1 files changed, 235 insertions, 0 deletions
diff --git a/src/lib/libcrypto/man/EVP_PKEY_keygen.3 b/src/lib/libcrypto/man/EVP_PKEY_keygen.3
new file mode 100644
index 0000000000..8a5c7be0c6
--- /dev/null
+++ b/src/lib/libcrypto/man/EVP_PKEY_keygen.3
@@ -0,0 +1,235 @@
+.Dd $Mdocdate: November 3 2016 $
+.Dt EVP_PKEY_KEYGEN 3
+.Os
+.Sh NAME
+.Nm EVP_PKEY_keygen_init ,
+.Nm EVP_PKEY_keygen ,
+.Nm EVP_PKEY_paramgen_init ,
+.Nm EVP_PKEY_paramgen ,
+.Nm EVP_PKEY_CTX_set_cb ,
+.Nm EVP_PKEY_CTX_get_cb ,
+.Nm EVP_PKEY_CTX_get_keygen_info ,
+.Nm EVP_PKEY_CTX_set_app_data ,
+.Nm EVP_PKEY_CTX_get_app_data
+.Nd key and parameter generation functions
+.Sh SYNOPSIS
+.In openssl/evp.h
+.Ft int
+.Fo EVP_PKEY_keygen_init
+.Fa "EVP_PKEY_CTX *ctx"
+.Fc
+.Ft int
+.Fo EVP_PKEY_keygen
+.Fa "EVP_PKEY_CTX *ctx"
+.Fa "EVP_PKEY **ppkey"
+.Fc
+.Ft int
+.Fo EVP_PKEY_paramgen_init
+.Fa "EVP_PKEY_CTX *ctx"
+.Fc
+.Ft int
+.Fo EVP_PKEY_paramgen
+.Fa "EVP_PKEY_CTX *ctx"
+.Fa "EVP_PKEY **ppkey"
+.Fc
+.Ft typedef int
+.Fo EVP_PKEY_gen_cb
+.Fa "EVP_PKEY_CTX *ctx"
+.Fc
+.Ft void
+.Fo EVP_PKEY_CTX_set_cb
+.Fa "EVP_PKEY_CTX *ctx"
+.Fa "EVP_PKEY_gen_cb *cb"
+.Fc
+.Ft EVP_PKEY_gen_cb *
+.Fo EVP_PKEY_CTX_get_cb
+.Fa "EVP_PKEY_CTX *ctx"
+.Fc
+.Ft int
+.Fo EVP_PKEY_CTX_get_keygen_info
+.Fa "EVP_PKEY_CTX *ctx"
+.Fa "int idx"
+.Fc
+.Ft void
+.Fo EVP_PKEY_CTX_set_app_data
+.Fa "EVP_PKEY_CTX *ctx"
+.Fa "void *data"
+.Fc
+.Ft void *
+.Fo EVP_PKEY_CTX_get_app_data
+.Fa "EVP_PKEY_CTX *ctx"
+.Fc
+.Sh DESCRIPTION
+The
+.Fn EVP_PKEY_keygen_init
+function initializes a public key algorithm context using key
+.Fa ctx->pkey
+for a key generation operation.
+.Pp
+The
+.Fn EVP_PKEY_keygen
+function performs a key generation operation, the generated key is
+written to
+.Fa ppkey .
+.Pp
+The functions
+.Fn EVP_PKEY_paramgen_init
+and
+.Fn EVP_PKEY_paramgen
+are similar except parameters are generated.
+.Pp
+The function
+.Fn EVP_PKEY_CTX_set_cb
+sets the key or parameter generation callback to
+.Fa cb .
+The function
+.Fn EVP_PKEY_CTX_get_cb
+returns the key or parameter generation callback.
+.Pp
+The function
+.Fn EVP_PKEY_CTX_get_keygen_info
+returns parameters associated with the generation operation.
+If
+.Fa idx
+is -1, the total number of parameters available is returned.
+Any non negative value returns the value of that parameter.
+.Fn EVP_PKEY_CTX_get_keygen_info
+with a non-negative value for
+.Fa idx
+should only be called within the generation callback.
+.Pp
+If the callback returns 0, then the key generation operation is aborted
+and an error occurs.
+This might occur during a time consuming operation where a user clicks
+on a "cancel" button.
+.Pp
+The functions
+.Fn EVP_PKEY_CTX_set_app_data
+and
+.Fn EVP_PKEY_CTX_get_app_data
+set and retrieve an opaque pointer.
+This can be used to set some application defined value which can be
+retrieved in the callback: for example a handle which is used to update
+a "progress dialog".
