1 files changed, 311 insertions, 0 deletions
diff --git a/src/lib/libcrypto/man/EC_GROUP_new_by_curve_name.3 b/src/lib/libcrypto/man/EC_GROUP_new_by_curve_name.3
new file mode 100644
index 0000000000..e05365874f
--- /dev/null
+++ b/src/lib/libcrypto/man/EC_GROUP_new_by_curve_name.3
@@ -0,0 +1,311 @@
+.\" $OpenBSD: EC_GROUP_new_by_curve_name.3,v 1.4 2025/06/13 18:34:00 schwarze Exp $
+.\"
+.\" Copyright (c) 2024, 2025 Theo Buehler <tb@openbsd.org>
+.\"
+.\" Permission to use, copy, modify, and distribute this software for any
+.\" purpose with or without fee is hereby granted, provided that the above
+.\" copyright notice and this permission notice appear in all copies.
+.\"
+.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+.\"
+.Dd $Mdocdate: June 13 2025 $
+.Dt EC_GROUP_NEW_BY_CURVE_NAME 3
+.Os
+.Sh NAME
+.Nm EC_GROUP_new_by_curve_name ,
+.Nm EC_GROUP_free ,
+.Nm EC_GROUP_dup ,
+.Nm EC_GROUP_cmp ,
+.Nm EC_get_builtin_curves ,
+.Nm EC_curve_nid2nist ,
+.Nm EC_curve_nist2nid
+.Nd instantiate named curves built into libcrypto
+.Sh SYNOPSIS
+.Lb libcrypto
+.In openssl/bn.h
+.In openssl/ec.h
+.In openssl/objects.h
+.Ft EC_GROUP *
+.Fo EC_GROUP_new_by_curve_name
+.Fa "int nid"
+.Fc
+.Ft void
+.Fo EC_GROUP_free
+.Fa "EC_GROUP *group"
+.Fc
+.Ft EC_GROUP *
+.Fo EC_GROUP_dup
+.Fa "const EC_GROUP *group"
+.Fc
+.Ft int
+.Fo EC_GROUP_cmp
+.Fa "const EC_GROUP *group1"
+.Fa "const EC_GROUP *group2"
+.Fa "BN_CTX *ctx"
+.Fc
+.Bd -literal
+typedef struct {
+        int nid;
+        const char *comment;
+} EC_builtin_curve;
+.Ed
+.Ft size_t
+.Fo EC_get_builtin_curves
+.Fa "EC_builtin_curve *curves"
+.Fa "size_t ncurves"
+.Fc
+.Ft int
+.Fo EC_curve_nist2nid
+.Fa "const char *name"
+.Fc
+.Ft const char *
+.Fo EC_curve_nid2nist
+.Fa "int nid"
+.Fc
+.Sh DESCRIPTION
+Most elliptic curves used in cryptographic protocols have a
+standardized representation as a
+.Em named curve ,
+where an ASN.1 Object Identifier (OID) is used instead of
+detailed domain parameters.
+This OID is represented internally by a Numerical Identifier (NID),
+and the parameters themselves must be built into the library.
+In the EC library the
+.Em curve name
+refers to this NID.
+.Pp
+.Fn EC_GROUP_new_by_curve_name
+returns a new
+.Vt EC_GROUP
+object representing the named curve corresponding to
+.Fa nid ,
+using the parameters built into the library.
+It is equivalent to passing the appropriate parameters to
+.Xr EC_GROUP_new_curve_GFp 3 ,
+.Xr EC_GROUP_set_curve_name 3 ,
+.Xr EC_GROUP_set_generator 3
+and
+.Xr EC_GROUP_set_seed 3 .
+.Pp
+.Fn EC_GROUP_free
+frees
+.Fa group
+and all the memory associated with it.
+If
+.Fa group
+is
+.Dv NULL ,
+no action occurs.
+.Pp
+.Fn EC_GROUP_dup
+creates a deep copy of
+.Fa group .
