1 files changed, 245 insertions, 0 deletions
diff --git a/src/lib/libcrypto/man/EVP_PKEY_CTX_ctrl.3 b/src/lib/libcrypto/man/EVP_PKEY_CTX_ctrl.3
new file mode 100644
index 0000000000..5b1b94653a
--- /dev/null
+++ b/src/lib/libcrypto/man/EVP_PKEY_CTX_ctrl.3
@@ -0,0 +1,245 @@
+.Dd $Mdocdate: November 3 2016 $
+.Dt EVP_PKEY_CTX_CTRL 3
+.Os
+.Sh NAME
+.Nm EVP_PKEY_CTX_ctrl ,
+.Nm EVP_PKEY_CTX_ctrl_str ,
+.Nm EVP_PKEY_get_default_digest_nid ,
+.Nm EVP_PKEY_CTX_set_signature_md ,
+.Nm EVP_PKEY_CTX_set_rsa_padding ,
+.Nm EVP_PKEY_CTX_set_rsa_pss_saltlen ,
+.Nm EVP_PKEY_CTX_set_rsa_rsa_keygen_bits ,
+.Nm EVP_PKEY_CTX_set_rsa_keygen_pubexp ,
+.Nm EVP_PKEY_CTX_set_dsa_paramgen_bits ,
+.Nm EVP_PKEY_CTX_set_dh_paramgen_prime_len ,
+.Nm EVP_PKEY_CTX_set_dh_paramgen_generator ,
+.Nm EVP_PKEY_CTX_set_ec_paramgen_curve_nid
+.Nd algorithm specific control operations
+.Sh SYNOPSIS
+.In openssl/evp.h
+.Ft int
+.Fo EVP_PKEY_CTX_ctrl
+.Fa "EVP_PKEY_CTX *ctx"
+.Fa "int keytype"
+.Fa "int optype"
+.Fa "int cmd"
+.Fa "int p1"
+.Fa "void *p2"
+.Fc
+.Ft int
+.Fo EVP_PKEY_CTX_ctrl_str
+.Fa "EVP_PKEY_CTX *ctx"
+.Fa "const char *type"
+.Fa "const char *value"
+.Fc
+.Ft int
+.Fo EVP_PKEY_get_default_digest_nid
+.Fa "EVP_PKEY *pkey"
+.Fa "int *pnid"
+.Fc
+.In openssl/rsa.h
+.Ft int
+.Fo EVP_PKEY_CTX_set_signature_md
+.Fa "EVP_PKEY_CTX *ctx"
+.Fa "const EVP_MD *md"
+.Fc
+.Ft int
+.Fo EVP_PKEY_CTX_set_rsa_padding
+.Fa "EVP_PKEY_CTX *ctx"
+.Fa "int pad"
+.Fc
+.Ft int
+.Fo EVP_PKEY_CTX_set_rsa_pss_saltlen
+.Fa "EVP_PKEY_CTX *ctx"
+.Fa "int len"
+.Fc
+.Ft int
+.Fo EVP_PKEY_CTX_set_rsa_rsa_keygen_bits
+.Fa "EVP_PKEY_CTX *ctx"
+.Fa "int mbits"
+.Fc
+.Ft int
+.Fo EVP_PKEY_CTX_set_rsa_keygen_pubexp
+.Fa "EVP_PKEY_CTX *ctx"
+.Fa "BIGNUM *pubexp"
+.Fc
+.In openssl/dsa.h
+.Ft int
+.Fo EVP_PKEY_CTX_set_dsa_paramgen_bits
+.Fa "EVP_PKEY_CTX *ctx"
+.Fa "int nbits"
+.Fc
+.In openssl/dh.h
+.Ft int
+.Fo EVP_PKEY_CTX_set_dh_paramgen_prime_len
+.Fa "EVP_PKEY_CTX *ctx"
+.Fa "int len"
+.Fc
+.Ft int
+.Fo EVP_PKEY_CTX_set_dh_paramgen_generator
+.Fa "EVP_PKEY_CTX *ctx"
+.Fa "int gen"
+.Fc
+.In openssl/ec.h
+.Ft int
+.Fo EVP_PKEY_CTX_set_ec_paramgen_curve_nid
+.Fa "EVP_PKEY_CTX *ctx"
+.Fa "int nid"
+.Fc
+.Sh DESCRIPTION
+The function
+.Fn EVP_PKEY_CTX_ctrl
+sends a control operation to the context
+.Fa ctx .
