1 files changed, 0 insertions, 254 deletions
diff --git a/src/lib/libcrypto/man/EVP_PKEY_derive.3 b/src/lib/libcrypto/man/EVP_PKEY_derive.3
deleted file mode 100644
index 47f467fea1..0000000000
--- a/src/lib/libcrypto/man/EVP_PKEY_derive.3
+++ /dev/null
@@ -1,254 +0,0 @@
-.\" $OpenBSD: EVP_PKEY_derive.3,v 1.12 2024/12/06 14:27:49 schwarze Exp $
-.\" full merge up to: OpenSSL 48e5119a Jan 19 10:49:22 2018 +0100
-.\"
-.\" This file is a derived work.
-.\" The changes are covered by the following Copyright and license:
-.\"
-.\" Copyright (c) 2023 Ingo Schwarze <schwarze@openbsd.org>
-.\"
-.\" Permission to use, copy, modify, and distribute this software for any
-.\" purpose with or without fee is hereby granted, provided that the above
-.\" copyright notice and this permission notice appear in all copies.
-.\"
-.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
-.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
-.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
-.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
-.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
-.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
-.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-.\"
-.\" The original file was written by Dr. Stephen Henson <steve@openssl.org>.
-.\" Copyright (c) 2006, 2009, 2013, 2018 The OpenSSL Project.
-.\" All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in
-.\"    the documentation and/or other materials provided with the
-.\"    distribution.
-.\"
-.\" 3. All advertising materials mentioning features or use of this
-.\"    software must display the following acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-.\"
-.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-.\"    endorse or promote products derived from this software without
-.\"    prior written permission. For written permission, please contact
-.\"    openssl-core@openssl.org.
-.\"
-.\" 5. Products derived from this software may not be called "OpenSSL"
-.\"    nor may "OpenSSL" appear in their names without prior written
-.\"    permission of the OpenSSL Project.
-.\"
-.\" 6. Redistributions of any form whatsoever must retain the following
-.\"    acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
-.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-.\" OF THE POSSIBILITY OF SUCH DAMAGE.
-.\"
-.Dd $Mdocdate: December 6 2024 $
-.Dt EVP_PKEY_DERIVE 3
-.Os
-.Sh NAME
-.Nm EVP_PKEY_derive_init ,
-.Nm EVP_PKEY_derive_set_peer ,
-.Nm EVP_PKEY_CTX_get0_peerkey ,
-.Nm EVP_PKEY_derive
-.Nd derive public key algorithm shared secret
-.Sh SYNOPSIS
-.In openssl/evp.h
-.Ft int
-.Fo EVP_PKEY_derive_init
-.Fa "EVP_PKEY_CTX *ctx"
-.Fc
-.Ft int
-.Fo EVP_PKEY_derive_set_peer
-.Fa "EVP_PKEY_CTX *ctx"
-.Fa "EVP_PKEY *peerkey"
-.Fc
-.Ft EVP_PKEY *
-.Fo EVP_PKEY_CTX_get0_peerkey
-.Fa "EVP_PKEY_CTX *ctx"
-.Fc
-.Ft int
-.Fo EVP_PKEY_derive
-.Fa "EVP_PKEY_CTX *ctx"
-.Fa "unsigned char *key"
-.Fa "size_t *keylen"
-.Fc
-.Sh DESCRIPTION
-.Fn EVP_PKEY_derive_init
-initializes the public key algorithm context
-.Fa ctx
-for shared secret derivation using the
-.Vt EVP_PKEY
-object already stored in
-.Fa ctx .
-The library provides built-in support for keys with an
-.Xr EVP_PKEY_base_id 3
-of
-.Dv EVP_PKEY_DH ,
-.Dv EVP_PKEY_EC ,
-.Dv EVP_PKEY_HKDF ,
-and
-.Dv EVP_PKEY_X25519 .
-.Pp
-After the call to
-.Fn EVP_PKEY_derive_init ,
-algorithm specific control operations can optionally be performed
-to set any appropriate parameters for the operation.
-.Pp
-.Fn EVP_PKEY_derive_set_peer
-configures the
-.Fa ctx ,
-which already needs to be initialized with
-.Fn EVP_PKEY_derive_init ,
-.Xr EVP_PKEY_encrypt_init 3 ,
-or
-.Xr EVP_PKEY_decrypt_init 3 ,
-to use the
-.Fa peerkey ,
-which is normally a public key.
-In case of success, the reference count of the
-.Fa peerkey
-is incremented by one.