+.Pp
+.Fn EC_GROUP_cmp
+is intended to determine whether
+.Fa group1
+and
+.Fa group2
+represent the same elliptic curve,
+making use of the optional
+.Fa ctx .
+If the curve name is set on both curves, they are compared as integers,
+then the prime field,
+the coefficients of the Weierstrass equation,
+the generators, their order and their cofactors are compared
+using
+.Xr BN_cmp 3
+or
+.Xr EC_POINT_cmp 3 ,
+respectively.
+.Pp
+.Fn EC_get_builtin_curves
+returns the number of builtin curves.
+If
+.Fa curves
+is
+.Dv NULL
+or
+.Fa ncurves
+is zero, it performs no other action.
+Otherwise, after reducing
+.Fa ncurves
+to the number of builtin curves if necessary,
+it copies the
+.Fa nid
+and a pointer to the
+.Fa comment
+of the first
+.Fa ncurves
+built-in curves to the array of
+.Vt EC_builtin_curve
+objects pointed to by
+.Fa curves
+and leaves the remainder of the array uninitialized.
+.Pp
+Some curves can be identified by their NIST name
+in addition to the numerical identifier (NID).
+.Fn EC_curve_nist2nid
+and
+.Fn EC_curve_nid2nist
+translate between the two.
+The builtin NIST curves over a prime field are:
+.Pp
+.Bl -column "NIST name" NID_X9_62_prime256v1 "deprecated in SP800-186" -compact
+.It No NIST Fa name Ta Em ASN.1 NID       Ta Em notes
+.It Qq P-224   Ta Dv NID_secp224r1        Ta
+.It Qq P-256   Ta Dv NID_X9_62_prime256v1 Ta also known as secp256r1
+.It Qq P-384   Ta Dv NID_secp384r1        Ta
+.It Qq P-521   Ta Dv NID_secp521r1        Ta
+.El
+.Pp
+.Fn EC_curve_nist2nid
+and
+.Fn EC_curve_nid2nist
+also accept the binary curves defined in FIPS\& 186-4
+and deprecated in SP800-186,
+as well as
+.Qq P-192
+and
+.Dv NID_X9_62_prime192v1 ,
+although all these no longer correspond to builtin curves in LibreSSL.
+.Sh RETURN VALUES
+.Fn EC_GROUP_new_by_curve_name
+returns a newly allocated group or
+.Dv NULL
+if there is no built-in group with NID
+.Fa nid ,
+or if memory allocation fails.
+.Pp
+.Fn EC_GROUP_dup
+returns a newly allocated group or
+.Dv NULL
+if memory allocation fails.
+.Pp
+.Fn EC_GROUP_cmp
+returns 1 if the groups are distinct, 0 if the groups are
+considered identical and \-1 on memory allocation error.
+.Pp
+.Fn EC_get_builtin_curves
+returns the number of builtin curves.
+.Pp
+.Fn EC_curve_nid2nist
+returns a string constant containing the NIST name if
+.Fa nid
+identifies a NIST curve or
+.Dv NULL
+otherwise.
+.Pp
+.Fn EC_curve_nist2nid
+returns the NID corresponding to the NIST curve
+.Fa name ,
+or
+.Dv NID_undef .