+The key type used must match
+.Fa keytype
+if it is not -1.
+The parameter
+.Fa optype
+is a mask indicating which operations the control can be applied to.
+The control command is indicated in
+.Fa cmd
+and any additional arguments in
+.Fa p1
+and
+.Fa p2 .
+.Pp
+Applications will not normally call
+.Fn EVP_PKEY_CTX_ctrl
+directly but will instead call one of the algorithm specific macros
+below.
+.Pp
+The function
+.Fn EVP_PKEY_CTX_ctrl_str
+allows an application to send an algorithm specific control operation to
+a context
+.Fa ctx
+in string form.
+This is intended to be used for options specified on the command line or
+in text files.
+The commands supported are documented in the
+.Xr openssl 1
+utility command line pages for the option
+.Fl pkeyopt
+which is supported by the
+.Cm pkeyutl ,
+.Cm genpkey ,
+and
+.Cm req
+commands.
+.Pp
+All the remaining "functions" are implemented as macros.
+.Pp
+The
+.Fn EVP_PKEY_CTX_set_signature_md
+macro sets the message digest type used in a signature.
+It can be used with any public key algorithm supporting signature
+operations.
+.Pp
+The macro
+.Fn EVP_PKEY_CTX_set_rsa_padding
+sets the RSA padding mode for
+.Fa ctx .
+The
+.Fa pad
+parameter can take the value
+.Dv RSA_PKCS1_PADDING
+for PKCS#1 padding,
+.Dv RSA_SSLV23_PADDING
+for SSLv23 padding,
+.Dv RSA_NO_PADDING
+for no padding,
+.Dv RSA_PKCS1_OAEP_PADDING
+for OAEP padding (encrypt and decrypt only),
+.Dv RSA_X931_PADDING
+for X9.31 padding (signature operations only) and
+.Dv RSA_PKCS1_PSS_PADDING
+(sign and verify only).
+.Pp
+Two RSA padding modes behave differently if
+.Fn EVP_PKEY_CTX_set_signature_md
+is used.
+If this macro is called for PKCS#1 padding, the plaintext buffer is an
+actual digest value and is encapsulated in a DigestInfo structure
+according to PKCS#1 when signing and this structure is expected (and
+stripped off) when verifying.
+If this control is not used with RSA and PKCS#1 padding then the
+supplied data is used directly and not encapsulated.
+In the case of X9.31 padding for RSA the algorithm identifier byte is
+added or checked and removed if this control is called.
+If it is not called then the first byte of the plaintext buffer is
+expected to be the algorithm identifier byte.
+.Pp
+The
+.Fn EVP_PKEY_CTX_set_rsa_pss_saltlen
+macro sets the RSA PSS salt length to
+.Fa len
+as its name implies it is only supported for PSS padding.
+Two special values are supported: -1 sets the salt length to the digest
+length.
+When signing -2 sets the salt length to the maximum permissible value.
+When verifying -2 causes the salt length to be automatically determined
+based on the PSS block structure.
+If this macro is not called a salt length value of -2 is used by
+default.
+.Pp
+The
+.Fn EVP_PKEY_CTX_set_rsa_rsa_keygen_bits
+macro sets the RSA key length for RSA key generation to
+.Fa mbits .
+If not specified, 1024 bits is used.
+.Pp
+The
+.Fn EVP_PKEY_CTX_set_rsa_keygen_pubexp
+macro sets the public exponent value for RSA key generation to
+.Fa pubexp .
+Currently, it should be an odd integer.
+The
+.Fa pubexp
+pointer is used internally by this function, so it should not be modified
+or freed after the call.
+If this macro is not called, then 65537 is used.
+.Pp
+The macro
+.Fn EVP_PKEY_CTX_set_dsa_paramgen_bits
+sets the number of bits used for DSA parameter generation to
+.Fa nbits .
+If not specified, 1024 is used.
