1 files changed, 239 insertions, 4 deletions
diff --git a/src/lib/libcrypto/man/EVP_PKEY_CTX_ctrl.3 b/src/lib/libcrypto/man/EVP_PKEY_CTX_ctrl.3
index 1805a9283d..ca3321c3cb 100644
--- a/src/lib/libcrypto/man/EVP_PKEY_CTX_ctrl.3
+++ b/src/lib/libcrypto/man/EVP_PKEY_CTX_ctrl.3
@@ -1,8 +1,9 @@
-.\" $OpenBSD: EVP_PKEY_CTX_ctrl.3,v 1.17 2019/10/29 17:21:07 schwarze Exp $
+.\" $OpenBSD: EVP_PKEY_CTX_ctrl.3,v 1.18 2019/10/29 18:22:21 schwarze Exp $
 .\" full merge up to: OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400
 .\" selective merge up to: OpenSSL df75c2bf Dec 9 01:02:36 2018 +0100
 .\"
-.\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
+.\" This file was written by Dr. Stephen Henson <steve@openssl.org>
+.\" and Antoine Salon <asalon@vmware.com>.
 .\" Copyright (c) 2006, 2009, 2013, 2014, 2015, 2018 The OpenSSL Project.
 .\" All rights reserved.
 .\"
@@ -66,11 +67,25 @@
 .Nm EVP_PKEY_CTX_set_rsa_keygen_pubexp ,
 .Nm EVP_PKEY_CTX_set_rsa_mgf1_md ,
 .Nm EVP_PKEY_CTX_get_rsa_mgf1_md ,
+.Nm EVP_PKEY_CTX_set_rsa_oaep_md ,
+.Nm EVP_PKEY_CTX_get_rsa_oaep_md ,
+.Nm EVP_PKEY_CTX_set0_rsa_oaep_label ,
+.Nm EVP_PKEY_CTX_get0_rsa_oaep_label ,
 .Nm EVP_PKEY_CTX_set_dsa_paramgen_bits ,
 .Nm EVP_PKEY_CTX_set_dh_paramgen_prime_len ,
 .Nm EVP_PKEY_CTX_set_dh_paramgen_generator ,
 .Nm EVP_PKEY_CTX_set_ec_paramgen_curve_nid ,
 .Nm EVP_PKEY_CTX_set_ec_param_enc ,
+.Nm EVP_PKEY_CTX_set_ecdh_cofactor_mode ,
+.Nm EVP_PKEY_CTX_get_ecdh_cofactor_mode ,
+.Nm EVP_PKEY_CTX_set_ecdh_kdf_type ,
+.Nm EVP_PKEY_CTX_get_ecdh_kdf_type ,
+.Nm EVP_PKEY_CTX_set_ecdh_kdf_md ,
+.Nm EVP_PKEY_CTX_get_ecdh_kdf_md ,
+.Nm EVP_PKEY_CTX_set_ecdh_kdf_outlen ,
+.Nm EVP_PKEY_CTX_get_ecdh_kdf_outlen ,
+.Nm EVP_PKEY_CTX_set0_ecdh_kdf_ukm ,
+.Nm EVP_PKEY_CTX_get0_ecdh_kdf_ukm ,
 .Nm EVP_PKEY_CTX_set1_id ,
 .Nm EVP_PKEY_CTX_get1_id ,
 .Nm EVP_PKEY_CTX_get1_id_len
@@ -143,6 +158,27 @@
 .Fa "EVP_PKEY_CTX *ctx"
 .Fa "const EVP_MD **pmd"
 .Fc
+.Ft int
+.Fo EVP_PKEY_CTX_set_rsa_oaep_md
+.Fa "EVP_PKEY_CTX *ctx"
+.Fa "const EVP_MD *md"
+.Fc
+.Ft int
+.Fo EVP_PKEY_CTX_get_rsa_oaep_md
+.Fa "EVP_PKEY_CTX *ctx"
+.Fa "const EVP_MD **pmd"
+.Fc
+.Ft int
