diff options
| author |   schwarze <schwarze@openbsd.org> | 2016-11-03 09:35:34 +0000 |
|---|---|---|
| committer | schwarze <schwarze@openbsd.org> | 2016-11-03 09:35:34 +0000 |
| commit | d5c51cd3bce00419ae1e97dcc5ef8ccd4e99cbb7 (patch) | |
| tree | a172f496f900badc8b0d563025d497db54b67866 | |
| parent | Always call if_put() during the interface iteration on port status multipart (diff) | |
| download | wireguard-openbsd-d5c51cd3bce00419ae1e97dcc5ef8ccd4e99cbb7.tar.xz wireguard-openbsd-d5c51cd3bce00419ae1e97dcc5ef8ccd4e99cbb7.zip | |
convert EVP manuals from pod to mdoc
49 files changed, 4229 insertions, 2724 deletions
diff --git a/lib/libcrypto/doc/EVP_BytesToKey.pod b/lib/libcrypto/doc/EVP_BytesToKey.pod deleted file mode 100644 index 2dffaa1efa2..00000000000 --- a/lib/libcrypto/doc/EVP_BytesToKey.pod +++ /dev/null @@ -1,68 +0,0 @@ -=pod - -=head1 NAME - -EVP_BytesToKey - password based encryption routine - -=head1 SYNOPSIS - - #include <openssl/evp.h> - - int EVP_BytesToKey(const EVP_CIPHER *type,const EVP_MD *md, - const unsigned char *salt, - const unsigned char *data, int datal, int count, - unsigned char *key,unsigned char *iv); - -=head1 DESCRIPTION - -EVP_BytesToKey() derives a key and IV from various parameters. B<type> is -the cipher to derive the key and IV for. B<md> is the message digest to use. -The B<salt> parameter is used as a salt in the derivation: it should point to -an 8 byte buffer or NULL if no salt is used. B<data> is a buffer containing -B<datal> bytes which is used to derive the keying data. B<count> is the -iteration count to use. The derived key and IV will be written to B<key> -and B<iv> respectively. - -=head1 NOTES - -A typical application of this function is to derive keying material for an -encryption algorithm from a password in the B<data> parameter. - -Increasing the B<count> parameter slows down the algorithm which makes it -harder for an attacker to perform a brute force attack using a large number -of candidate passwords. - -If the total key and IV length is less than the digest length and -B<MD5> is used then the derivation algorithm is compatible with PKCS#5 v1.5 -otherwise a non standard extension is used to derive the extra data. - -Newer applications should use more standard algorithms such as PBKDF2 as -defined in PKCS#5v2.1 for key derivation. - -=head1 KEY DERIVATION ALGORITHM - -The key and IV is derived by concatenating D_1, D_2, etc until -enough data is available for the key and IV. D_i is defined as: - - D_i = HASH^count(D_(i-1) || data || salt) - -where || denotes concatenation, D_0 is empty, HASH is the digest -algorithm in use, HASH^1(data) is simply HASH(data), HASH^2(data) -is HASH(HASH(data)) and so on. - -The initial bytes are used for the key and the subsequent bytes for -the IV. - -=head1 RETURN VALUES - -EVP_BytesToKey() returns the size of the derived key in bytes. - -=head1 SEE ALSO - -L<evp(3)|evp(3)>, L<rand(3)|rand(3)>, -L<PKCS5_PBKDF2_HMAC(3)|PKCS5_PBKDF2_HMAC(3)>, -L<EVP_EncryptInit(3)|EVP_EncryptInit(3)> - -=head1 HISTORY - -=cut diff --git a/lib/libcrypto/doc/EVP_DigestInit.pod b/lib/libcrypto/doc/EVP_DigestInit.pod deleted file mode 100644 index c83dcc736fe..00000000000 --- a/lib/libcrypto/doc/EVP_DigestInit.pod +++ /dev/null @@ -1,277 +0,0 @@ -=pod - -=head1 NAME - -EVP_MD_CTX_init, EVP_MD_CTX_create, EVP_DigestInit_ex, EVP_DigestUpdate, -EVP_DigestFinal_ex, EVP_MD_CTX_cleanup, EVP_MD_CTX_destroy, EVP_MAX_MD_SIZE, -EVP_MD_CTX_copy_ex, EVP_MD_CTX_copy, EVP_MD_type, EVP_MD_pkey_type, -EVP_MD_size, EVP_MD_block_size, EVP_MD_CTX_md, EVP_MD_CTX_size, -EVP_MD_CTX_block_size, EVP_MD_CTX_type, EVP_md_null, EVP_md2, EVP_md5, -EVP_sha1, EVP_sha224, EVP_sha256, EVP_sha384, EVP_sha512, EVP_dss, EVP_dss1, -EVP_ripemd160, EVP_get_digestbyname, EVP_get_digestbynid, -EVP_get_digestbyobj, EVP_DigestInit, EVP_DigestFinal - EVP digest routines - -=head1 SYNOPSIS - - #include <openssl/evp.h> - - void EVP_MD_CTX_init(EVP_MD_CTX *ctx); - EVP_MD_CTX *EVP_MD_CTX_create(void); - - int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl); - int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *d, size_t cnt); - int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, - unsigned int *s); - - int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx); - void EVP_MD_CTX_destroy(EVP_MD_CTX *ctx); - - int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out,const EVP_MD_CTX *in); - - int EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type); - int EVP_DigestFinal(EVP_MD_CTX *ctx, unsigned char *md, - unsigned int *s); - - int EVP_MD_CTX_copy(EVP_MD_CTX *out,EVP_MD_CTX *in); - - #define EVP_MAX_MD_SIZE 64 /* SHA512 */ - - int EVP_MD_type(const EVP_MD *md); - int EVP_MD_pkey_type(const EVP_MD *md); - int EVP_MD_size(const EVP_MD *md); - int EVP_MD_block_size(const EVP_MD *md); - - const EVP_MD *EVP_MD_CTX_md(const EVP_MD_CTX *ctx); - #define EVP_MD_CTX_size(e) EVP_MD_size(EVP_MD_CTX_md(e)) - #define EVP_MD_CTX_block_size(e) EVP_MD_block_size((e)->digest) - #define EVP_MD_CTX_type(e) EVP_MD_type((e)->digest) - - const EVP_MD *EVP_md_null(void); - const EVP_MD *EVP_md2(void); - const EVP_MD *EVP_md5(void); - const EVP_MD *EVP_sha1(void); - const EVP_MD *EVP_dss(void); - const EVP_MD *EVP_dss1(void); - const EVP_MD *EVP_ripemd160(void); - - const EVP_MD *EVP_sha224(void); - const EVP_MD *EVP_sha256(void); - const EVP_MD *EVP_sha384(void); - const EVP_MD *EVP_sha512(void); - - const EVP_MD *EVP_get_digestbyname(const char *name); - #define EVP_get_digestbynid(a) EVP_get_digestbyname(OBJ_nid2sn(a)) - #define EVP_get_digestbyobj(a) EVP_get_digestbynid(OBJ_obj2nid(a)) - -=head1 DESCRIPTION - -The EVP digest routines are a high level interface to message digests. - -EVP_MD_CTX_init() initializes digest context B<ctx>. - -EVP_MD_CTX_create() allocates, initializes and returns a digest context. - -EVP_DigestInit_ex() sets up digest context B<ctx> to use a digest -B<type> from ENGINE B<impl>. B<ctx> must be initialized before calling this -function. B<type> will typically be supplied by a function such as EVP_sha1(). -If B<impl> is NULL then the default implementation of digest B<type> is used. - -EVP_DigestUpdate() hashes B<cnt> bytes of data at B<d> into the -digest context B<ctx>. This function can be called several times on the -same B<ctx> to hash additional data. - -EVP_DigestFinal_ex() retrieves the digest value from B<ctx> and places -it in B<md>. If the B<s> parameter is not NULL then the number of -bytes of data written (i.e. the length of the digest) will be written -to the integer at B<s>, at most B<EVP_MAX_MD_SIZE> bytes will be written. -After calling EVP_DigestFinal_ex() no additional calls to EVP_DigestUpdate() -can be made, but EVP_DigestInit_ex() can be called to initialize a new -digest operation. - -EVP_MD_CTX_cleanup() cleans up digest context B<ctx>, it should be called -after a digest context is no longer needed. - -EVP_MD_CTX_destroy() cleans up digest context B<ctx> and frees up the -space allocated to it, it should be called only on a context created -using EVP_MD_CTX_create(). - -EVP_MD_CTX_copy_ex() can be used to copy the message digest state from -B<in> to B<out>. This is useful if large amounts of data are to be -hashed which only differ in the last few bytes. B<out> must be initialized -before calling this function. - -EVP_DigestInit() behaves in the same way as EVP_DigestInit_ex() except -the passed context B<ctx> does not have to be initialized, and it always -uses the default digest implementation. - -EVP_DigestFinal() is similar to EVP_DigestFinal_ex() except the digest -context B<ctx> is automatically cleaned up. - -EVP_MD_CTX_copy() is similar to EVP_MD_CTX_copy_ex() except the destination -B<out> does not have to be initialized. - -EVP_MD_size() and EVP_MD_CTX_size() return the size of the message digest -when passed an B<EVP_MD> or an B<EVP_MD_CTX> structure, i.e. the size of the -hash. - -EVP_MD_block_size() and EVP_MD_CTX_block_size() return the block size of the -message digest when passed an B<EVP_MD> or an B<EVP_MD_CTX> structure. - -EVP_MD_type() and EVP_MD_CTX_type() return the NID of the OBJECT IDENTIFIER -representing the given message digest when passed an B<EVP_MD> structure. -For example EVP_MD_type(EVP_sha1()) returns B<NID_sha1>. This function is -normally used when setting ASN1 OIDs. - -EVP_MD_CTX_md() returns the B<EVP_MD> structure corresponding to the passed -B<EVP_MD_CTX>. - -EVP_MD_pkey_type() returns the NID of the public key signing algorithm -associated with this digest. For example EVP_sha1() is associated with RSA so -this will return B<NID_sha1WithRSAEncryption>. Since digests and signature -algorithms are no longer linked this function is only retained for -compatibility reasons. - -EVP_md2(), EVP_md5(), EVP_sha1(), EVP_sha224(), EVP_sha256(), EVP_sha384(), -EVP_sha512() and EVP_ripemd160() return B<EVP_MD> structures for the MD2, MD5, -SHA1, SHA224, SHA256, SHA384, SHA512 and RIPEMD160 digest algorithms -respectively. - -EVP_dss() and EVP_dss1() return B<EVP_MD> structures for SHA1 digest -algorithms but using DSS (DSA) for the signature algorithm. Note: there is -no need to use these pseudo-digests in OpenSSL 1.0.0 and later, they are -however retained for compatibility. - -EVP_md_null() is a "null" message digest that does nothing: i.e. the hash it -returns is of zero length. - -EVP_get_digestbyname(), EVP_get_digestbynid() and EVP_get_digestbyobj() -return an B<EVP_MD> structure when passed a digest name, a digest NID or -an ASN1_OBJECT structure respectively. The digest table must be initialized -using, for example, OpenSSL_add_all_digests() for these functions to work. - -=head1 RETURN VALUES - -EVP_DigestInit_ex(), EVP_DigestUpdate() and EVP_DigestFinal_ex() return 1 for -success and 0 for failure. - -EVP_MD_CTX_copy_ex() returns 1 if successful or 0 for failure. - -EVP_MD_type(), EVP_MD_pkey_type() and EVP_MD_type() return the NID of the -corresponding OBJECT IDENTIFIER or NID_undef if none exists. - -EVP_MD_size(), EVP_MD_block_size(), EVP_MD_CTX_size() and -EVP_MD_CTX_block_size() return the digest or block size in bytes. - -EVP_md_null(), EVP_md2(), EVP_md5(), EVP_sha1(), EVP_dss(), -EVP_dss1() and EVP_ripemd160() return pointers to the -corresponding EVP_MD structures. - -EVP_get_digestbyname(), EVP_get_digestbynid() and EVP_get_digestbyobj() -return either an B<EVP_MD> structure or NULL if an error occurs. - -=head1 NOTES - -The B<EVP> interface to message digests should almost always be used in -preference to the low level interfaces. This is because the code then becomes -transparent to the digest used and much more flexible. - -New applications should use the SHA2 digest algorithms such as SHA256. -The other digest algorithms are still in common use. - -For most applications the B<impl> parameter to EVP_DigestInit_ex() will be -set to NULL to use the default digest implementation. - -The functions EVP_DigestInit(), EVP_DigestFinal() and EVP_MD_CTX_copy() are -obsolete but are retained to maintain compatibility with existing code. New -applications should use EVP_DigestInit_ex(), EVP_DigestFinal_ex() and -EVP_MD_CTX_copy_ex() because they can efficiently reuse a digest context -instead of initializing and cleaning it up on each call and allow non default -implementations of digests to be specified. - -In OpenSSL 0.9.7 and later if digest contexts are not cleaned up after use -memory leaks will occur. - -Stack allocation of EVP_MD_CTX structures is common, for example: - - EVP_MD_CTX mctx; - EVP_MD_CTX_init(&mctx); - -This will cause binary compatibility issues if the size of EVP_MD_CTX -structure changes (this will only happen with a major release of OpenSSL). -Applications wishing to avoid this should use EVP_MD_CTX_create() instead: - - EVP_MD_CTX *mctx; - mctx = EVP_MD_CTX_create(); - - -=head1 EXAMPLE - -This example digests the data "Test Message\n" and "Hello World\n", using the -digest name passed on the command line. - - #include <stdio.h> - #include <openssl/evp.h> - - int - main(int argc, char *argv[]) - { - EVP_MD_CTX *mdctx; - const EVP_MD *md; - const char mess1[] = "Test Message\n"; - const char mess2[] = "Hello World\n"; - unsigned char md_value[EVP_MAX_MD_SIZE]; - int md_len, i; - - OpenSSL_add_all_digests(); - - if (argc <= 1) { - printf("Usage: mdtest digestname\n"); - exit(1); - } - - md = EVP_get_digestbyname(argv[1]); - if (md == NULL) { - printf("Unknown message digest %s\n", argv[1]); - exit(1); - } - - mdctx = EVP_MD_CTX_create(); - EVP_DigestInit_ex(mdctx, md, NULL); - EVP_DigestUpdate(mdctx, mess1, strlen(mess1)); - EVP_DigestUpdate(mdctx, mess2, strlen(mess2)); - EVP_DigestFinal_ex(mdctx, md_value, &md_len); - EVP_MD_CTX_destroy(mdctx); - - printf("Digest is: "); - for(i = 0; i < md_len; i++) - printf("%02x", md_value[i]); - printf("\n"); - } - -=head1 SEE ALSO - -L<evp(3)|evp(3)>, L<hmac(3)|hmac(3)>, L<md2(3)|md2(3)>, -L<md5(3)|md5(3)>, L<ripemd(3)|ripemd(3)>, -L<sha(3)|sha(3)>, L<dgst(1)|dgst(1)> - -=head1 HISTORY - -EVP_DigestInit(), EVP_DigestUpdate() and EVP_DigestFinal() are -available in all versions of SSLeay and OpenSSL. - -EVP_MD_CTX_init(), EVP_MD_CTX_create(), EVP_MD_CTX_copy_ex(), -EVP_MD_CTX_cleanup(), EVP_MD_CTX_destroy(), EVP_DigestInit_ex() -and EVP_DigestFinal_ex() were added in OpenSSL 0.9.7. - -EVP_md_null(), EVP_md2(), EVP_md5(), EVP_sha1(), -EVP_dss(), EVP_dss1() and EVP_ripemd160() were -changed to return truely const EVP_MD * in OpenSSL 0.9.7. - -The link between digests and signing algorithms was fixed in OpenSSL 1.0 and -later, so now EVP_sha1() can be used with RSA and DSA, there is no need to -use EVP_dss1() any more. - -OpenSSL 1.0 and later does not include the MD2 digest algorithm in the -default configuration due to its security weaknesses. - -=cut diff --git a/lib/libcrypto/doc/EVP_DigestSignInit.pod b/lib/libcrypto/doc/EVP_DigestSignInit.pod deleted file mode 100644 index 00205d2ae98..00000000000 --- a/lib/libcrypto/doc/EVP_DigestSignInit.pod +++ /dev/null @@ -1,85 +0,0 @@ -=pod - -=head1 NAME - -EVP_DigestSignInit, EVP_DigestSignUpdate, EVP_DigestSignFinal - EVP signing -functions - -=head1 SYNOPSIS - - #include <openssl/evp.h> - - int EVP_DigestSignInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, - const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey); - int EVP_DigestSignUpdate(EVP_MD_CTX *ctx, const void *d, unsigned int cnt); - int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sig, size_t *siglen); - -=head1 DESCRIPTION - -The EVP signature routines are a high level interface to digital signatures. - -EVP_DigestSignInit() sets up signing context B<ctx> to use digest B<type> from -ENGINE B<impl> and private key B<pkey>. B<ctx> must be initialized with -EVP_MD_CTX_init() before calling this function. If B<pctx> is not NULL the -EVP_PKEY_CTX of the signing operation will be written to B<*pctx>: this can -be used to set alternative signing options. - -EVP_DigestSignUpdate() hashes B<cnt> bytes of data at B<d> into the -signature context B<ctx>. This function can be called several times on the -same B<ctx> to include additional data. This function is currently implemented -using a macro. - -EVP_DigestSignFinal() signs the data in B<ctx> places the signature in B<sig>. -If B<sig> is B<NULL> then the maximum size of the output buffer is written to -the B<siglen> parameter. If B<sig> is not B<NULL> then before the call the -B<siglen> parameter should contain the length of the B<sig> buffer, if the -call is successful the signature is written to B<sig> and the amount of data -written to B<siglen>. - -=head1 RETURN VALUES - -EVP_DigestSignInit() EVP_DigestSignUpdate() and EVP_DigestSignaFinal() return -1 for success and 0 or a negative value for failure. In particular a return -value of -2 indicates the operation is not supported by the public key -algorithm. - -The error codes can be obtained from L<ERR_get_error(3)|ERR_get_error(3)>. - -=head1 NOTES - -The B<EVP> interface to digital signatures should almost always be used in -preference to the low level interfaces. This is because the code then becomes -transparent to the algorithm used and much more flexible. - -In previous versions of OpenSSL there was a link between message digest types -and public key algorithms. This meant that "clone" digests such as EVP_dss1() -needed to be used to sign using SHA1 and DSA. This is no longer necessary and -the use of clone digest is now discouraged. - -The call to EVP_DigestSignFinal() internally finalizes a copy of the digest -context. This means that calls to EVP_DigestSignUpdate() and -EVP_DigestSignFinal() can be called later to digest and sign additional data. - -Since only a copy of the digest context is ever finalized the context must -be cleaned up after use by calling EVP_MD_CTX_cleanup() or a memory leak -will occur. - -The use of EVP_PKEY_size() with these functions is discouraged because some -signature operations may have a signature length which depends on the -parameters set. As a result EVP_PKEY_size() would have to return a value -which indicates the maximum possible signature for any set of parameters. - -=head1 SEE ALSO - -L<EVP_DigestVerifyInit(3)|EVP_DigestVerifyInit(3)>, -L<EVP_DigestInit(3)|EVP_DigestInit(3)>, L<err(3)|err(3)>, -L<evp(3)|evp(3)>, L<hmac(3)|hmac(3)>, L<md2(3)|md2(3)>, -L<md5(3)|md5(3)>, L<ripemd(3)|ripemd(3)>, -L<sha(3)|sha(3)>, L<dgst(1)|dgst(1)> - -=head1 HISTORY - -EVP_DigestSignInit(), EVP_DigestSignUpdate() and EVP_DigestSignFinal() -were first added to OpenSSL 1.0.0. - -=cut diff --git a/lib/libcrypto/doc/EVP_DigestVerifyInit.pod b/lib/libcrypto/doc/EVP_DigestVerifyInit.pod deleted file mode 100644 index 5dcfec1837b..00000000000 --- a/lib/libcrypto/doc/EVP_DigestVerifyInit.pod +++ /dev/null @@ -1,80 +0,0 @@ -=pod - -=head1 NAME - -EVP_DigestVerifyInit, EVP_DigestVerifyUpdate, EVP_DigestVerifyFinal - EVP -signature verification functions - -=head1 SYNOPSIS - - #include <openssl/evp.h> - - int EVP_DigestVerifyInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, - const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey); - int EVP_DigestVerifyUpdate(EVP_MD_CTX *ctx, const void *d, unsigned int cnt); - int EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, unsigned char *sig, size_t siglen); - -=head1 DESCRIPTION - -The EVP signature routines are a high level interface to digital signatures. - -EVP_DigestVerifyInit() sets up verification context B<ctx> to use digest -B<type> from ENGINE B<impl> and public key B<pkey>. B<ctx> must be initialized -with EVP_MD_CTX_init() before calling this function. If B<pctx> is not NULL the -EVP_PKEY_CTX of the verification operation will be written to B<*pctx>: this -can be used to set alternative verification options. - -EVP_DigestVerifyUpdate() hashes B<cnt> bytes of data at B<d> into the -verification context B<ctx>. This