+.Sh EXAMPLES
+Print the list of builtin curves, their NIDs, their NIST name and
+a comment describing each curve:
+.Bd -literal
+#include <err.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <unistd.h>
+#include <openssl/ec.h>
+int
+main(void)
+{
+        EC_builtin_curve *curves;
+        size_t ncurves, i;
+        if (pledge("stdio", NULL) == \-1)
+                err(1, "pledge");
+        ncurves = EC_get_builtin_curves(NULL, 0);
+        if ((curves = calloc(ncurves, sizeof(*curves))) == NULL)
+                err(1, NULL);
+        (void)EC_get_builtin_curves(curves, ncurves);
+        printf("curve\etnid\etNIST\etcomment\en");
+        for (i = 0; i < ncurves; i++) {
+                const char *nist_name = EC_curve_nid2nist(curves[i].nid);
+                printf("%2zu\et%d\et%s\et%s\en", i, curves[i].nid,
+                    nist_name != NULL ? nist_name : "", curves[i].comment);
+        }
+        free(curves);
+        return 0;
+}
+.Ed
+.Sh SEE ALSO
+.Xr crypto 3 ,
+.Xr d2i_ECPKParameters 3 ,
+.Xr EC_GROUP_check 3 ,
+.Xr EC_GROUP_get_curve_name 3 ,
+.Xr EC_GROUP_new_curve_GFp 3 ,
+.Xr EC_KEY_METHOD_new 3 ,
+.Xr EC_KEY_new 3 ,
+.Xr EC_POINT_add 3 ,
+.Xr EC_POINT_get_affine_coordinates 3 ,
+.Xr EC_POINT_new 3 ,
+.Xr EC_POINT_point2oct 3 ,
+.Xr ECDH_compute_key 3 ,
+.Xr ECDSA_SIG_new 3 ,
+.Xr OBJ_nid2obj 3
+.Sh STANDARDS
+.Rs
+.%T SEC 1: Elliptic Curve Cryptography, Version 2.0
+.%U https://www.secg.org/sec1-v2.pdf
+.%D May 21, 2009
+.Re
+.Pp
+.Rs
+.%T SEC 2: Recommended Elliptic Curve Domain Parameters, Version 2.0
+.%U https://www.secg.org/sec2-v2.pdf
+.%D Jan 27, 2010
+.Re
+.Sh HISTORY
+.Fn EC_GROUP_free
+first appeared in OpenSSL 0.9.7 and has been available since
+.Ox 3.2 .
+.Pp
+.Fn EC_GROUP_new_by_curve_name ,
+.Fn EC_GROUP_cmp ,
+.Fn EC_GROUP_dup ,
+and
+.Fn EC_get_builtin_curves
+first appeared in OpenSSL 0.9.8 and have been available since
+.Ox 4.5 .
+.Pp
+.Fn EC_curve_nid2nist
+and
+.Fn EC_curve_nist2nid
+first appeared in OpenSSL 1.1.0 and have been available since
+.Ox 5.8 .
+.Sh BUGS
+.Fn EC_GROUP_cmp
+compares the coefficients of the Weierstrass equation as
+integers, not as elements of the prime field.
+It also treats the generator as mandatory while it is generally
+optional in the EC library.
+Aspects of the ASN.1 encoding controlled by the functions in
+.Xr EC_GROUP_get_asn1_flag 3 ,
+in particular seed, ASN.1 flag, and point conversion form,
+are ignored in the comparison.
+Group objects may therefore compare as equal and produce
+completely different ASN.1 encodings via
+.Xr i2d_ECPKParameters 3
+and related functions.
+In fact, either of these encodings might be valid or not,
+accepted or rejected by
+.Xr d2i_ECPKParameters 3 ,
+or the encoding might fail on one or both of the group objects.

diff --git a/src/lib/libcrypto/man/EC_GROUP_new_by_curve_name.3 b/src/lib/libcrypto/man/EC_GROUP_new_by_curve_name.3 new file mode 100644 index 0000000000..e05365874f --- /dev/null +++ b/src/lib/libcrypto/man/EC_GROUP_new_by_curve_name.3
@@ -0,0 +1,311 @@
	1	.\" $OpenBSD: EC_GROUP_new_by_curve_name.3,v 1.4 2025/06/13 18:34:00 schwarze Exp $
	2	.\"
	3	.\" Copyright (c) 2024, 2025 Theo Buehler <tb@openbsd.org>
	4	.\"
	5	.\" Permission to use, copy, modify, and distribute this software for any
	6	.\" purpose with or without fee is hereby granted, provided that the above
	7	.\" copyright notice and this permission notice appear in all copies.