+.Fo EVP_PKEY_CTX_set0_rsa_oaep_label
+.Fa "EVP_PKEY_CTX *ctx"
+.Fa "unsigned char *label"
+.Fa "int len"
+.Fc
+.Ft int
+.Fo EVP_PKEY_CTX_get0_rsa_oaep_label
+.Fa "EVP_PKEY_CTX *ctx"
+.Fa "unsigned char **plabel"
+.Fc
 .In openssl/dsa.h
 .Ft int
 .Fo EVP_PKEY_CTX_set_dsa_paramgen_bits
@@ -172,6 +208,55 @@
 .Fa "int param_enc"
 .Fc
 .Ft int
+.Fo EVP_PKEY_CTX_set_ecdh_cofactor_mode
+.Fa "EVP_PKEY_CTX *ctx"
+.Fa "int cofactor_mode"
+.Fc
+.Ft int
+.Fo EVP_PKEY_CTX_get_ecdh_cofactor_mode
+.Fa "EVP_PKEY_CTX *ctx"
+.Fc
+.Ft int
+.Fo EVP_PKEY_CTX_set_ecdh_kdf_type
+.Fa "EVP_PKEY_CTX *ctx"
+.Fa "int kdf"
+.Fc
+.Ft int
+.Fo EVP_PKEY_CTX_get_ecdh_kdf_type
+.Fa "EVP_PKEY_CTX *ctx"
+.Fc
+.Ft int
+.Fo EVP_PKEY_CTX_set_ecdh_kdf_md
+.Fa "EVP_PKEY_CTX *ctx"
+.Fa "const EVP_MD *md"
+.Fc
+.Ft int
+.Fo EVP_PKEY_CTX_get_ecdh_kdf_md
+.Fa "EVP_PKEY_CTX *ctx"
+.Fa "const EVP_MD **pmd"
+.Fc
+.Ft int
+.Fo EVP_PKEY_CTX_set_ecdh_kdf_outlen
+.Fa "EVP_PKEY_CTX *ctx"
+.Fa "int len"
+.Fc
+.Ft int
+.Fo EVP_PKEY_CTX_get_ecdh_kdf_outlen
+.Fa "EVP_PKEY_CTX *ctx"
+.Fa "int *plen"
+.Fc
+.Ft int
+.Fo EVP_PKEY_CTX_set0_ecdh_kdf_ukm
+.Fa "EVP_PKEY_CTX *ctx"
+.Fa "unsigned char *ukm"
+.Fa "int len"
+.Fc
+.Ft int
+.Fo EVP_PKEY_CTX_get0_ecdh_kdf_ukm
+.Fa "EVP_PKEY_CTX *ctx"
+.Fa "unsigned char **pukm"
+.Fc
+.Ft int
 .Fo EVP_PKEY_CTX_set1_id
 .Fa "EVP_PKEY_CTX *ctx"
 .Fa "void *id"
@@ -332,6 +417,49 @@ The padding mode must have been set to
 .Dv RSA_PKCS1_OAEP_PADDING
 or
 .Dv RSA_PKCS1_PSS_PADDING .
+.Pp
+The
+.Fn EVP_PKEY_CTX_set_rsa_oaep_md
+macro sets the message digest type used in RSA OAEP to
+.Fa md .
+The padding mode must have been set to
+.Dv RSA_PKCS1_OAEP_PADDING .
+.Pp
+The
+.Fn EVP_PKEY_CTX_get_rsa_oaep_md
+macro gets the message digest type used in RSA OAEP to
+.Pf * Fa md .
+The padding mode must have been set to
+.Dv RSA_PKCS1_OAEP_PADDING .
+.Pp
+The
+.Fn EVP_PKEY_CTX_set0_rsa_oaep_label
+macro sets the RSA OAEP label to
+.Fa label
+and its length to
+.Fa len .
+If
+.Fa label
+is
+.Dv NULL
+or
+.Fa len
+is 0, the label is cleared.
+The library takes ownership of the label so the caller should not
+free the original memory pointed to by
+.Fa label .