function can be called several times on the -same B<ctx> to include additional data. This function is currently implemented -using a macro. - -EVP_DigestVerifyFinal() verifies the data in B<ctx> against the signature in -B<sig> of length B<siglen>. - -=head1 RETURN VALUES - -EVP_DigestVerifyInit() and EVP_DigestVerifyUpdate() return 1 for success and 0 -or a negative value for failure. In particular a return value of -2 indicates -the operation is not supported by the public key algorithm. - -Unlike other functions the return value 0 from EVP_DigestVerifyFinal() only -indicates that the signature did not verify successfully (that is tbs did -not match the original data or the signature was of invalid form) it is not an -indication of a more serious error. - -The error codes can be obtained from L<ERR_get_error(3)|ERR_get_error(3)>. - -=head1 NOTES - -The B<EVP> interface to digital signatures should almost always be used in -preference to the low level interfaces. This is because the code then becomes -transparent to the algorithm used and much more flexible. - -In previous versions of OpenSSL there was a link between message digest types -and public key algorithms. This meant that "clone" digests such as EVP_dss1() -needed to be used to sign using SHA1 and DSA. This is no longer necessary and -the use of clone digest is now discouraged. - -The call to EVP_DigestVerifyFinal() internally finalizes a copy of the digest -context. This means that calls to EVP_VerifyUpdate() and EVP_VerifyFinal() can -be called later to digest and verify additional data. - -Since only a copy of the digest context is ever finalized the context must -be cleaned up after use by calling EVP_MD_CTX_cleanup() or a memory leak -will occur. - -=head1 SEE ALSO - -L<EVP_DigestSignInit(3)|EVP_DigestSignInit(3)>, -L<EVP_DigestInit(3)|EVP_DigestInit(3)>, L<err(3)|err(3)>, -L<evp(3)|evp(3)>, L<hmac(3)|hmac(3)>, L<md2(3)|md2(3)>, -L<md5(3)|md5(3)>, L<ripemd(3)|ripemd(3)>, -L<sha(3)|sha(3)>, L<dgst(1)|dgst(1)> - -=head1 HISTORY - -EVP_DigestVerifyInit(), EVP_DigestVerifyUpdate() and EVP_DigestVerifyFinal() -were first added to OpenSSL 1.0.0. - -=cut diff --git a/lib/libcrypto/doc/EVP_EncryptInit.pod b/lib/libcrypto/doc/EVP_EncryptInit.pod deleted file mode 100644 index 7ae3fe31eac..00000000000 --- a/lib/libcrypto/doc/EVP_EncryptInit.pod +++ /dev/null @@ -1,548 +0,0 @@ -=pod - -=head1 NAME - -EVP_CIPHER_CTX_init, EVP_EncryptInit_ex, EVP_EncryptUpdate, -EVP_EncryptFinal_ex, EVP_DecryptInit_ex, EVP_DecryptUpdate, -EVP_DecryptFinal_ex, EVP_CipherInit_ex, EVP_CipherUpdate, -EVP_CipherFinal_ex, EVP_CIPHER_CTX_set_key_length, -EVP_CIPHER_CTX_ctrl, EVP_CIPHER_CTX_cleanup, EVP_EncryptInit, -EVP_EncryptFinal, EVP_DecryptInit, EVP_DecryptFinal, -EVP_CipherInit, EVP_CipherFinal, EVP_get_cipherbyname, -EVP_get_cipherbynid, EVP_get_cipherbyobj, EVP_CIPHER_nid, -EVP_CIPHER_block_size, EVP_CIPHER_key_length, EVP_CIPHER_iv_length, -EVP_CIPHER_flags, EVP_CIPHER_mode, EVP_CIPHER_type, EVP_CIPHER_CTX_cipher, -EVP_CIPHER_CTX_nid, EVP_CIPHER_CTX_block_size, EVP_CIPHER_CTX_key_length, -EVP_CIPHER_CTX_iv_length, EVP_CIPHER_CTX_get_app_data, -EVP_CIPHER_CTX_set_app_data, EVP_CIPHER_CTX_type, EVP_CIPHER_CTX_flags, -EVP_CIPHER_CTX_mode, EVP_CIPHER_param_to_asn1, EVP_CIPHER_asn1_to_param, -EVP_CIPHER_CTX_set_padding, EVP_enc_null, EVP_des_cbc, EVP_des_ecb, -EVP_des_cfb, EVP_des_ofb, EVP_des_ede_cbc, EVP_des_ede, EVP_des_ede_ofb, -EVP_des_ede_cfb, EVP_des_ede3_cbc, EVP_des_ede3, EVP_des_ede3_ofb, -EVP_des_ede3_cfb, EVP_desx_cbc, EVP_rc4, EVP_rc4_40, EVP_idea_cbc, -EVP_idea_ecb, EVP_idea_cfb, EVP_idea_ofb, EVP_idea_cbc, EVP_rc2_cbc, -EVP_rc2_ecb, EVP_rc2_cfb, EVP_rc2_ofb, EVP_rc2_40_cbc, EVP_rc2_64_cbc, -EVP_bf_cbc, EVP_bf_ecb, EVP_bf_cfb, EVP_bf_ofb, EVP_cast5_cbc, -EVP_cast5_ecb, EVP_cast5_cfb, EVP_cast5_ofb, -EVP_aes_128_gcm, EVP_aes_192_gcm, EVP_aes_256_gcm, EVP_aes_128_ccm, -EVP_aes_192_ccm, EVP_aes_256_ccm, EVP_rc5_32_12_16_cbc, -EVP_rc5_32_12_16_cfb, EVP_rc5_32_12_16_ecb, EVP_rc5_32_12_16_ofb -- EVP cipher routines - -=head1 SYNOPSIS - - #include <openssl/evp.h> - - void EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *a); - - int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, - ENGINE *impl, unsigned char *key, unsigned char *iv); - int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, - int *outl, unsigned char *in, int inl); - int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, - int *outl); - - int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, - ENGINE *impl, unsigned char *key, unsigned char *iv); - int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, - int *outl, unsigned char *in, int inl); - int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm, - int *outl); - - int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, - ENGINE *impl, unsigned char *key, unsigned char *iv, int enc); - int EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, - int *outl, unsigned char *in, int inl); - int EVP_CipherFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm, - int *outl); - - int EVP_EncryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, - unsigned char *key, unsigned char *iv); - int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, - int *outl); - - int EVP_DecryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, - unsigned char *key, unsigned char *iv); - int EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm, - int *outl); - - int EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, - unsigned char *key, unsigned char *iv, int enc); - int EVP_CipherFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm, - int *outl); - - int EVP_CIPHER_CTX_set_padding(EVP_CIPHER_CTX *x, int padding); - int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *x, int keylen); - int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr); - int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *a); - - const EVP_CIPHER *EVP_get_cipherbyname(const char *name); - #define EVP_get_cipherbynid(a) EVP_get_cipherbyname(OBJ_nid2sn(a)) - #define EVP_get_cipherbyobj(a) EVP_get_cipherbynid(OBJ_obj2nid(a)) - - #define EVP_CIPHER_nid(e) ((e)->nid) - #define EVP_CIPHER_block_size(e) ((e)->block_size) - #define EVP_CIPHER_key_length(e) ((e)->key_len) - #define EVP_CIPHER_iv_length(e) ((e)->iv_len) - #define EVP_CIPHER_flags(e) ((e)->flags) - #define EVP_CIPHER_mode(e) ((e)->flags) & EVP_CIPH_MODE) - int EVP_CIPHER_type(const EVP_CIPHER *ctx); - - #define EVP_CIPHER_CTX_cipher(e) ((e)->cipher) - #define EVP_CIPHER_CTX_nid(e) ((e)->cipher->nid) - #define EVP_CIPHER_CTX_block_size(e) ((e)->cipher->block_size) - #define EVP_CIPHER_CTX_key_length(e) ((e)->key_len) - #define EVP_CIPHER_CTX_iv_length(e) ((e)->cipher->iv_len) - #define EVP_CIPHER_CTX_get_app_data(e) ((e)->app_data) - #define EVP_CIPHER_CTX_set_app_data(e,d) ((e)->app_data=(char *)(d)) - #define EVP_CIPHER_CTX_type(c) EVP_CIPHER_type(EVP_CIPHER_CTX_cipher(c)) - #define EVP_CIPHER_CTX_flags(e) ((e)->cipher->flags) - #define EVP_CIPHER_CTX_mode(e) ((e)->cipher->flags & EVP_CIPH_MODE) - - int EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type); - int EVP_CIPHER_asn1_to_param(EVP_CIPHER_CTX *c, ASN1_TYPE *type); - -=head1 DESCRIPTION - -The EVP cipher routines are a high level interface to certain -symmetric ciphers. - -EVP_CIPHER_CTX_init() initializes cipher context B<ctx>. - -EVP_EncryptInit_ex() sets up cipher context B<ctx> for encryption -with cipher B<type> from ENGINE B<impl>. B<ctx> must be initialized -before calling this function. B<type> is normally supplied -by a function such as EVP_aes_256_cbc(). If B<impl> is NULL then the -default implementation is used. B<key> is the symmetric key to use -and B<iv> is the IV to use (if necessary), the actual number of bytes -used for the key and IV depends on the cipher. It is possible to set -all parameters to NULL except B<type> in an initial call and supply -the remaining parameters in subsequent calls, all of which have B<type> -set to NULL. This is done when the default cipher parameters are not -appropriate. - -EVP_EncryptUpdate() encrypts B<inl> bytes from the buffer B<in> and -writes the encrypted version to B<out>. This function can be called -multiple times to encrypt successive blocks of data. The amount -of data written depends on the block alignment of the encrypted data: -as a result the amount of data written may be anything from zero bytes -to (inl + cipher_block_size - 1) so B<outl> should contain sufficient -room. The actual number of bytes written is placed in B<outl>. - -If padding is enabled (the default) then EVP_EncryptFinal_ex() encrypts -the "final" data, that is any data that remains in a partial block. -It uses L<standard block padding|/NOTES> (aka PKCS padding). The encrypted -final data is written to B<out> which should have sufficient space for -one cipher block. The number of bytes written is placed in B<outl>. After -this function is called the encryption operation is finished and no further -calls to EVP_EncryptUpdate() should be made. - -If padding is disabled then EVP_EncryptFinal_ex() will not encrypt any more -data and it will return an error if any data remains in a partial block: -that is if the total data length is not a multiple of the block size. - -EVP_DecryptInit_ex(), EVP_DecryptUpdate() and EVP_DecryptFinal_ex() are the -corresponding decryption operations. EVP_DecryptFinal() will return an -error code if padding is enabled and the final block is not correctly -formatted. The parameters and restrictions are identical to the encryption -operations except that if padding is enabled the decrypted data buffer B<out> -passed to EVP_DecryptUpdate() should have sufficient room for -(B<inl> + cipher_block_size) bytes unless the cipher block size is 1 in -which case B<inl> bytes is sufficient. - -EVP_CipherInit_ex(), EVP_CipherUpdate() and EVP_CipherFinal_ex() are -functions that can be used for decryption or encryption. The operation -performed depends on the value of the B<enc> parameter. It should be set -to 1 for encryption, 0 for decryption and -1 to leave the value unchanged -(the actual value of 'enc' being supplied in a previous call). - -EVP_CIPHER_CTX_cleanup() clears all information from a cipher context -and free up any allocated memory associate with it. It should be called -after all operations using a cipher are complete so sensitive information -does not remain in memory. - -EVP_EncryptInit(), EVP_DecryptInit() and EVP_CipherInit() behave in a -similar way to EVP_EncryptInit_ex(), EVP_DecryptInit_ex and -EVP_CipherInit_ex() except the B<ctx> parameter does not need to be -initialized and they always use the default cipher implementation. - -EVP_EncryptFinal(), EVP_DecryptFinal() and EVP_CipherFinal() are -identical to EVP_EncryptFinal_ex(), EVP_DecryptFinal_ex() and -EVP_CipherFinal_ex(). In previous releases of OpenSSL they also used to clean -up the B<ctx>, but this is no longer done and EVP_CIPHER_CTX_clean() -must be called to free any context resources. - -EVP_get_cipherbyname(), EVP_get_cipherbynid() and EVP_get_cipherbyobj() -return an EVP_CIPHER structure when passed a cipher name, a NID or an -ASN1_OBJECT structure. - -EVP_CIPHER_nid() and EVP_CIPHER_CTX_nid() return the NID of a cipher when -passed an B<EVP_CIPHER> or B<EVP_CIPHER_CTX> structure. The actual NID -value is an internal value which may not have a corresponding OBJECT -IDENTIFIER. - -EVP_CIPHER_CTX_set_padding() enables or disables padding. By default -encryption operations are padded using standard block padding and the -padding is checked and removed when decrypting. If the B<pad> parameter -is zero then no padding is performed, the total amount of data encrypted -or decrypted must then be a multiple of the block size or an error will -occur. - -EVP_CIPHER_key_length() and EVP_CIPHER_CTX_key_length() return the key -length of a cipher when passed an B<EVP_CIPHER> or B<EVP_CIPHER_CTX> -structure. The constant B<EVP_MAX_KEY_LENGTH> is the maximum key length -for all ciphers. Note: although EVP_CIPHER_key_length() is fixed for a -given cipher, the value of EVP_CIPHER_CTX_key_length() may be different -for variable key length ciphers. - -EVP_CIPHER_CTX_set_key_length() sets the key length of the cipher ctx. -If the cipher is a fixed length cipher then attempting to set the key -length to any value other than the fixed value is an error. - -EVP_CIPHER_iv_length() and EVP_CIPHER_CTX_iv_length() return the IV -length of a cipher when passed an B<EVP_CIPHER> or B<EVP_CIPHER_CTX>. -It will return zero if the cipher does not use an IV. The constant -B<EVP_MAX_IV_LENGTH> is the maximum IV length for all ciphers. - -EVP_CIPHER_block_size() and EVP_CIPHER_CTX_block_size() return the block -size of a cipher when passed an B<EVP_CIPHER> or B<EVP_CIPHER_CTX> -structure. The constant B<EVP_MAX_IV_LENGTH> is also the maximum block -length for all ciphers. - -EVP_CIPHER_type() and EVP_CIPHER_CTX_type() return the type of the passed -cipher or context. This "type" is the actual NID of the cipher OBJECT -IDENTIFIER as such it ignores the cipher parameters and 40 bit RC2 and -128 bit RC2 have the same NID. If the cipher does not have an object -identifier or does not have ASN1 support this function will return -B<NID_undef>. - -EVP_CIPHER_CTX_cipher() returns the B<EVP_CIPHER> structure when passed -an B<EVP_CIPHER_CTX> structure. - -EVP_CIPHER_mode() and EVP_CIPHER_CTX_mode() return the block cipher mode: -EVP_CIPH_ECB_MODE, EVP_CIPH_CBC_MODE, EVP_CIPH_CFB_MODE or -EVP_CIPH_OFB_MODE. If the cipher is a stream cipher then -EVP_CIPH_STREAM_CIPHER is returned. - -EVP_CIPHER_param_to_asn1() sets the AlgorithmIdentifier "parameter" based -on the passed cipher. This will typically include any parameters and an -IV. The cipher IV (if any) must be set when this call is made. This call -should be made before the cipher is actually "used" (before any -EVP_EncryptUpdate(), EVP_DecryptUpdate() calls for example). This function -may fail if the cipher does not have any ASN1 support. - -EVP_CIPHER_asn1_to_param() sets the cipher parameters based on an ASN1 -AlgorithmIdentifier "parameter". The precise effect depends on the cipher -In the case of RC2, for example, it will set the IV and effective key length. -This function should be called after the base cipher type is set but before -the key is set. For example EVP_CipherInit() will be called with the IV and -key set to NULL, EVP_CIPHER_asn1_to_param() will be called and finally -EVP_CipherInit() again with all parameters except the key set to NULL. It is -possible for this function to fail if the cipher does not have any ASN1 support -or the parameters cannot be set (for example the RC2 effective key length -is not supported. - -EVP_CIPHER_CTX_ctrl() allows various cipher specific parameters to be determined -and set. Currently only the RC2 effective key length and the number of rounds of -RC5 can be set. - -=head1 RETURN VALUES - -EVP_EncryptInit_ex(), EVP_EncryptUpdate() and EVP_EncryptFinal_ex() -return 1 for success and 0 for failure. - -EVP_DecryptInit_ex() and EVP_DecryptUpdate() return 1 for success and 0 for -failure. EVP_DecryptFinal_ex() returns 0 if the decrypt failed or 1 for -success. - -EVP_CipherInit_ex() and EVP_CipherUpdate() return 1 for success and 0 for -failure. EVP_CipherFinal_ex() returns 0 for a decryption failure or 1 for -success. - -EVP_CIPHER_CTX_cleanup() returns 1 for success and 0 for failure. - -EVP_get_cipherbyname(), EVP_get_cipherbynid() and EVP_get_cipherbyobj() -return an B<EVP_CIPHER> structure or NULL on error. - -EVP_CIPHER_nid() and EVP_CIPHER_CTX_nid() return a NID. - -EVP_CIPHER_block_size() and EVP_CIPHER_CTX_block_size() return the block -size. - -EVP_CIPHER_key_length() and EVP_CIPHER_CTX_key_length() return the key -length. - -EVP_CIPHER_CTX_set_padding() always returns 1. - -EVP_CIPHER_iv_length() and EVP_CIPHER_CTX_iv_length() return the IV -length or zero if the cipher does not use an IV. - -EVP_CIPHER_type() and EVP_CIPHER_CTX_type() return the NID of the cipher's -OBJECT IDENTIFIER or NID_undef if it has no defined OBJECT IDENTIFIER. - -EVP_CIPHER_CTX_cipher() returns an B<EVP_CIPHER> structure. - -EVP_CIPHER_param_to_asn1() and EVP_CIPHER_asn1_to_param() return 1 for -success or zero for failure. - -=head1 CIPHER LISTING - -All algorithms have a fixed key length unless otherwise stated. - -=over 4 - -=item EVP_enc_null(void) - -Null cipher: does nothing. - -=item EVP_aes_128_cbc(void), EVP_aes_128_ecb(void), EVP_aes_128_cfb(void), EVP_aes_128_ofb(void) - -128-bit AES in CBC, ECB, CFB and OFB modes respectively. - -=item EVP_aes_192_cbc(void), EVP_aes_192_ecb(void), EVP_aes_192_cfb(void), EVP_aes_192_ofb(void) - -192-bit AES in CBC, ECB, CFB and OFB modes respectively. - -=item EVP_aes_256_cbc(void), EVP_aes_256_ecb(void), EVP_aes_256_cfb(void), EVP_aes_256_ofb(void) - -256-bit AES in CBC, ECB, CFB and OFB modes respectively. - -=item EVP_des_cbc(void), EVP_des_ecb(void), EVP_des_cfb(void), EVP_des_ofb(void) - -DES in CBC, ECB, CFB and OFB modes respectively. - -=item EVP_des_ede_cbc(void), EVP_des_ede(), EVP_des_ede_ofb(void), -EVP_des_ede_cfb(void) - -Two key triple DES in CBC, ECB, CFB and OFB modes respectively. - -=item EVP_des_ede3_cbc(void), EVP_des_ede3(), EVP_des_ede3_ofb(void), -EVP_des_ede3_cfb(void) - -Three key triple DES in CBC, ECB, CFB and OFB modes respectively. - -=item EVP_desx_cbc(void) - -DESX algorithm in CBC mode. - -=item EVP_rc4(void) - -RC4 stream cipher. This is a variable key length cipher with default key length -128 bits. - -=item EVP_rc4_40(void) - -RC4 stream cipher with 40 bit key length. This is obsolete and new code should -use EVP_rc4() and the EVP_CIPHER_CTX_set_key_length() function. - -=item EVP_idea_cbc() EVP_idea_ecb(void), EVP_idea_cfb(void), -EVP_idea_ofb(void), EVP_idea_cbc(void) - -IDEA encryption algorithm in CBC, ECB, CFB and OFB modes respectively. - -=item EVP_rc2_cbc(void), EVP_rc2_ecb(void), EVP_rc2_cfb(void), EVP_rc2_ofb(void) - -RC2 encryption algorithm in CBC, ECB, CFB and OFB modes respectively. This is a -variable key length cipher with an additional parameter called "effective key -bits" or "effective key length". By default both are set to 128 bits. - -=item EVP_rc2_40_cbc(void), EVP_rc2_64_cbc(void) - -RC2 algorithm in CBC mode with a default key length and effective key length of -40 and 64 bits. These are obsolete and new code should use EVP_rc2_cbc(), -EVP_CIPHER_CTX_set_key_length() and EVP_CIPHER_CTX_ctrl() to set the key length -and effective key length. - -=item EVP_bf_cbc(void), EVP_bf_ecb(void), EVP_bf_cfb(void), EVP_bf_ofb(void); - -Blowfish encryption algorithm in CBC, ECB, CFB and OFB modes respectively. This -is a variable key length cipher. - -=item EVP_cast5_cbc(void), EVP_cast5_ecb(void), EVP_cast5_cfb(void), -EVP_cast5_ofb(void) - -CAST encryption algorithm