	8	.\"
	9	.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
	10	.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
	11	.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
	12	.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
	13	.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
	14	.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
	15	.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
	16	.\"
	17	.Dd $Mdocdate: June 13 2025 $
	18	.Dt EC_GROUP_NEW_BY_CURVE_NAME 3
	19	.Os
	20	.Sh NAME
	21	.Nm EC_GROUP_new_by_curve_name ,
	22	.Nm EC_GROUP_free ,
	23	.Nm EC_GROUP_dup ,
	24	.Nm EC_GROUP_cmp ,
	25	.Nm EC_get_builtin_curves ,
	26	.Nm EC_curve_nid2nist ,
	27	.Nm EC_curve_nist2nid
	28	.Nd instantiate named curves built into libcrypto
	29	.Sh SYNOPSIS
	30	.Lb libcrypto
	31	.In openssl/bn.h
	32	.In openssl/ec.h
	33	.In openssl/objects.h
	34	.Ft EC_GROUP *
	35	.Fo EC_GROUP_new_by_curve_name
	36	.Fa "int nid"
	37	.Fc
	38	.Ft void
	39	.Fo EC_GROUP_free
	40	.Fa "EC_GROUP *group"
	41	.Fc
	42	.Ft EC_GROUP *
	43	.Fo EC_GROUP_dup
	44	.Fa "const EC_GROUP *group"
	45	.Fc
	46	.Ft int
	47	.Fo EC_GROUP_cmp
	48	.Fa "const EC_GROUP *group1"
	49	.Fa "const EC_GROUP *group2"
	50	.Fa "BN_CTX *ctx"
	51	.Fc
	52	.Bd -literal
	53	typedef struct {
	54	int nid;
	55	const char *comment;
	56	} EC_builtin_curve;
	57
	58	.Ed
	59	.Ft size_t
	60	.Fo EC_get_builtin_curves
	61	.Fa "EC_builtin_curve *curves"
	62	.Fa "size_t ncurves"
	63	.Fc
	64	.Ft int
	65	.Fo EC_curve_nist2nid
	66	.Fa "const char *name"
	67	.Fc
	68	.Ft const char *
	69	.Fo EC_curve_nid2nist
	70	.Fa "int nid"
	71	.Fc
	72	.Sh DESCRIPTION
	73	Most elliptic curves used in cryptographic protocols have a
	74	standardized representation as a
	75	.Em named curve ,
	76	where an ASN.1 Object Identifier (OID) is used instead of
	77	detailed domain parameters.
	78	This OID is represented internally by a Numerical Identifier (NID),
	79	and the parameters themselves must be built into the library.
	80	In the EC library the
	81	.Em curve name
	82	refers to this NID.
	83	.Pp
	84	.Fn EC_GROUP_new_by_curve_name
	85	returns a new
	86	.Vt EC_GROUP
	87	object representing the named curve corresponding to
	88	.Fa nid ,
	89	using the parameters built into the library.
	90	It is equivalent to passing the appropriate parameters to
	91	.Xr EC_GROUP_new_curve_GFp 3 ,
	92	.Xr EC_GROUP_set_curve_name 3 ,
	93	.Xr EC_GROUP_set_generator 3
	94	and
	95	.Xr EC_GROUP_set_seed 3 .
	96	.Pp
	97	.Fn EC_GROUP_free
	98	frees
	99	.Fa group
	100	and all the memory associated with it.
	101	If
	102	.Fa group
	103	is
	104	.Dv NULL ,
	105	no action occurs.
	106	.Pp
	107	.Fn EC_GROUP_dup
	108	creates a deep copy of
	109	.Fa group .
	110	.Pp
	111	.Fn EC_GROUP_cmp
	112	is intended to determine whether
	113	.Fa group1
	114	and
	115	.Fa group2
	116	represent the same elliptic curve,
	117	making use of the optional
	118	.Fa ctx .