+The padding mode must have been set to
+.Dv RSA_PKCS1_OAEP_PADDING .
+.Pp
+The
+.Fn EVP_PKEY_CTX_get0_rsa_oaep_label
+macro gets the RSA OAEP label to
+.Pf * Fa plabel .
+The return value is the label length.
+The padding mode must have been set to
+.Dv RSA_PKCS1_OAEP_PADDING .
+The resulting pointer is owned by the library and should not be
+freed by the caller.
 .Ss DSA parameters
 The macro
 .Fn EVP_PKEY_CTX_set_dsa_paramgen_bits
@@ -369,6 +497,94 @@ when generating EC parameters or an EC key.
 The encoding can be set to 0 for explicit parameters or to
 .Dv OPENSSL_EC_NAMED_CURVE
 to use named curve form.
+.Ss ECDH parameters
+The
+.Fn EVP_PKEY_CTX_set_ecdh_cofactor_mode
+macro sets the cofactor mode to
+.Fa cofactor_mode
+for ECDH key derivation.
+Possible values are 1 to enable cofactor key derivation, 0 to disable
+it, or -1 to clear the stored cofactor mode and fall back to the
+private key cofactor mode.
+.Pp
+The
+.Fn EVP_PKEY_CTX_get_ecdh_cofactor_mode
+macro returns the cofactor mode for
+.Fa ctx
+used for ECDH key derivation.
+Possible return values are 1 when cofactor key derivation is enabled
+or 0 otherwise.
+.Ss ECDH key derivation function parameters
+The
+.Fn EVP_PKEY_CTX_set_ecdh_kdf_type
+macro sets the key derivation function type to
+.Fa kdf
+for ECDH key derivation.
+Possible values are
+.Dv EVP_PKEY_ECDH_KDF_NONE
+or
+.Dv EVP_PKEY_ECDH_KDF_X9_63
+which uses the key derivation specified in X9.63.
+When using key derivation, the
+.Fa kdf_md
+and
+.Fa kdf_outlen
+parameters must also be specified.
+.Pp
+The
+.Fn EVP_PKEY_CTX_get_ecdh_kdf_type
+macro returns the key derivation function type for
+.Fa ctx
+used for ECDH key derivation.
+Possible return values are
+.Dv EVP_PKEY_ECDH_KDF_NONE
+or
+.Dv EVP_PKEY_ECDH_KDF_X9_63 .
+.Pp
+The
+.Fn EVP_PKEY_CTX_set_ecdh_kdf_md
+macro sets the key derivation function message digest to
+.Fa md
+for ECDH key derivation.
+Note that X9.63 specifies that this digest should be SHA1,
+but OpenSSL tolerates other digests.
+.Pp
+The
+.Fn EVP_PKEY_CTX_get_ecdh_kdf_md
+macro gets the key derivation function message digest for
+.Fa ctx
+used for ECDH key derivation.
+.Pp
+The
+.Fn EVP_PKEY_CTX_set_ecdh_kdf_outlen
+macro sets the key derivation function output length to
+.Fa len
+for ECDH key derivation.
+.Pp
+The
+.Fn EVP_PKEY_CTX_get_ecdh_kdf_outlen
+macro gets the key derivation function output length for
+.Fa ctx
+used for ECDH key derivation.
+.Pp
+The
+.Fn EVP_PKEY_CTX_set0_ecdh_kdf_ukm
+macro sets the user key material to
+.Fa ukm
+for ECDH key derivation.
+This parameter is optional and corresponds to the shared info
+in X9.63 terms.
+The library takes ownership of the user key material, so the caller
+should not free the original memory pointed to by
+.Fa ukm .
+.Pp
+The
+.Fn EVP_PKEY_CTX_get0_ecdh_kdf_ukm
+macro gets the user key material for
+.Fa ctx .
+The return value is the user key material length.
+The resulting pointer is owned by the library and should not be
+freed by the caller.
 .Ss Other parameters
 The
 .Fn EVP_PKEY_CTX_set1_id ,
@@ -443,9 +659,19 @@ first appeared in OpenSSL 1.0.1 and have been available since
 .Ox 5.3 .