in CBC, ECB, CFB and OFB modes respectively. This is -a variable key length cipher. - -=item EVP_rc5_32_12_16_cbc(void), EVP_rc5_32_12_16_ecb(void), -EVP_rc5_32_12_16_cfb(void), EVP_rc5_32_12_16_ofb(void) - -RC5 encryption algorithm in CBC, ECB, CFB and OFB modes respectively. This is a -variable key length cipher with an additional "number of rounds" parameter. By -default the key length is set to 128 bits and 12 rounds. - -=back - -=head1 NOTES - -Where possible the B<EVP> interface to symmetric ciphers should be used in -preference to the low level interfaces. This is because the code then becomes -transparent to the cipher used and much more flexible. - -PKCS padding works by adding B<n> padding bytes of value B<n> to make the total -length of the encrypted data a multiple of the block size. Padding is always -added so if the data is already a multiple of the block size B<n> will equal -the block size. For example if the block size is 8 and 11 bytes are to be -encrypted then 5 padding bytes of value 5 will be added. - -When decrypting the final block is checked to see if it has the correct form. - -Although the decryption operation can produce an error if padding is enabled, -it is not a strong test that the input data or key is correct. A random block -has better than 1 in 256 chance of being of the correct format and problems with -the input data earlier on will not produce a final decrypt error. - -If padding is disabled then the decryption operation will always succeed if -the total amount of data decrypted is a multiple of the block size. - -The functions EVP_EncryptInit(), EVP_EncryptFinal(), EVP_DecryptInit(), -EVP_CipherInit() and EVP_CipherFinal() are obsolete but are retained for -compatibility with existing code. New code should use EVP_EncryptInit_ex(), -EVP_EncryptFinal_ex(), EVP_DecryptInit_ex(), EVP_DecryptFinal_ex(), -EVP_CipherInit_ex() and EVP_CipherFinal_ex() because they can reuse an -existing context without allocating and freeing it up on each call. - -=head1 BUGS - -For RC5 the number of rounds can currently only be set to 8, 12 or 16. This is -a limitation of the current RC5 code rather than the EVP interface. - -EVP_MAX_KEY_LENGTH and EVP_MAX_IV_LENGTH only refer to the internal ciphers with -default key lengths. If custom ciphers exceed these values the results are -unpredictable. This is because it has become standard practice to define a -generic key as a fixed unsigned char array containing EVP_MAX_KEY_LENGTH bytes. - -The ASN1 code is incomplete (and sometimes inaccurate) it has only been tested -for certain common S/MIME ciphers (RC2, DES, triple DES) in CBC mode. - -=head1 EXAMPLES - -Get the number of rounds used in RC5: - - int nrounds; - EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GET_RC5_ROUNDS, 0, &nrounds); - -Get the RC2 effective key length: - - int key_bits; - EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GET_RC2_KEY_BITS, 0, &key_bits); - -Set the number of rounds used in RC5: - - int nrounds; - EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_SET_RC5_ROUNDS, nrounds, NULL); - -Set the effective key length used in RC2: - - int key_bits; - EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_SET_RC2_KEY_BITS, key_bits, NULL); - -Encrypt a string using blowfish: - - int - do_crypt(char *outfile) - { - unsigned char outbuf[1024]; - int outlen, tmplen; - /* - * Bogus key and IV: we'd normally set these from - * another source. - */ - unsigned char key[] = {0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15}; - unsigned char iv[] = {1,2,3,4,5,6,7,8}; - const char intext[] = "Some Crypto Text"; - EVP_CIPHER_CTX ctx; - FILE *out; - EVP_CIPHER_CTX_init(&ctx); - EVP_EncryptInit_ex(&ctx, EVP_bf_cbc(), NULL, key, iv); - - if (!EVP_EncryptUpdate(&ctx, outbuf, &outlen, intext, - strlen(intext))) { - /* Error */ - return 0; - } - /* - * Buffer passed to EVP_EncryptFinal() must be after data just - * encrypted to avoid overwriting it. - */ - if (!EVP_EncryptFinal_ex(&ctx, outbuf + outlen, &tmplen)) { - /* Error */ - return 0; - } - outlen += tmplen; - EVP_CIPHER_CTX_cleanup(&ctx); - /* - * Need binary mode for fopen because encrypted data is - * binary data. Also cannot use strlen() on it because - * it won't be NUL terminated and may contain embedded - * NULs. - */ - out = fopen(outfile, "wb"); - fwrite(outbuf, 1, outlen, out); - fclose(out); - return 1; - } - -The ciphertext from the above example can be decrypted using the B<openssl> -utility with the command line: - - S<openssl bf -in cipher.bin -K 000102030405060708090A0B0C0D0E0F -iv 0102030405060708 -d> - -General encryption, decryption function example using FILE I/O and RC2 with an -80 bit key: - - int - do_crypt(FILE *in, FILE *out, int do_encrypt) - { - /* Allow enough space in output buffer for additional block */ - inbuf[1024], outbuf[1024 + EVP_MAX_BLOCK_LENGTH]; - int inlen, outlen; - /* - * Bogus key and IV: we'd normally set these from - * another source. - */ - unsigned char key[] = "0123456789"; - unsigned char iv[] = "12345678"; - - /* Don't set key or IV because we will modify the parameters */ - EVP_CIPHER_CTX_init(&ctx); - EVP_CipherInit_ex(&ctx, EVP_rc2(), NULL, NULL, NULL, do_encrypt); - EVP_CIPHER_CTX_set_key_length(&ctx, 10); - /* We finished modifying parameters so now we can set key and IV */ - EVP_CipherInit_ex(&ctx, NULL, NULL, key, iv, do_encrypt); - - for(;;) { - inlen = fread(inbuf, 1, 1024, in); - if (inlen <= 0) - break; - if (!EVP_CipherUpdate(&ctx, outbuf, &outlen, inbuf, - inlen)) { - /* Error */ - EVP_CIPHER_CTX_cleanup(&ctx); - return 0; - } - fwrite(outbuf, 1, outlen, out); - } - if (!EVP_CipherFinal_ex(&ctx, outbuf, &outlen)) { - /* Error */ - EVP_CIPHER_CTX_cleanup(&ctx); - return 0; - } - fwrite(outbuf, 1, outlen, out); - - EVP_CIPHER_CTX_cleanup(&ctx); - return 1; - } - -=head1 SEE ALSO - -L<evp(3)|evp(3)> - -=head1 HISTORY - -EVP_CIPHER_CTX_init(), EVP_EncryptInit_ex(), EVP_EncryptFinal_ex(), -EVP_DecryptInit_ex(), EVP_DecryptFinal_ex(), EVP_CipherInit_ex(), -EVP_CipherFinal_ex() and EVP_CIPHER_CTX_set_padding() appeared in -OpenSSL 0.9.7. - -=cut diff --git a/lib/libcrypto/doc/EVP_OpenInit.pod b/lib/libcrypto/doc/EVP_OpenInit.pod deleted file mode 100644 index 0242f66715a..00000000000 --- a/lib/libcrypto/doc/EVP_OpenInit.pod +++ /dev/null @@ -1,61 +0,0 @@ -=pod - -=head1 NAME - -EVP_OpenInit, EVP_OpenUpdate, EVP_OpenFinal - EVP envelope decryption - -=head1 SYNOPSIS - - #include <openssl/evp.h> - - int EVP_OpenInit(EVP_CIPHER_CTX *ctx,EVP_CIPHER *type,unsigned char *ek, - int ekl,unsigned char *iv,EVP_PKEY *priv); - int EVP_OpenUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, - int *outl, unsigned char *in, int inl); - int EVP_OpenFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, - int *outl); - -=head1 DESCRIPTION - -The EVP envelope routines are a high level interface to envelope -decryption. They decrypt a public key encrypted symmetric key and -then decrypt data using it. - -EVP_OpenInit() initializes a cipher context B<ctx> for decryption -with cipher B<type>. It decrypts the encrypted symmetric key of length -B<ekl> bytes passed in the B<ek> parameter using the private key B<priv>. -The IV is supplied in the B<iv> parameter. - -EVP_OpenUpdate() and EVP_OpenFinal() have exactly the same properties -as the EVP_DecryptUpdate() and EVP_DecryptFinal() routines, as -documented on the L<EVP_EncryptInit(3)|EVP_EncryptInit(3)> manual -page. - -=head1 NOTES - -It is possible to call EVP_OpenInit() twice in the same way as -EVP_DecryptInit(). The first call should have B<priv> set to NULL -and (after setting any cipher parameters) it should be called again -with B<type> set to NULL. - -If the cipher passed in the B<type> parameter is a variable length -cipher then the key length will be set to the value of the recovered -key length. If the cipher is a fixed length cipher then the recovered -key length must match the fixed cipher length. - -=head1 RETURN VALUES - -EVP_OpenInit() returns 0 on error or a non zero integer (actually the -recovered secret key size) if successful. - -EVP_OpenUpdate() returns 1 for success or 0 for failure. - -EVP_OpenFinal() returns 0 if the decrypt failed or 1 for success. - -=head1 SEE ALSO - -L<evp(3)|evp(3)>, L<rand(3)|rand(3)>, -L<EVP_EncryptInit(3)|EVP_EncryptInit(3)>, -L<EVP_SealInit(3)|EVP_SealInit(3)> - -=cut diff --git a/lib/libcrypto/doc/EVP_PKEY_CTX_ctrl.pod b/lib/libcrypto/doc/EVP_PKEY_CTX_ctrl.pod deleted file mode 100644 index e8776e1e678..00000000000 --- a/lib/libcrypto/doc/EVP_PKEY_CTX_ctrl.pod +++ /dev/null @@ -1,135 +0,0 @@ -=pod - -=head1 NAME - -EVP_PKEY_CTX_ctrl, EVP_PKEY_CTX_ctrl_str, EVP_PKEY_get_default_digest_nid, -EVP_PKEY_CTX_set_signature_md, EVP_PKEY_CTX_set_rsa_padding, -EVP_PKEY_CTX_set_rsa_pss_saltlen, EVP_PKEY_CTX_set_rsa_rsa_keygen_bits, -EVP_PKEY_CTX_set_rsa_keygen_pubexp, EVP_PKEY_CTX_set_dsa_paramgen_bits, -EVP_PKEY_CTX_set_dh_paramgen_prime_len, -EVP_PKEY_CTX_set_dh_paramgen_generator, -EVP_PKEY_CTX_set_ec_paramgen_curve_nid - algorithm specific control operations - -=head1 SYNOPSIS - - #include <openssl/evp.h> - - int EVP_PKEY_CTX_ctrl(EVP_PKEY_CTX *ctx, int keytype, int optype, - int cmd, int p1, void *p2); - int EVP_PKEY_CTX_ctrl_str(EVP_PKEY_CTX *ctx, const char *type, - const char *value); - - int EVP_PKEY_get_default_digest_nid(EVP_PKEY *pkey, int *pnid); - - #include <openssl/rsa.h> - - int EVP_PKEY_CTX_set_signature_md(EVP_PKEY_CTX *ctx, const EVP_MD *md); - - int EVP_PKEY_CTX_set_rsa_padding(EVP_PKEY_CTX *ctx, int pad); - int EVP_PKEY_CTX_set_rsa_pss_saltlen(EVP_PKEY_CTX *ctx, int len); - int EVP_PKEY_CTX_set_rsa_rsa_keygen_bits(EVP_PKEY_CTX *ctx, int mbits); - int EVP_PKEY_CTX_set_rsa_keygen_pubexp(EVP_PKEY_CTX *ctx, BIGNUM *pubexp); - - #include <openssl/dsa.h> - int EVP_PKEY_CTX_set_dsa_paramgen_bits(EVP_PKEY_CTX *ctx, int nbits); - - #include <openssl/dh.h> - int EVP_PKEY_CTX_set_dh_paramgen_prime_len(EVP_PKEY_CTX *ctx, int len); - int EVP_PKEY_CTX_set_dh_paramgen_generator(EVP_PKEY_CTX *ctx, int gen); - - #include <openssl/ec.h> - int EVP_PKEY_CTX_set_ec_paramgen_curve_nid(EVP_PKEY_CTX *ctx, int nid); - -=head1 DESCRIPTION - -The function EVP_PKEY_CTX_ctrl() sends a control operation to the context -B<ctx>. The key type used must match B<keytype> if it is not -1. The parameter -B<optype> is a mask indicating which operations the control can be applied to. -The control command is indicated in B<cmd> and any additional arguments in -B<p1> and B<p2>. - -Applications will not normally call EVP_PKEY_CTX_ctrl() directly but will -instead call one of the algorithm specific macros below. - -The function EVP_PKEY_CTX_ctrl_str() allows an application to send an algorithm -specific control operation to a context B<ctx> in string form. This is -intended to be used for options specified on the command line or in text -files. The commands supported are documented in the openssl utility -command line pages for the option B<-pkeyopt> which is supported by the -B<pkeyutl>, B<genpkey> and B<req> commands. - -All the remaining "functions" are implemented as macros. - -The EVP_PKEY_CTX_set_signature_md() macro sets the message digest type used -in a signature. It can be used with any public key algorithm supporting -signature operations. - -The macro EVP_PKEY_CTX_set_rsa_padding() sets the RSA padding mode for B<ctx>. -The B<pad> parameter can take the value RSA_PKCS1_PADDING for PKCS#1 padding, -RSA_SSLV23_PADDING for SSLv23 padding, RSA_NO_PADDING for no padding, -RSA_PKCS1_OAEP_PADDING for OAEP padding (encrypt and decrypt only), -RSA_X931_PADDING for X9.31 padding (signature operations only) and -RSA_PKCS1_PSS_PADDING (sign and verify only). - -Two RSA padding modes behave differently if EVP_PKEY_CTX_set_signature_md() is -used. If this macro is called for PKCS#1 padding the plaintext buffer is an -actual digest value and is encapsulated in a DigestInfo structure according to -PKCS#1 when signing and this structure is expected (and stripped off) when -verifying. If this control is not used with RSA and PKCS#1 padding then the -supplied data is used directly and not encapsulated. In the case of X9.31 -padding for RSA the algorithm identifier byte is added or checked and removed -if this control is called. If it is not called then the first byte of the -plaintext buffer is expected to be the algorithm identifier byte. - -The EVP_PKEY_CTX_set_rsa_pss_saltlen() macro sets the RSA PSS salt length to -B<len> as its name implies it is only supported for PSS padding. Two special -values are supported: -1 sets the salt length to the digest length. When -signing -2 sets the salt length to the maximum permissible value. When -verifying -2 causes the salt length to be automatically determined based on the -B<PSS> block structure. If this macro is not called a salt length value of -2 -is used by default. - -The EVP_PKEY_CTX_set_rsa_rsa_keygen_bits() macro sets the RSA key length for -RSA key generation to B<bits>. If not specified 1024 bits is used. - -The EVP_PKEY_CTX_set_rsa_keygen_pubexp() macro sets the public exponent value -for RSA key generation to B<pubexp> currently it should be an odd integer. The -B<pubexp> pointer is used internally by this function so it should not be -modified or free after the call. If this macro is not called then 65537 is used. - -The macro EVP_PKEY_CTX_set_dsa_paramgen_bits() sets the number of bits used -for DSA parameter generation to B<bits>. If not specified 1024 is used. - -The macro EVP_PKEY_CTX_set_dh_paramgen_prime_len() sets the length of the DH -prime parameter B<p> for DH parameter generation. If this macro is not called -then 1024 is used. - -The EVP_PKEY_CTX_set_dh_paramgen_generator() macro sets DH generator to B<gen> -for DH parameter generation. If not specified 2 is used. - -The EVP_PKEY_CTX_set_ec_paramgen_curve_nid() sets the EC curve for EC parameter -generation to B<nid>. For EC parameter generation this macro must be called -or an error occurs because there is no default curve. - -=head1 RETURN VALUES - -EVP_PKEY_CTX_ctrl() and its macros return a positive value for success and 0 -or a negative value for failure. In particular a return value of -2 -indicates the operation is not supported by the public key algorithm. - -=head1 SEE ALSO - -L<EVP_PKEY_CTX_new(3)|EVP_PKEY_CTX_new(3)>, -L<EVP_PKEY_encrypt(3)|EVP_PKEY_encrypt(3)>, -L<EVP_PKEY_decrypt(3)|EVP_PKEY_decrypt(3)>, -L<EVP_PKEY_sign(3)|EVP_PKEY_sign(3)>, -L<EVP_PKEY_verify(3)|EVP_PKEY_verify(3)>, -L<EVP_PKEY_verify_recover(3)|EVP_PKEY_verify_recover(3)>, -L<EVP_PKEY_derive(3)|EVP_PKEY_derive(3)> -L<EVP_PKEY_keygen(3)|EVP_PKEY_keygen(3)> - -=head1 HISTORY - -These functions were first added to OpenSSL 1.0.0. - -=cut diff --git a/lib/libcrypto/doc/EVP_PKEY_CTX_new.pod b/lib/libcrypto/doc/EVP_PKEY_CTX_new.pod deleted file mode 100644 index 60ad61e8534..00000000000 --- a/lib/libcrypto/doc/EVP_PKEY_CTX_new.pod +++ /dev/null @@ -1,53 +0,0 @@ -=pod - -=head1 NAME - -EVP_PKEY_CTX_new, EVP_PKEY_CTX_new_id, EVP_PKEY_CTX_dup, EVP_PKEY_CTX_free - -public key algorithm context functions. - -=head1 SYNOPSIS - - #include <openssl/evp.h> - - EVP_PKEY_CTX *EVP_PKEY_CTX_new(EVP_PKEY *pkey, ENGINE *e); - EVP_PKEY_CTX *EVP_PKEY_CTX_new_id(int id, ENGINE *e); - EVP_PKEY_CTX *EVP_PKEY_CTX_dup(EVP_PKEY_CTX *ctx); - void EVP_PKEY_CTX_free(EVP_PKEY_CTX *ctx); - -=head1 DESCRIPTION - -The EVP_PKEY_CTX_new() function allocates public key algorithm context using -the algorithm specified in B<pkey> and ENGINE B<e>. - -The EVP_PKEY_CTX_new_id() function allocates public key algorithm context -using the algorithm specified by B<id> and ENGINE B<e>. It is normally used -when no B<EVP_PKEY> structure is associated with the operations, for example -during parameter generation of key generation for some algorithms. - -EVP_PKEY_CTX_dup() duplicates the context B<ctx>. - -EVP_PKEY_CTX_free() frees up the context B<ctx>. - -=head1 NOTES - -The B<EVP_PKEY_CTX> structure is an opaque public key algorithm context used -by the OpenSSL high level public key API. Contexts B<MUST NOT> be shared between -threads: that is it is not permissible to use the same context simultaneously -in two threads. - -=head1 RETURN VALUES - -EVP_PKEY_CTX_new(), EVP_PKEY_CTX_new_id(), EVP_PKEY_CTX_dup() returns either -the newly allocated B<EVP_PKEY_CTX> structure of B<NULL> if an error occurred. - -EVP_PKEY_CTX_free() does not return a value. - -=head1 SEE ALSO - -L<EVP_PKEY_new(3)|EVP_PKEY_new(3)> - -=head1 HISTORY - -These functions were first added to OpenSSL 1.0.0. - -=cut diff --git a/lib/libcrypto/doc/EVP_PKEY_cmp.pod b/lib/libcrypto/doc/EVP_PKEY_cmp.pod deleted file mode 100644 index 7a690247bfc..00000000000 --- a/lib/libcrypto/doc/EVP_PKEY_cmp.pod +++ /dev/null @@ -1,62 +0,0 @@ -=pod - -=head1 NAME - -EVP_PKEY_copy_parameters, EVP_PKEY_missing_parameters, EVP_PKEY_cmp_parameters, -EVP_PKEY_cmp - public key parameter and comparison functions - -=head1 SYNOPSIS - - #include <openssl/evp.h> - - int EVP_PKEY_missing_parameters(const EVP_PKEY *pkey); - int EVP_PKEY_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from); - - int EVP_PKEY_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b); - int EVP_PKEY_cmp(const EVP_PKEY *a, const EVP_PKEY *b); - -=head1 DESCRIPTION - -The function EVP_PKEY_missing_parameters() returns 1 if the public key -parameters of B<pkey> are missing and 0 if they are present or the algorithm -doesn't use parameters. - -The function EVP_PKEY_copy_parameters() copies the parameters from key -B<from> to key B<to>. - -The function EVP_PKEY_cmp_parameters() compares the parameters of keys -B<a> and B<b>. - -The function EVP_PKEY_cmp() compares the public key components and parameters -(if present) of keys B<a> and B<b>. - -=head1 NOTES - -The main purpose of the functions EVP_PKEY_missing_parameters() and -EVP_PKEY_copy_parameters() is to handle public keys in certificates where the -parameters are sometimes omitted from a public key if they are inherited from -the CA that signed it. - -Since OpenSSL private keys contain public key components too the function -EVP_PKEY_cmp() can also be used to determine if a private key matches -a public key. - -=head1 RETURN VALUES - -The function EVP_PKEY_missing_parameters() returns 1 if the public key -parameters of B<pkey> are missing and 0 if they are present or the algorithm -doesn't use parameters. - -These functions EVP_PKEY_copy_parameters() returns 1 for success and 0 for -failure. - -The function EVP_PKEY_cmp_parameters() and EVP_PKEY_cmp() return 1 if the -keys match, 0 if they don't match, -1 if the key types are different and --2 if the operation is not supported. - -=head1 SEE ALSO - -L<EVP_PKEY_CTX_new(3)|EVP_PKEY_CTX_new(3)>, -L<EVP_PKEY_keygen(3)|EVP_PKEY_keygen(3)> - -=cut diff --git a/lib/libcrypto/doc/EVP_PKEY_decrypt.pod b/lib/libcrypto/doc/EVP_PKEY_decrypt.pod