From 47e84843ddbe911caedf2ef9064648619892ffd5 Mon Sep 17 00:00:00 2001 From: schwarze <> Date: Fri, 21 Dec 2018 23:51:42 +0000 Subject: The wrong header file was given for EVP_PKEY_CTX_set_signature_md(3). Also clarify to which algorithms it applies. From Matt Caswell <matt at openssl dot org> via OpenSSL commit d45a97f4 Mar 5 17:41:49 2018 +0000. Document EVP_PKEY_CTX_get_rsa_padding(3), EVP_PKEY_CTX_get_rsa_pss_saltlen(3), EVP_PKEY_CTX_set_rsa_mgf1_md(3), and EVP_PKEY_CTX_get_rsa_mgf1_md(3). From Antoine Salon <asalon at vmware dot com> via OpenSSL commit 87103969 Oct 1 14:11:57 2018 -0700 from the OpenSSL_1_1_1-stable branch, which is still under a free license. --- src/lib/libcrypto/man/EVP_PKEY_CTX_ctrl.3 | 82 ++++++++++++++++++++++++++----- 1 file changed, 69 insertions(+), 13 deletions(-) (limited to 'src') diff --git a/src/lib/libcrypto/man/EVP_PKEY_CTX_ctrl.3 b/src/lib/libcrypto/man/EVP_PKEY_CTX_ctrl.3 index 8462da6d46..a49c31cd67 100644 --- a/src/lib/libcrypto/man/EVP_PKEY_CTX_ctrl.3 +++ b/src/lib/libcrypto/man/EVP_PKEY_CTX_ctrl.3 @@ -1,9 +1,9 @@ -.\" $OpenBSD: EVP_PKEY_CTX_ctrl.3,v 1.11 2018/03/23 23:18:17 schwarze Exp $ -.\" OpenSSL EVP_PKEY_CTX_ctrl.pod 1722496f Jun 8 15:18:38 2017 -0400 -.\" OpenSSL EVP_PKEY_CTX_ctrl.pod e03af178 Dec 11 17:05:57 2014 -0500 +.\" $OpenBSD: EVP_PKEY_CTX_ctrl.3,v 1.12 2018/12/21 23:51:42 schwarze Exp $ +.\" full merge up to: OpenSSL e03af178 Dec 11 17:05:57 2014 -0500 +.\" selective merge up to: OpenSSL df75c2bf Dec 9 01:02:36 2018 +0100 .\" .\" This file was written by Dr. Stephen Henson <steve@openssl.org>. -.\" Copyright (c) 2006, 2009, 2013, 2014, 2015 The OpenSSL Project. +.\" Copyright (c) 2006, 2009, 2013, 2014, 2015, 2018 The OpenSSL Project. .\" All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without @@ -50,7 +50,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: March 23 2018 $ +.Dd $Mdocdate: December 21 2018 $ .Dt EVP_PKEY_CTX_CTRL 3 .Os .Sh NAME @@ -58,9 +58,13 @@ .Nm EVP_PKEY_CTX_ctrl_str , .Nm EVP_PKEY_CTX_set_signature_md , .Nm EVP_PKEY_CTX_set_rsa_padding , +.Nm EVP_PKEY_CTX_get_rsa_padding , .Nm EVP_PKEY_CTX_set_rsa_pss_saltlen , +.Nm EVP_PKEY_CTX_get_rsa_pss_saltlen , .Nm EVP_PKEY_CTX_set_rsa_keygen_bits , .Nm EVP_PKEY_CTX_set_rsa_keygen_pubexp , +.Nm EVP_PKEY_CTX_set_rsa_mgf1_md , +.Nm EVP_PKEY_CTX_get_rsa_mgf1_md , .Nm EVP_PKEY_CTX_set_dsa_paramgen_bits , .Nm EVP_PKEY_CTX_set_dh_paramgen_prime_len , .Nm EVP_PKEY_CTX_set_dh_paramgen_generator , @@ -83,23 +87,33 @@ .Fa "const char *type" .Fa "const char *value" .Fc -.In openssl/rsa.h .Ft int .Fo EVP_PKEY_CTX_set_signature_md .Fa "EVP_PKEY_CTX *ctx" .Fa "const EVP_MD *md" .Fc +.In openssl/rsa.h .Ft int .Fo EVP_PKEY_CTX_set_rsa_padding .Fa "EVP_PKEY_CTX *ctx" .Fa "int pad" .Fc .Ft int +.Fo EVP_PKEY_CTX_get_rsa_padding +.Fa "EVP_PKEY_CTX *ctx" +.Fa "int *ppad" +.Fc +.Ft int .Fo EVP_PKEY_CTX_set_rsa_pss_saltlen .Fa "EVP_PKEY_CTX *ctx" .Fa "int len" .Fc .Ft int +.Fo EVP_PKEY_CTX_get_rsa_pss_saltlen +.Fa "EVP_PKEY_CTX *ctx" +.Fa "int *plen" +.Fc +.Ft int .Fo EVP_PKEY_CTX_set_rsa_keygen_bits .Fa "EVP_PKEY_CTX *ctx" .Fa "int mbits" @@ -109,6 +123,16 @@ .Fa "EVP_PKEY_CTX *ctx" .Fa "BIGNUM *pubexp" .Fc +.Ft int +.Fo EVP_PKEY_CTX_set_rsa_mgf1_md +.Fa "EVP_PKEY_CTX *ctx" +.Fa "const EVP_MD *md" +.Fc +.Ft int +.Fo EVP_PKEY_CTX_get_rsa_mgf1_md +.Fa "EVP_PKEY_CTX *ctx" +.Fa "const EVP_MD **pmd" +.Fc .In openssl/dsa.h .Ft int .Fo EVP_PKEY_CTX_set_dsa_paramgen_bits @@ -179,12 +203,11 @@ All the remaining "functions" are implemented as macros. The .Fn EVP_PKEY_CTX_set_signature_md macro sets the message digest type used in a signature. -It can be used with any public key algorithm supporting signature -operations. -.Pp -The macro +It can be used with the RSA, DSA, and ECDSA algorithms. +.Ss RSA parameters +The .Fn EVP_PKEY_CTX_set_rsa_padding -sets the RSA padding mode for +macro sets the RSA padding mode for .Fa ctx . The .Fa pad @@ -216,6 +239,11 @@ If it is not called then the first byte of the plaintext buffer is expected to be the algorithm identifier byte. .Pp The +.Fn EVP_PKEY_CTX_get_rsa_padding +macro retrieves the RSA padding mode for +.Fa ctx . +.Pp +The .Fn EVP_PKEY_CTX_set_rsa_pss_saltlen macro sets the RSA PSS salt length to .Fa len . @@ -229,6 +257,13 @@ If this macro is not called a salt length value of -2 is used by default. .Pp The +.Fn EVP_PKEY_CTX_get_rsa_pss_saltlen +macro retrieves the RSA PSS salt length for +.Fa ctx . +The padding mode must have been set to +.Dv RSA_PKCS1_PSS_PADDING . +.Pp +The .Fn EVP_PKEY_CTX_set_rsa_keygen_bits macro sets the RSA key length for RSA key generation to .Fa mbits . @@ -245,17 +280,38 @@ pointer is used internally by this function, so it should not be modified or freed after the call. If this macro is not called, then 65537 is used. .Pp +The +.Fn EVP_PKEY_CTX_set_rsa_mgf1_md +macro sets the MGF1 digest for RSA padding schemes to +.Fa md . +Unless explicitly specified, the signing digest is used. +The padding mode must have been set to +.Dv RSA_PKCS1_OAEP_PADDING +or +.Dv RSA_PKCS1_PSS_PADDING . +.Pp +The +.Fn EVP_PKEY_CTX_get_rsa_mgf1_md +macro retrieves the MGF1 digest for +.Fa ctx . +Unless explicitly specified, the signing digest is used. +The padding mode must have been set to +.Dv RSA_PKCS1_OAEP_PADDING +or +.Dv RSA_PKCS1_PSS_PADDING . +.Ss DSA parameters The macro .Fn EVP_PKEY_CTX_set_dsa_paramgen_bits sets the number of bits used for DSA parameter generation to .Fa nbits . If not specified, 1024 is used. -.Pp +.Ss DH parameters The macro .Fn EVP_PKEY_CTX_set_dh_paramgen_prime_len sets the length of the DH prime parameter .Fa len for DH parameter generation. +It only accepts lengths greater than or equal to 256. If this macro is not called, then 1024 is used. .Pp The @@ -264,7 +320,7 @@ macro sets DH generator to .Fa gen for DH parameter generation. If not specified, 2 is used. -.Pp +.Ss EC parameters The .Fn EVP_PKEY_CTX_set_ec_paramgen_curve_nid sets the EC curve for EC parameter generation to -- cgit v1.2.3-55-g6feb