diff options
| author | schwarze <> | 2024-11-24 14:48:12 +0000 |
|---|---|---|
| committer | schwarze <> | 2024-11-24 14:48:12 +0000 |
| commit | ff56d47bbc99ed7ac64ae73eaacbc02525a11b04 (patch) | |
| tree | bb5d1bcbe3decabb7fcd83247dbd2e4875344072 /src | |
| parent | 4c908616aa50e22645747c285720f6f2addd285c (diff) | |
| download | openbsd-ff56d47bbc99ed7ac64ae73eaacbc02525a11b04.tar.gz openbsd-ff56d47bbc99ed7ac64ae73eaacbc02525a11b04.tar.bz2 openbsd-ff56d47bbc99ed7ac64ae73eaacbc02525a11b04.zip | |
Fix some inaccuracies and gaps in the paragraph i wrote about CMAC
such that it becomes intelligible but not too long or prominent.
In particular, don't talk about EVP_PKEY_CTX_new(3), don't forget to
mention EVP_PKEY_keygen(3), mention EVP_PKEY_OP_KEYGEN, and mention
how to proceed once you have the desired EVP_PKEY object in hand.
Substantial feedback and OK tb@.
Diffstat (limited to 'src')
| -rw-r--r-- | src/lib/libcrypto/man/EVP_PKEY_CTX_ctrl.3 | 65 |
1 files changed, 47 insertions, 18 deletions
diff --git a/src/lib/libcrypto/man/EVP_PKEY_CTX_ctrl.3 b/src/lib/libcrypto/man/EVP_PKEY_CTX_ctrl.3 index 9049a11832..0a70e51ad6 100644 --- a/src/lib/libcrypto/man/EVP_PKEY_CTX_ctrl.3 +++ b/src/lib/libcrypto/man/EVP_PKEY_CTX_ctrl.3 | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | .\" $OpenBSD: EVP_PKEY_CTX_ctrl.3,v 1.25 2024/11/07 17:33:42 schwarze Exp $ | 1 | .\" $OpenBSD: EVP_PKEY_CTX_ctrl.3,v 1.26 2024/11/24 14:48:12 schwarze Exp $ |
| 2 | .\" full merge up to: OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400 | 2 | .\" full merge up to: OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400 |
| 3 | .\" selective merge up to: OpenSSL 24a535ea Sep 22 13:14:20 2020 +0100 | 3 | .\" selective merge up to: OpenSSL 24a535ea Sep 22 13:14:20 2020 +0100 |
| 4 | .\" Parts were split out into RSA_pkey_ctx_ctrl(3). | 4 | .\" Parts were split out into RSA_pkey_ctx_ctrl(3). |
| @@ -69,7 +69,7 @@ | |||
| 69 | .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | 69 | .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED |
| 70 | .\" OF THE POSSIBILITY OF SUCH DAMAGE. | 70 | .\" OF THE POSSIBILITY OF SUCH DAMAGE. |
| 71 | .\" | 71 | .\" |
| 72 | .Dd $Mdocdate: November 7 2024 $ | 72 | .Dd $Mdocdate: November 24 2024 $ |
| 73 | .Dt EVP_PKEY_CTX_CTRL 3 | 73 | .Dt EVP_PKEY_CTX_CTRL 3 |
| 74 | .Os | 74 | .Os |
| 75 | .Sh NAME | 75 | .Sh NAME |
| @@ -411,24 +411,34 @@ The return value is the user key material length. | |||
| 411 | The resulting pointer is owned by the library and should not be | 411 | The resulting pointer is owned by the library and should not be |
| 412 | freed by the caller. | 412 | freed by the caller. |
| 413 | .Ss CMAC parameters | 413 | .Ss CMAC parameters |
| 414 | Application programs normally initialize an | 414 | Application programs normally implement CMAC as described in |
| 415 | .Vt EVP_PKEY_CTX | 415 | .Xr EVP_PKEY_new_CMAC_key 3 |
| 416 | object using | 416 | and do not need the control commands documented here. |
| 417 | .Xr EVP_PKEY_CTX_new 3 , | 417 | .Pp |