-Consequently, the caller needs to call
-.Xr EVP_PKEY_free 3
-on the
-.Fa peerkey
-when the caller no longer needs it, even if it is still in use by
-.Fa ctx .
-.Pp
-.Fn EVP_PKEY_derive
-derives a shared secret using
-.Fa ctx .
-If
-.Fa key
-is
-.Dv NULL ,
-then the maximum size of the output buffer is written to the
-.Fa keylen
-parameter.
-If
-.Fa key
-is not
-.Dv NULL
-then before the call the
-.Fa keylen
-parameter should contain the length of the
-.Fa key
-buffer.
-If the call is successful, the shared secret is written to
-.Fa key
-and the amount of data written to
-.Fa keylen .
-.Pp
-The function
-.Fn EVP_PKEY_derive
-can be called more than once on the same context if several operations
-are performed using the same parameters.
-.Sh RETURN VALUES
-.Fn EVP_PKEY_derive_init ,
-.Fn EVP_PKEY_derive_set_peer ,
-and
-.Fn EVP_PKEY_derive
-return 1 for success and 0 or a negative value for failure.
-In particular, a return value of \-2 indicates the operation is not
-supported by the public key algorithm.
-.Pp
-For
-.Fn EVP_PKEY_derive_set_peer ,
-a return value of \-1 can for example occur if
-.Fa ctx
-is not properly initialized, does not contain an
-.Vt EVP_PKEY
-that can be retrieved with
-.Xr EVP_PKEY_CTX_get0_pkey 3 ,
-the
-.Xr EVP_PKEY_id 3
-of both keys mismatch, or
-.Xr EVP_PKEY_cmp_parameters 3
-reports mismatching key parameters.
-.Pp
-.Fn EVP_PKEY_derive
-fails with a return value of \-1 for example if
-.Fa ctx
-has not been successfully initialized with
-.Fn EVP_PKEY_derive_init .
-.Pp
-.Fn EVP_PKEY_CTX_get0_peerkey
-returns an internal pointer to the
-.Fa peerkey
-used by
-.Fa ctx
-without incrementing its reference count.
-.Sh EXAMPLES
-Derive shared secret (for example DH or EC keys):
-.Bd -literal -offset indent
-#include <openssl/evp.h>
-#include <openssl/rsa.h>
-EVP_PKEY_CTX *ctx;
-unsigned char *skey;
-size_t skeylen;
-EVP_PKEY *pkey, *peerkey;
-/* Assumes that pkey and peerkey have already been set up. */
-ctx = EVP_PKEY_CTX_new(pkey, NULL);
-if (!ctx)
-        /* Error occurred */
-if (EVP_PKEY_derive_init(ctx) <= 0)
-        /* Error */
-if (EVP_PKEY_derive_set_peer(ctx, peerkey) <= 0)
-        /* Error */
-/* Determine buffer length */
-if (EVP_PKEY_derive(ctx, NULL, &skeylen) <= 0)
-        /* Error */
-skey = malloc(skeylen);
-if (!skey)
-        /* malloc failure */
-if (EVP_PKEY_derive(ctx, skey, &skeylen) <= 0)
-        /* Error */
-/* Shared secret is skey bytes written to buffer skey */
-.Ed
-.Sh SEE ALSO
-.Xr EVP_PKEY_CTX_new 3 ,
-.Xr EVP_PKEY_decrypt 3 ,
-.Xr EVP_PKEY_encrypt 3 ,
-.Xr EVP_PKEY_sign 3 ,
-.Xr EVP_PKEY_verify 3 ,
-.Xr EVP_PKEY_verify_recover 3 ,
-.Xr X25519 3
-.Sh HISTORY
-.Fn EVP_PKEY_derive_init ,
-.Fn EVP_PKEY_derive_set_peer ,
-.Fn EVP_PKEY_CTX_get0_peerkey ,
-and
-.Fn EVP_PKEY_derive
-first appeared in OpenSSL 1.0.0 and have been available since
-.Ox 4.9 .

diff --git a/src/lib/libcrypto/man/EVP_PKEY_derive.3 b/src/lib/libcrypto/man/EVP_PKEY_derive.3 deleted file mode 100644 index 47f467fea1..0000000000 --- a/src/lib/libcrypto/man/EVP_PKEY_derive.3 +++ /dev/null
@@ -1,254 +0,0 @@
1	.\" $OpenBSD: EVP_PKEY_derive.3,v 1.12 2024/12/06 14:27:49 schwarze Exp $
2	.\" full merge up to: OpenSSL 48e5119a Jan 19 10:49:22 2018 +0100
3	.\"
4	.\" This file is a derived work.