deleted file mode 100644 index a64ef12866c..00000000000 --- a/lib/libcrypto/doc/EVP_PKEY_decrypt.pod +++ /dev/null @@ -1,93 +0,0 @@ -=pod - -=head1 NAME - -EVP_PKEY_decrypt_init, EVP_PKEY_decrypt - decrypt using a public key algorithm - -=head1 SYNOPSIS - - #include <openssl/evp.h> - - int EVP_PKEY_decrypt_init(EVP_PKEY_CTX *ctx); - int EVP_PKEY_decrypt(EVP_PKEY_CTX *ctx, - unsigned char *out, size_t *outlen, - const unsigned char *in, size_t inlen); - -=head1 DESCRIPTION - -The EVP_PKEY_decrypt_init() function initializes a public key algorithm -context using key B<pkey> for a decryption operation. - -The EVP_PKEY_decrypt() function performs a public key decryption operation -using B<ctx>. The data to be decrypted is specified using the B<in> and -B<inlen> parameters. If B<out> is B<NULL> then the maximum size of the output -buffer is written to the B<outlen> parameter. If B<out> is not B<NULL> then -before the call the B<outlen> parameter should contain the length of the -B<out> buffer, if the call is successful the decrypted data is written to -B<out> and the amount of data written to B<outlen>. - -=head1 NOTES - -After the call to EVP_PKEY_decrypt_init() algorithm specific control -operations can be performed to set any appropriate parameters for the -operation. - -The function EVP_PKEY_decrypt() can be called more than once on the same -context if several operations are performed using the same parameters. - -=head1 RETURN VALUES - -EVP_PKEY_decrypt_init() and EVP_PKEY_decrypt() return 1 for success and 0 -or a negative value for failure. In particular a return value of -2 -indicates the operation is not supported by the public key algorithm. - -=head1 EXAMPLE - -Decrypt data using OAEP (for RSA keys): - - #include <openssl/evp.h> - #include <openssl/rsa.h> - - EVP_PKEY_CTX *ctx; - unsigned char *out, *in; - size_t outlen, inlen; - EVP_PKEY *key; - /* NB: assumes key in, inlen are already set up - * and that key is an RSA private key - */ - ctx = EVP_PKEY_CTX_new(key); - if (!ctx) - /* Error occurred */ - if (EVP_PKEY_decrypt_init(ctx) <= 0) - /* Error */ - if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_OAEP_PADDING) <= 0) - /* Error */ - - /* Determine buffer length */ - if (EVP_PKEY_decrypt(ctx, NULL, &outlen, in, inlen) <= 0) - /* Error */ - - out = malloc(outlen); - - if (!out) - /* malloc failure */ - - if (EVP_PKEY_decrypt(ctx, out, &outlen, in, inlen) <= 0) - /* Error */ - - /* Decrypted data is outlen bytes written to buffer out */ - -=head1 SEE ALSO - -L<EVP_PKEY_CTX_new(3)|EVP_PKEY_CTX_new(3)>, -L<EVP_PKEY_encrypt(3)|EVP_PKEY_encrypt(3)>, -L<EVP_PKEY_sign(3)|EVP_PKEY_sign(3)>, -L<EVP_PKEY_verify(3)|EVP_PKEY_verify(3)>, -L<EVP_PKEY_verify_recover(3)|EVP_PKEY_verify_recover(3)>, -L<EVP_PKEY_derive(3)|EVP_PKEY_derive(3)> - -=head1 HISTORY - -These functions were first added to OpenSSL 1.0.0. - -=cut diff --git a/lib/libcrypto/doc/EVP_PKEY_derive.pod b/lib/libcrypto/doc/EVP_PKEY_derive.pod deleted file mode 100644 index 09654e1b81d..00000000000 --- a/lib/libcrypto/doc/EVP_PKEY_derive.pod +++ /dev/null @@ -1,94 +0,0 @@ -=pod - -=head1 NAME - -EVP_PKEY_derive_init, EVP_PKEY_derive_set_peer, EVP_PKEY_derive - derive public -key algorithm shared secret. - -=head1 SYNOPSIS - - #include <openssl/evp.h> - - int EVP_PKEY_derive_init(EVP_PKEY_CTX *ctx); - int EVP_PKEY_derive_set_peer(EVP_PKEY_CTX *ctx, EVP_PKEY *peer); - int EVP_PKEY_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen); - -=head1 DESCRIPTION - -The EVP_PKEY_derive_init() function initializes a public key algorithm -context using key B<pkey> for shared secret derivation. - -The EVP_PKEY_derive_set_peer() function sets the peer key: this will normally -be a public key. - -The EVP_PKEY_derive() derives a shared secret using B<ctx>. -If B<key> is B<NULL> then the maximum size of the output buffer is written to -the B<keylen> parameter. If B<key> is not B<NULL> then before the call the -B<keylen> parameter should contain the length of the B<key> buffer, if the call -is successful the shared secret is written to B<key> and the amount of data -written to B<keylen>. - -=head1 NOTES - -After the call to EVP_PKEY_derive_init() algorithm specific control -operations can be performed to set any appropriate parameters for the -operation. - -The function EVP_PKEY_derive() can be called more than once on the same -context if several operations are performed using the same parameters. - -=head1 RETURN VALUES - -EVP_PKEY_derive_init() and EVP_PKEY_derive() return 1 for success and 0 -or a negative value for failure. In particular a return value of -2 -indicates the operation is not supported by the public key algorithm. - -=head1 EXAMPLE - -Derive shared secret (for example DH or EC keys): - - #include <openssl/evp.h> - #include <openssl/rsa.h> - - EVP_PKEY_CTX *ctx; - unsigned char *skey; - size_t skeylen; - EVP_PKEY *pkey, *peerkey; - /* NB: assumes pkey, peerkey have been already set up */ - - ctx = EVP_PKEY_CTX_new(pkey); - if (!ctx) - /* Error occurred */ - if (EVP_PKEY_derive_init(ctx) <= 0) - /* Error */ - if (EVP_PKEY_derive_set_peer(ctx, peerkey) <= 0) - /* Error */ - - /* Determine buffer length */ - if (EVP_PKEY_derive(ctx, NULL, &skeylen) <= 0) - /* Error */ - - skey = malloc(skeylen); - - if (!skey) - /* malloc failure */ - - if (EVP_PKEY_derive(ctx, skey, &skeylen) <= 0) - /* Error */ - - /* Shared secret is skey bytes written to buffer skey */ - -=head1 SEE ALSO - -L<EVP_PKEY_CTX_new(3)|EVP_PKEY_CTX_new(3)>, -L<EVP_PKEY_encrypt(3)|EVP_PKEY_encrypt(3)>, -L<EVP_PKEY_decrypt(3)|EVP_PKEY_decrypt(3)>, -L<EVP_PKEY_sign(3)|EVP_PKEY_sign(3)>, -L<EVP_PKEY_verify(3)|EVP_PKEY_verify(3)>, -L<EVP_PKEY_verify_recover(3)|EVP_PKEY_verify_recover(3)>, - -=head1 HISTORY - -These functions were first added to OpenSSL 1.0.0. - -=cut diff --git a/lib/libcrypto/doc/EVP_PKEY_encrypt.pod b/lib/libcrypto/doc/EVP_PKEY_encrypt.pod deleted file mode 100644 index b3ca123df09..00000000000 --- a/lib/libcrypto/doc/EVP_PKEY_encrypt.pod +++ /dev/null @@ -1,93 +0,0 @@ -=pod - -=head1 NAME - -EVP_PKEY_encrypt_init, EVP_PKEY_encrypt - encrypt using a public key algorithm - -=head1 SYNOPSIS - - #include <openssl/evp.h> - - int EVP_PKEY_encrypt_init(EVP_PKEY_CTX *ctx); - int EVP_PKEY_encrypt(EVP_PKEY_CTX *ctx, - unsigned char *out, size_t *outlen, - const unsigned char *in, size_t inlen); - -=head1 DESCRIPTION - -The EVP_PKEY_encrypt_init() function initializes a public key algorithm -context using key B<pkey> for an encryption operation. - -The EVP_PKEY_encrypt() function performs a public key encryption operation -using B<ctx>. The data to be encrypted is specified using the B<in> and -B<inlen> parameters. If B<out> is B<NULL> then the maximum size of the output -buffer is written to the B<outlen> parameter. If B<out> is not B<NULL> then -before the call the B<outlen> parameter should contain the length of the -B<out> buffer, if the call is successful the encrypted data is written to -B<out> and the amount of data written to B<outlen>. - -=head1 NOTES - -After the call to EVP_PKEY_encrypt_init() algorithm specific control -operations can be performed to set any appropriate parameters for the -operation. - -The function EVP_PKEY_encrypt() can be called more than once on the same -context if several operations are performed using the same parameters. - -=head1 RETURN VALUES - -EVP_PKEY_encrypt_init() and EVP_PKEY_encrypt() return 1 for success and 0 -or a negative value for failure. In particular a return value of -2 -indicates the operation is not supported by the public key algorithm. - -=head1 EXAMPLE - -Encrypt data using OAEP (for RSA keys): - - #include <openssl/evp.h> - #include <openssl/rsa.h> - - EVP_PKEY_CTX *ctx; - unsigned char *out, *in; - size_t outlen, inlen; - EVP_PKEY *key; - /* NB: assumes key in, inlen are already set up - * and that key is an RSA public key - */ - ctx = EVP_PKEY_CTX_new(key); - if (!ctx) - /* Error occurred */ - if (EVP_PKEY_encrypt_init(ctx) <= 0) - /* Error */ - if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_OAEP_PADDING) <= 0) - /* Error */ - - /* Determine buffer length */ - if (EVP_PKEY_encrypt(ctx, NULL, &outlen, in, inlen) <= 0) - /* Error */ - - out = malloc(outlen); - - if (!out) - /* malloc failure */ - - if (EVP_PKEY_encrypt(ctx, out, &outlen, in, inlen) <= 0) - /* Error */ - - /* Encrypted data is outlen bytes written to buffer out */ - -=head1 SEE ALSO - -L<EVP_PKEY_CTX_new(3)|EVP_PKEY_CTX_new(3)>, -L<EVP_PKEY_decrypt(3)|EVP_PKEY_decrypt(3)>, -L<EVP_PKEY_sign(3)|EVP_PKEY_sign(3)>, -L<EVP_PKEY_verify(3)|EVP_PKEY_verify(3)>, -L<EVP_PKEY_verify_recover(3)|EVP_PKEY_verify_recover(3)>, -L<EVP_PKEY_derive(3)|EVP_PKEY_derive(3)> - -=head1 HISTORY - -These functions were first added to OpenSSL 1.0.0. - -=cut diff --git a/lib/libcrypto/doc/EVP_PKEY_get_default_digest.pod b/lib/libcrypto/doc/EVP_PKEY_get_default_digest.pod deleted file mode 100644 index 8ff597d44ad..00000000000 --- a/lib/libcrypto/doc/EVP_PKEY_get_default_digest.pod +++ /dev/null @@ -1,41 +0,0 @@ -=pod - -=head1 NAME - -EVP_PKEY_get_default_digest_nid - get default signature digest - -=head1 SYNOPSIS - - #include <openssl/evp.h> - int EVP_PKEY_get_default_digest_nid(EVP_PKEY *pkey, int *pnid); - -=head1 DESCRIPTION - -The EVP_PKEY_get_default_digest_nid() function sets B<pnid> to the default -message digest NID for the public key signature operations associated with key -B<pkey>. - -=head1 NOTES - -For all current standard OpenSSL public key algorithms SHA1 is returned. - -=head1 RETURN VALUES - -The EVP_PKEY_get_default_digest_nid() function returns 1 if the message digest -is advisory (that is other digests can be used) and 2 if it is mandatory (other -digests can not be used). It returns 0 or a negative value for failure. In -particular a return value of -2 indicates the operation is not supported by the -public key algorithm. - -=head1 SEE ALSO - -L<EVP_PKEY_CTX_new(3)|EVP_PKEY_CTX_new(3)>, -L<EVP_PKEY_sign(3)|EVP_PKEY_sign(3)>, -L<EVP_PKEY_verify(3)|EVP_PKEY_verify(3)>, -L<EVP_PKEY_verify_recover(3)|EVP_PKEY_verify_recover(3)>, - -=head1 HISTORY - -This function was first added to OpenSSL 1.0.0. - -=cut diff --git a/lib/libcrypto/doc/EVP_PKEY_keygen.pod b/lib/libcrypto/doc/EVP_PKEY_keygen.pod deleted file mode 100644 index adcf3560e0a..00000000000 --- a/lib/libcrypto/doc/EVP_PKEY_keygen.pod +++ /dev/null @@ -1,170 +0,0 @@ -=pod - -=head1 NAME - -EVP_PKEY_keygen_init, EVP_PKEY_keygen, EVP_PKEY_paramgen_init, -EVP_PKEY_paramgen, EVP_PKEY_CTX_set_cb, EVP_PKEY_CTX_get_cb, -EVP_PKEY_CTX_get_keygen_info, EVP_PKEY_CTX_set_app_data, -EVP_PKEY_CTX_get_app_data - key and parameter generation functions - -=head1 SYNOPSIS - - #include <openssl/evp.h> - - int EVP_PKEY_keygen_init(EVP_PKEY_CTX *ctx); - int EVP_PKEY_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey); - int EVP_PKEY_paramgen_init(EVP_PKEY_CTX *ctx); - int EVP_PKEY_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey); - - typedef int EVP_PKEY_gen_cb(EVP_PKEY_CTX *ctx); - - void EVP_PKEY_CTX_set_cb(EVP_PKEY_CTX *ctx, EVP_PKEY_gen_cb *cb); - EVP_PKEY_gen_cb *EVP_PKEY_CTX_get_cb(EVP_PKEY_CTX *ctx); - - int EVP_PKEY_CTX_get_keygen_info(EVP_PKEY_CTX *ctx, int idx); - - void EVP_PKEY_CTX_set_app_data(EVP_PKEY_CTX *ctx, void *data); - void *EVP_PKEY_CTX_get_app_data(EVP_PKEY_CTX *ctx); - -=head1 DESCRIPTION - -The EVP_PKEY_keygen_init() function initializes a public key algorithm -context using key B<pkey> for a key generation operation. - -The EVP_PKEY_keygen() function performs a key generation operation, the -generated key is written to B<ppkey>. - -The functions EVP_PKEY_paramgen_init() and EVP_PKEY_paramgen() are similar -except parameters are generated. - -The function EVP_PKEY_set_cb() sets the key or parameter generation callback -to B<cb>. The function EVP_PKEY_CTX_get_cb() returns the key or parameter -generation callback. - -The function EVP_PKEY_CTX_get_keygen_info() returns parameters associated -with the generation operation. If B<idx> is -1 the total number of -parameters available is returned. Any non negative value returns the value of -that parameter. EVP_PKEY_CTX_gen_keygen_info() with a non-negative value for -B<idx> should only be called within the generation callback. - -If the callback returns 0 then the key generation operation is aborted and an -error occurs. This might occur during a time consuming operation where -a user clicks on a "cancel" button. - -The functions EVP_PKEY_CTX_set_app_data() and EVP_PKEY_CTX_get_app_data() set -and retrieve an opaque pointer. This can be used to set some application -defined value which can be retrieved in the callback: for example a handle -which is used to update a "progress dialog". - -=head1 NOTES - -After the call to EVP_PKEY_keygen_init() or EVP_PKEY_paramgen_init() algorithm -specific control operations can be performed to set any appropriate parameters -for the operation. - -The functions EVP_PKEY_keygen() and EVP_PKEY_paramgen() can be called more than -once on the same context if several operations are performed using the same -parameters. - -The meaning of the parameters passed to the callback will depend on the -algorithm and the specific implementation of the algorithm. Some might not -give any useful information at all during key or parameter generation. Others -might not even call the callback. - -The operation performed by key or parameter generation depends on the algorithm -used. In some cases (e.g. EC with a supplied named curve) the "generation" -option merely sets the appropriate fields in an EVP_PKEY structure. - -In OpenSSL an EVP_PKEY structure containing a private key also contains the -public key components and parameters (if any). An OpenSSL private key is -equivalent to what some libraries call a "key pair". A private key can be used -in functions which require the use of a public key or parameters. - -=head1 RETURN VALUES - -EVP_PKEY_keygen_init(), EVP_PKEY_paramgen_init(), EVP_PKEY_keygen() and -EVP_PKEY_paramgen() return 1 for success and 0 or a negative value for failure. -In particular a return value of -2 indicates the operation is not supported by -the public key algorithm. - -=head1 EXAMPLES - -Generate a 2048 bit RSA key: - - #include <openssl/evp.h> - #include <openssl/rsa.h> - - EVP_PKEY_CTX *ctx; - EVP_PKEY *pkey = NULL; - ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL); - if (!ctx) - /* Error occurred */ - if (EVP_PKEY_keygen_init(ctx) <= 0) - /* Error */ - if (EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, 2048) <= 0) - /* Error */ - - /* Generate key */ - if (EVP_PKEY_keygen(ctx, &pkey) <= 0) - /* Error */ - -Generate a key from a set of parameters: - - #include <openssl/evp.h> - #include <openssl/rsa.h> - - EVP_PKEY_CTX *ctx; - EVP_PKEY *pkey = NULL, *param; - /* Assumed param is set up already */ - ctx = EVP_PKEY_CTX_new(param); - if (!ctx) - /* Error occurred */ - if (EVP_PKEY_keygen_init(ctx) <= 0) - /* Error */ - - /* Generate key */ - if (EVP_PKEY_keygen(ctx, &pkey) <= 0) - /* Error */ - -Example of generation callback for OpenSSL public key implementations: - - /* Application data is a BIO to output status to */ - - EVP_PKEY_CTX_set_app_data(ctx, status_bio); - - static int - genpkey_cb(EVP_PKEY_CTX *ctx) - { - char c = '*'; - BIO *b = EVP_PKEY_CTX_get_app_data(ctx); - int p; - - p = EVP_PKEY_CTX_get_keygen_info(ctx, 0); - if (p == 0) - c='.'; - if (p == 1) - c='+'; - if (p == 2) - c='*'; - if (p == 3) - c='\n'; - BIO_write(b,&c,1); - (void)BIO_flush(b); - return 1; - } - -=head1 SEE ALSO - -L<EVP_PKEY_CTX_new(3)|EVP_PKEY_CTX_new(3)>, -L<EVP_PKEY_encrypt(3)|EVP_PKEY_encrypt(3)>, -L<EVP_PKEY_decrypt(3)|EVP_PKEY_decrypt(3)>, -L<EVP_PKEY_sign(3)|EVP_PKEY_sign(3)>, -L<EVP_PKEY_verify(3)|EVP_PKEY_verify(3)>, -L<EVP_PKEY_verify_recover(3)|EVP_PKEY_verify_recover(3)>, -L<EVP_PKEY_derive(3)|EVP_PKEY_derive(3)> - -=head1 HISTORY - -These functions were first added to OpenSSL 1.0.0. - -=cut diff --git a/lib/libcrypto/doc/EVP_PKEY_new.pod b/lib/libcrypto/doc/EVP_PKEY_new.pod deleted file mode 100644 index 77927146595..00000000000 --- a/lib/libcrypto/doc/EVP_PKEY_new.pod +++ /dev/null @@ -1,43 +0,0 @@ -=pod - -=head1 NAME - -EVP_PKEY_new, EVP_PKEY_free - private key allocation functions. - -=head1 SYNOPSIS - - #include <openssl/evp.h> - - EVP_PKEY *EVP_PKEY_new(void); - void EVP_PKEY_free(EVP_PKEY *key); - - -=head1 DESCRIPTION - -The EVP_PKEY_new() function allocates an empty B<EVP_PKEY> -structure which is used by OpenSSL to store private keys. - -EVP_PKEY_free() frees up the private key B<key>. - -=head1 NOTES - -The B<EVP_PKEY> structure is used by various OpenSSL functions -which require a general private key without reference to any -particular algorithm. - -The structure returned by EVP_PKEY_new() is empty. To add a -private key to this empty structure the functions described in -L<EVP_PKEY_set1_RSA(3)|EVP_PKEY_set1_RSA(3)> should be used. - -=head1 RETURN VALUES - -EVP_PKEY_new() returns either the newly allocated B<EVP_PKEY> -structure of B<NULL> if an error occurred. - -EVP_PKEY_free() does not return a value. - -=head1 SEE ALSO - -L<EVP_PKEY_set1_RSA(3)|EVP_PKEY_set1_RSA(3)> - -=cut diff --git a/lib/libcrypto/doc/EVP_PKEY_print_private.pod b/lib/libcrypto/doc/EVP_PKEY_print_private.pod deleted file mode 100644 index eabbaed264a..00000000000 --- a/lib/libcrypto/doc/EVP_PKEY_print_private.pod +++ /dev/null @@ -1,54 +0,0 @@ -=pod - -=head1 NAME - -EVP_PKEY_print_public, EVP_PKEY_print_private, EVP_PKEY_print_params - public -key algorithm printing routines. - -=head1 SYNOPSIS - - #include <openssl/evp.h> - - int EVP_PKEY_print_public(BIO *out, const EVP_PKEY *pkey, - int indent, ASN1_PCTX *pctx); - int EVP_PKEY_print_private(BIO *out, const EVP_PKEY *pkey, - int indent, ASN1_PCTX *pctx); - int EVP_PKEY_print_params(BIO *out, const EVP_PKEY *pkey, - int indent, ASN1_PCTX *pctx); - -=head1 DESCRIPTION - -The functions EVP_PKEY_print_public(), EVP_PKEY_print_private() and -EVP_PKEY_print_params() print out the public, private or parameter components -of key B<pkey> respectively. The key is sent to BIO B<out> in human readable -form. The parameter B<indent> indicated how far the printout should be indented. - -The B<pctx> parameter allows the print output to be finely tuned by using -ASN1 printing options. If B<pctx> is set to NULL then default values will -be used. - -=head1 NOTES - -Currently no public key algorithms include any options in the B<pctx> parameter -parameter. - -If the key does not include all the components indicated by the function then -only those contained in the key will be printed. For example passing a public -key to EVP_PKEY_print_private() will only print the public components. - -=head1 RETURN VALUES - -These functions all return 1 for success and 0 or a negative value for failure. -In particular a return value of -2 indicates the operation is not