 .Pp
 The functions
-.Fn EVP_PKEY_CTX_get_signature_md
+.Fn EVP_PKEY_CTX_get_signature_md ,
+.Fn EVP_PKEY_CTX_set_ec_param_enc ,
+.Fn EVP_PKEY_CTX_set_ecdh_cofactor_mode ,
+.Fn EVP_PKEY_CTX_get_ecdh_cofactor_mode ,
+.Fn EVP_PKEY_CTX_set_ecdh_kdf_type ,
+.Fn EVP_PKEY_CTX_get_ecdh_kdf_type ,
+.Fn EVP_PKEY_CTX_set_ecdh_kdf_md ,
+.Fn EVP_PKEY_CTX_get_ecdh_kdf_md ,
+.Fn EVP_PKEY_CTX_set_ecdh_kdf_outlen ,
+.Fn EVP_PKEY_CTX_get_ecdh_kdf_outlen ,
+.Fn EVP_PKEY_CTX_set0_ecdh_kdf_ukm ,
 and
-.Fn EVP_PKEY_CTX_set_ec_param_enc
+.Fn EVP_PKEY_CTX_get0_ecdh_kdf_ukm
 first appeared in OpenSSL 1.0.2 and have been available since
 .Ox 6.6 .
 .Pp
@@ -456,3 +682,12 @@ and
 .Fn EVP_PKEY_CTX_get1_id_len
 first appeared in OpenSSL 1.1.1 and have been available since
 .Ox 6.6 .
+.Pp
+The functions
+.Fn EVP_PKEY_CTX_set_rsa_oaep_md ,
+.Fn EVP_PKEY_CTX_get_rsa_oaep_md ,
+.Fn EVP_PKEY_CTX_set0_rsa_oaep_label ,
+and
+.Fn EVP_PKEY_CTX_get0_rsa_oaep_label
+first appeared in OpenSSL 1.0.2 and have been available since
+.Ox 6.7 .

diff --git a/src/lib/libcrypto/man/EVP_PKEY_CTX_ctrl.3 b/src/lib/libcrypto/man/EVP_PKEY_CTX_ctrl.3 index 1805a9283d..ca3321c3cb 100644 --- a/src/lib/libcrypto/man/EVP_PKEY_CTX_ctrl.3 +++ b/src/lib/libcrypto/man/EVP_PKEY_CTX_ctrl.3
@@ -1,8 +1,9 @@
1	.\" $OpenBSD: EVP_PKEY_CTX_ctrl.3,v 1.17 2019/10/29 17:21:07 schwarze Exp $	1	.\" $OpenBSD: EVP_PKEY_CTX_ctrl.3,v 1.18 2019/10/29 18:22:21 schwarze Exp $
2	.\" full merge up to: OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400	2	.\" full merge up to: OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400
3	.\" selective merge up to: OpenSSL df75c2bf Dec 9 01:02:36 2018 +0100	3	.\" selective merge up to: OpenSSL df75c2bf Dec 9 01:02:36 2018 +0100
4	.\"	4	.\"
5	.\" This file was written by Dr. Stephen Henson <steve@openssl.org>.	5	.\" This file was written by Dr. Stephen Henson <steve@openssl.org>
		6	.\" and Antoine Salon <asalon@vmware.com>.
6	.\" Copyright (c) 2006, 2009, 2013, 2014, 2015, 2018 The OpenSSL Project.	7	.\" Copyright (c) 2006, 2009, 2013, 2014, 2015, 2018 The OpenSSL Project.
7	.\" All rights reserved.	8	.\" All rights reserved.