5	.\" The changes are covered by the following Copyright and license:
6	.\"
7	.\" Copyright (c) 2023 Ingo Schwarze <schwarze@openbsd.org>
8	.\"
9	.\" Permission to use, copy, modify, and distribute this software for any
10	.\" purpose with or without fee is hereby granted, provided that the above
11	.\" copyright notice and this permission notice appear in all copies.
12	.\"
13	.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
14	.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
15	.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
16	.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
17	.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
18	.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
19	.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20	.\"
21	.\" The original file was written by Dr. Stephen Henson <steve@openssl.org>.
22	.\" Copyright (c) 2006, 2009, 2013, 2018 The OpenSSL Project.
23	.\" All rights reserved.
24	.\"
25	.\" Redistribution and use in source and binary forms, with or without
26	.\" modification, are permitted provided that the following conditions
27	.\" are met:
28	.\"
29	.\" 1. Redistributions of source code must retain the above copyright
30	.\" notice, this list of conditions and the following disclaimer.
31	.\"
32	.\" 2. Redistributions in binary form must reproduce the above copyright
33	.\" notice, this list of conditions and the following disclaimer in
34	.\" the documentation and/or other materials provided with the
35	.\" distribution.
36	.\"
37	.\" 3. All advertising materials mentioning features or use of this
38	.\" software must display the following acknowledgment:
39	.\" "This product includes software developed by the OpenSSL Project
40	.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
41	.\"
42	.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
43	.\" endorse or promote products derived from this software without
44	.\" prior written permission. For written permission, please contact
45	.\" openssl-core@openssl.org.
46	.\"
47	.\" 5. Products derived from this software may not be called "OpenSSL"
48	.\" nor may "OpenSSL" appear in their names without prior written
49	.\" permission of the OpenSSL Project.
50	.\"
51	.\" 6. Redistributions of any form whatsoever must retain the following
52	.\" acknowledgment:
53	.\" "This product includes software developed by the OpenSSL Project
54	.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)"
55	.\"
56	.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
57	.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
58	.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
59	.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
60	.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
61	.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
62	.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
63	.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
64	.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
65	.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
66	.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
67	.\" OF THE POSSIBILITY OF SUCH DAMAGE.
68	.\"
69	.Dd $Mdocdate: December 6 2024 $
70	.Dt EVP_PKEY_DERIVE 3
71	.Os
72	.Sh NAME
73	.Nm EVP_PKEY_derive_init ,
74	.Nm EVP_PKEY_derive_set_peer ,
75	.Nm EVP_PKEY_CTX_get0_peerkey ,
76	.Nm EVP_PKEY_derive
77	.Nd derive public key algorithm shared secret
78	.Sh SYNOPSIS
79	.In openssl/evp.h
80	.Ft int
81	.Fo EVP_PKEY_derive_init
82	.Fa "EVP_PKEY_CTX *ctx"
83	.Fc
84	.Ft int
85	.Fo EVP_PKEY_derive_set_peer
86	.Fa "EVP_PKEY_CTX *ctx"
87	.Fa "EVP_PKEY *peerkey"
88	.Fc
89	.Ft EVP_PKEY *
90	.Fo EVP_PKEY_CTX_get0_peerkey
91	.Fa "EVP_PKEY_CTX *ctx"
92	.Fc
93	.Ft int
94	.Fo EVP_PKEY_derive
95	.Fa "EVP_PKEY_CTX *ctx"
96	.Fa "unsigned char *key"
97	.Fa "size_t *keylen"
98	.Fc
99	.Sh DESCRIPTION
100	.Fn EVP_PKEY_derive_init
101	initializes the public key algorithm context
102	.Fa ctx
103	for shared secret derivation using the
104	.Vt EVP_PKEY
105	object already stored in
106	.Fa ctx .
107	The library provides built-in support for keys with an
108	.Xr EVP_PKEY_base_id 3
109	of
110	.Dv EVP_PKEY_DH ,
111	.Dv EVP_PKEY_EC ,
112	.Dv EVP_PKEY_HKDF ,
113	and
114	.Dv EVP_PKEY_X25519 .
115	.Pp
116	After the call to
117	.Fn EVP_PKEY_derive_init ,
118	algorithm specific control operations can optionally be performed
119	to set any appropriate parameters for the operation.
120	.Pp
121	.Fn EVP_PKEY_derive_set_peer
122	configures the
123	.Fa ctx ,
124	which already needs to be initialized with
125	.Fn EVP_PKEY_derive_init ,
126	.Xr EVP_PKEY_encrypt_init 3 ,
127	or
128	.Xr EVP_PKEY_decrypt_init 3 ,
129	to use the
130	.Fa peerkey ,
131	which is normally a public key.