supported by -the public key algorithm. - -=head1 SEE ALSO - -L<EVP_PKEY_CTX_new(3)|EVP_PKEY_CTX_new(3)>, -L<EVP_PKEY_keygen(3)|EVP_PKEY_keygen(3)> - -=head1 HISTORY - -These functions were first added to OpenSSL 1.0.0. - -=cut diff --git a/lib/libcrypto/doc/EVP_PKEY_set1_RSA.pod b/lib/libcrypto/doc/EVP_PKEY_set1_RSA.pod deleted file mode 100644 index 096e969fa36..00000000000 --- a/lib/libcrypto/doc/EVP_PKEY_set1_RSA.pod +++ /dev/null @@ -1,76 +0,0 @@ -=pod - -=head1 NAME - -EVP_PKEY_set1_RSA, EVP_PKEY_set1_DSA, EVP_PKEY_set1_DH, EVP_PKEY_set1_EC_KEY, -EVP_PKEY_get1_RSA, EVP_PKEY_get1_DSA, EVP_PKEY_get1_DH, EVP_PKEY_get1_EC_KEY, -EVP_PKEY_assign_RSA, EVP_PKEY_assign_DSA, EVP_PKEY_assign_DH, -EVP_PKEY_assign_EC_KEY, EVP_PKEY_type - EVP_PKEY assignment functions. - -=head1 SYNOPSIS - - #include <openssl/evp.h> - - int EVP_PKEY_set1_RSA(EVP_PKEY *pkey,RSA *key); - int EVP_PKEY_set1_DSA(EVP_PKEY *pkey,DSA *key); - int EVP_PKEY_set1_DH(EVP_PKEY *pkey,DH *key); - int EVP_PKEY_set1_EC_KEY(EVP_PKEY *pkey,EC_KEY *key); - - RSA *EVP_PKEY_get1_RSA(EVP_PKEY *pkey); - DSA *EVP_PKEY_get1_DSA(EVP_PKEY *pkey); - DH *EVP_PKEY_get1_DH(EVP_PKEY *pkey); - EC_KEY *EVP_PKEY_get1_EC_KEY(EVP_PKEY *pkey); - - int EVP_PKEY_assign_RSA(EVP_PKEY *pkey,RSA *key); - int EVP_PKEY_assign_DSA(EVP_PKEY *pkey,DSA *key); - int EVP_PKEY_assign_DH(EVP_PKEY *pkey,DH *key); - int EVP_PKEY_assign_EC_KEY(EVP_PKEY *pkey,EC_KEY *key); - - int EVP_PKEY_type(int type); - -=head1 DESCRIPTION - -EVP_PKEY_set1_RSA(), EVP_PKEY_set1_DSA(), EVP_PKEY_set1_DH() and -EVP_PKEY_set1_EC_KEY() set the key referenced by B<pkey> to B<key>. - -EVP_PKEY_get1_RSA(), EVP_PKEY_get1_DSA(), EVP_PKEY_get1_DH() and -EVP_PKEY_get1_EC_KEY() return the referenced key in B<pkey> or -B<NULL> if the key is not of the correct type. - -EVP_PKEY_assign_RSA() EVP_PKEY_assign_DSA(), EVP_PKEY_assign_DH() -and EVP_PKEY_assign_EC_KEY() also set the referenced key to B<key> -however these use the supplied B<key> internally and so B<key> -will be freed when the parent B<pkey> is freed. - -EVP_PKEY_type() returns the type of key corresponding to the value -B<type>. The type of a key can be obtained with -EVP_PKEY_type(pkey->type). The return value will be EVP_PKEY_RSA, -EVP_PKEY_DSA, EVP_PKEY_DH or EVP_PKEY_EC for the corresponding -key types or NID_undef if the key type is unassigned. - -=head1 NOTES - -In accordance with the OpenSSL naming convention the key obtained -from or assigned to the B<pkey> using the B<1> functions must be -freed as well as B<pkey>. - -EVP_PKEY_assign_RSA() EVP_PKEY_assign_DSA(), EVP_PKEY_assign_DH() -EVP_PKEY_assign_EC_KEY() are implemented as macros. - -=head1 RETURN VALUES - -EVP_PKEY_set1_RSA(), EVP_PKEY_set1_DSA(), EVP_PKEY_set1_DH() and -EVP_PKEY_set1_EC_KEY() return 1 for success or 0 for failure. - -EVP_PKEY_get1_RSA(), EVP_PKEY_get1_DSA(), EVP_PKEY_get1_DH() and -EVP_PKEY_get1_EC_KEY() return the referenced key or B<NULL> if -an error occurred. - -EVP_PKEY_assign_RSA() EVP_PKEY_assign_DSA(), EVP_PKEY_assign_DH() -and EVP_PKEY_assign_EC_KEY() return 1 for success and 0 for failure. - -=head1 SEE ALSO - -L<EVP_PKEY_new(3)|EVP_PKEY_new(3)> - -=cut diff --git a/lib/libcrypto/doc/EVP_PKEY_sign.pod b/lib/libcrypto/doc/EVP_PKEY_sign.pod deleted file mode 100644 index 1925706d96b..00000000000 --- a/lib/libcrypto/doc/EVP_PKEY_sign.pod +++ /dev/null @@ -1,96 +0,0 @@ -=pod - -=head1 NAME - -EVP_PKEY_sign_init, EVP_PKEY_sign - sign using a public key algorithm - -=head1 SYNOPSIS - - #include <openssl/evp.h> - - int EVP_PKEY_sign_init(EVP_PKEY_CTX *ctx); - int EVP_PKEY_sign(EVP_PKEY_CTX *ctx, - unsigned char *sig, size_t *siglen, - const unsigned char *tbs, size_t tbslen); - -=head1 DESCRIPTION - -The EVP_PKEY_sign_init() function initializes a public key algorithm -context using key B<pkey> for a signing operation. - -The EVP_PKEY_sign() function performs a public key signing operation -using B<ctx>. The data to be signed is specified using the B<tbs> and -B<tbslen> parameters. If B<sig> is B<NULL> then the maximum size of the output -buffer is written to the B<siglen> parameter. If B<sig> is not B<NULL> then -before the call the B<siglen> parameter should contain the length of the -B<sig> buffer, if the call is successful the signature is written to -B<sig> and the amount of data written to B<siglen>. - -=head1 NOTES - -After the call to EVP_PKEY_sign_init() algorithm specific control -operations can be performed to set any appropriate parameters for the -operation. - -The function EVP_PKEY_sign() can be called more than once on the same -context if several operations are performed using the same parameters. - -=head1 RETURN VALUES - -EVP_PKEY_sign_init() and EVP_PKEY_sign() return 1 for success and 0 -or a negative value for failure. In particular a return value of -2 -indicates the operation is not supported by the public key algorithm. - -=head1 EXAMPLE - -Sign data using RSA with PKCS#1 padding and SHA256 digest: - - #include <openssl/evp.h> - #include <openssl/rsa.h> - - EVP_PKEY_CTX *ctx; - unsigned char *md, *sig; - size_t mdlen, siglen; - EVP_PKEY *signing_key; - /* NB: assumes signing_key, md and mdlen are already set up - * and that signing_key is an RSA private key - */ - ctx = EVP_PKEY_CTX_new(signing_key); - if (!ctx) - /* Error occurred */ - if (EVP_PKEY_sign_init(ctx) <= 0) - /* Error */ - if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_PADDING) <= 0) - /* Error */ - if (EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256()) <= 0) - /* Error */ - - /* Determine buffer length */ - if (EVP_PKEY_sign(ctx, NULL, &siglen, md, mdlen) <= 0) - /* Error */ - - sig = malloc(siglen); - - if (!sig) - /* malloc failure */ - - if (EVP_PKEY_sign(ctx, sig, &siglen, md, mdlen) <= 0) - /* Error */ - - /* Signature is siglen bytes written to buffer sig */ - - -=head1 SEE ALSO - -L<EVP_PKEY_CTX_new(3)|EVP_PKEY_CTX_new(3)>, -L<EVP_PKEY_encrypt(3)|EVP_PKEY_encrypt(3)>, -L<EVP_PKEY_decrypt(3)|EVP_PKEY_decrypt(3)>, -L<EVP_PKEY_verify(3)|EVP_PKEY_verify(3)>, -L<EVP_PKEY_verify_recover(3)|EVP_PKEY_verify_recover(3)>, -L<EVP_PKEY_derive(3)|EVP_PKEY_derive(3)> - -=head1 HISTORY - -These functions were first added to OpenSSL 1.0.0. - -=cut diff --git a/lib/libcrypto/doc/EVP_PKEY_verify.pod b/lib/libcrypto/doc/EVP_PKEY_verify.pod deleted file mode 100644 index 0f092ca8e19..00000000000 --- a/lib/libcrypto/doc/EVP_PKEY_verify.pod +++ /dev/null @@ -1,92 +0,0 @@ -=pod - -=head1 NAME - -EVP_PKEY_verify_init, EVP_PKEY_verify - signature verification using a public -key algorithm - -=head1 SYNOPSIS - - #include <openssl/evp.h> - - int EVP_PKEY_verify_init(EVP_PKEY_CTX *ctx); - int EVP_PKEY_verify(EVP_PKEY_CTX *ctx, - const unsigned char *sig, size_t siglen, - const unsigned char *tbs, size_t tbslen); - -=head1 DESCRIPTION - -The EVP_PKEY_verify_init() function initializes a public key algorithm -context using key B<pkey> for a signature verification operation. - -The EVP_PKEY_verify() function performs a public key verification operation -using B<ctx>. The signature is specified using the B<sig> and -B<siglen> parameters. The verified data (i.e. the data believed originally -signed) is specified using the B<tbs> and B<tbslen> parameters. - -=head1 NOTES - -After the call to EVP_PKEY_verify_init() algorithm specific control -operations can be performed to set any appropriate parameters for the -operation. - -The function EVP_PKEY_verify() can be called more than once on the same -context if several operations are performed using the same parameters. - -=head1 RETURN VALUES - -EVP_PKEY_verify_init() and EVP_PKEY_verify() return 1 if the verification was -successful and 0 if it failed. Unlike other functions the return value 0 from -EVP_PKEY_verify() only indicates that the signature did not verify -successfully (that is tbs did not match the original data or the signature was -of invalid form) it is not an indication of a more serious error. - -A negative value indicates an error other that signature verification failure. -In particular a return value of -2 indicates the operation is not supported by -the public key algorithm. - -=head1 EXAMPLE - -Verify signature using PKCS#1 and SHA256 digest: - - #include <openssl/evp.h> - #include <openssl/rsa.h> - - EVP_PKEY_CTX *ctx; - unsigned char *md, *sig; - size_t mdlen, siglen; - EVP_PKEY *verify_key; - /* NB: assumes verify_key, sig, siglen md and mdlen are already set up - * and that verify_key is an RSA public key - */ - ctx = EVP_PKEY_CTX_new(verify_key); - if (!ctx) - /* Error occurred */ - if (EVP_PKEY_verify_init(ctx) <= 0) - /* Error */ - if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_PADDING) <= 0) - /* Error */ - if (EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256()) <= 0) - /* Error */ - - /* Perform operation */ - ret = EVP_PKEY_verify(ctx, sig, siglen, md, mdlen); - - /* ret == 1 indicates success, 0 verify failure and < 0 for some - * other error. - */ - -=head1 SEE ALSO - -L<EVP_PKEY_CTX_new(3)|EVP_PKEY_CTX_new(3)>, -L<EVP_PKEY_encrypt(3)|EVP_PKEY_encrypt(3)>, -L<EVP_PKEY_decrypt(3)|EVP_PKEY_decrypt(3)>, -L<EVP_PKEY_sign(3)|EVP_PKEY_sign(3)>, -L<EVP_PKEY_verify_recover(3)|EVP_PKEY_verify_recover(3)>, -L<EVP_PKEY_derive(3)|EVP_PKEY_derive(3)> - -=head1 HISTORY - -These functions were first added to OpenSSL 1.0.0. - -=cut diff --git a/lib/libcrypto/doc/EVP_PKEY_verify_recover.pod b/lib/libcrypto/doc/EVP_PKEY_verify_recover.pod deleted file mode 100644 index 095e53ea2f1..00000000000 --- a/lib/libcrypto/doc/EVP_PKEY_verify_recover.pod +++ /dev/null @@ -1,105 +0,0 @@ -=pod - -=head1 NAME - -EVP_PKEY_verify_recover_init, EVP_PKEY_verify_recover - recover signature using -a public key algorithm - -=head1 SYNOPSIS - - #include <openssl/evp.h> - - int EVP_PKEY_verify_recover_init(EVP_PKEY_CTX *ctx); - int EVP_PKEY_verify_recover(EVP_PKEY_CTX *ctx, - unsigned char *rout, size_t *routlen, - const unsigned char *sig, size_t siglen); - -=head1 DESCRIPTION - -The EVP_PKEY_verify_recover_init() function initializes a public key algorithm -context using key B<pkey> for a verify recover operation. - -The EVP_PKEY_verify_recover() function recovers signed data -using B<ctx>. The signature is specified using the B<sig> and -B<siglen> parameters. If B<rout> is B<NULL> then the maximum size of the output -buffer is written to the B<routlen> parameter. If B<rout> is not B<NULL> then -before the call the B<routlen> parameter should contain the length of the -B<rout> buffer, if the call is successful recovered data is written to -B<rout> and the amount of data written to B<routlen>. - -=head1 NOTES - -Normally an application is only interested in whether a signature verification -operation is successful in those cases the EVP_verify() function should be -used. - -Sometimes however it is useful to obtain the data originally signed using a -signing operation. Only certain public key algorithms can recover a signature -in this way (for example RSA in PKCS padding mode). - -After the call to EVP_PKEY_verify_recover_init() algorithm specific control -operations can be performed to set any appropriate parameters for the -operation. - -The function EVP_PKEY_verify_recover() can be called more than once on the same -context if several operations are performed using the same parameters. - -=head1 RETURN VALUES - -EVP_PKEY_verify_recover_init() and EVP_PKEY_verify_recover() return 1 for -success -and 0 or a negative value for failure. In particular a return value of -2 -indicates the operation is not supported by the public key algorithm. - -=head1 EXAMPLE - -Recover digest originally signed using PKCS#1 and SHA256 digest: - - #include <openssl/evp.h> - #include <openssl/rsa.h> - - EVP_PKEY_CTX *ctx; - unsigned char *rout, *sig; - size_t routlen, siglen; - EVP_PKEY *verify_key; - /* NB: assumes verify_key, sig and siglen are already set up - * and that verify_key is an RSA public key - */ - ctx = EVP_PKEY_CTX_new(verify_key); - if (!ctx) - /* Error occurred */ - if (EVP_PKEY_verify_recover_init(ctx) <= 0) - /* Error */ - if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_PADDING) <= 0) - /* Error */ - if (EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256()) <= 0) - /* Error */ - - /* Determine buffer length */ - if (EVP_PKEY_verify_recover(ctx, NULL, &routlen, sig, siglen) <= 0) - /* Error */ - - rout = malloc(routlen); - - if (!rout) - /* malloc failure */ - - if (EVP_PKEY_verify_recover(ctx, rout, &routlen, sig, siglen) <= 0) - /* Error */ - - /* Recovered data is routlen bytes written to buffer rout */ - -=head1 SEE ALSO - -L<EVP_PKEY_CTX_new(3)|EVP_PKEY_CTX_new(3)>, -L<EVP_PKEY_encrypt(3)|EVP_PKEY_encrypt(3)>, -L<EVP_PKEY_decrypt(3)|EVP_PKEY_decrypt(3)>, -L<EVP_PKEY_sign(3)|EVP_PKEY_sign(3)>, -L<EVP_PKEY_verify(3)|EVP_PKEY_verify(3)>, -L<EVP_PKEY_derive(3)|EVP_PKEY_derive(3)> - -=head1 HISTORY - -These functions were first added to OpenSSL 1.0.0. - -=cut diff --git a/lib/libcrypto/doc/EVP_SealInit.pod b/lib/libcrypto/doc/EVP_SealInit.pod deleted file mode 100644 index 76eebb72a97..00000000000 --- a/lib/libcrypto/doc/EVP_SealInit.pod +++ /dev/null @@ -1,82 +0,0 @@ -=pod - -=head1 NAME - -EVP_SealInit, EVP_SealUpdate, EVP_SealFinal - EVP envelope encryption - -=head1 SYNOPSIS - - #include <openssl/evp.h> - - int EVP_SealInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, - unsigned char **ek, int *ekl, unsigned char *iv, - EVP_PKEY **pubk, int npubk); - int EVP_SealUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, - int *outl, unsigned char *in, int inl); - int EVP_SealFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, - int *outl); - -=head1 DESCRIPTION - -The EVP envelope routines are a high level interface to envelope -encryption. They generate a random key and IV (if required) then -"envelope" it by using public key encryption. Data can then be -encrypted using this key. - -EVP_SealInit() initializes a cipher context B<ctx> for encryption -with cipher B<type> using a random secret key and IV. B<type> is normally -supplied by a function such as EVP_aes_256_cbc(). The secret key is encrypted -using one or more public keys, this allows the same encrypted data to be -decrypted using any of the corresponding private keys. B<ek> is an array of -buffers where the public key encrypted secret key will be written, each buffer -must contain enough room for the corresponding encrypted key: that is -B<ek[i]> must have room for B<EVP_PKEY_size(pubk[i])> bytes. The actual -size of each encrypted secret key is written to the array B<ekl>. B<pubk> is -an array of B<npubk> public keys. - -The B<iv> parameter is a buffer where the generated IV is written to. It must -contain enough room for the corresponding cipher's IV, as determined by (for -example) EVP_CIPHER_iv_length(type). - -If the cipher does not require an IV then the B<iv> parameter is ignored -and can be B<NULL>. - -EVP_SealUpdate() and EVP_SealFinal() have exactly the same properties -as the EVP_EncryptUpdate() and EVP_EncryptFinal() routines, as -documented on the L<EVP_EncryptInit(3)|EVP_EncryptInit(3)> manual -page. - -=head1 RETURN VALUES - -EVP_SealInit() returns 0 on error or B<npubk> if successful. - -EVP_SealUpdate() and EVP_SealFinal() return 1 for success and 0 for -failure. - -=head1 NOTES - -The public key must be RSA because it is the only OpenSSL public key -algorithm that supports key transport. - -Envelope encryption is the usual method of using public key encryption -on large amounts of data, this is because public key encryption is slow -but symmetric encryption is fast. So symmetric encryption is used for -bulk encryption and the small random symmetric key used is transferred -using public key encryption. - -It is possible to call EVP_SealInit() twice in the same way as -EVP_EncryptInit(). The first call should have B<npubk> set to 0 -and (after setting any cipher parameters) it should be called again -with B<type> set to NULL. - -=head1 SEE ALSO - -L<evp(3)|evp(3)>, L<rand(3)|rand(3)>, -L<EVP_EncryptInit(3)|EVP_EncryptInit(3)>, -L<EVP_OpenInit(3)|EVP_OpenInit(3)> - -=head1 HISTORY - -EVP_SealFinal() did not return a value before OpenSSL 0.9.7. - -=cut diff --git a/lib/libcrypto/doc/EVP_SignInit.pod b/lib/libcrypto/doc/EVP_SignInit.pod deleted file mode 100644 index 6882211e024..00000000000 --- a/lib/libcrypto/doc/EVP_SignInit.pod +++ /dev/null @@ -1,103 +0,0 @@ -=pod - -=head1 NAME - -EVP_SignInit, EVP_SignUpdate, EVP_SignFinal, EVP_PKEY_size -- EVP signing functions - -=head1 SYNOPSIS - - #include <openssl/evp.h> - - int EVP_SignInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl); - int EVP_SignUpdate(EVP_MD_CTX *ctx, const void *d, unsigned int cnt); - int EVP_SignFinal(EVP_MD_CTX *ctx,unsigned char *sig,unsigned int *s, EVP_PKEY *pkey); - - void EVP_SignInit(EVP_MD_CTX *ctx, const EVP_MD *type); - - int EVP_PKEY_size(EVP_PKEY *pkey); - -=head1 DESCRIPTION - -The EVP signature routines are a high level interface to digital -signatures. - -EVP_SignInit_ex() sets up signing context B<ctx> to use digest -B<type> from ENGINE B<impl>. B<ctx> must be initialized with -EVP_MD_CTX_init() before calling this function. - -EVP_SignUpdate() hashes B<cnt> bytes of data at B<d> into the -signature context B<ctx>. This function can be called several times on the -same B<ctx> to include additional data. - -EVP_SignFinal() signs the data in B<ctx> using the private key B<pkey> and -places the signature in B<sig>. B<sig> must be at least EVP_PKEY_size(pkey) -bytes in size. B<s> is an OUT parameter, and not used as an IN parameter. -The number of bytes of data written (i.e. the length of the signature) -will be written to the integer at B<s>, at most EVP_PKEY_size(pkey) bytes -will be written. - -EVP_SignInit() initializes a signing context B<ctx> to use the default -implementation of digest B<type>. - -EVP_PKEY_size() returns the maximum size of a signature in bytes. The actual -signature returned by EVP_SignFinal() may be smaller. - -=head1 RETURN VALUES - -EVP_SignInit_ex(), EVP_SignUpdate() and EVP_SignFinal() return 1 -for success and 0 for failure. - -EVP_PKEY_size() returns the maximum size of a signature in bytes. - -The error codes can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>. - -=head1 NOTES - -The B<EVP> interface to digital signatures should almost always be used in -preference to the low level interfaces. This is because the code then becomes -transparent to the algorithm used and much more flexible. - -Due to the link between message digests and public key algorithms the correct -digest algorithm must be used with the correct public key type. A list of -algorithms and associated public key algorithms appears in -L<EVP_DigestInit(3)|EVP_DigestInit(3)>. - -The call to EVP_SignFinal() internally finalizes a copy of the digest context. -This means that calls to EVP_SignUpdate() and EVP_SignFinal() can be called -later to digest and