8	.\"	9	.\"
@@ -66,11 +67,25 @@
66	.Nm EVP_PKEY_CTX_set_rsa_keygen_pubexp ,	67	.Nm EVP_PKEY_CTX_set_rsa_keygen_pubexp ,
67	.Nm EVP_PKEY_CTX_set_rsa_mgf1_md ,	68	.Nm EVP_PKEY_CTX_set_rsa_mgf1_md ,
68	.Nm EVP_PKEY_CTX_get_rsa_mgf1_md ,	69	.Nm EVP_PKEY_CTX_get_rsa_mgf1_md ,
		70	.Nm EVP_PKEY_CTX_set_rsa_oaep_md ,
		71	.Nm EVP_PKEY_CTX_get_rsa_oaep_md ,
		72	.Nm EVP_PKEY_CTX_set0_rsa_oaep_label ,
		73	.Nm EVP_PKEY_CTX_get0_rsa_oaep_label ,
69	.Nm EVP_PKEY_CTX_set_dsa_paramgen_bits ,	74	.Nm EVP_PKEY_CTX_set_dsa_paramgen_bits ,
70	.Nm EVP_PKEY_CTX_set_dh_paramgen_prime_len ,	75	.Nm EVP_PKEY_CTX_set_dh_paramgen_prime_len ,
71	.Nm EVP_PKEY_CTX_set_dh_paramgen_generator ,	76	.Nm EVP_PKEY_CTX_set_dh_paramgen_generator ,
72	.Nm EVP_PKEY_CTX_set_ec_paramgen_curve_nid ,	77	.Nm EVP_PKEY_CTX_set_ec_paramgen_curve_nid ,
73	.Nm EVP_PKEY_CTX_set_ec_param_enc ,	78	.Nm EVP_PKEY_CTX_set_ec_param_enc ,
		79	.Nm EVP_PKEY_CTX_set_ecdh_cofactor_mode ,
		80	.Nm EVP_PKEY_CTX_get_ecdh_cofactor_mode ,
		81	.Nm EVP_PKEY_CTX_set_ecdh_kdf_type ,
		82	.Nm EVP_PKEY_CTX_get_ecdh_kdf_type ,
		83	.Nm EVP_PKEY_CTX_set_ecdh_kdf_md ,
		84	.Nm EVP_PKEY_CTX_get_ecdh_kdf_md ,
		85	.Nm EVP_PKEY_CTX_set_ecdh_kdf_outlen ,
		86	.Nm EVP_PKEY_CTX_get_ecdh_kdf_outlen ,
		87	.Nm EVP_PKEY_CTX_set0_ecdh_kdf_ukm ,
		88	.Nm EVP_PKEY_CTX_get0_ecdh_kdf_ukm ,
74	.Nm EVP_PKEY_CTX_set1_id ,	89	.Nm EVP_PKEY_CTX_set1_id ,
75	.Nm EVP_PKEY_CTX_get1_id ,	90	.Nm EVP_PKEY_CTX_get1_id ,
76	.Nm EVP_PKEY_CTX_get1_id_len	91	.Nm EVP_PKEY_CTX_get1_id_len
@@ -143,6 +158,27 @@
143	.Fa "EVP_PKEY_CTX *ctx"	158	.Fa "EVP_PKEY_CTX *ctx"
144	.Fa "const EVP_MD **pmd"	159	.Fa "const EVP_MD **pmd"
145	.Fc	160	.Fc
		161	.Ft int
		162	.Fo EVP_PKEY_CTX_set_rsa_oaep_md
		163	.Fa "EVP_PKEY_CTX *ctx"
		164	.Fa "const EVP_MD *md"
		165	.Fc
		166	.Ft int
		167	.Fo EVP_PKEY_CTX_get_rsa_oaep_md
		168	.Fa "EVP_PKEY_CTX *ctx"
		169	.Fa "const EVP_MD **pmd"
		170	.Fc
		171	.Ft int
		172	.Fo EVP_PKEY_CTX_set0_rsa_oaep_label
		173	.Fa "EVP_PKEY_CTX *ctx"
		174	.Fa "unsigned char *label"
		175	.Fa "int len"
		176	.Fc
		177	.Ft int
		178	.Fo EVP_PKEY_CTX_get0_rsa_oaep_label
		179	.Fa "EVP_PKEY_CTX *ctx"
		180	.Fa "unsigned char **plabel"
