1 files changed, 47 insertions, 18 deletions
diff --git a/src/lib/libcrypto/man/EVP_PKEY_CTX_ctrl.3 b/src/lib/libcrypto/man/EVP_PKEY_CTX_ctrl.3
index 9049a11832..0a70e51ad6 100644
--- a/src/lib/libcrypto/man/EVP_PKEY_CTX_ctrl.3
+++ b/src/lib/libcrypto/man/EVP_PKEY_CTX_ctrl.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: EVP_PKEY_CTX_ctrl.3,v 1.25 2024/11/07 17:33:42 schwarze Exp $
+.\" $OpenBSD: EVP_PKEY_CTX_ctrl.3,v 1.26 2024/11/24 14:48:12 schwarze Exp $
 .\" full merge up to: OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400
 .\" selective merge up to: OpenSSL 24a535ea Sep 22 13:14:20 2020 +0100
 .\" Parts were split out into RSA_pkey_ctx_ctrl(3).
@@ -69,7 +69,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: November 7 2024 $
+.Dd $Mdocdate: November 24 2024 $
 .Dt EVP_PKEY_CTX_CTRL 3
 .Os
 .Sh NAME
@@ -411,24 +411,34 @@ The return value is the user key material length.
 The resulting pointer is owned by the library and should not be
 freed by the caller.
 .Ss CMAC parameters
-Application programs normally initialize an
+Application programs normally implement CMAC as described in
-.Vt EVP_PKEY_CTX
+.Xr EVP_PKEY_new_CMAC_key 3
-object using
+and do not need the control commands documented here.
-.Xr EVP_PKEY_CTX_new 3 ,
+.Pp
-specifying the
+Alternatively, the call to
-.Vt EVP_PKEY
+.Xr EVP_PKEY_new_CMAC_key 3
-object containing the symmetric key right away.
+can be replaced as follows,
-Alternatively, an empty
+leaving the rest of the example code given there unchanged:
+.Pp
+.Bl -enum -width 2n -compact
+.It
+Create an empty
 .Vt EVP_PKEY_CTX
-object can be created by passing the
+object by passing the
 .Dv EVP_PKEY_CMAC
 constant to
 .Xr EVP_PKEY_CTX_new_id 3 .
-After that, the block cipher can be selected by calling
+.It
+Initialize it with
+.Xr EVP_PKEY_keygen_init 3 .
+.It
+Select the block cipher by calling
 .Fn EVP_PKEY_CTX_ctrl
 with an
 .Fa optype
-of \-1, a
+of
+.Dv EVP_PKEY_OP_KEYGEN ,
+a
 .Fa cmd
 of
 .Dv EVP_PKEY_CTRL_CIPHER ,
@@ -441,13 +451,14 @@ object, which can be obtained from the functions in the CIPHER LISTING in
 The
 .Fa p1
 argument is ignored; passing 0 is recommended.
-.Pp
+.It
-After selecting the block cipher with
+Call
-.Dv EVP_PKEY_CTRL_CIPHER ,
 .Fn EVP_PKEY_CTX_ctrl
-can be called again with an
+again with an
 .Fa optype
-of \-1, a
+of
+.Dv EVP_PKEY_OP_KEYGEN ,
+a
 .Fa cmd
 of
 .Dv EVP_PKEY_CTRL_SET_MAC_KEY ,
@@ -455,6 +466,24 @@ of
 pointing to the symmetric key, and
 .Fa p1
 specifying the length of the symmetric key in bytes.
+.It
+Extract the desired
+.Vt EVP_PKEY
+object using
+.Xr EVP_PKEY_keygen 3 ,
+making sure the
+.Fa ppkey
+argument points to a storage location containing a
+.Dv NULL
+pointer.
+.It
+Proceed with
+.Xr EVP_MD_CTX_new 3 ,
+.Xr EVP_DigestSignInit 3 ,
+and
+.Xr EVP_DigestSign 3
+as usual.
+.El
 .Ss Other parameters
 The
 .Fn EVP_PKEY_CTX_set1_id ,

diff --git a/src/lib/libcrypto/man/EVP_PKEY_CTX_ctrl.3 b/src/lib/libcrypto/man/EVP_PKEY_CTX_ctrl.3 index 9049a11832..0a70e51ad6 100644 --- a/src/lib/libcrypto/man/EVP_PKEY_CTX_ctrl.3 +++ b/src/lib/libcrypto/man/EVP_PKEY_CTX_ctrl.3
@@ -1,4 +1,4 @@
1	.\" $OpenBSD: EVP_PKEY_CTX_ctrl.3,v 1.25 2024/11/07 17:33:42 schwarze Exp $	1	.\" $OpenBSD: EVP_PKEY_CTX_ctrl.3,v 1.26 2024/11/24 14:48:12 schwarze Exp $
2	.\" full merge up to: OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400	2	.\" full merge up to: OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400
3	.\" selective merge up to: OpenSSL 24a535ea Sep 22 13:14:20 2020 +0100	3	.\" selective merge up to: OpenSSL 24a535ea Sep 22 13:14:20 2020 +0100
4	.\" Parts were split out into RSA_pkey_ctx_ctrl(3).	4	.\" Parts were split out into RSA_pkey_ctx_ctrl(3).