sign additional data. - -Since only a copy of the digest context is ever finalized the context must -be cleaned up after use by calling EVP_MD_CTX_cleanup() or a memory leak -will occur. - -=head1 BUGS - -Older versions of this documentation wrongly stated that calls to -EVP_SignUpdate() could not be made after calling EVP_SignFinal(). - -Since the private key is passed in the call to EVP_SignFinal() any error -relating to the private key (for example an unsuitable key and digest -combination) will not be indicated until after potentially large amounts of -data have been passed through EVP_SignUpdate(). - -It is not possible to change the signing parameters using these function. - -The previous two bugs are fixed in the newer EVP_SignDigest*() function. - -=head1 SEE ALSO - -L<EVP_VerifyInit(3)|EVP_VerifyInit(3)>, -L<EVP_DigestInit(3)|EVP_DigestInit(3)>, L<err(3)|err(3)>, -L<evp(3)|evp(3)>, L<hmac(3)|hmac(3)>, L<md2(3)|md2(3)>, -L<md5(3)|md5(3)>, L<ripemd(3)|ripemd(3)>, -L<sha(3)|sha(3)>, L<dgst(1)|dgst(1)> - -=head1 HISTORY - -EVP_SignInit(), EVP_SignUpdate() and EVP_SignFinal() are -available in all versions of SSLeay and OpenSSL. - -EVP_SignInit_ex() was added in OpenSSL 0.9.7. - -=cut diff --git a/lib/libcrypto/doc/EVP_VerifyInit.pod b/lib/libcrypto/doc/EVP_VerifyInit.pod deleted file mode 100644 index b0d3f8e4c9e..00000000000 --- a/lib/libcrypto/doc/EVP_VerifyInit.pod +++ /dev/null @@ -1,96 +0,0 @@ -=pod - -=head1 NAME - -EVP_VerifyInit, EVP_VerifyUpdate, EVP_VerifyFinal - EVP signature verification -functions - -=head1 SYNOPSIS - - #include <openssl/evp.h> - - int EVP_VerifyInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl); - int EVP_VerifyUpdate(EVP_MD_CTX *ctx, const void *d, unsigned int cnt); - int EVP_VerifyFinal(EVP_MD_CTX *ctx,unsigned char *sigbuf, unsigned int siglen,EVP_PKEY *pkey); - - int EVP_VerifyInit(EVP_MD_CTX *ctx, const EVP_MD *type); - -=head1 DESCRIPTION - -The EVP signature verification routines are a high level interface to digital -signatures. - -EVP_VerifyInit_ex() sets up verification context B<ctx> to use digest -B<type> from ENGINE B<impl>. B<ctx> must be initialized by calling -EVP_MD_CTX_init() before calling this function. - -EVP_VerifyUpdate() hashes B<cnt> bytes of data at B<d> into the -verification context B<ctx>. This function can be called several times on the -same B<ctx> to include additional data. - -EVP_VerifyFinal() verifies the data in B<ctx> using the public key B<pkey> -and against the B<siglen> bytes at B<sigbuf>. - -EVP_VerifyInit() initializes verification context B<ctx> to use the default -implementation of digest B<type>. - -=head1 RETURN VALUES - -EVP_VerifyInit_ex() and EVP_VerifyUpdate() return 1 for success and 0 for -failure. - -EVP_VerifyFinal() returns 1 for a correct signature, 0 for failure and -1 if -some other error occurred. - -The error codes can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>. - -=head1 NOTES - -The B<EVP> interface to digital signatures should almost always be used in -preference to the low level interfaces. This is because the code then becomes -transparent to the algorithm used and much more flexible. - -Due to the link between message digests and public key algorithms the correct -digest algorithm must be used with the correct public key type. A list of -algorithms and associated public key algorithms appears in -L<EVP_DigestInit(3)|EVP_DigestInit(3)>. - -The call to EVP_VerifyFinal() internally finalizes a copy of the digest context. -This means that calls to EVP_VerifyUpdate() and EVP_VerifyFinal() can be called -later to digest and verify additional data. - -Since only a copy of the digest context is ever finalized the context must -be cleaned up after use by calling EVP_MD_CTX_cleanup() or a memory leak -will occur. - -=head1 BUGS - -Older versions of this documentation wrongly stated that calls to -EVP_VerifyUpdate() could not be made after calling EVP_VerifyFinal(). - -Since the public key is passed in the call to EVP_SignFinal() any error -relating to the private key (for example an unsuitable key and digest -combination) will not be indicated until after potentially large amounts of -data have been passed through EVP_SignUpdate(). - -It is not possible to change the signing parameters using these function. - -The previous two bugs are fixed in the newer EVP_VerifyDigest*() function. - -=head1 SEE ALSO - -L<evp(3)|evp(3)>, -L<EVP_SignInit(3)|EVP_SignInit(3)>, -L<EVP_DigestInit(3)|EVP_DigestInit(3)>, L<err(3)|err(3)>, -L<evp(3)|evp(3)>, L<hmac(3)|hmac(3)>, L<md2(3)|md2(3)>, -L<md5(3)|md5(3)>, L<ripemd(3)|ripemd(3)>, -L<sha(3)|sha(3)>, L<dgst(1)|dgst(1)> - -=head1 HISTORY - -EVP_VerifyInit(), EVP_VerifyUpdate() and EVP_VerifyFinal() are -available in all versions of SSLeay and OpenSSL. - -EVP_VerifyInit_ex() was added in OpenSSL 0.9.7 - -=cut diff --git a/lib/libcrypto/doc/evp.pod b/lib/libcrypto/doc/evp.pod deleted file mode 100644 index dfd96d3b984..00000000000 --- a/lib/libcrypto/doc/evp.pod +++ /dev/null @@ -1,107 +0,0 @@ -=pod - -=head1 NAME - -evp - high-level cryptographic functions - -=head1 SYNOPSIS - - #include <openssl/evp.h> - -=head1 DESCRIPTION - -The EVP library provides a high-level interface to cryptographic -functions. - -L<B<EVP_Seal>I<...>|EVP_SealInit(3)> and L<B<EVP_Open>I<...>|EVP_OpenInit(3)> -provide public key encryption and decryption to implement digital "envelopes". - -The L<B<EVP_DigestSign>I<...>|EVP_DigestSignInit(3)> and -L<B<EVP_DigestVerify>I<...>|EVP_DigestVerifyInit(3)> functions implement -digital signatures and Message Authentication Codes (MACs). Also see the older -L<B<EVP_Sign>I<...>|EVP_SignInit(3)> and L<B<EVP_Verify>I<...>|EVP_VerifyInit(3)> -functions. - -Symmetric encryption is available with the L<B<EVP_Encrypt>I<...>|EVP_EncryptInit(3)> -functions. The L<B<EVP_Digest>I<...>|EVP_DigestInit(3)> functions provide message digests. - -Authenticated encryption with additional data (AEAD) is available with -the L<B<EVP_AEAD>I<...>|EVP_AEAD_CTX_init(3)> functions. - -The B<EVP_PKEY>I<...> functions provide a high level interface to -asymmetric algorithms. To create a new EVP_PKEY see -L<EVP_PKEY_new(3)|EVP_PKEY_new(3)>. EVP_PKEYs can be associated -with a private key of a particular algorithm by using the functions -described on the L<EVP_PKEY_set1_RSA(3)|EVP_PKEY_set1_RSA(3)> page, or -new keys can be generated using L<EVP_PKEY_keygen(3)|EVP_PKEY_keygen(3)>. -EVP_PKEYs can be compared using L<EVP_PKEY_cmp(3)|EVP_PKEY_cmp(3)>, or printed using -L<EVP_PKEY_print_private(3)|EVP_PKEY_print_private(3)>. - -The EVP_PKEY functions support the full range of asymmetric algorithm operations: - -=over - -=item For key agreement see L<EVP_PKEY_derive(3)|EVP_PKEY_derive(3)> - -=item For signing and verifying see L<EVP_PKEY_sign(3)|EVP_PKEY_sign(3)>, -L<EVP_PKEY_verify(3)|EVP_PKEY_verify(3)> and L<EVP_PKEY_verify_recover(3)|EVP_PKEY_verify_recover(3)>. -However, note that -these functions do not perform a digest of the data to be signed. Therefore -normally you would use the L<B<EVP_DigestSign>I<...>|EVP_DigestSignInit(3)> -functions for this purpose. - -=item For encryption and decryption see L<EVP_PKEY_encrypt(3)|EVP_PKEY_encrypt(3)> -and L<EVP_PKEY_decrypt(3)|EVP_PKEY_decrypt(3)> respectively. However, note that -these functions perform encryption and decryption only. As public key -encryption is an expensive operation, normally you would wrap -an encrypted message in a "digital envelope" using the L<B<EVP_Seal>I<...>|EVP_SealInit(3)> and -L<B<EVP_Open>I<...>|EVP_OpenInit(3)> functions. - -=back - -The L<EVP_BytesToKey(3)|EVP_BytesToKey(3)> function provides some limited support for password -based encryption. Careful selection of the parameters will provide a PKCS#5 PBKDF1 compatible -implementation. However, new applications should not typically use this (preferring, for example, -PBKDF2 from PCKS#5). - -Algorithms are loaded with L<OpenSSL_add_all_algorithms(3)|OpenSSL_add_all_algorithms(3)>. - -All the symmetric algorithms (ciphers), digests and asymmetric algorithms -(public key algorithms) can be replaced by L<ENGINE|engine(3)> modules providing alternative -implementations. If ENGINE implementations of ciphers or digests are registered -as defaults, then the various EVP functions will automatically use those -implementations automatically in preference to built in software -implementations. For more information, consult the engine(3) man page. - -Although low level algorithm specific functions exist for many algorithms -their use is discouraged. They cannot be used with an ENGINE and ENGINE -versions of new algorithms cannot be accessed using the low level functions. -Also makes code harder to adapt to new algorithms and some options are not -cleanly supported at the low level and some operations are more efficient -using the high level interface. - -=head1 SEE ALSO - -L<EVP_DigestInit(3)|EVP_DigestInit(3)>, -L<EVP_EncryptInit(3)|EVP_EncryptInit(3)>, -L<EVP_AEAD_CTX_init(3)|EVP_AEAD_CTX_init(3)>, -L<EVP_OpenInit(3)|EVP_OpenInit(3)>, -L<EVP_SealInit(3)|EVP_SealInit(3)>, -L<EVP_DigestSignInit(3)|EVP_DigestSignInit(3)>, -L<EVP_SignInit(3)|EVP_SignInit(3)>, -L<EVP_VerifyInit(3)|EVP_VerifyInit(3)>, -L<EVP_PKEY_new(3)|EVP_PKEY_new(3)>, -L<EVP_PKEY_set1_RSA(3)|EVP_PKEY_set1_RSA(3)>, -L<EVP_PKEY_keygen(3)|EVP_PKEY_keygen(3)>, -L<EVP_PKEY_print_private(3)|EVP_PKEY_print_private(3)>, -L<EVP_PKEY_decrypt(3)|EVP_PKEY_decrypt(3)>, -L<EVP_PKEY_encrypt(3)|EVP_PKEY_encrypt(3)>, -L<EVP_PKEY_sign(3)|EVP_PKEY_sign(3)>, -L<EVP_PKEY_verify(3)|EVP_PKEY_verify(3)>, -L<EVP_PKEY_verify_recover(3)|EVP_PKEY_verify_recover(3)>, -L<EVP_PKEY_derive(3)|EVP_PKEY_derive(3)>, -L<EVP_BytesToKey(3)|EVP_BytesToKey(3)>, -L<OpenSSL_add_all_algorithms(3)|OpenSSL_add_all_algorithms(3)>, -L<engine(3)|engine(3)> - -=cut diff --git a/lib/libcrypto/man/EVP_BytesToKey.3 b/lib/libcrypto/man/EVP_BytesToKey.3 new file mode 100644 index 00000000000..45a3d9bf33d --- /dev/null +++ b/lib/libcrypto/man/EVP_BytesToKey.3 @@ -0,0 +1,82 @@ +.Dd $Mdocdate: November 3 2016 $ +.Dt EVP_BYTESTOKEY 3 +.Os +.Sh NAME +.Nm EVP_BytesToKey +.Nd password based encryption routine +.Sh SYNOPSIS +.In openssl/evp.h +.Ft int +.Fo EVP_BytesToKey +.Fa "const EVP_CIPHER *type" +.Fa "const EVP_MD *md" +.Fa "const unsigned char *salt" +.Fa "const unsigned char *data" +.Fa "int datal" +.Fa "int count" +.Fa "unsigned char *key" +.Fa "unsigned char *iv" +.Fc +.Sh DESCRIPTION +.Fn EVP_BytesToKey +derives a key and IV from various parameters. +.Fa type +is the cipher to derive the key and IV for. +.Fa md +is the message digest to use. +The +.Fa salt +parameter is used as a salt in the derivation: it should point to an 8 +byte buffer or +.Dv NULL +if no salt is used. +.Fa data +is a buffer containing +.Fa datal +bytes which is used to derive the keying data. +.Fa count +is the iteration count to use. +The derived key and IV will be written to +.Fa key +and +.Fa iv , +respectively. +.Pp +A typical application of this function is to derive keying material for +an encryption algorithm from a password in the +.Fa data +parameter. +.Pp +Increasing the +.Fa count +parameter slows down the algorithm which makes it harder for an attacker +to perform a brute force attack using a large number of candidate +passwords. +.Pp +If the total key and IV length is less than the digest length and MD5 +is used, then the derivation algorithm is compatible with PKCS#5 v1.5. +Otherwise, a non standard extension is used to derive the extra data. +.Pp +Newer applications should use more standard algorithms such as PBKDF2 as +defined in PKCS#5v2.1 for key derivation. +.Sh KEY DERIVATION ALGORITHM +The key and IV is derived by concatenating D_1, D_2, etc until enough +data is available for the key and IV. +D_i is defined recursively as: +.Pp +.Dl D_i = HASH^count(D_(i-1) || data || salt) +.Pp +where || denotes concatenation, D_0 is empty, HASH is the digest +algorithm in use, HASH^1(data) is simply HASH(data), HASH^2(data) is +HASH(HASH(data)) and so on. +.Pp +The initial bytes are used for the key and the subsequent bytes for the +IV. +.Sh RETURN VALUES +.Fn EVP_BytesToKey +returns the size of the derived key in bytes. +.Sh SEE ALSO +.Xr evp 3 , +.Xr EVP_EncryptInit 3 , +.Xr PKCS5_PBKDF2_HMAC 3 , +.Xr rand 3 diff --git a/lib/libcrypto/man/EVP_DigestInit.3 b/lib/libcrypto/man/EVP_DigestInit.3 new file mode 100644 index 00000000000..9bcf79241c8 --- /dev/null +++ b/lib/libcrypto/man/EVP_DigestInit.3 @@ -0,0 +1,520 @@ +.Dd $Mdocdate: November 3 2016 $ +.Dt EVP_DIGESTINIT 3 +.Os +.Sh NAME +.Nm EVP_MD_CTX_init , +.Nm EVP_MD_CTX_create , +.Nm EVP_DigestInit_ex , +.Nm EVP_DigestUpdate , +.Nm EVP_DigestFinal_ex , +.Nm EVP_MD_CTX_cleanup , +.Nm EVP_MD_CTX_destroy , +.Nm EVP_MAX_MD_SIZE , +.Nm EVP_MD_CTX_copy_ex , +.Nm EVP_MD_CTX_copy , +.Nm EVP_MD_type , +.Nm EVP_MD_pkey_type , +.Nm EVP_MD_size , +.Nm EVP_MD_block_size , +.Nm EVP_MD_CTX_md , +.Nm EVP_MD_CTX_size , +.Nm EVP_MD_CTX_block_size , +.Nm EVP_MD_CTX_type , +.Nm EVP_md_null , +.Nm EVP_md2 , +.Nm EVP_md5 , +.Nm EVP_sha1 , +.Nm EVP_sha224 , +.Nm EVP_sha256 , +.Nm EVP_sha384 , +.Nm EVP_sha512 , +.Nm EVP_dss , +.Nm EVP_dss1 , +.Nm EVP_ripemd160 , +.Nm EVP_get_digestbyname , +.Nm EVP_get_digestbynid , +.Nm EVP_get_digestbyobj , +.Nm EVP_DigestInit , +.Nm EVP_DigestFinal +.Nd EVP digest routines +.Sh SYNOPSIS +.In openssl/evp.h +.Ft void +.Fo EVP_MD_CTX_init +.Fa "EVP_MD_CTX *ctx" +.Fc +.Ft EVP_MD_CTX * +.Fn EVP_MD_CTX_create void +.Ft int +.Fo EVP_DigestInit_ex +.Fa "EVP_MD_CTX *ctx" +.Fa "const EVP_MD *type" +.Fa "ENGINE *impl" +.Fc +.Ft int +.Fo EVP_DigestUpdate +.Fa "EVP_MD_CTX *ctx" +.Fa "const void *d" +.Fa "size_t cnt" +.Fc +.Ft int +.Fo EVP_DigestFinal_ex +.Fa "EVP_MD_CTX *ctx" +.Fa "unsigned char *md" +.Fa "unsigned int *s" +.Fc +.Ft int +.Fo EVP_MD_CTX_cleanup +.Fa "EVP_MD_CTX *ctx" +.Fc +.Ft void +.Fo EVP_MD_CTX_destroy +.Fa "EVP_MD_CTX *ctx" +.Fc +.Ft int +.Fo EVP_MD_CTX_copy_ex +.Fa "EVP_MD_CTX *out" +.Fa "const EVP_MD_CTX *in" +.Fc +.Ft int +.Fo EVP_DigestInit +.Fa "EVP_MD_CTX *ctx" +.Fa "const EVP_MD *type" +.Fc +.Ft int +.Fo EVP_DigestFinal +.Fa "EVP_MD_CTX *ctx" +.Fa "unsigned char *md" +.Fa "unsigned int *s" +.Fc +.Ft int +.Fo EVP_MD_CTX_copy +.Fa "EVP_MD_CTX *out" +.Fa "EVP_MD_CTX *in" +.Fc +.Fd #define EVP_MAX_MD_SIZE 64 /* SHA512 */ +.Ft int +.Fo EVP_MD_type +.Fa "const EVP_MD *md" +.Fc +.Ft int +.Fo EVP_MD_pkey_type +.Fa "const EVP_MD *md" +.Fc +.Ft int +.Fo EVP_MD_size +.Fa "const EVP_MD *md" +.Fc +.Ft int +.Fo EVP_MD_block_size +.Fa "const EVP_MD *md" +.Fc +.Ft const EVP_MD * +.Fo EVP_MD_CTX_md +.Fa "const EVP_MD_CTX *ctx" +.Fc +.Fd #define EVP_MD_CTX_size(e) EVP_MD_size(EVP_MD_CTX_md(e)) +.Fd #define EVP_MD_CTX_block_size(e) EVP_MD_block_size((e)->digest) +.Fd #define EVP_MD_CTX_type(e) EVP_MD_type((e)->digest) +.Ft const EVP_MD * +.Fn EVP_md_null void +.Ft const EVP_MD * +.Fn EVP_md2 void +.Ft const EVP_MD * +.Fn EVP_md5 void +.Ft const EVP_MD * +.Fn EVP_sha1 void +.Ft const EVP_MD * +.Fn EVP_dss void +.Ft const EVP_MD * +.Fn EVP_dss1 void +.Ft const EVP_MD * +.Fn EVP_ripemd160 void +.Ft const EVP_MD * +.Fn EVP_sha224 void +.Ft const EVP_MD * +.Fn EVP_sha256 void +.Ft const EVP_MD * +.Fn EVP_sha384 void +.Ft const EVP_MD * +.Fn EVP_sha512 void +.Ft const EVP_MD * +.Fo EVP_get_digestbyname +.Fa "const char *name" +.Fc +.Fd #define EVP_get_digestbynid(a) EVP_get_digestbyname(OBJ_nid2sn(a)) +.Fd #define EVP_get_digestbyobj(a) EVP_get_digestbynid(OBJ_obj2nid(a)) +.Sh DESCRIPTION +The EVP digest routines are a high level interface to message digests. +.Pp +.Fn EVP_MD_CTX_init +initializes the digest context +.Fa ctx . +.Pp +.Fn EVP_MD_CTX_create +allocates, initializes, and returns a digest context. +.Pp +.Fn EVP_DigestInit_ex +sets up digest context +.Fa ctx +to use a digest +.Fa type +from +.Vt ENGINE +.Fa impl . +.Fa ctx +must be initialized before calling this function. +.Fa type +will typically be supplied by a function such as +.Fn EVP_sha1 . +If +.Fa impl +is +.Dv NULL , +then the default implementation of digest +.Fa type +is used. +.Pp +.Fn EVP_DigestUpdate +hashes +.Fa cnt +bytes of data at +.Fa d +into the digest context +.Fa ctx . +This function can be called several times on the same +.Fa ctx +to hash additional data. +.Pp +.Fn EVP_DigestFinal_ex +retrieves the digest value from +.Fa ctx +and places it in +.Fa md . +If the +.Fa s +parameter is not +.Dv NULL , +then the number of bytes of data written (i.e. the length of the +digest) will be written to the integer at +.Fa s , +at most +.Dv EVP_MAX_MD_SIZE +bytes will be written. +After calling +.Fn EVP_DigestFinal_ex , +no additional calls to +.Fn EVP_DigestUpdate +can be made, but +.Fn EVP_DigestInit_ex +can be called to initialize a new digest operation. +.Pp +.Fn EVP_MD_CTX_cleanup +cleans up the digest context +.Fa ctx . +It should be called after a digest context is no longer needed. +.Pp +.Fn EVP_MD_CTX_destroy +cleans up the digest context +.Fa ctx +and frees up the space allocated to it. +It should be called only on a context created using +.Fn EVP_MD_CTX_create . +.Pp +.Fn EVP_MD_CTX_copy_ex +can be used to copy the message digest state from +.Fa in +to +.Fa out . +This is useful if large amounts of data are to be hashed which only +differ in the last few bytes. +.Fa out +must be initialized before calling this function. +.Pp +.Fn EVP_DigestInit +behaves in the same way as +.Fn EVP_DigestInit_ex +except the passed context +.Fa ctx +does not have to be initialized, and it always uses the default digest +implementation. +.Pp +.Fn EVP_DigestFinal +is similar to +.Fn EVP_DigestFinal_ex +except the digest context +.Fa ctx +is automatically cleaned up. +.Pp +.Fn EVP_MD_CTX_copy +is similar to +.Fn EVP_MD_CTX_copy_ex +except the destination +.Fa out +does not have to be initialized. +.Pp +.Fn EVP_MD_size +and +.Fn EVP_MD_CTX_size +return the size of the message digest when passed an +.Vt EVP_MD +or an +.Vt EVP_MD_CTX +structure, i.e. the size of the hash. +.Pp +.Fn EVP_MD_block_size +and +.Fn EVP_MD_CTX_block_size +return the block size of the message digest when passed an +.Vt EVP_MD +or an +.Vt EVP_MD_CTX +structure. +.Pp +.Fn EVP_MD_type +and +.Fn EVP_MD_CTX_type +return the NID of the OBJECT IDENTIFIER representing the given message +digest when passed an +.Vt EVP_MD +structure. +For example +.Fn EVP_MD_type EVP_sha1() +returns +.Dv NID_sha1 . +This function is normally used when setting ASN1 OIDs. +.Pp +.Fn EVP_MD_CTX_md +returns the +.Vt EVP_MD +structure corresponding to the passed +.Vt EVP_MD_CTX . +.Pp +.Fn EVP_MD_pkey_type +returns the NID of the public key signing algorithm associated with this +digest. +For example +.Fn EVP_sha1 +is associated with RSA so this will return +.Dv NID_sha1WithRSAEncryption . +Since digests and signature algorithms are no longer linked this +function is only retained for compatibility reasons. +.Pp +.Fn EVP_md2 , +.Fn EVP_md5 , +.Fn EVP_sha1 , +.Fn EVP_sha224 , +.Fn EVP_sha256 , +.Fn EVP_sha384 , +.Fn EVP_sha512 , +and +.Fn EVP_ripemd160 +return +.Vt EVP_MD +structures for the MD2, MD5, SHA1, SHA224, SHA256, SHA384, SHA512 and +RIPEMD160 digest algorithms respectively. +.Pp +.Fn EVP_dss +and +.Fn EVP_dss1 +return +.Vt EVP_MD +structures for SHA1 digest algorithms but using DSS (DSA) for the +signature algorithm. +Note: there is no need to use these pseudo-digests in OpenSSL 1.0.0 and +later, they are however retained for compatibility. +.Pp +.Fn EVP_md_null +is a "null" message digest that does nothing: +i.e. the hash it returns is of zero length. +.Pp +.Fn EVP_get_digestbyname , +.Fn EVP_get_digestbynid , +and +.Fn EVP_get_digestbyobj +return an +.Vt EVP_MD +structure when passed a digest name, a digest NID, or an ASN1_OBJECT +structure respectively. +The digest table must be initialized using, for example, +.Xr OpenSSL_add_all_digests 3 +for these functions to work. +.Pp +The EVP interface to message digests should almost always be used +in preference to the low level interfaces. +This is because the code then becomes transparent to the digest used and +much more flexible. +.Pp +New applications should use the SHA2 digest algorithms such as SHA256. +The other digest algorithms are still in common use. +.Pp +For most applications the +.Fa impl +parameter to +.Fn EVP_DigestInit_ex +will be set to NULL to use the default digest implementation. +.Pp +The functions +.Fn EVP_DigestInit , +.Fn EVP_DigestFinal , +and +.Fn EVP_MD_CTX_copy +are obsolete but are retained to maintain compatibility with existing +code. +New applications should use +.Fn EVP_DigestInit_ex , +.Fn EVP_DigestFinal_ex , +and +.Fn EVP_MD_CTX_copy_ex +because they can efficiently reuse a digest context instead of +initializing and cleaning it up on each call and allow non default +implementations of digests to be specified. +.Pp +In OpenSSL 0.9.7 and later if digest contexts are not cleaned up after +use memory leaks will occur. +.Pp +Stack allocation of +.Vt EVP_MD_CTX +structures is common, for example: +.Bd -literal -offset indent +EVP_MD_CTX mctx; +EVP_MD_CTX_init(&mctx); +.Ed +.Pp +This will cause binary compatibility issues if the size of +.Vt EVP_MD_CTX +structure changes (this will only happen with a major release of OpenSSL). +Applications wishing to avoid this should use +.Fn EVP_MD_CTX_create +instead: +.Bd -literal -offset indent +EVP_MD_CTX *mctx; +mctx = EVP_MD_CTX_create(); +.Ed +.Sh RETURN VALUES +.Fn EVP_DigestInit_ex , +.Fn EVP_DigestUpdate , +.Fn EVP_DigestFinal_ex , +and +.Fn EVP_MD_CTX_copy_ex +return 1 for success or 0 for failure. +.Pp +.Fn EVP_MD_type , +.Fn EVP_MD_pkey_type , +and +.Fn EVP_MD_type +return the NID of the corresponding OBJECT IDENTIFIER or +.Dv NID_undef +if none exists. +.Pp +.Fn EVP_MD_size , +.Fn EVP_MD_block_size , +.Fn EVP_MD_CTX_size , +and +.Fn EVP_MD_CTX_block_size +return the digest or block size in bytes. +.Pp +.Fn EVP_md_null , +.Fn EVP_md2 , +.Fn EVP_md5 , +.Fn EVP_sha1 , +.Fn EVP_dss , +.Fn EVP_dss1 , +and +.Fn EVP_ripemd160 +return pointers to the corresponding +.Vt EVP_MD +structures. +.Pp +.Fn EVP_get_digestbyname , +.Fn EVP_get_digestbynid , +and +.Fn EVP_get_digestbyobj +return either an +.Vt EVP_MD +structure or +.Dv NULL +if an error occurs. +.Sh EXAMPLES +This example digests the data "Test Message\en" and "Hello World\en", +using the digest name passed on the command line. +.Bd -literal +#include <stdio.h> +#include <openssl/evp.h> + +int +main(int argc, char *argv[]) +{ + EVP_MD_CTX *mdctx; + const EVP_MD *md; + const char mess1[] = "Test Message\en"; + const char mess2[] = "Hello World\en"; + unsigned char md_value[EVP_MAX_MD_SIZE]; + int md_len, i; + + OpenSSL_add_all_digests(); + + if (argc <= 1) { + printf("Usage: mdtest digestname\en"); + exit(1); + } + + md = EVP_get_digestbyname(argv[1]); + if (md == NULL) { + printf("Unknown message digest %s\en", argv[1]); + exit(1); + } + + mdctx = EVP_MD_CTX_create(); + EVP_DigestInit_ex(mdctx, md, NULL); + EVP_DigestUpdate(mdctx, mess1, strlen(mess1)); + EVP_DigestUpdate(mdctx, mess2, strlen(mess2)); + EVP_DigestFinal_ex(mdctx, md_value, &md_len); + EVP_MD_CTX_destroy(mdctx); + + printf("Digest is: "); + for(i = 0; i < md_len; i++) + printf("%02x", md_value[i]); + printf("\en"); +} +.Ed +.Sh SEE ALSO +.Xr evp 3 +.Sh HISTORY +.Fn EVP_DigestInit , +.Fn EVP_DigestUpdate , +and +.Fn EVP_DigestFinal +are available in all versions of SSLeay and OpenSSL. +.Pp +.Fn EVP_MD_CTX_init , +.Fn EVP_MD_CTX_create , +.Fn EVP_MD_CTX_copy_ex , +.Fn EVP_MD_CTX_cleanup , +.Fn EVP_MD_CTX_destroy , +.Fn EVP_DigestInit_ex , +and +.Fn EVP_DigestFinal_ex +were added in OpenSSL 0.9.7. +.Pp +.Fn EVP_md_null , +.Fn EVP_md2 , +.Fn EVP_md5 , +.Fn EVP_sha1 , +.Fn EVP_dss , +.Fn EVP_dss1 , +and +.Fn EVP_ripemd160 +were changed to return truely const +.Vt EVP_MD +pointers in OpenSSL 0.9.7. +.Pp +The link between digests and signing algorithms was fixed in OpenSSL 1.0 +and later, so now +.Fn EVP_sha1 +can be used with RSA and DSA, there is no need to use +.Fn EVP_dss1 +any more. +.Pp +OpenSSL 1.0 and later does not include the MD2 digest algorithm in the +default configuration due to its security weaknesses. diff --git a/lib/libcrypto/man/EVP_DigestSignInit.3 b/lib/libcrypto/man/EVP_DigestSignInit.3 new file mode 100644 index 00000000000..89a2d7afbdd --- /dev/null +++ b/lib/libcrypto/man/EVP_DigestSignInit.3 @@ -0,0 +1,152 @@ +.Dd $Mdocdate: November 3 2016 $ +.Dt EVP_DIGESTSIGNINIT 3 +.Os +.Sh NAME +.Nm EVP_DigestSignInit , +.Nm EVP_DigestSignUpdate , +.Nm EVP_DigestSignFinal +.Nd EVP signing functions +.Sh SYNOPSIS +.In openssl/evp.h +.Ft int +.Fo EVP_DigestSignInit +.Fa "EVP_MD_CTX *ctx" +.Fa "EVP_PKEY_CTX **pctx" +.Fa "const EVP_MD *type" +.Fa "ENGINE *e" +.Fa "EVP_PKEY *pkey" +.Fc +.Ft int +.Fo EVP_DigestSignUpdate +.Fa "EVP_MD_CTX *ctx" +.Fa "const void *d" +.Fa "unsigned int cnt" +.Fc +.Ft int +.Fo EVP_DigestSignFinal +.Fa "EVP_MD_CTX *ctx" +.Fa "unsigned char *sig" +.Fa "size_t *siglen" +.Fc +.Sh DESCRIPTION +The EVP signature routines are a high level interface to digital +signatures. +.Pp +.Fn EVP_DigestSignInit +sets up the signing context +.Fa ctx +to use the digest +.Fa type +from +.Vt ENGINE +.Fa e +and private key +.Fa pkey . +.Fa ctx +must be initialized with +.Xr EVP_MD_CTX_init 3 +before calling this function. +If +.Fa pctx +is not +.Dv NULL , +the +.Vt EVP_PKEY_CTX +of the signing operation will be written to +.Pf * Fa pctx : +this can be used to set alternative signing options. +.Pp +.Fn EVP_DigestSignUpdate +hashes +.Fa cnt +bytes of data at +.Fa d +into the signature context +.Fa ctx . +This function can be called several times on the same +.Fa ctx +to include additional data. +This function is currently implemented using a macro. +.Pp +.Fn EVP_DigestSignFinal +signs the data in +.Fa ctx +and places the signature in +.Fa sig . +If +.Fa sig +is +.Dv NULL , +then the maximum size of the output buffer is written to +.Pf * Fa siglen . +If +.Fa sig +is not +.Dv NULL , +then before the call +.Fa siglen +should contain the length of the +.Fa sig +buffer. +If the call is successful, the signature is written to +.Fa sig +and the amount of data written to +.Fa siglen . +.Pp +The EVP interface to digital signatures should almost always be +used in preference to the low level interfaces. +This is because the code then becomes transparent to the algorithm used +and much more flexible. +.Pp +In previous versions of OpenSSL, there was a link between message digest +types and public key algorithms. +This meant that "clone" digests such as +.Xr EVP_dss1 3 +needed to be used to sign using SHA1 and DSA. +This is no longer necessary and the use of clone digest is now +discouraged. +.Pp +The call to +.Fn EVP_DigestSignFinal +internally finalizes a copy of the digest context. +This means that +.Fn EVP_DigestSignUpdate +and +.Fn EVP_DigestSignFinal +can be called later to digest and sign additional data. +.Pp +Since only a copy of the digest context is ever finalized, the context +must be cleaned up after use by calling +.Xr EVP_MD_CTX_cleanup 3 , +or a memory leak will occur. +.Pp +The use of +.Xr EVP_PKEY_size 3 +with these functions is discouraged because some signature operations +may have a signature length which depends on the parameters set. +As a result, +.Xr EVP_PKEY_size 3 +would have to return a value which indicates the maximum possible +signature for any set of parameters. +.Sh RETURN VALUES +.Fn EVP_DigestSignInit , +.Fn EVP_DigestSignUpdate , +and +.Fn EVP_DigestSignFinal +return 1 for success and 0 or a negative value for failure. +In particular, a return value of -2 indicates the operation is not +supported by the public key algorithm. +.Pp +The error codes can be obtained from +.Xr ERR_get_error 3 . +.Sh SEE ALSO +.Xr ERR 3 , +.Xr evp 3 , +.Xr EVP_DigestInit 3 , +.Xr EVP_DigestVerifyInit 3 +.Sh HISTORY +.Fn EVP_DigestSignInit , +.Fn EVP_DigestSignUpdate , +and +.Fn EVP_DigestSignFinal +were first added to OpenSSL 1.0.0. diff --git a/lib/libcrypto/man/EVP_DigestVerifyInit.3 b/lib/libcrypto/man/EVP_DigestVerifyInit.3 new file mode 100644 index 00000000000..0b26eb617e2 --- /dev/null +++ b/lib/libcrypto/man/EVP_DigestVerifyInit.3 @@ -0,0 +1,132 @@ +.Dd $Mdocdate: November 3 2016 $ +.Dt EVP_DIGESTVERIFYINIT 3 +.Os +.Sh NAME +.Nm EVP_DigestVerifyInit , +.Nm EVP_DigestVerifyUpdate , +.Nm EVP_DigestVerifyFinal +.Nd EVP signature verification functions +.Sh SYNOPSIS +.In openssl/evp.h +.Ft int +.Fo EVP_DigestVerifyInit +.Fa "EVP_MD_CTX *ctx" +.Fa "EVP_PKEY_CTX **pctx" +.Fa "const EVP_MD *type" +.Fa "ENGINE *e" +.Fa "EVP_PKEY *pkey" +.Fc +.Ft int +.Fo EVP_DigestVerifyUpdate +.Fa "EVP_MD_CTX *ctx" +.Fa "const void *d" +.Fa "unsigned int cnt" +.Fc +.Ft int +.Fo EVP_DigestVerifyFinal +.Fa "EVP_MD_CTX *ctx" +.Fa "unsigned char *sig" +.Fa "size_t siglen" +.Fc +.Sh DESCRIPTION +The EVP signature routines are a high level interface to digital +signatures. +.Pp +.Fn EVP_DigestVerifyInit +sets up verification context +.Fa ctx +to use digest +.Fa type +from +.Vt ENGINE +.Fa e +and public key +.Fa pkey . +.Fa ctx +must be initialized with +.Xr EVP_MD_CTX_init 3 +before calling this function. +If +.Fa pctx +is not +.Dv NULL , +the +.Vt EVP_PKEY_CTX +of the verification operation will be written to +.Pf * Fa pctx : +this can be used to set alternative verification options. +.Pp +.Fn EVP_DigestVerifyUpdate +hashes +.Fa cnt +bytes of data at +.Fa d +into the verification context +.Fa ctx . +This function can be called several times on the same +.Fa ctx +to include additional data. +This function is currently implemented using a macro. +.Pp +.Fn EVP_DigestVerifyFinal +verifies the data in +.Fa ctx +against the signature in +.Fa sig +of length +.Fa siglen . +.Pp +The EVP interface to digital signatures should almost always be +used in preference to the low level interfaces. +This is because the code then becomes transparent to the algorithm used +and much more flexible. +.Pp +In previous versions of OpenSSL, there was a link between message digest +types and public key algorithms. +This meant that "clone" digests such as +.Xr EVP_dss1 3 +needed to be used to sign using SHA1 and DSA. +This is no longer necessary and the use of clone digest is now +discouraged. +.Pp +The call to +.Fn EVP_DigestVerifyFinal +internally finalizes a copy of the digest context. +This means that calls to +.Xr EVP_VerifyUpdate 3 +and +.Xr EVP_VerifyFinal 3 +can be called later to digest and verify additional data. +.Pp +Since only a copy of the digest context is ever finalized, the context +must be cleaned up after use by calling +.Xr EVP_MD_CTX_cleanup 3 +or a memory leak will occur. +.Sh RETURN VALUES +.Fn EVP_DigestVerifyInit +and +.Fn EVP_DigestVerifyUpdate +return 1 for success and 0 or a negative value for failure. +In particular a return value of -2 indicates the operation is not +supported by the public key algorithm. +.Pp +Unlike other functions, the return value 0 from +.Fn EVP_DigestVerifyFinal +only indicates that the signature did not verify successfully. +That is it did not match the original data or the signature was of +invalid form. +It is not an indication of a more serious error. +.Pp +The error codes can be obtained from +.Xr ERR_get_error 3 . +.Sh SEE ALSO +.Xr ERR 3 , +.Xr evp 3 , +.Xr EVP_DigestInit 3 , +.Xr EVP_DigestSignInit 3 +.Sh HISTORY +.Fn EVP_DigestVerifyInit , +.Fn EVP_DigestVerifyUpdate , +and +.Fn EVP_DigestVerifyFinal +were first added to OpenSSL 1.0.0. diff --git a/lib/libcrypto/man/EVP_EncryptInit.3 b/lib/libcrypto/man/EVP_EncryptInit.3 new file mode 100644 index 00000000000..44967f863f6 --- /dev/null +++ b/lib/libcrypto/man/EVP_EncryptInit.3 @@ -0,0 +1,939 @@ +.Dd $Mdocdate: November 3 2016 $ +.Dt EVP_ENCRYPTINIT 3 +.Os +.Sh NAME +.Nm EVP_CIPHER_CTX_init , +.Nm EVP_EncryptInit_ex , +.Nm EVP_EncryptUpdate , +.Nm EVP_EncryptFinal_ex , +.Nm EVP_DecryptInit_ex , +.Nm EVP_DecryptUpdate , +.Nm EVP_DecryptFinal_ex , +.Nm EVP_CipherInit_ex , +.Nm EVP_CipherUpdate , +.Nm EVP_CipherFinal_ex , +.Nm EVP_CIPHER_CTX_set_key_length , +.Nm EVP_CIPHER_CTX_ctrl , +.Nm EVP_CIPHER_CTX_cleanup , +.Nm EVP_EncryptInit , +.Nm EVP_EncryptFinal , +.Nm EVP_DecryptInit , +.Nm EVP_DecryptFinal , +.Nm EVP_CipherInit , +.Nm EVP_CipherFinal , +.Nm EVP_get_cipherbyname , +.Nm EVP_get_cipherbynid , +.Nm EVP_get_cipherbyobj , +.Nm EVP_CIPHER_nid , +.Nm EVP_CIPHER_block_size , +.Nm EVP_CIPHER_key_length , +.Nm EVP_CIPHER_iv_length , +.Nm EVP_CIPHER_flags , +.Nm EVP_CIPHER_mode , +.Nm EVP_CIPHER_type , +.Nm EVP_CIPHER_CTX_cipher , +.Nm EVP_CIPHER_CTX_nid , +.Nm EVP_CIPHER_CTX_block_size , +.Nm EVP_CIPHER_CTX_key_length , +.Nm EVP_CIPHER_CTX_iv_length , +.Nm EVP_CIPHER_CTX_get_app_data , +.Nm EVP_CIPHER_CTX_set_app_data , +.Nm EVP_CIPHER_CTX_type , +.Nm EVP_CIPHER_CTX_flags , +.Nm EVP_CIPHER_CTX_mode , +.Nm EVP_CIPHER_param_to_asn1 , +.Nm EVP_CIPHER_asn1_to_param , +.Nm EVP_CIPHER_CTX_set_padding , +.Nm EVP_enc_null , +.Nm EVP_des_cbc , +.Nm EVP_des_ecb , +.Nm EVP_des_cfb , +.Nm EVP_des_ofb , +.Nm EVP_des_ede_cbc , +.Nm EVP_des_ede , +.Nm EVP_des_ede_ofb , +.Nm EVP_des_ede_cfb , +.Nm EVP_des_ede3_cbc , +.Nm EVP_des_ede3 , +.Nm EVP_des_ede3_ofb , +.Nm EVP_des_ede3_cfb , +.Nm EVP_desx_cbc , +.Nm EVP_rc4 , +.Nm EVP_rc4_40 , +.Nm EVP_idea_cbc , +.Nm EVP_idea_ecb , +.Nm EVP_idea_cfb , +.Nm EVP_idea_ofb , +.Nm EVP_idea_cbc , +.Nm EVP_rc2_cbc , +.Nm EVP_rc2_ecb , +.Nm EVP_rc2_cfb , +.Nm EVP_rc2_ofb , +.Nm EVP_rc2_40_cbc , +.Nm EVP_rc2_64_cbc , +.Nm EVP_bf_cbc , +.Nm EVP_bf_ecb , +.Nm EVP_bf_cfb , +.Nm EVP_bf_ofb , +.Nm EVP_cast5_cbc , +.Nm EVP_cast5_ecb , +.Nm EVP_cast5_cfb , +.Nm EVP_cast5_ofb , +.Nm EVP_aes_128_gcm , +.Nm EVP_aes_192_gcm , +.Nm EVP_aes_256_gcm , +.Nm EVP_aes_128_ccm , +.Nm EVP_aes_192_ccm , +.Nm EVP_aes_256_ccm , +.Nm EVP_rc5_32_12_16_cbc , +.Nm EVP_rc5_32_12_16_cfb , +.Nm EVP_rc5_32_12_16_ecb , +.Nm EVP_rc5_32_12_16_ofb +.Nd EVP cipher routines +.Sh SYNOPSIS +.In openssl/evp.h +.Ft void +.Fo EVP_CIPHER_CTX_init +.Fa "EVP_CIPHER_CTX *ctx" +.Fc +.Ft int +.Fo EVP_EncryptInit_ex +.Fa "EVP_CIPHER_CTX *ctx" +.Fa "const EVP_CIPHER *type" +.Fa "ENGINE *impl" +.Fa "unsigned char *key" +.Fa "unsigned char *iv" +.Fc +.Ft int +.Fo EVP_EncryptUpdate +.Fa "EVP_CIPHER_CTX *ctx" +.Fa "unsigned char *out" +.Fa "int *outl" +.Fa "unsigned char *in" +.Fa "int inl" +.Fc +.Ft int +.Fo EVP_EncryptFinal_ex +.Fa "EVP_CIPHER_CTX *ctx" +.Fa "unsigned char *out" +.Fa "int *outl" +.Fc +.Ft int +.Fo EVP_DecryptInit_ex +.Fa "EVP_CIPHER_CTX *ctx" +.Fa "const EVP_CIPHER *type" +.Fa "ENGINE *impl" +.Fa "unsigned char *key" +.Fa "unsigned char *iv" +.Fc +.Ft int +.Fo EVP_DecryptUpdate +.Fa "EVP_CIPHER_CTX *ctx" +.Fa "unsigned char *out" +.Fa "int *outl" +.Fa "unsigned char *in" +.Fa "int inl" +.Fc +.Ft int +.Fo EVP_DecryptFinal_ex +.Fa "EVP_CIPHER_CTX *ctx" +.Fa "unsigned char *outm" +.Fa "int *outl" +.Fc +.Ft int +.Fo EVP_CipherInit_ex +.Fa "EVP_CIPHER_CTX *ctx" +.Fa "const EVP_CIPHER *type" +.Fa "ENGINE *impl" +.Fa "unsigned char *key" +.Fa "unsigned char *iv" +.Fa "int enc" +.Fc +.Ft int +.Fo EVP_CipherUpdate +.Fa "EVP_CIPHER_CTX *ctx" +.Fa "unsigned char *out" +.Fa "int *outl" +.Fa "unsigned char *in" +.Fa "int inl" +.Fc +.Ft int +.Fo EVP_CipherFinal_ex +.Fa "EVP_CIPHER_CTX *ctx" +.Fa "unsigned char *outm" +.Fa "int *outl" +.Fc +.Ft int +.Fo EVP_EncryptInit +.Fa "EVP_CIPHER_CTX *ctx" +.Fa "const EVP_CIPHER *type" +.Fa "unsigned char *key" +.Fa "unsigned char *iv" +.Fc +.Ft int +.Fo EVP_EncryptFinal +.Fa "EVP_CIPHER_CTX *ctx" +.Fa "unsigned char *out" +.Fa "int *outl" +.Fc +.Ft int +.Fo EVP_DecryptInit +.Fa "EVP_CIPHER_CTX *ctx" +.Fa "const EVP_CIPHER *type" +.Fa "unsigned char *key" +.Fa "unsigned char *iv" +.Fc +.Ft int +.Fo EVP_DecryptFinal +.Fa "EVP_CIPHER_CTX *ctx" +.Fa "unsigned char *outm" +.Fa "int *outl" +.Fc +.Ft int +.Fo EVP_CipherInit +.Fa "EVP_CIPHER_CTX *ctx" +.Fa "const EVP_CIPHER *type" +.Fa "unsigned char *key" +.Fa "unsigned char *iv" +.Fa "int enc" +.Fc +.Ft int +.Fo EVP_CipherFinal +.Fa "EVP_CIPHER_CTX *ctx" +.Fa "unsigned char *outm" +.Fa "int *outl" +.Fc +.Ft int +.Fo EVP_CIPHER_CTX_set_padding +.Fa "EVP_CIPHER_CTX *x" +.Fa "int padding" +.Fc +.Ft int +.Fo EVP_CIPHER_CTX_set_key_length +.Fa "EVP_CIPHER_CTX *x" +.Fa "int keylen" +.Fc +.Ft int +.Fo EVP_CIPHER_CTX_ctrl +.Fa "EVP_CIPHER_CTX *ctx" +.Fa "int type" +.Fa "int arg" +.Fa "void *ptr" +.Fc +.Ft int +.Fo EVP_CIPHER_CTX_cleanup +.Fa "EVP_CIPHER_CTX *ctx" +.Fc +.Ft const EVP_CIPHER * +.Fo EVP_get_cipherbyname +.Fa "const char *name" +.Fc +.Fd #define EVP_get_cipherbynid(a) EVP_get_cipherbyname(OBJ_nid2sn(a)) +.Fd #define EVP_get_cipherbyobj(a) EVP_get_cipherbynid(OBJ_obj2nid(a)) +.Fd #define EVP_CIPHER_nid(e) ((e)->nid) +.Fd #define EVP_CIPHER_block_size(e) ((e)->block_size) +.Fd #define EVP_CIPHER_key_length(e) ((e)->key_len) +.Fd #define EVP_CIPHER_iv_length(e) ((e)->iv_len) +.Fd #define EVP_CIPHER_flags(e) ((e)->flags) +.Fd #define EVP_CIPHER_mode(e) ((e)->flags) & EVP_CIPH_MODE) +.Ft int +.Fo EVP_CIPHER_type +.Fa "const EVP_CIPHER *ctx" +.Fc +.Fd #define EVP_CIPHER_CTX_cipher(e) ((e)->cipher) +.Fd #define EVP_CIPHER_CTX_nid(e) ((e)->cipher->nid) +.Fd #define EVP_CIPHER_CTX_block_size(e) ((e)->cipher->block_size) +.Fd #define EVP_CIPHER_CTX_key_length(e) ((e)->key_len) +.Fd #define EVP_CIPHER_CTX_iv_length(e) ((e)->cipher->iv_len) +.Fd #define EVP_CIPHER_CTX_get_app_data(e) ((e)->app_data) +.Fd #define EVP_CIPHER_CTX_set_app_data(e,d) ((e)->app_data=(char *)(d)) +.Fd #define EVP_CIPHER_CTX_type(c) EVP_CIPHER_type(EVP_CIPHER_CTX_cipher(c)) +.Fd #define EVP_CIPHER_CTX_flags(e) ((e)->cipher->flags) +.Fd #define EVP_CIPHER_CTX_mode(e) ((e)->cipher->flags & EVP_CIPH_MODE) +.Ft int +.Fo EVP_CIPHER_param_to_asn1 +.Fa "EVP_CIPHER_CTX *c" +.Fa "ASN1_TYPE *type" +.Fc +.Ft int +.Fo EVP_CIPHER_asn1_to_param +.Fa "EVP_CIPHER_CTX *c" +.Fa "ASN1_TYPE *type" +.Fc +.Sh