		181	.Fc
146	.In openssl/dsa.h	182	.In openssl/dsa.h
147	.Ft int	183	.Ft int
148	.Fo EVP_PKEY_CTX_set_dsa_paramgen_bits	184	.Fo EVP_PKEY_CTX_set_dsa_paramgen_bits
@@ -172,6 +208,55 @@
172	.Fa "int param_enc"	208	.Fa "int param_enc"
173	.Fc	209	.Fc
174	.Ft int	210	.Ft int
		211	.Fo EVP_PKEY_CTX_set_ecdh_cofactor_mode
		212	.Fa "EVP_PKEY_CTX *ctx"
		213	.Fa "int cofactor_mode"
		214	.Fc
		215	.Ft int
		216	.Fo EVP_PKEY_CTX_get_ecdh_cofactor_mode
		217	.Fa "EVP_PKEY_CTX *ctx"
		218	.Fc
		219	.Ft int
		220	.Fo EVP_PKEY_CTX_set_ecdh_kdf_type
		221	.Fa "EVP_PKEY_CTX *ctx"
		222	.Fa "int kdf"
		223	.Fc
		224	.Ft int
		225	.Fo EVP_PKEY_CTX_get_ecdh_kdf_type
		226	.Fa "EVP_PKEY_CTX *ctx"
		227	.Fc
		228	.Ft int
		229	.Fo EVP_PKEY_CTX_set_ecdh_kdf_md
		230	.Fa "EVP_PKEY_CTX *ctx"
		231	.Fa "const EVP_MD *md"
		232	.Fc
		233	.Ft int
		234	.Fo EVP_PKEY_CTX_get_ecdh_kdf_md
		235	.Fa "EVP_PKEY_CTX *ctx"
		236	.Fa "const EVP_MD **pmd"
		237	.Fc
		238	.Ft int
		239	.Fo EVP_PKEY_CTX_set_ecdh_kdf_outlen
		240	.Fa "EVP_PKEY_CTX *ctx"
		241	.Fa "int len"
		242	.Fc
		243	.Ft int
		244	.Fo EVP_PKEY_CTX_get_ecdh_kdf_outlen
		245	.Fa "EVP_PKEY_CTX *ctx"
		246	.Fa "int *plen"
		247	.Fc
		248	.Ft int
		249	.Fo EVP_PKEY_CTX_set0_ecdh_kdf_ukm
		250	.Fa "EVP_PKEY_CTX *ctx"
		251	.Fa "unsigned char *ukm"
		252	.Fa "int len"
		253	.Fc
		254	.Ft int
		255	.Fo EVP_PKEY_CTX_get0_ecdh_kdf_ukm
		256	.Fa "EVP_PKEY_CTX *ctx"
		257	.Fa "unsigned char **pukm"
		258	.Fc
		259	.Ft int
175	.Fo EVP_PKEY_CTX_set1_id	260	.Fo EVP_PKEY_CTX_set1_id
176	.Fa "EVP_PKEY_CTX *ctx"	261	.Fa "EVP_PKEY_CTX *ctx"
177	.Fa "void *id"	262	.Fa "void *id"
@@ -332,6 +417,49 @@ The padding mode must have been set to
332	.Dv RSA_PKCS1_OAEP_PADDING	417	.Dv RSA_PKCS1_OAEP_PADDING
333	or	418	or
334	.Dv RSA_PKCS1_PSS_PADDING .	419	.Dv RSA_PKCS1_PSS_PADDING .
		420	.Pp
		421	The
		422	.Fn EVP_PKEY_CTX_set_rsa_oaep_md
		423	macro sets the message digest type used in RSA OAEP to
		424	.Fa md .
		425	The padding mode must have been set to
		426	.Dv RSA_PKCS1_OAEP_PADDING .
		427	.Pp
		428	The
		429	.Fn EVP_PKEY_CTX_get_rsa_oaep_md
		430	macro gets the message digest type used in RSA OAEP to
		431	.Pf * Fa md .