+.Pp
+The macro
+.Fn EVP_PKEY_CTX_set_dh_paramgen_prime_len
+sets the length of the DH prime parameter
+.Fa len
+for DH parameter generation.
+If this macro is not called, then 1024 is used.
+.Pp
+The
+.Fn EVP_PKEY_CTX_set_dh_paramgen_generator
+macro sets DH generator to
+.Fa gen
+for DH parameter generation.
+If not specified, 2 is used.
+.Pp
+The
+.Fn EVP_PKEY_CTX_set_ec_paramgen_curve_nid
+sets the EC curve for EC parameter generation to
+.Fa nid .
+For EC parameter generation, this macro must be called or an error occurs
+because there is no default curve.
+.Sh RETURN VALUES
+.Fn EVP_PKEY_CTX_ctrl
+and its macros return a positive value for success and 0 or a negative
+value for failure.
+In particular, a return value of -2 indicates the operation is not
+supported by the public key algorithm.
+.Sh SEE ALSO
+.Xr EVP_PKEY_CTX_new 3 ,
+.Xr EVP_PKEY_decrypt 3 ,
+.Xr EVP_PKEY_derive 3 ,
+.Xr EVP_PKEY_encrypt 3 ,
+.Xr EVP_PKEY_keygen 3 ,
+.Xr EVP_PKEY_sign 3 ,
+.Xr EVP_PKEY_verify 3 ,
+.Xr EVP_PKEY_verify_recover 3
+.Sh HISTORY
+These functions were first added to OpenSSL 1.0.0.

diff --git a/src/lib/libcrypto/man/EVP_PKEY_CTX_ctrl.3 b/src/lib/libcrypto/man/EVP_PKEY_CTX_ctrl.3 new file mode 100644 index 0000000000..5b1b94653a --- /dev/null +++ b/src/lib/libcrypto/man/EVP_PKEY_CTX_ctrl.3
@@ -0,0 +1,245 @@
	1	.Dd $Mdocdate: November 3 2016 $
	2	.Dt EVP_PKEY_CTX_CTRL 3
	3	.Os
	4	.Sh NAME
	5	.Nm EVP_PKEY_CTX_ctrl ,
	6	.Nm EVP_PKEY_CTX_ctrl_str ,
	7	.Nm EVP_PKEY_get_default_digest_nid ,
	8	.Nm EVP_PKEY_CTX_set_signature_md ,
	9	.Nm EVP_PKEY_CTX_set_rsa_padding ,
	10	.Nm EVP_PKEY_CTX_set_rsa_pss_saltlen ,
	11	.Nm EVP_PKEY_CTX_set_rsa_rsa_keygen_bits ,
	12	.Nm EVP_PKEY_CTX_set_rsa_keygen_pubexp ,
	13	.Nm EVP_PKEY_CTX_set_dsa_paramgen_bits ,
	14	.Nm EVP_PKEY_CTX_set_dh_paramgen_prime_len ,
	15	.Nm EVP_PKEY_CTX_set_dh_paramgen_generator ,
	16	.Nm EVP_PKEY_CTX_set_ec_paramgen_curve_nid
	17	.Nd algorithm specific control operations
	18	.Sh SYNOPSIS
	19	.In openssl/evp.h
	20	.Ft int
	21	.Fo EVP_PKEY_CTX_ctrl
	22	.Fa "EVP_PKEY_CTX *ctx"
	23	.Fa "int keytype"
	24	.Fa "int optype"
	25	.Fa "int cmd"
	26	.Fa "int p1"
	27	.Fa "void *p2"
	28	.Fc
	29	.Ft int
	30	.Fo EVP_PKEY_CTX_ctrl_str
	31	.Fa "EVP_PKEY_CTX *ctx"
	32	.Fa "const char *type"
	33	.Fa "const char *value"
	34	.Fc
	35	.Ft int
	36	.Fo EVP_PKEY_get_default_digest_nid
	37	.Fa "EVP_PKEY *pkey"
	38	.Fa "int *pnid"
	39	.Fc
	40	.In openssl/rsa.h
	41	.Ft int
	42	.Fo EVP_PKEY_CTX_set_signature_md
	43	.Fa "EVP_PKEY_CTX *ctx"
	44	.Fa "const EVP_MD *md"
	45	.Fc
	46	.Ft int
	47	.Fo EVP_PKEY_CTX_set_rsa_padding
	48	.Fa "EVP_PKEY_CTX *ctx"
	49	.Fa "int pad"
	50	.Fc
	51	.Ft int
	52	.Fo EVP_PKEY_CTX_set_rsa_pss_saltlen
	53	.Fa "EVP_PKEY_CTX *ctx"
