1,4 +1,4 @@
1	.\" $OpenBSD: ASN1_item_d2i.3,v 1.10 2021/07/11 15:30:21 schwarze Exp $	1	.\" $OpenBSD: ASN1_item_d2i.3,v 1.11 2021/11/07 15:29:01 schwarze Exp $
2	.\" OpenSSL doc/man3/d2i_X509.pod b97fdb57 Nov 11 09:33:09 2016 +0100	2	.\" OpenSSL doc/man3/d2i_X509.pod b97fdb57 Nov 11 09:33:09 2016 +0100
3	.\"	3	.\"
4	.\" This file is a derived work.	4	.\" This file is a derived work.
@@ -65,7 +65,7 @@
65	.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED	65	.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
66	.\" OF THE POSSIBILITY OF SUCH DAMAGE.	66	.\" OF THE POSSIBILITY OF SUCH DAMAGE.
67	.\"	67	.\"
68	.Dd $Mdocdate: July 11 2021 $	68	.Dd $Mdocdate: November 7 2021 $
69	.Dt ASN1_ITEM_D2I 3	69	.Dt ASN1_ITEM_D2I 3
70	.Os	70	.Os
71	.Sh NAME	71	.Sh NAME
@@ -362,7 +362,10 @@ if (d2i_X509(&x, &p, len) == NULL)
362	.Ed	362	.Ed
363	.Sh SEE ALSO	363	.Sh SEE ALSO
364	.Xr ASN1_get_object 3 ,	364	.Xr ASN1_get_object 3 ,
		365	.Xr ASN1_item_digest 3 ,
365	.Xr ASN1_item_new 3 ,	366	.Xr ASN1_item_new 3 ,
		367	.Xr ASN1_item_sign 3 ,
		368	.Xr ASN1_item_verify 3 ,
366	.Xr ASN1_TYPE_new 3	369	.Xr ASN1_TYPE_new 3
367	.Sh HISTORY	370	.Sh HISTORY
368	.Fn d2i_ASN1_TYPE	371	.Fn d2i_ASN1_TYPE


diff --git a/src/lib/libcrypto/man/ASN1_item_digest.3 b/src/lib/libcrypto/man/ASN1_item_digest.3 new file mode 100644 index 0000000000..e8af779c65 --- /dev/null +++ b/src/lib/libcrypto/man/ASN1_item_digest.3
@@ -0,0 +1,71 @@
		1	.\" $OpenBSD: ASN1_item_digest.3,v 1.1 2021/11/07 15:29:01 schwarze Exp $
		2	.\"
		3	.\" Copyright (c) 2021 Ingo Schwarze <schwarze@openbsd.org>
		4	.\"
		5	.\" Permission to use, copy, modify, and distribute this software for any
		6	.\" purpose with or without fee is hereby granted, provided that the above
		7	.\" copyright notice and this permission notice appear in all copies.
		8	.\"
		9	.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
		10	.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
		11	.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
		12	.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
		13	.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
		14	.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
		15	.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
		16	.\"
		17	.Dd $Mdocdate: November 7 2021 $
		18	.Dt ASN1_ITEM_DIGEST 3
		19	.Os
		20	.Sh NAME
		21	.Nm ASN1_item_digest
		22	.Nd DER-encode and hash an ASN.1 value
		23	.Sh SYNOPSIS
		24	.In openssl/x509.h
		25	.Ft int
		26	.Fo ASN1_item_digest
		27	.Fa "const ASN1_ITEM *it"
		28	.Fa "const EVP_MD *type"
		29	.Fa "void *val_in"
		30	.Fa "unsigned char *md"
		31	.Fa "unsigned int *s"
		32	.Fc
		33	.Sh DESCRIPTION
		34	.Fn ASN1_item_digest
		35	assumes that that
		36	.Fa val_in
		37	is an
		38	.Vt ASN1_VALUE
		39	of the type specified by
		40	.Fa it ,
		41	encodes it into DER format by calling
		42	.Xr ASN1_item_i2d 3 ,
		43	hashes the resulting byte array using the digest
		44	.Fa type
		45	by calling
		46	.Xr EVP_Digest 3 ,
		47	places the digest value into
		48	.Pf * Fa md ,
		49	and, unless
		50	.Fa s
		51	is
		52	.Dv NULL ,
		53	places the length in bytes of the digest into
		54	.Pf * Fa s .