| 418 | specifying the | 418 | Alternatively, the call to |
| 419 | .Vt EVP_PKEY | 419 | .Xr EVP_PKEY_new_CMAC_key 3 |
| 420 | object containing the symmetric key right away. | 420 | can be replaced as follows, |
| 421 | Alternatively, an empty | 421 | leaving the rest of the example code given there unchanged: |
| 422 | .Pp | ||
| 423 | .Bl -enum -width 2n -compact | ||
| 424 | .It | ||
| 425 | Create an empty | ||
| 422 | .Vt EVP_PKEY_CTX | 426 | .Vt EVP_PKEY_CTX |
| 423 | object can be created by passing the | 427 | object by passing the |
| 424 | .Dv EVP_PKEY_CMAC | 428 | .Dv EVP_PKEY_CMAC |
| 425 | constant to | 429 | constant to |
| 426 | .Xr EVP_PKEY_CTX_new_id 3 . | 430 | .Xr EVP_PKEY_CTX_new_id 3 . |
| 427 | After that, the block cipher can be selected by calling | 431 | .It |
| 432 | Initialize it with | ||
| 433 | .Xr EVP_PKEY_keygen_init 3 . | ||
| 434 | .It | ||
| 435 | Select the block cipher by calling | ||
| 428 | .Fn EVP_PKEY_CTX_ctrl | 436 | .Fn EVP_PKEY_CTX_ctrl |
| 429 | with an | 437 | with an |
| 430 | .Fa optype | 438 | .Fa optype |
| 431 | of \-1, a | 439 | of |
| 440 | .Dv EVP_PKEY_OP_KEYGEN , | ||
| 441 | a | ||
| 432 | .Fa cmd | 442 | .Fa cmd |
| 433 | of | 443 | of |
| 434 | .Dv EVP_PKEY_CTRL_CIPHER , | 444 | .Dv EVP_PKEY_CTRL_CIPHER , |
| @@ -441,13 +451,14 @@ object, which can be obtained from the functions in the CIPHER LISTING in | |||
| 441 | The | 451 | The |
| 442 | .Fa p1 | 452 | .Fa p1 |
| 443 | argument is ignored; passing 0 is recommended. | 453 | argument is ignored; passing 0 is recommended. |
| 444 | .Pp | 454 | .It |
| 445 | After selecting the block cipher with | 455 | Call |
| 446 | .Dv EVP_PKEY_CTRL_CIPHER , | ||
| 447 | .Fn EVP_PKEY_CTX_ctrl | 456 | .Fn EVP_PKEY_CTX_ctrl |
| 448 | can be called again with an | 457 | again with an |
| 449 | .Fa optype | 458 | .Fa optype |
| 450 | of \-1, a | 459 | of |
| 460 | .Dv EVP_PKEY_OP_KEYGEN , | ||
| 461 | a | ||
| 451 | .Fa cmd | 462 | .Fa cmd |
| 452 | of | 463 | of |
| 453 | .Dv EVP_PKEY_CTRL_SET_MAC_KEY , | 464 | .Dv EVP_PKEY_CTRL_SET_MAC_KEY , |
| @@ -455,6 +466,24 @@ of | |||
| 455 | pointing to the symmetric key, and | 466 | pointing to the symmetric key, and |
| 456 | .Fa p1 | 467 | .Fa p1 |
| 457 | specifying the length of the symmetric key in bytes. | 468 | specifying the length of the symmetric key in bytes. |
| 469 | .It | ||
| 470 | Extract the desired | ||
| 471 | .Vt EVP_PKEY | ||
| 472 | object using | ||
| 473 | .Xr EVP_PKEY_keygen 3 , | ||
| 474 | making sure the | ||
| 475 | .Fa ppkey | ||
| 476 | argument points to a storage location containing a | ||
| 477 | .Dv NULL | ||
| 478 | pointer. | ||
| 479 | .It | ||
| 480 | Proceed with | ||
| 481 | .Xr EVP_MD_CTX_new 3 , | ||
| 482 | .Xr EVP_DigestSignInit 3 , | ||
| 483 | and | ||
| 484 | .Xr EVP_DigestSign 3 | ||
| 485 | as usual. | ||
| 486 | .El | ||
| 458 | .Ss Other parameters | 487 | .Ss Other parameters |
| 459 | The | 488 | The |
| 460 | .Fn EVP_PKEY_CTX_set1_id , | 489 | .Fn EVP_PKEY_CTX_set1_id , |