		432	The padding mode must have been set to
		433	.Dv RSA_PKCS1_OAEP_PADDING .
		434	.Pp
		435	The
		436	.Fn EVP_PKEY_CTX_set0_rsa_oaep_label
		437	macro sets the RSA OAEP label to
		438	.Fa label
		439	and its length to
		440	.Fa len .
		441	If
		442	.Fa label
		443	is
		444	.Dv NULL
		445	or
		446	.Fa len
		447	is 0, the label is cleared.
		448	The library takes ownership of the label so the caller should not
		449	free the original memory pointed to by
		450	.Fa label .
		451	The padding mode must have been set to
		452	.Dv RSA_PKCS1_OAEP_PADDING .
		453	.Pp
		454	The
		455	.Fn EVP_PKEY_CTX_get0_rsa_oaep_label
		456	macro gets the RSA OAEP label to
		457	.Pf * Fa plabel .
		458	The return value is the label length.
		459	The padding mode must have been set to
		460	.Dv RSA_PKCS1_OAEP_PADDING .
		461	The resulting pointer is owned by the library and should not be
		462	freed by the caller.
335	.Ss DSA parameters	463	.Ss DSA parameters
336	The macro	464	The macro
337	.Fn EVP_PKEY_CTX_set_dsa_paramgen_bits	465	.Fn EVP_PKEY_CTX_set_dsa_paramgen_bits
@@ -369,6 +497,94 @@ when generating EC parameters or an EC key.
369	The encoding can be set to 0 for explicit parameters or to	497	The encoding can be set to 0 for explicit parameters or to
370	.Dv OPENSSL_EC_NAMED_CURVE	498	.Dv OPENSSL_EC_NAMED_CURVE
371	to use named curve form.	499	to use named curve form.
		500	.Ss ECDH parameters
		501	The
		502	.Fn EVP_PKEY_CTX_set_ecdh_cofactor_mode
		503	macro sets the cofactor mode to
		504	.Fa cofactor_mode
		505	for ECDH key derivation.
		506	Possible values are 1 to enable cofactor key derivation, 0 to disable
		507	it, or -1 to clear the stored cofactor mode and fall back to the
		508	private key cofactor mode.
		509	.Pp
		510	The
		511	.Fn EVP_PKEY_CTX_get_ecdh_cofactor_mode
		512	macro returns the cofactor mode for
		513	.Fa ctx
		514	used for ECDH key derivation.
		515	Possible return values are 1 when cofactor key derivation is enabled
		516	or 0 otherwise.
		517	.Ss ECDH key derivation function parameters
		518	The
		519	.Fn EVP_PKEY_CTX_set_ecdh_kdf_type
		520	macro sets the key derivation function type to
		521	.Fa kdf
		522	for ECDH key derivation.
		523	Possible values are
		524	.Dv EVP_PKEY_ECDH_KDF_NONE
		525	or
		526	.Dv EVP_PKEY_ECDH_KDF_X9_63
		527	which uses the key derivation specified in X9.63.
		528	When using key derivation, the
		529	.Fa kdf_md
		530	and
		531	.Fa kdf_outlen
		532	parameters must also be specified.
		533	.Pp
		534	The
		535	.Fn EVP_PKEY_CTX_get_ecdh_kdf_type
		536	macro returns the key derivation function type for
		537	.Fa ctx
		538	used for ECDH key derivation.
		539	Possible return values are
		540	.Dv EVP_PKEY_ECDH_KDF_NONE
		541	or
		542	.Dv EVP_PKEY_ECDH_KDF_X9_63 .
		543	.Pp
		544	The
		545	.Fn EVP_PKEY_CTX_set_ecdh_kdf_md
		546	macro sets the key derivation function message digest to
		547	.Fa md
		548	for ECDH key derivation.
		549	Note that X9.63 specifies that this digest should be SHA1,
		550	but OpenSSL tolerates other digests.
		551	.Pp
		552	The
		553	.Fn EVP_PKEY_CTX_get_ecdh_kdf_md
		554	macro gets the key derivation function message digest for
		555	.Fa ctx
		556	used for ECDH key derivation.