132	In case of success, the reference count of the
133	.Fa peerkey
134	is incremented by one.
135	Consequently, the caller needs to call
136	.Xr EVP_PKEY_free 3
137	on the
138	.Fa peerkey
139	when the caller no longer needs it, even if it is still in use by
140	.Fa ctx .
141	.Pp
142	.Fn EVP_PKEY_derive
143	derives a shared secret using
144	.Fa ctx .
145	If
146	.Fa key
147	is
148	.Dv NULL ,
149	then the maximum size of the output buffer is written to the
150	.Fa keylen
151	parameter.
152	If
153	.Fa key
154	is not
155	.Dv NULL
156	then before the call the
157	.Fa keylen
158	parameter should contain the length of the
159	.Fa key
160	buffer.
161	If the call is successful, the shared secret is written to
162	.Fa key
163	and the amount of data written to
164	.Fa keylen .
165	.Pp
166	The function
167	.Fn EVP_PKEY_derive
168	can be called more than once on the same context if several operations
169	are performed using the same parameters.
170	.Sh RETURN VALUES
171	.Fn EVP_PKEY_derive_init ,
172	.Fn EVP_PKEY_derive_set_peer ,
173	and
174	.Fn EVP_PKEY_derive
175	return 1 for success and 0 or a negative value for failure.
176	In particular, a return value of \-2 indicates the operation is not
177	supported by the public key algorithm.
178	.Pp
179	For
180	.Fn EVP_PKEY_derive_set_peer ,
181	a return value of \-1 can for example occur if
182	.Fa ctx
183	is not properly initialized, does not contain an
184	.Vt EVP_PKEY
185	that can be retrieved with
186	.Xr EVP_PKEY_CTX_get0_pkey 3 ,
187	the
188	.Xr EVP_PKEY_id 3
189	of both keys mismatch, or
190	.Xr EVP_PKEY_cmp_parameters 3
191	reports mismatching key parameters.
192	.Pp
193	.Fn EVP_PKEY_derive
194	fails with a return value of \-1 for example if
195	.Fa ctx
196	has not been successfully initialized with
197	.Fn EVP_PKEY_derive_init .
198	.Pp
199	.Fn EVP_PKEY_CTX_get0_peerkey
200	returns an internal pointer to the
201	.Fa peerkey
202	used by
203	.Fa ctx
204	without incrementing its reference count.
205	.Sh EXAMPLES
206	Derive shared secret (for example DH or EC keys):
207	.Bd -literal -offset indent
208	#include <openssl/evp.h>
209	#include <openssl/rsa.h>
210
211	EVP_PKEY_CTX *ctx;
212	unsigned char *skey;
213	size_t skeylen;
214	EVP_PKEY pkey, peerkey;
215
216	/* Assumes that pkey and peerkey have already been set up. */
217	ctx = EVP_PKEY_CTX_new(pkey, NULL);
218	if (!ctx)
219	/* Error occurred */
220	if (EVP_PKEY_derive_init(ctx) <= 0)
221	/* Error */
222	if (EVP_PKEY_derive_set_peer(ctx, peerkey) <= 0)
223	/* Error */
224
225	/* Determine buffer length */
226	if (EVP_PKEY_derive(ctx, NULL, &skeylen) <= 0)
227	/* Error */
228
229	skey = malloc(skeylen);
230
231	if (!skey)
232	/* malloc failure */
233
234	if (EVP_PKEY_derive(ctx, skey, &skeylen) <= 0)
235	/* Error */
236
237	/* Shared secret is skey bytes written to buffer skey */
238	.Ed
239	.Sh SEE ALSO
240	.Xr EVP_PKEY_CTX_new 3 ,
241	.Xr EVP_PKEY_decrypt 3 ,
242	.Xr EVP_PKEY_encrypt 3 ,
243	.Xr EVP_PKEY_sign 3 ,
244	.Xr EVP_PKEY_verify 3 ,
245	.Xr EVP_PKEY_verify_recover 3 ,
246	.Xr X25519 3
247	.Sh HISTORY
248	.Fn EVP_PKEY_derive_init ,
249	.Fn EVP_PKEY_derive_set_peer ,
250	.Fn EVP_PKEY_CTX_get0_peerkey ,
251	and
252	.Fn EVP_PKEY_derive
253	first appeared in OpenSSL 1.0.0 and have been available since
254	.Ox 4.9 .