	119	If the curve name is set on both curves, they are compared as integers,
	120	then the prime field,
	121	the coefficients of the Weierstrass equation,
	122	the generators, their order and their cofactors are compared
	123	using
	124	.Xr BN_cmp 3
	125	or
	126	.Xr EC_POINT_cmp 3 ,
	127	respectively.
	128	.Pp
	129	.Fn EC_get_builtin_curves
	130	returns the number of builtin curves.
	131	If
	132	.Fa curves
	133	is
	134	.Dv NULL
	135	or
	136	.Fa ncurves
	137	is zero, it performs no other action.
	138	Otherwise, after reducing
	139	.Fa ncurves
	140	to the number of builtin curves if necessary,
	141	it copies the
	142	.Fa nid
	143	and a pointer to the
	144	.Fa comment
	145	of the first
	146	.Fa ncurves
	147	built-in curves to the array of
	148	.Vt EC_builtin_curve
	149	objects pointed to by
	150	.Fa curves
	151	and leaves the remainder of the array uninitialized.
	152	.Pp
	153	Some curves can be identified by their NIST name
	154	in addition to the numerical identifier (NID).
	155	.Fn EC_curve_nist2nid
	156	and
	157	.Fn EC_curve_nid2nist
	158	translate between the two.
	159	The builtin NIST curves over a prime field are:
	160	.Pp
	161	.Bl -column "NIST name" NID_X9_62_prime256v1 "deprecated in SP800-186" -compact
	162	.It No NIST Fa name Ta Em ASN.1 NID Ta Em notes
	163	.It Qq P-224 Ta Dv NID_secp224r1 Ta
	164	.It Qq P-256 Ta Dv NID_X9_62_prime256v1 Ta also known as secp256r1
	165	.It Qq P-384 Ta Dv NID_secp384r1 Ta
	166	.It Qq P-521 Ta Dv NID_secp521r1 Ta
	167	.El
	168	.Pp
	169	.Fn EC_curve_nist2nid
	170	and
	171	.Fn EC_curve_nid2nist
	172	also accept the binary curves defined in FIPS\& 186-4
	173	and deprecated in SP800-186,
	174	as well as
	175	.Qq P-192
	176	and
	177	.Dv NID_X9_62_prime192v1 ,
	178	although all these no longer correspond to builtin curves in LibreSSL.
	179	.Sh RETURN VALUES
	180	.Fn EC_GROUP_new_by_curve_name
	181	returns a newly allocated group or
	182	.Dv NULL
	183	if there is no built-in group with NID
	184	.Fa nid ,
	185	or if memory allocation fails.
	186	.Pp
	187	.Fn EC_GROUP_dup
	188	returns a newly allocated group or
	189	.Dv NULL
	190	if memory allocation fails.
	191	.Pp
	192	.Fn EC_GROUP_cmp
	193	returns 1 if the groups are distinct, 0 if the groups are
	194	considered identical and \-1 on memory allocation error.
	195	.Pp
	196	.Fn EC_get_builtin_curves
	197	returns the number of builtin curves.
	198	.Pp
	199	.Fn EC_curve_nid2nist
	200	returns a string constant containing the NIST name if
	201	.Fa nid
	202	identifies a NIST curve or
	203	.Dv NULL
	204	otherwise.
	205	.Pp
	206	.Fn EC_curve_nist2nid
	207	returns the NID corresponding to the NIST curve
	208	.Fa name ,
	209	or
	210	.Dv NID_undef .