	54	.Fa "int len"
	55	.Fc
	56	.Ft int
	57	.Fo EVP_PKEY_CTX_set_rsa_rsa_keygen_bits
	58	.Fa "EVP_PKEY_CTX *ctx"
	59	.Fa "int mbits"
	60	.Fc
	61	.Ft int
	62	.Fo EVP_PKEY_CTX_set_rsa_keygen_pubexp
	63	.Fa "EVP_PKEY_CTX *ctx"
	64	.Fa "BIGNUM *pubexp"
	65	.Fc
	66	.In openssl/dsa.h
	67	.Ft int
	68	.Fo EVP_PKEY_CTX_set_dsa_paramgen_bits
	69	.Fa "EVP_PKEY_CTX *ctx"
	70	.Fa "int nbits"
	71	.Fc
	72	.In openssl/dh.h
	73	.Ft int
	74	.Fo EVP_PKEY_CTX_set_dh_paramgen_prime_len
	75	.Fa "EVP_PKEY_CTX *ctx"
	76	.Fa "int len"
	77	.Fc
	78	.Ft int
	79	.Fo EVP_PKEY_CTX_set_dh_paramgen_generator
	80	.Fa "EVP_PKEY_CTX *ctx"
	81	.Fa "int gen"
	82	.Fc
	83	.In openssl/ec.h
	84	.Ft int
	85	.Fo EVP_PKEY_CTX_set_ec_paramgen_curve_nid
	86	.Fa "EVP_PKEY_CTX *ctx"
	87	.Fa "int nid"
	88	.Fc
	89	.Sh DESCRIPTION
	90	The function
	91	.Fn EVP_PKEY_CTX_ctrl
	92	sends a control operation to the context
	93	.Fa ctx .
	94	The key type used must match
	95	.Fa keytype
	96	if it is not -1.
	97	The parameter
	98	.Fa optype
	99	is a mask indicating which operations the control can be applied to.
	100	The control command is indicated in
	101	.Fa cmd
	102	and any additional arguments in
	103	.Fa p1
	104	and
	105	.Fa p2 .
	106	.Pp
	107	Applications will not normally call
	108	.Fn EVP_PKEY_CTX_ctrl
	109	directly but will instead call one of the algorithm specific macros
	110	below.
	111	.Pp
	112	The function
	113	.Fn EVP_PKEY_CTX_ctrl_str
	114	allows an application to send an algorithm specific control operation to
	115	a context
	116	.Fa ctx
	117	in string form.
	118	This is intended to be used for options specified on the command line or
	119	in text files.
	120	The commands supported are documented in the
	121	.Xr openssl 1
	122	utility command line pages for the option
	123	.Fl pkeyopt
	124	which is supported by the
	125	.Cm pkeyutl ,
	126	.Cm genpkey ,
	127	and
	128	.Cm req
	129	commands.
	130	.Pp
	131	All the remaining "functions" are implemented as macros.
	132	.Pp
	133	The
	134	.Fn EVP_PKEY_CTX_set_signature_md
	135	macro sets the message digest type used in a signature.
	136	It can be used with any public key algorithm supporting signature
	137	operations.
	138	.Pp
	139	The macro
	140	.Fn EVP_PKEY_CTX_set_rsa_padding
	141	sets the RSA padding mode for
	142	.Fa ctx .
	143	The
	144	.Fa pad
	145	parameter can take the value
	146	.Dv RSA_PKCS1_PADDING
	147	for PKCS#1 padding,
	148	.Dv RSA_SSLV23_PADDING
	149	for SSLv23 padding,
	150	.Dv RSA_NO_PADDING
	151	for no padding,
	152	.Dv RSA_PKCS1_OAEP_PADDING
	153	for OAEP padding (encrypt and decrypt only),
	154	.Dv RSA_X931_PADDING
	155	for X9.31 padding (signature operations only) and
	156	.Dv RSA_PKCS1_PSS_PADDING
	157	(sign and verify only).