		55	Providing a buffer
		56	.Pf * Fa md
		57	large enough to contain the digest is the responsibility of the caller;
		58	providing a buffer of
		59	.Dv EVP_MAX_MD_SIZE
		60	bytes is recommended.
		61	.Sh RETURN VALUES
		62	.Fn ASN1_item_digest
		63	returns 1 for success or 0 if encoding or hashing fails.
		64	.Sh SEE ALSO
		65	.Xr ASN1_item_i2d 3 ,
		66	.Xr ASN1_item_sign 3 ,
		67	.Xr EVP_Digest 3
		68	.Sh HISTORY
		69	.Fn ASN1_item_digest
		70	first appeared in OpenSSL 0.9.7 and has been available since
		71	.Ox 3.1 .


diff --git a/src/lib/libcrypto/man/ASN1_item_new.3 b/src/lib/libcrypto/man/ASN1_item_new.3 index a5bf8aa58f..fd967bfc3f 100644 --- a/src/lib/libcrypto/man/ASN1_item_new.3 +++ b/src/lib/libcrypto/man/ASN1_item_new.3
@@ -1,4 +1,4 @@
1	.\" $OpenBSD: ASN1_item_new.3,v 1.6 2021/07/11 15:30:21 schwarze Exp $	1	.\" $OpenBSD: ASN1_item_new.3,v 1.7 2021/11/07 15:29:01 schwarze Exp $
2	.\"	2	.\"
3	.\" Copyright (c) 2016, 2018 Ingo Schwarze <schwarze@openbsd.org>	3	.\" Copyright (c) 2016, 2018 Ingo Schwarze <schwarze@openbsd.org>
4	.\"	4	.\"
@@ -14,7 +14,7 @@
14	.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF	14	.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15	.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.	15	.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16	.\"	16	.\"
17	.Dd $Mdocdate: July 11 2021 $	17	.Dd $Mdocdate: November 7 2021 $
18	.Dt ASN1_ITEM_NEW 3	18	.Dt ASN1_ITEM_NEW 3
19	.Os	19	.Os
20	.Sh NAME	20	.Sh NAME
@@ -107,6 +107,9 @@ is returned and an error code can be retrieved with
107	.Sh SEE ALSO	107	.Sh SEE ALSO
108	.Xr ASN1_get_object 3 ,	108	.Xr ASN1_get_object 3 ,
109	.Xr ASN1_item_d2i 3 ,	109	.Xr ASN1_item_d2i 3 ,
		110	.Xr ASN1_item_digest 3 ,
		111	.Xr ASN1_item_sign 3 ,
		112	.Xr ASN1_item_verify 3 ,
110	.Xr ASN1_TYPE_new 3 ,	113	.Xr ASN1_TYPE_new 3 ,
111	.Xr d2i_ASN1_NULL 3 ,	114	.Xr d2i_ASN1_NULL 3 ,
112	.Xr OBJ_nid2obj 3	115	.Xr OBJ_nid2obj 3


diff --git a/src/lib/libcrypto/man/ASN1_item_sign.3 b/src/lib/libcrypto/man/ASN1_item_sign.3 new file mode 100644 index 0000000000..9dfc346fcc --- /dev/null +++ b/src/lib/libcrypto/man/ASN1_item_sign.3
@@ -0,0 +1,127 @@
		1	.\" $OpenBSD: ASN1_item_sign.3,v 1.1 2021/11/07 15:29:01 schwarze Exp $
		2	.\"
		3	.\" Copyright (c) 2021 Ingo Schwarze <schwarze@openbsd.org>
		4	.\"
		5	.\" Permission to use, copy, modify, and distribute this software for any
		6	.\" purpose with or without fee is hereby granted, provided that the above
		7	.\" copyright notice and this permission notice appear in all copies.