+.Pp
+After the call to
+.Fn EVP_PKEY_keygen_init
+or
+.Fn EVP_PKEY_paramgen_init ,
+algorithm specific control operations can be performed to set any
+appropriate parameters for the operation.
+.Pp
+The functions
+.Fn EVP_PKEY_keygen
+and
+.Fn EVP_PKEY_paramgen
+can be called more than once on the same context if several operations
+are performed using the same parameters.
+.Pp
+The meaning of the parameters passed to the callback will depend on the
+algorithm and the specific implementation of the algorithm.
+Some might not give any useful information at all during key or
+parameter generation.
+Others might not even call the callback.
+.Pp
+The operation performed by key or parameter generation depends on the
+algorithm used.
+In some cases (e.g. EC with a supplied named curve) the "generation"
+option merely sets the appropriate fields in an
+.Vt EVP_PKEY
+structure.
+.Pp
+In OpenSSL, an
+.Vt EVP_PKEY
+structure containing a private key also contains the public key
+components and parameters (if any).
+An OpenSSL private key is equivalent to what some libraries call a "key
+pair".
+A private key can be used in functions which require the use of a public
+key or parameters.
+.Sh RETURN VALUES
+.Fn EVP_PKEY_keygen_init ,
+.Fn EVP_PKEY_paramgen_init ,
+.Fn EVP_PKEY_keygen ,
+and
+.Fn EVP_PKEY_paramgen
+return 1 for success and 0 or a negative value for failure.
+In particular, a return value of -2 indicates the operation is not
+supported by the public key algorithm.
+.Sh EXAMPLES
+Generate a 2048 bit RSA key:
+.Bd -literal
+#include <openssl/evp.h>
+#include <openssl/rsa.h>
+EVP_PKEY_CTX *ctx;
+EVP_PKEY *pkey = NULL;
+ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL);
+if (!ctx)
+        /* Error occurred */
+if (EVP_PKEY_keygen_init(ctx) <= 0)
+        /* Error */
+if (EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, 2048) <= 0)
+        /* Error */
+/* Generate key */
+if (EVP_PKEY_keygen(ctx, &pkey) <= 0)
+        /* Error */
+.Ed
+.Pp
+Generate a key from a set of parameters:
+.Bd -literal
+#include <openssl/evp.h>
+#include <openssl/rsa.h>
+EVP_PKEY_CTX *ctx;
+EVP_PKEY *pkey = NULL, *param;
+/* Assumed param is set up already */
+ctx = EVP_PKEY_CTX_new(param);
+if (!ctx)
+        /* Error occurred */
+if (EVP_PKEY_keygen_init(ctx) <= 0)
+        /* Error */
+/* Generate key */
+if (EVP_PKEY_keygen(ctx, &pkey) <= 0)
+        /* Error */
+.Ed
+.Pp
+Example of generation callback for OpenSSL public key implementations:
+.Bd -literal
+/* Application data is a BIO to output status to */
+EVP_PKEY_CTX_set_app_data(ctx, status_bio);
+static int
+genpkey_cb(EVP_PKEY_CTX *ctx)
+{
+        char c = '*';
+        BIO *b = EVP_PKEY_CTX_get_app_data(ctx);
+        int p;
+        p = EVP_PKEY_CTX_get_keygen_info(ctx, 0);
+        if (p == 0)
+                c='.';
+        if (p == 1)
+                c='+';
+        if (p == 2)
+                c='*';
+        if (p == 3)
+                c='\en';
+        BIO_write(b,&c,1);
+        (void)BIO_flush(b);
+        return 1;
+}
+.Ed
+.Sh SEE ALSO
+.Xr EVP_PKEY_CTX_new 3 ,
+.Xr EVP_PKEY_decrypt 3 ,
+.Xr EVP_PKEY_derive 3 ,
+.Xr EVP_PKEY_encrypt 3 ,
+.Xr EVP_PKEY_sign 3 ,
+.Xr EVP_PKEY_verify 3 ,
+.Xr EVP_PKEY_verify_recover 3
+.Sh HISTORY
+These functions were first added to OpenSSL 1.0.0.