	158	.Pp
	159	Two RSA padding modes behave differently if
	160	.Fn EVP_PKEY_CTX_set_signature_md
	161	is used.
	162	If this macro is called for PKCS#1 padding, the plaintext buffer is an
	163	actual digest value and is encapsulated in a DigestInfo structure
	164	according to PKCS#1 when signing and this structure is expected (and
	165	stripped off) when verifying.
	166	If this control is not used with RSA and PKCS#1 padding then the
	167	supplied data is used directly and not encapsulated.
	168	In the case of X9.31 padding for RSA the algorithm identifier byte is
	169	added or checked and removed if this control is called.
	170	If it is not called then the first byte of the plaintext buffer is
	171	expected to be the algorithm identifier byte.
	172	.Pp
	173	The
	174	.Fn EVP_PKEY_CTX_set_rsa_pss_saltlen
	175	macro sets the RSA PSS salt length to
	176	.Fa len
	177	as its name implies it is only supported for PSS padding.
	178	Two special values are supported: -1 sets the salt length to the digest
	179	length.
	180	When signing -2 sets the salt length to the maximum permissible value.
	181	When verifying -2 causes the salt length to be automatically determined
	182	based on the PSS block structure.
	183	If this macro is not called a salt length value of -2 is used by
	184	default.
	185	.Pp
	186	The
	187	.Fn EVP_PKEY_CTX_set_rsa_rsa_keygen_bits
	188	macro sets the RSA key length for RSA key generation to
	189	.Fa mbits .
	190	If not specified, 1024 bits is used.
	191	.Pp
	192	The
	193	.Fn EVP_PKEY_CTX_set_rsa_keygen_pubexp
	194	macro sets the public exponent value for RSA key generation to
	195	.Fa pubexp .
	196	Currently, it should be an odd integer.
	197	The
	198	.Fa pubexp
	199	pointer is used internally by this function, so it should not be modified
	200	or freed after the call.
	201	If this macro is not called, then 65537 is used.
	202	.Pp
	203	The macro
	204	.Fn EVP_PKEY_CTX_set_dsa_paramgen_bits
	205	sets the number of bits used for DSA parameter generation to
	206	.Fa nbits .
	207	If not specified, 1024 is used.
	208	.Pp
	209	The macro
	210	.Fn EVP_PKEY_CTX_set_dh_paramgen_prime_len
	211	sets the length of the DH prime parameter
	212	.Fa len
	213	for DH parameter generation.
	214	If this macro is not called, then 1024 is used.
	215	.Pp
	216	The
	217	.Fn EVP_PKEY_CTX_set_dh_paramgen_generator
	218	macro sets DH generator to
	219	.Fa gen
	220	for DH parameter generation.
	221	If not specified, 2 is used.
	222	.Pp
	223	The
	224	.Fn EVP_PKEY_CTX_set_ec_paramgen_curve_nid
	225	sets the EC curve for EC parameter generation to
	226	.Fa nid .
	227	For EC parameter generation, this macro must be called or an error occurs
	228	because there is no default curve.
	229	.Sh RETURN VALUES
	230	.Fn EVP_PKEY_CTX_ctrl
	231	and its macros return a positive value for success and 0 or a negative
	232	value for failure.
	233	In particular, a return value of -2 indicates the operation is not
	234	supported by the public key algorithm.
	235	.Sh SEE ALSO
	236	.Xr EVP_PKEY_CTX_new 3 ,
	237	.Xr EVP_PKEY_decrypt 3 ,
	238	.Xr EVP_PKEY_derive 3 ,
	239	.Xr EVP_PKEY_encrypt 3 ,
	240	.Xr EVP_PKEY_keygen 3 ,
	241	.Xr EVP_PKEY_sign 3 ,
	242	.Xr EVP_PKEY_verify 3 ,
	243	.Xr EVP_PKEY_verify_recover 3
	244	.Sh HISTORY
	245	These functions were first added to OpenSSL 1.0.0.