	211	.Sh EXAMPLES
	212	Print the list of builtin curves, their NIDs, their NIST name and
	213	a comment describing each curve:
	214	.Bd -literal
	215	#include <err.h>
	216	#include <stdio.h>
	217	#include <stdlib.h>
	218	#include <unistd.h>
	219
	220	#include <openssl/ec.h>
	221
	222	int
	223	main(void)
	224	{
	225	EC_builtin_curve *curves;
	226	size_t ncurves, i;
	227
	228	if (pledge("stdio", NULL) == \-1)
	229	err(1, "pledge");
	230
	231	ncurves = EC_get_builtin_curves(NULL, 0);
	232	if ((curves = calloc(ncurves, sizeof(*curves))) == NULL)
	233	err(1, NULL);
	234	(void)EC_get_builtin_curves(curves, ncurves);
	235
	236	printf("curve\etnid\etNIST\etcomment\en");
	237	for (i = 0; i < ncurves; i++) {
	238	const char *nist_name = EC_curve_nid2nist(curves[i].nid);
	239
	240	printf("%2zu\et%d\et%s\et%s\en", i, curves[i].nid,
	241	nist_name != NULL ? nist_name : "", curves[i].comment);
	242	}
	243
	244	free(curves);
	245
	246	return 0;
	247	}
	248	.Ed
	249	.Sh SEE ALSO
	250	.Xr crypto 3 ,
	251	.Xr d2i_ECPKParameters 3 ,
	252	.Xr EC_GROUP_check 3 ,
	253	.Xr EC_GROUP_get_curve_name 3 ,
	254	.Xr EC_GROUP_new_curve_GFp 3 ,
	255	.Xr EC_KEY_METHOD_new 3 ,
	256	.Xr EC_KEY_new 3 ,
	257	.Xr EC_POINT_add 3 ,
	258	.Xr EC_POINT_get_affine_coordinates 3 ,
	259	.Xr EC_POINT_new 3 ,
	260	.Xr EC_POINT_point2oct 3 ,
	261	.Xr ECDH_compute_key 3 ,
	262	.Xr ECDSA_SIG_new 3 ,
	263	.Xr OBJ_nid2obj 3
	264	.Sh STANDARDS
	265	.Rs
	266	.%T SEC 1: Elliptic Curve Cryptography, Version 2.0
	267	.%U https://www.secg.org/sec1-v2.pdf
	268	.%D May 21, 2009
	269	.Re
	270	.Pp
	271	.Rs
	272	.%T SEC 2: Recommended Elliptic Curve Domain Parameters, Version 2.0
	273	.%U https://www.secg.org/sec2-v2.pdf
	274	.%D Jan 27, 2010
	275	.Re
	276	.Sh HISTORY
	277	.Fn EC_GROUP_free
	278	first appeared in OpenSSL 0.9.7 and has been available since
	279	.Ox 3.2 .
	280	.Pp
	281	.Fn EC_GROUP_new_by_curve_name ,
	282	.Fn EC_GROUP_cmp ,
	283	.Fn EC_GROUP_dup ,
	284	and
	285	.Fn EC_get_builtin_curves
	286	first appeared in OpenSSL 0.9.8 and have been available since
	287	.Ox 4.5 .
	288	.Pp
	289	.Fn EC_curve_nid2nist
	290	and
	291	.Fn EC_curve_nist2nid
	292	first appeared in OpenSSL 1.1.0 and have been available since
	293	.Ox 5.8 .
	294	.Sh BUGS
	295	.Fn EC_GROUP_cmp
	296	compares the coefficients of the Weierstrass equation as
	297	integers, not as elements of the prime field.
	298	It also treats the generator as mandatory while it is generally
	299	optional in the EC library.
	300	Aspects of the ASN.1 encoding controlled by the functions in
	301	.Xr EC_GROUP_get_asn1_flag 3 ,
	302	in particular seed, ASN.1 flag, and point conversion form,
	303	are ignored in the comparison.
	304	Group objects may therefore compare as equal and produce
	305	completely different ASN.1 encodings via
	306	.Xr i2d_ECPKParameters 3
	307	and related functions.
	308	In fact, either of these encodings might be valid or not,
	309	accepted or rejected by
	310	.Xr d2i_ECPKParameters 3 ,
	311	or the encoding might fail on one or both of the group objects.