diff --git a/src/lib/libcrypto/man/EVP_PKEY_keygen.3 b/src/lib/libcrypto/man/EVP_PKEY_keygen.3 new file mode 100644 index 0000000000..8a5c7be0c6 --- /dev/null +++ b/src/lib/libcrypto/man/EVP_PKEY_keygen.3
@@ -0,0 +1,235 @@
	1	.Dd $Mdocdate: November 3 2016 $
	2	.Dt EVP_PKEY_KEYGEN 3
	3	.Os
	4	.Sh NAME
	5	.Nm EVP_PKEY_keygen_init ,
	6	.Nm EVP_PKEY_keygen ,
	7	.Nm EVP_PKEY_paramgen_init ,
	8	.Nm EVP_PKEY_paramgen ,
	9	.Nm EVP_PKEY_CTX_set_cb ,
	10	.Nm EVP_PKEY_CTX_get_cb ,
	11	.Nm EVP_PKEY_CTX_get_keygen_info ,
	12	.Nm EVP_PKEY_CTX_set_app_data ,
	13	.Nm EVP_PKEY_CTX_get_app_data
	14	.Nd key and parameter generation functions
	15	.Sh SYNOPSIS
	16	.In openssl/evp.h
	17	.Ft int
	18	.Fo EVP_PKEY_keygen_init
	19	.Fa "EVP_PKEY_CTX *ctx"
	20	.Fc
	21	.Ft int
	22	.Fo EVP_PKEY_keygen
	23	.Fa "EVP_PKEY_CTX *ctx"
	24	.Fa "EVP_PKEY **ppkey"
	25	.Fc
	26	.Ft int
	27	.Fo EVP_PKEY_paramgen_init
	28	.Fa "EVP_PKEY_CTX *ctx"
	29	.Fc
	30	.Ft int
	31	.Fo EVP_PKEY_paramgen
	32	.Fa "EVP_PKEY_CTX *ctx"
	33	.Fa "EVP_PKEY **ppkey"
	34	.Fc
	35	.Ft typedef int
	36	.Fo EVP_PKEY_gen_cb
	37	.Fa "EVP_PKEY_CTX *ctx"
	38	.Fc
	39	.Ft void
	40	.Fo EVP_PKEY_CTX_set_cb
	41	.Fa "EVP_PKEY_CTX *ctx"
	42	.Fa "EVP_PKEY_gen_cb *cb"
	43	.Fc
	44	.Ft EVP_PKEY_gen_cb *
	45	.Fo EVP_PKEY_CTX_get_cb
	46	.Fa "EVP_PKEY_CTX *ctx"
	47	.Fc
	48	.Ft int
	49	.Fo EVP_PKEY_CTX_get_keygen_info
	50	.Fa "EVP_PKEY_CTX *ctx"
	51	.Fa "int idx"
	52	.Fc
	53	.Ft void
	54	.Fo EVP_PKEY_CTX_set_app_data
	55	.Fa "EVP_PKEY_CTX *ctx"
	56	.Fa "void *data"
	57	.Fc
	58	.Ft void *
	59	.Fo EVP_PKEY_CTX_get_app_data
	60	.Fa "EVP_PKEY_CTX *ctx"
	61	.Fc
	62	.Sh DESCRIPTION
	63	The
	64	.Fn EVP_PKEY_keygen_init
	65	function initializes a public key algorithm context using key
	66	.Fa ctx->pkey
	67	for a key generation operation.
	68	.Pp
	69	The
	70	.Fn EVP_PKEY_keygen
	71	function performs a key generation operation, the generated key is
	72	written to
	73	.Fa ppkey .
	74	.Pp
	75	The functions
	76	.Fn EVP_PKEY_paramgen_init
	77	and
	78	.Fn EVP_PKEY_paramgen
	79	are similar except parameters are generated.
	80	.Pp
	81	The function
	82	.Fn EVP_PKEY_CTX_set_cb
	83	sets the key or parameter generation callback to
	84	.Fa cb .
	85	The function
	86	.Fn EVP_PKEY_CTX_get_cb
	87	returns the key or parameter generation callback.
	88	.Pp
	89	The function
	90	.Fn EVP_PKEY_CTX_get_keygen_info
	91	returns parameters associated with the generation operation.
	92	If
	93	.Fa idx
	94	is -1, the total number of parameters available is returned.
	95	Any non negative value returns the value of that parameter.
	96	.Fn EVP_PKEY_CTX_get_keygen_info
	97	with a non-negative value for
	98	.Fa idx
	99	should only be called within the generation callback.
	100	.Pp
	101	If the callback returns 0, then the key generation operation is aborted
	102	and an error occurs.
	103	This might occur during a time consuming operation where a user clicks
	104	on a "cancel" button.
	105	.Pp
	106	The functions
	107	.Fn EVP_PKEY_CTX_set_app_data
	108	and
	109	.Fn EVP_PKEY_CTX_get_app_data
	110	set and retrieve an opaque pointer.
	111	This can be used to set some application defined value which can be
	112	retrieved in the callback: for example a handle which is used to update
	113	a "progress dialog".