@@ -69,7 +69,7 @@
69	.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED	69	.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
70	.\" OF THE POSSIBILITY OF SUCH DAMAGE.	70	.\" OF THE POSSIBILITY OF SUCH DAMAGE.
71	.\"	71	.\"
72	.Dd $Mdocdate: November 7 2024 $	72	.Dd $Mdocdate: November 24 2024 $
73	.Dt EVP_PKEY_CTX_CTRL 3	73	.Dt EVP_PKEY_CTX_CTRL 3
74	.Os	74	.Os
75	.Sh NAME	75	.Sh NAME
@@ -411,24 +411,34 @@ The return value is the user key material length.
411	The resulting pointer is owned by the library and should not be	411	The resulting pointer is owned by the library and should not be
412	freed by the caller.	412	freed by the caller.
413	.Ss CMAC parameters	413	.Ss CMAC parameters
414	Application programs normally initialize an	414	Application programs normally implement CMAC as described in
415	.Vt EVP_PKEY_CTX	415	.Xr EVP_PKEY_new_CMAC_key 3
416	object using	416	and do not need the control commands documented here.
417	.Xr EVP_PKEY_CTX_new 3 ,	417	.Pp
418	specifying the	418	Alternatively, the call to
419	.Vt EVP_PKEY	419	.Xr EVP_PKEY_new_CMAC_key 3
420	object containing the symmetric key right away.	420	can be replaced as follows,
421	Alternatively, an empty	421	leaving the rest of the example code given there unchanged:
		422	.Pp
		423	.Bl -enum -width 2n -compact
		424	.It
		425	Create an empty
422	.Vt EVP_PKEY_CTX	426	.Vt EVP_PKEY_CTX
423	object can be created by passing the	427	object by passing the
424	.Dv EVP_PKEY_CMAC	428	.Dv EVP_PKEY_CMAC
425	constant to	429	constant to
426	.Xr EVP_PKEY_CTX_new_id 3 .	430	.Xr EVP_PKEY_CTX_new_id 3 .
427	After that, the block cipher can be selected by calling	431	.It
		432	Initialize it with
		433	.Xr EVP_PKEY_keygen_init 3 .
		434	.It
		435	Select the block cipher by calling
428	.Fn EVP_PKEY_CTX_ctrl	436	.Fn EVP_PKEY_CTX_ctrl
429	with an	437	with an
430	.Fa optype	438	.Fa optype
431	of \-1, a	439	of
		440	.Dv EVP_PKEY_OP_KEYGEN ,
		441	a
432	.Fa cmd	442	.Fa cmd
433	of	443	of
434	.Dv EVP_PKEY_CTRL_CIPHER ,	444	.Dv EVP_PKEY_CTRL_CIPHER ,
@@ -441,13 +451,14 @@ object, which can be obtained from the functions in the CIPHER LISTING in
441	The	451	The
442	.Fa p1	452	.Fa p1
443	argument is ignored; passing 0 is recommended.	453	argument is ignored; passing 0 is recommended.
444	.Pp	454	.It
445	After selecting the block cipher with	455	Call
446	.Dv EVP_PKEY_CTRL_CIPHER ,
447	.Fn EVP_PKEY_CTX_ctrl	456	.Fn EVP_PKEY_CTX_ctrl
448	can be called again with an	457	again with an
449	.Fa optype	458	.Fa optype
450	of \-1, a	459	of
		460	.Dv EVP_PKEY_OP_KEYGEN ,
		461	a
451	.Fa cmd	462	.Fa cmd
452	of	463	of
453	.Dv EVP_PKEY_CTRL_SET_MAC_KEY ,	464	.Dv EVP_PKEY_CTRL_SET_MAC_KEY ,
@@ -455,6 +466,24 @@ of
455	pointing to the symmetric key, and	466	pointing to the symmetric key, and
456	.Fa p1	467	.Fa p1
457	specifying the length of the symmetric key in bytes.	468	specifying the length of the symmetric key in bytes.
		469	.It
		470	Extract the desired
		471	.Vt EVP_PKEY
		472	object using
		473	.Xr EVP_PKEY_keygen 3 ,
		474	making sure the
		475	.Fa ppkey
		476	argument points to a storage location containing a
		477	.Dv NULL
		478	pointer.
		479	.It
		480	Proceed with
		481	.Xr EVP_MD_CTX_new 3 ,
		482	.Xr EVP_DigestSignInit 3 ,
		483	and
		484	.Xr EVP_DigestSign 3
		485	as usual.
		486	.El
458	.Ss Other parameters	487	.Ss Other parameters
459	The	488	The
460	.Fn EVP_PKEY_CTX_set1_id ,	489	.Fn EVP_PKEY_CTX_set1_id ,