		8	.\"
		9	.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
		10	.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
		11	.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
		12	.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
		13	.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
		14	.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
		15	.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
		16	.\"
		17	.Dd $Mdocdate: November 7 2021 $
		18	.Dt ASN1_ITEM_SIGN 3
		19	.Os
		20	.Sh NAME
		21	.Nm ASN1_item_sign ,
		22	.Nm ASN1_item_sign_ctx
		23	.Nd DER-encode and sign an ASN.1 value
		24	.Sh SYNOPSIS
		25	.In openssl/x509.h
		26	.Ft int
		27	.Fo ASN1_item_sign
		28	.Fa "const ASN1_ITEM *it"
		29	.Fa "X509_ALGOR *algor1"
		30	.Fa "X509_ALGOR *algor2"
		31	.Fa "ASN1_BIT_STRING *sig_out"
		32	.Fa "void *val_in"
		33	.Fa "EVP_PKEY *pkey"
		34	.Fa "const EVP_MD *type"
		35	.Fc
		36	.Ft int
		37	.Fo ASN1_item_sign_ctx
		38	.Fa "const ASN1_ITEM *it"
		39	.Fa "X509_ALGOR *algor1"
		40	.Fa "X509_ALGOR *algor2"
		41	.Fa "ASN1_BIT_STRING *sig_out"
		42	.Fa "void *val_in"
		43	.Fa "EVP_MD_CTX *ctx"
		44	.Fc
		45	.Sh DESCRIPTION
		46	.Fn ASN1_item_sign
		47	assumes that
		48	.Fa val_in
		49	is an
		50	.Vt ASN1_VALUE
		51	of the type specified by
		52	.Fa it ,
		53	encodes it into DER format by calling
		54	.Xr ASN1_item_i2d 3 ,
		55	and signs the resulting byte array in a way similar to
		56	.Xr EVP_DigestSign 3 ,
		57	using a signing context created with
		58	.Xr EVP_DigestSignInit 3
		59	for the given digest
		60	.Fa type
		61	and private key
		62	.Fa pkey .
		63	The created signature is placed into the
		64	.Fa sig_out
		65	object provided by the caller,
		66	freeing and replacing any data already contained in that object.
		67	.Pp
		68	.Fn ASN1_item_sign_ctx
		69	is similar except that the provided
		70	.Ft ctx
		71	is used rather than creating a new one.
		72	No matter whether
		73	.Fn ASN1_item_sign_ctx
		74	succeeds or fails,
		75	.Xr EVP_MD_CTX_cleanup 3
		76	is called on
		77	.Fa ctx
		78	before returning.
		79	.Pp
		80	For both functions, unless
		81	.Fa algor1
		82	is
		83	.Dv NULL ,
		84	its algorithm OID and parameter type are set according to the digest
		85	.Fa type
		86	used, and its parameter value is cleared.
		87	In RSA-PSS mode, the parameter value is also copied into
		88	.Fa algor1 .
		89	Unless
		90	.Fa algor2
		91	is
		92	.Dv NULL ,
		93	the same data is copied into it.
		94	.\" The following is not yet supported by LibreSSL
		95	.\" because we do not provide EVP_PKEY_asn1_set_item(3).
		96	.\" except that user-defined key types set up with
		97	.\" .Xr EVP_PKEY_asn1_new 3
		98	.\" may optionally provide information about a second algorithm in
		99	.\" .Fa algor2 .
		100	.Sh RETURN VALUES
		101	These functions return the length of the signature in bytes
		102	or 0 if memory allocation, encoding, or signing fails.
		103	.Pp
		104	.Fn ASN1_item_sign_ctx
		105	also fails and returns 0 if
		106	.Fa ctx
		107	is not fully initialized.
		108	.Sh SEE ALSO
		109	.Xr ASN1_BIT_STRING_new 3 ,
		110	.Xr ASN1_item_digest 3 ,
		111	.Xr ASN1_item_i2d 3 ,
		112	.Xr ASN1_item_verify 3 ,
		113	.Xr EVP_Digest 3 ,
		114	.Xr EVP_DigestSign 3 ,
		115	.Xr EVP_MD_CTX_new 3 ,
		116	.\" We do not provide EVP_PKEY_asn1_set_item(3).
		117	.\" .Xr EVP_PKEY_asn1_new 3 ,
		118	.Xr EVP_PKEY_new 3 ,
		119	.Xr X509_ALGOR_new 3
		120	.Sh HISTORY
		121	.Fn ASN1_item_sign
		122	first appeared in OpenSSL 0.9.7 and has been available since
		123	.Ox 3.1 .
		124	.Pp
		125	.Fn ASN1_item_sign_ctx
		126	first appeared in OpenSSL 1.0.1 and has been available since
		127	.Ox 5.3 .