	114	.Pp
	115	After the call to
	116	.Fn EVP_PKEY_keygen_init
	117	or
	118	.Fn EVP_PKEY_paramgen_init ,
	119	algorithm specific control operations can be performed to set any
	120	appropriate parameters for the operation.
	121	.Pp
	122	The functions
	123	.Fn EVP_PKEY_keygen
	124	and
	125	.Fn EVP_PKEY_paramgen
	126	can be called more than once on the same context if several operations
	127	are performed using the same parameters.
	128	.Pp
	129	The meaning of the parameters passed to the callback will depend on the
	130	algorithm and the specific implementation of the algorithm.
	131	Some might not give any useful information at all during key or
	132	parameter generation.
	133	Others might not even call the callback.
	134	.Pp
	135	The operation performed by key or parameter generation depends on the
	136	algorithm used.
	137	In some cases (e.g. EC with a supplied named curve) the "generation"
	138	option merely sets the appropriate fields in an
	139	.Vt EVP_PKEY
	140	structure.
	141	.Pp
	142	In OpenSSL, an
	143	.Vt EVP_PKEY
	144	structure containing a private key also contains the public key
	145	components and parameters (if any).
	146	An OpenSSL private key is equivalent to what some libraries call a "key
	147	pair".
	148	A private key can be used in functions which require the use of a public
	149	key or parameters.
	150	.Sh RETURN VALUES
	151	.Fn EVP_PKEY_keygen_init ,
	152	.Fn EVP_PKEY_paramgen_init ,
	153	.Fn EVP_PKEY_keygen ,
	154	and
	155	.Fn EVP_PKEY_paramgen
	156	return 1 for success and 0 or a negative value for failure.
	157	In particular, a return value of -2 indicates the operation is not
	158	supported by the public key algorithm.
	159	.Sh EXAMPLES
	160	Generate a 2048 bit RSA key:
	161	.Bd -literal
	162	#include <openssl/evp.h>
	163	#include <openssl/rsa.h>
	164
	165	EVP_PKEY_CTX *ctx;
	166	EVP_PKEY *pkey = NULL;
	167	ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL);
	168	if (!ctx)
	169	/* Error occurred */
	170	if (EVP_PKEY_keygen_init(ctx) <= 0)
	171	/* Error */
	172	if (EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, 2048) <= 0)
	173	/* Error */
	174
	175	/* Generate key */
	176	if (EVP_PKEY_keygen(ctx, &pkey) <= 0)
	177	/* Error */
	178	.Ed
	179	.Pp
	180	Generate a key from a set of parameters:
	181	.Bd -literal
	182	#include <openssl/evp.h>
	183	#include <openssl/rsa.h>
	184
	185	EVP_PKEY_CTX *ctx;
	186	EVP_PKEY pkey = NULL, param;
	187	/* Assumed param is set up already */
	188	ctx = EVP_PKEY_CTX_new(param);
	189	if (!ctx)
	190	/* Error occurred */
	191	if (EVP_PKEY_keygen_init(ctx) <= 0)
	192	/* Error */
	193
	194	/* Generate key */
	195	if (EVP_PKEY_keygen(ctx, &pkey) <= 0)
	196	/* Error */
	197	.Ed
	198	.Pp
	199	Example of generation callback for OpenSSL public key implementations:
	200	.Bd -literal
	201	/* Application data is a BIO to output status to */
	202
	203	EVP_PKEY_CTX_set_app_data(ctx, status_bio);
	204
	205	static int
	206	genpkey_cb(EVP_PKEY_CTX *ctx)
	207	{
	208	char c = '*';
	209	BIO *b = EVP_PKEY_CTX_get_app_data(ctx);
	210	int p;
	211
	212	p = EVP_PKEY_CTX_get_keygen_info(ctx, 0);
	213	if (p == 0)
	214	c='.';
	215	if (p == 1)
	216	c='+';
	217	if (p == 2)
	218	c='*';
	219	if (p == 3)
	220	c='\en';
	221	BIO_write(b,&c,1);
	222	(void)BIO_flush(b);
	223	return 1;
	224	}
	225	.Ed
	226	.Sh SEE ALSO
	227	.Xr EVP_PKEY_CTX_new 3 ,
	228	.Xr EVP_PKEY_decrypt 3 ,
	229	.Xr EVP_PKEY_derive 3 ,
	230	.Xr EVP_PKEY_encrypt 3 ,
	231	.Xr EVP_PKEY_sign 3 ,
	232	.Xr EVP_PKEY_verify 3 ,
	233	.Xr EVP_PKEY_verify_recover 3
	234	.Sh HISTORY
	235	These functions were first added to OpenSSL 1.0.0.