		557	.Pp
		558	The
		559	.Fn EVP_PKEY_CTX_set_ecdh_kdf_outlen
		560	macro sets the key derivation function output length to
		561	.Fa len
		562	for ECDH key derivation.
		563	.Pp
		564	The
		565	.Fn EVP_PKEY_CTX_get_ecdh_kdf_outlen
		566	macro gets the key derivation function output length for
		567	.Fa ctx
		568	used for ECDH key derivation.
		569	.Pp
		570	The
		571	.Fn EVP_PKEY_CTX_set0_ecdh_kdf_ukm
		572	macro sets the user key material to
		573	.Fa ukm
		574	for ECDH key derivation.
		575	This parameter is optional and corresponds to the shared info
		576	in X9.63 terms.
		577	The library takes ownership of the user key material, so the caller
		578	should not free the original memory pointed to by
		579	.Fa ukm .
		580	.Pp
		581	The
		582	.Fn EVP_PKEY_CTX_get0_ecdh_kdf_ukm
		583	macro gets the user key material for
		584	.Fa ctx .
		585	The return value is the user key material length.
		586	The resulting pointer is owned by the library and should not be
		587	freed by the caller.
372	.Ss Other parameters	588	.Ss Other parameters
373	The	589	The
374	.Fn EVP_PKEY_CTX_set1_id ,	590	.Fn EVP_PKEY_CTX_set1_id ,
@@ -443,9 +659,19 @@ first appeared in OpenSSL 1.0.1 and have been available since
443	.Ox 5.3 .	659	.Ox 5.3 .
444	.Pp	660	.Pp
445	The functions	661	The functions
446	.Fn EVP_PKEY_CTX_get_signature_md	662	.Fn EVP_PKEY_CTX_get_signature_md ,
		663	.Fn EVP_PKEY_CTX_set_ec_param_enc ,
		664	.Fn EVP_PKEY_CTX_set_ecdh_cofactor_mode ,
		665	.Fn EVP_PKEY_CTX_get_ecdh_cofactor_mode ,
		666	.Fn EVP_PKEY_CTX_set_ecdh_kdf_type ,
		667	.Fn EVP_PKEY_CTX_get_ecdh_kdf_type ,
		668	.Fn EVP_PKEY_CTX_set_ecdh_kdf_md ,
		669	.Fn EVP_PKEY_CTX_get_ecdh_kdf_md ,
		670	.Fn EVP_PKEY_CTX_set_ecdh_kdf_outlen ,
		671	.Fn EVP_PKEY_CTX_get_ecdh_kdf_outlen ,
		672	.Fn EVP_PKEY_CTX_set0_ecdh_kdf_ukm ,
447	and	673	and
448	.Fn EVP_PKEY_CTX_set_ec_param_enc	674	.Fn EVP_PKEY_CTX_get0_ecdh_kdf_ukm
449	first appeared in OpenSSL 1.0.2 and have been available since	675	first appeared in OpenSSL 1.0.2 and have been available since
450	.Ox 6.6 .	676	.Ox 6.6 .
451	.Pp	677	.Pp
@@ -456,3 +682,12 @@ and
456	.Fn EVP_PKEY_CTX_get1_id_len	682	.Fn EVP_PKEY_CTX_get1_id_len
457	first appeared in OpenSSL 1.1.1 and have been available since	683	first appeared in OpenSSL 1.1.1 and have been available since
458	.Ox 6.6 .	684	.Ox 6.6 .
		685	.Pp
		686	The functions
		687	.Fn EVP_PKEY_CTX_set_rsa_oaep_md ,
		688	.Fn EVP_PKEY_CTX_get_rsa_oaep_md ,
		689	.Fn EVP_PKEY_CTX_set0_rsa_oaep_label ,
		690	and
		691	.Fn EVP_PKEY_CTX_get0_rsa_oaep_label
		692	first appeared in OpenSSL 1.0.2 and have been available since
		693	.Ox 6.7 .