diff --git a/src/lib/libcrypto/man/ASN1_item_verify.3 b/src/lib/libcrypto/man/ASN1_item_verify.3 new file mode 100644 index 0000000000..3e32558e7b --- /dev/null +++ b/src/lib/libcrypto/man/ASN1_item_verify.3
@@ -0,0 +1,76 @@
		1	.\" $OpenBSD: ASN1_item_verify.3,v 1.1 2021/11/07 15:29:01 schwarze Exp $
		2	.\"
		3	.\" Copyright (c) 2021 Ingo Schwarze <schwarze@openbsd.org>
		4	.\"
		5	.\" Permission to use, copy, modify, and distribute this software for any
		6	.\" purpose with or without fee is hereby granted, provided that the above
		7	.\" copyright notice and this permission notice appear in all copies.
		8	.\"
		9	.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
		10	.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
		11	.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
		12	.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
		13	.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
		14	.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
		15	.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
		16	.\"
		17	.Dd $Mdocdate: November 7 2021 $
		18	.Dt ASN1_ITEM_VERIFY 3
		19	.Os
		20	.Sh NAME
		21	.Nm ASN1_item_verify
		22	.Nd signature verification for ASN.1 values
		23	.Sh SYNOPSIS
		24	.In openssl/x509.h
		25	.Ft int
		26	.Fo ASN1_item_verify
		27	.Fa "const ASN1_ITEM *it"
		28	.Fa "X509_ALGOR *algor1"
		29	.Fa "ASN1_BIT_STRING *sig_in"
		30	.Fa "void *val_in"
		31	.Fa "EVP_PKEY *pkey"
		32	.Fc
		33	.Sh DESCRIPTION
		34	.Fn ASN1_item_verify
		35	assumes that
		36	.Fa val_in
		37	is an
		38	.Ft ASN1_VALUE
		39	of the type specified by
		40	.Fa it ,
		41	encodes it into DER format by calling
		42	.Xr ASN1_item_i2d 3 ,
		43	and verifies in a way similar to
		44	.Xr EVP_DigestVerify 3
		45	that
		46	.Fa sig_in
		47	contains a valid signature of the resulting byte array,
		48	a signature that was created with the digest type
		49	.Fa algor1
		50	and the private key corresponding to the public key
		51	.Fa pkey .
		52	.Sh RETURN VALUES
		53	.Fn ASN1_item_verify
		54	returns 1 if signure verification succeds, 0 if signature verification
		55	fails, or \-1 if
		56	.Fa pkey
		57	is
		58	.Dv NULL ,
		59	if
		60	.Fa sig_in
		61	contains invalid flags, or if
		62	.Fa algor1
		63	requests an invalid or unsupported digest algorithm
		64	or does not work with the given
		65	.Fa pkey .
		66	.Sh SEE ALSO
		67	.Xr ASN1_BIT_STRING_new 3 ,
		68	.Xr ASN1_item_i2d 3 ,
		69	.Xr ASN1_item_sign 3 ,
		70	.Xr EVP_DigestVerify 3 ,
		71	.Xr EVP_PKEY_new 3 ,
		72	.Xr X509_ALGOR_new 3
		73	.Sh HISTORY
		74	.Fn ASN1_item_verify
		75	first appeared in OpenSSL 0.9.7 and has been available since
		76	.Ox 3.1 .


diff --git a/src/lib/libcrypto/man/Makefile b/src/lib/libcrypto/man/Makefile index 1e2c626d0c..53d20760eb 100644 --- a/src/lib/libcrypto/man/Makefile +++ b/src/lib/libcrypto/man/Makefile
@@ -1,4 +1,4 @@
1	# $OpenBSD: Makefile,v 1.208 2021/10/30 16:20:35 schwarze Exp $	1	# $OpenBSD: Makefile,v 1.209 2021/11/07 15:29:01 schwarze Exp $
2		2
3	.include <bsd.own.mk>	3	.include <bsd.own.mk>
4		4
@@ -16,7 +16,10 @@ MAN= \
16	ASN1_generate_nconf.3 \	16	ASN1_generate_nconf.3 \
17	ASN1_get_object.3 \	17	ASN1_get_object.3 \
18	ASN1_item_d2i.3 \	18	ASN1_item_d2i.3 \
		19	ASN1_item_digest.3 \
19	ASN1_item_new.3 \	20	ASN1_item_new.3 \
		21	ASN1_item_sign.3 \
		22	ASN1_item_verify.3 \
20	ASN1_mbstring_copy.3 \	23	ASN1_mbstring_copy.3 \
21	ASN1_parse_dump.3 \	24	ASN1_parse_dump.3 \
22	ASN1_put_object.3 \	25	ASN1_put_object.3 \