DESCRIPTION +The EVP cipher routines are a high level interface to certain symmetric +ciphers. +.Pp +.Fn EVP_CIPHER_CTX_init +initializes the cipher context +.Fa ctx . +.Pp +.Fn EVP_EncryptInit_ex +sets up the cipher context +.Fa ctx +for encryption with cipher +.Fa type +from +.Vt ENGINE +.Fa impl . +.Fa ctx +must be initialized before calling this function. +.Fa type +is normally supplied by a function such as +.Fn EVP_aes_256_cbc . +If +.Fa impl +is +.Dv NULL , +then the default implementation is used. +.Fa key +is the symmetric key to use and +.Fa iv +is the IV to use (if necessary), the actual number of bytes used for the +key and IV depends on the cipher. +It is possible to set all parameters to +.Dv NULL +except +.Fa type +in an initial call and supply the remaining parameters in subsequent +calls, all of which have +.Fa type +set to +.Dv NULL . +This is done when the default cipher parameters are not appropriate. +.Pp +.Fn EVP_EncryptUpdate +encrypts +.Fa inl +bytes from the buffer +.Fa in +and writes the encrypted version to +.Fa out . +This function can be called multiple times to encrypt successive blocks +of data. +The amount of data written depends on the block alignment of the +encrypted data: as a result the amount of data written may be anything +from zero bytes to (inl + cipher_block_size - 1) so +.Fa outl +should contain sufficient room. +The actual number of bytes written is placed in +.Fa outl . +.Pp +If padding is enabled (the default) then +.Fn EVP_EncryptFinal_ex +encrypts the "final" data, that is any data that remains in a partial +block. +It uses NOTES (aka PKCS padding). +The encrypted final data is written to +.Fa out +which should have sufficient space for one cipher block. +The number of bytes written is placed in +.Fa outl . +After this function is called the encryption operation is finished and +no further calls to +.Fn EVP_EncryptUpdate +should be made. +.Pp +If padding is disabled then +.Fn EVP_EncryptFinal_ex +will not encrypt any more data and it will return an error if any data +remains in a partial block: that is if the total data length is not a +multiple of the block size. +.Pp +.Fn EVP_DecryptInit_ex , +.Fn EVP_DecryptUpdate , +and +.Fn EVP_DecryptFinal_ex +are the corresponding decryption operations. +.Fn EVP_DecryptFinal +will return an error code if padding is enabled and the final block is +not correctly formatted. +The parameters and restrictions are identical to the encryption +operations except that if padding is enabled the decrypted data buffer +.Fa out +passed to +.Fn EVP_DecryptUpdate +should have sufficient room for (inl + cipher_block_size) bytes +unless the cipher block size is 1 in which case +.Fa inl +bytes is sufficient. +.Pp +.Fn EVP_CipherInit_ex , +.Fn EVP_CipherUpdate , +and +.Fn EVP_CipherFinal_ex +are functions that can be used for decryption or encryption. +The operation performed depends on the value of the +.Fa enc +parameter. +It should be set to 1 for encryption, 0 for decryption and -1 to leave +the value unchanged (the actual value of +.Fa enc +being supplied in a previous call). +.Pp +.Fn EVP_CIPHER_CTX_cleanup +clears all information from a cipher context and free up any allocated +memory associate with it. +It should be called after all operations using a cipher are complete so +sensitive information does not remain in memory. +.Pp +.Fn EVP_EncryptInit , +.Fn EVP_DecryptInit , +and +.Fn EVP_CipherInit +behave in a similar way to +.Fn EVP_EncryptInit_ex , +.Fn EVP_DecryptInit_ex , +and +.Fn EVP_CipherInit_ex +except the +.Fa ctx +parameter does not need to be initialized and they always use the +default cipher implementation. +.Pp +.Fn EVP_EncryptFinal , +.Fn EVP_DecryptFinal , +and +.Fn EVP_CipherFinal +are identical to +.Fn EVP_EncryptFinal_ex , +.Fn EVP_DecryptFinal_ex , +and +.Fn EVP_CipherFinal_ex . +In previous releases of OpenSSL, they also used to clean up the +.Fa ctx , +but this is no longer done and +.Fn EVP_CIPHER_CTX_cleanup +must be called to free any context resources. +.Pp +.Fn EVP_get_cipherbyname , +.Fn EVP_get_cipherbynid , +and +.Fn EVP_get_cipherbyobj +return an +.Vt EVP_CIPHER +structure when passed a cipher name, a NID or an +.Vt ASN1_OBJECT +structure. +.Pp +.Fn EVP_CIPHER_nid +and +.Fn EVP_CIPHER_CTX_nid +return the NID of a cipher when passed an +.Vt EVP_CIPHER +or +.Vt EVP_CIPHER_CTX +structure. +The actual NID value is an internal value which may not have a +corresponding OBJECT IDENTIFIER. +.Pp +.Fn EVP_CIPHER_CTX_set_padding +enables or disables padding. +By default encryption operations are padded using standard block padding +and the padding is checked and removed when decrypting. +If the +.Sy padding +parameter is zero, then no padding is performed, the total amount of data +encrypted or decrypted must then be a multiple of the block size or an +error will occur. +.Pp +.Fn EVP_CIPHER_key_length +and +.Fn EVP_CIPHER_CTX_key_length +return the key length of a cipher when passed an +.Vt EVP_CIPHER +or +.Vt EVP_CIPHER_CTX +structure. +The constant +.Dv EVP_MAX_KEY_LENGTH +is the maximum key length for all ciphers. +Note: although +.Fn EVP_CIPHER_key_length +is fixed for a given cipher, the value of +.Fn EVP_CIPHER_CTX_key_length +may be different for variable key length ciphers. +.Pp +.Fn EVP_CIPHER_CTX_set_key_length +sets the key length of the cipher ctx. +If the cipher is a fixed length cipher, then attempting to set the key +length to any value other than the fixed value is an error. +.Pp +.Fn EVP_CIPHER_iv_length +and +.Fn EVP_CIPHER_CTX_iv_length +return the IV length of a cipher when passed an +.Vt EVP_CIPHER +or +.Vt EVP_CIPHER_CTX . +It will return zero if the cipher does not use an IV. +The constant +.Dv EVP_MAX_IV_LENGTH +is the maximum IV length for all ciphers. +.Pp +.Fn EVP_CIPHER_block_size +and +.Fn EVP_CIPHER_CTX_block_size +return the block size of a cipher when passed an +.Vt EVP_CIPHER +or +.Vt EVP_CIPHER_CTX +structure. +The constant +.Dv EVP_MAX_IV_LENGTH +is also the maximum block length for all ciphers. +.Pp +.Fn EVP_CIPHER_type +and +.Fn EVP_CIPHER_CTX_type +return the type of the passed cipher or context. +This "type" is the actual NID of the cipher OBJECT IDENTIFIER as such it +ignores the cipher parameters and 40 bit RC2 and 128 bit RC2 have the +same NID. If the cipher does not have an object identifier or does not +have ASN1 support this function will return +.Dv NID_undef . +.Pp +.Fn EVP_CIPHER_CTX_cipher +returns the +.Vt EVP_CIPHER +structure when passed an +.Vt EVP_CIPHER_CTX +structure. +.Pp +.Fn EVP_CIPHER_mode +and +.Fn EVP_CIPHER_CTX_mode +return the block cipher mode: +.Dv EVP_CIPH_ECB_MODE , +.Dv EVP_CIPH_CBC_MODE , +.Dv EVP_CIPH_CFB_MODE , +or +.Dv EVP_CIPH_OFB_MODE . +If the cipher is a stream cipher then +.Dv EVP_CIPH_STREAM_CIPHER +is returned. +.Pp +.Fn EVP_CIPHER_param_to_asn1 +sets the AlgorithmIdentifier "parameter" based on the passed cipher. +This will typically include any parameters and an IV. +The cipher IV (if any) must be set when this call is made. +This call should be made before the cipher is actually "used" (before any +.Fn EVP_EncryptUpdate , +.Fn EVP_DecryptUpdate +calls for example). +This function may fail if the cipher does not have any ASN1 support. +.Pp +.Fn EVP_CIPHER_asn1_to_param +sets the cipher parameters based on an ASN1 AlgorithmIdentifier +"parameter". +The precise effect depends on the cipher. +In the case of RC2, for example, it will set the IV and effective +key length. +This function should be called after the base cipher type is set but +before the key is set. +For example +.Fn EVP_CipherInit +will be called with the IV and key set to +.Dv NULL , +.Fn EVP_CIPHER_asn1_to_param +will be called and finally +.Fn EVP_CipherInit +again with all parameters except the key set to +.Dv NULL . +It is possible for this function to fail if the cipher does not +have any ASN1 support or the parameters cannot be set (for example +the RC2 effective key length is not supported). +.Pp +.Fn EVP_CIPHER_CTX_ctrl +allows various cipher specific parameters to be determined and set. +Currently only the RC2 effective key length and the number of rounds of +RC5 can be set. +.Sh RETURN VALUES +.Fn EVP_EncryptInit_ex , +.Fn EVP_EncryptUpdate , +and +.Fn EVP_EncryptFinal_ex +return 1 for success and 0 for failure. +.Pp +.Fn EVP_DecryptInit_ex +and +.Fn EVP_DecryptUpdate +return 1 for success and 0 for failure. +.Fn EVP_DecryptFinal_ex +returns 0 if the decrypt failed or 1 for success. +.Pp +.Fn EVP_CipherInit_ex +and +.Fn EVP_CipherUpdate +return 1 for success and 0 for failure. +.Fn EVP_CipherFinal_ex +returns 0 for a decryption failure or 1 for success. +.Pp +.Fn EVP_CIPHER_CTX_cleanup +returns 1 for success and 0 for failure. +.Pp +.Fn EVP_get_cipherbyname , +.Fn EVP_get_cipherbynid , +and +.Fn EVP_get_cipherbyobj +return an +.Vt EVP_CIPHER +structure or +.Dv NULL +on error. +.Pp +.Fn EVP_CIPHER_nid +and +.Fn EVP_CIPHER_CTX_nid +return a NID. +.Pp +.Fn EVP_CIPHER_block_size +and +.Fn EVP_CIPHER_CTX_block_size +return the block size. +.Pp +.Fn EVP_CIPHER_key_length +and +.Fn EVP_CIPHER_CTX_key_length +return the key length. +.Pp +.Fn EVP_CIPHER_CTX_set_padding +always returns 1. +.Pp +.Fn EVP_CIPHER_iv_length +and +.Fn EVP_CIPHER_CTX_iv_length +return the IV length or zero if the cipher does not use an IV. +.Pp +.Fn EVP_CIPHER_type +and +.Fn EVP_CIPHER_CTX_type +return the NID of the cipher's OBJECT IDENTIFIER or +.Dv NID_undef +if it has no defined OBJECT IDENTIFIER. +.Pp +.Fn EVP_CIPHER_CTX_cipher +returns an +.Vt EVP_CIPHER +structure. +.Pp +.Fn EVP_CIPHER_param_to_asn1 +and +.Fn EVP_CIPHER_asn1_to_param +return 1 for success or 0 for failure. +.Pp +Where possible the EVP interface to symmetric ciphers should be +used in preference to the low level interfaces. +This is because the code then becomes transparent to the cipher used and +much more flexible. +.Pp +PKCS padding works by adding n padding bytes of value n to make the +total length of the encrypted data a multiple of the block size. +Padding is always added so if the data is already a multiple of the +block size n will equal the block size. +For example if the block size is 8 and 11 bytes are to be encrypted then +5 padding bytes of value 5 will be added. +.Pp +When decrypting the final block is checked to see if it has the correct +form. +.Pp +Although the decryption operation can produce an error if padding is +enabled, it is not a strong test that the input data or key is correct. +A random block has better than 1 in 256 chance of being of the correct +format and problems with the input data earlier on will not produce a +final decrypt error. +.Pp +If padding is disabled then the decryption operation will always succeed +if the total amount of data decrypted is a multiple of the block size. +.Pp +The functions +.Fn EVP_EncryptInit , +.Fn EVP_EncryptFinal , +.Fn EVP_DecryptInit , +.Fn EVP_CipherInit , +and +.Fn EVP_CipherFinal +are obsolete but are retained for compatibility with existing code. +New code should use +.Fn EVP_EncryptInit_ex , +.Fn EVP_EncryptFinal_ex , +.Fn EVP_DecryptInit_ex , +.Fn EVP_DecryptFinal_ex , +.Fn EVP_CipherInit_ex , +and +.Fn EVP_CipherFinal_ex +because they can reuse an existing context without allocating and +freeing it up on each call. +.Sh CIPHER LISTING +All algorithms have a fixed key length unless otherwise stated. +.Bl -tag -width Ds +.It Fn EVP_enc_null void +Null cipher: does nothing. +.It Xo +.Fn EVP_aes_128_cbc void , +.Fn EVP_aes_128_ecb void , +.Fn EVP_aes_128_cfb void , +.Fn EVP_aes_128_ofb void +.Xc +128-bit AES in CBC, ECB, CFB and OFB modes respectively. +.It Xo +.Fn EVP_aes_192_cbc void , +.Fn EVP_aes_192_ecb void , +.Fn EVP_aes_192_cfb void , +.Fn EVP_aes_192_ofb void +.Xc +192-bit AES in CBC, ECB, CFB and OFB modes respectively. +.It Xo +.Fn EVP_aes_256_cbc void , +.Fn EVP_aes_256_ecb void , +.Fn EVP_aes_256_cfb void , +.Fn EVP_aes_256_ofb void +.Xc +256-bit AES in CBC, ECB, CFB and OFB modes respectively. +.It Xo +.Fn EVP_des_cbc void , +.Fn EVP_des_ecb void , +.Fn EVP_des_cfb void , +.Fn EVP_des_ofb void +.Xc +DES in CBC, ECB, CFB and OFB modes respectively. +.It Xo +.Fn EVP_des_ede_cbc void , +.Fn EVP_des_ede void , +.Fn EVP_des_ede_ofb void , +.Fn EVP_des_ede_cfb void +.Xc +Two key triple DES in CBC, ECB, CFB and OFB modes respectively. +.It Xo +.Fn EVP_des_ede3_cbc void , +.Fn EVP_des_ede3 void , +.Fn EVP_des_ede3_ofb void , +.Fn EVP_des_ede3_cfb void +.Xc +Three key triple DES in CBC, ECB, CFB and OFB modes respectively. +.It Fn EVP_desx_cbc void +DESX algorithm in CBC mode. +.It Fn EVP_rc4 void +RC4 stream cipher. +This is a variable key length cipher with default key length 128 bits. +.It Fn EVP_rc4_40 void +RC4 stream cipher with 40 bit key length. +This is obsolete and new code should use +.Fn EVP_rc4 +and the +.Fn EVP_CIPHER_CTX_set_key_length +function. +.It Xo +.Fn EVP_idea_cbc void , +.Fn EVP_idea_ecb void , +.Fn EVP_idea_cfb void , +.Fn EVP_idea_ofb void +.Xc +IDEA encryption algorithm in CBC, ECB, CFB and OFB modes respectively. +.It Xo +.Fn EVP_rc2_cbc void , +.Fn EVP_rc2_ecb void , +.Fn EVP_rc2_cfb void , +.Fn EVP_rc2_ofb void +.Xc +RC2 encryption algorithm in CBC, ECB, CFB and OFB modes respectively. +This is a variable key length cipher with an additional parameter called +"effective key bits" or "effective key length". +By default both are set to 128 bits. +.It Xo +.Fn EVP_rc2_40_cbc void , +.Fn EVP_rc2_64_cbc void +.Xc +RC2 algorithm in CBC mode with a default key length and effective key +length of 40 and 64 bits. +These are obsolete and new code should use +.Fn EVP_rc2_cbc , +.Fn EVP_CIPHER_CTX_set_key_length , +and +.Fn EVP_CIPHER_CTX_ctrl +to set the key length and effective key length. +.It Xo +.Fn EVP_bf_cbc void , +.Fn EVP_bf_ecb void , +.Fn EVP_bf_cfb void , +.Fn EVP_bf_ofb void +.Xc +Blowfish encryption algorithm in CBC, ECB, CFB and OFB modes +respectively. +This is a variable key length cipher. +.It Xo +.Fn EVP_cast5_cbc void , +.Fn EVP_cast5_ecb void , +.Fn EVP_cast5_cfb void , +.Fn EVP_cast5_ofb void +.Xc +CAST encryption algorithm in CBC, ECB, CFB and OFB modes respectively. +This is a variable key length cipher. +.It Xo +.Fn EVP_rc5_32_12_16_cbc void , +.Fn EVP_rc5_32_12_16_ecb void , +.Fn EVP_rc5_32_12_16_cfb void , +.Fn EVP_rc5_32_12_16_ofb void +.Xc +RC5 encryption algorithm in CBC, ECB, CFB and OFB modes respectively. +This is a variable key length cipher with an additional "number of +rounds" parameter. +By default the key length is set to 128 bits and 12 rounds. +.El +.Sh EXAMPLES +Get the number of rounds used in RC5: +.Bd -literal +int nrounds; +EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GET_RC5_ROUNDS, 0, &nrounds); +.Ed +.Pp +Get the RC2 effective key length: +.Bd -literal +int key_bits; +EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GET_RC2_KEY_BITS, 0, &key_bits); +.Ed +.Pp +Set the number of rounds used in RC5: +.Bd -literal +int nrounds; +EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_SET_RC5_ROUNDS, nrounds, NULL); +.Ed +.Pp +Set the effective key length used in RC2: +.Bd -literal +int key_bits; +EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_SET_RC2_KEY_BITS, key_bits, NULL); +.Ed +.Pp +Encrypt a string using blowfish: +.Bd -literal +int +do_crypt(char *outfile) +{ + unsigned char outbuf[1024]; + int outlen, tmplen; + /* + * Bogus key and IV: we'd normally set these from + * another source. + */ + unsigned char key[] = {0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15}; + unsigned char iv[] = {1,2,3,4,5,6,7,8}; + const char intext[] = "Some Crypto Text"; + EVP_CIPHER_CTX ctx; + FILE *out; + EVP_CIPHER_CTX_init(&ctx); + EVP_EncryptInit_ex(&ctx, EVP_bf_cbc(), NULL, key, iv); + + if (!EVP_EncryptUpdate(&ctx, outbuf, &outlen, intext, + strlen(intext))) { + /* Error */ + return 0; + } + /* + * Buffer passed to EVP_EncryptFinal() must be after data just + * encrypted to avoid overwriting it. + */ + if (!EVP_EncryptFinal_ex(&ctx, outbuf + outlen, &tmplen)) { + /* Error */ + return 0; + } + outlen += tmplen; + EVP_CIPHER_CTX_cleanup(&ctx); + /* + * Need binary mode for fopen because encrypted data is + * binary data. Also cannot use strlen() on it because + * it won't be NUL terminated and may contain embedded + * NULs. + */ + out = fopen(outfile, "wb"); + fwrite(outbuf, 1, outlen, out); + fclose(out); + return 1; +} +.Ed +.Pp +The ciphertext from the above example can be decrypted using the +.Xr openssl 1 +utility with the command line: +.Bd -literal +openssl bf -in cipher.bin -K 000102030405060708090A0B0C0D0E0F \e + -iv 0102030405060708 -d +.Ed +.Pp +General encryption, decryption function example using FILE I/O and RC2 +with an 80 bit key: +.Bd -literal +int +do_crypt(FILE *in, FILE *out, int do_encrypt) +{ + /* Allow enough space in output buffer for additional block */ + inbuf[1024], outbuf[1024 + EVP_MAX_BLOCK_LENGTH]; + int inlen, outlen; + /* + * Bogus key and IV: we'd normally set these from + * another source. + */ + unsigned char key[] = "0123456789"; + unsigned char iv[] = "12345678"; + + /* Don't set key or IV because we will modify the parameters */ + EVP_CIPHER_CTX_init(&ctx); + EVP_CipherInit_ex(&ctx, EVP_rc2(), NULL, NULL, NULL, do_encrypt); + EVP_CIPHER_CTX_set_key_length(&ctx, 10); + /* We finished modifying parameters so now we can set key and IV */ + EVP_CipherInit_ex(&ctx, NULL, NULL, key, iv, do_encrypt); + + for(;;) { + inlen = fread(inbuf, 1, 1024, in); + if (inlen <= 0) + break; + if (!EVP_CipherUpdate(&ctx, outbuf, &outlen, inbuf, + inlen)) { + /* Error */ + EVP_CIPHER_CTX_cleanup(&ctx); + return 0; + } + fwrite(outbuf, 1, outlen, out); + } + if (!EVP_CipherFinal_ex(&ctx, outbuf, &outlen)) { + /* Error */ + EVP_CIPHER_CTX_cleanup(&ctx); + return 0; + } + fwrite(outbuf, 1, outlen, out); + + EVP_CIPHER_CTX_cleanup(&ctx); + return 1; +} +.Ed +.Sh SEE ALSO +.Xr evp 3 +.Sh HISTORY +.Fn EVP_CIPHER_CTX_init , +.Fn EVP_EncryptInit_ex , +.Fn EVP_EncryptFinal_ex , +.Fn EVP_DecryptInit_ex , +.Fn EVP_DecryptFinal_ex , +.Fn EVP_CipherInit_ex , +.Fn EVP_CipherFinal_ex , +and +.Fn EVP_CIPHER_CTX_set_padding +appeared in OpenSSL 0.9.7. +.Sh BUGS +For RC5 the number of rounds can currently only be set to 8, 12 or 16. +This is a limitation of the current RC5 code rather than the EVP +interface. +.Pp +.Dv EVP_MAX_KEY_LENGTH +and +.Dv EVP_MAX_IV_LENGTH +only refer to the internal ciphers with default key lengths. +If custom ciphers exceed these values the results are unpredictable. +This is because it has become standard practice to define a generic key +as a fixed unsigned char array containing +.Dv EVP_MAX_KEY_LENGTH +bytes. +.Pp +The ASN1 code is incomplete (and sometimes inaccurate) it has only been +tested for certain common S/MIME ciphers (RC2, DES, triple DES) in CBC +mode. diff --git a/lib/libcrypto/man/EVP_OpenInit.3 b/lib/libcrypto/man/EVP_OpenInit.3 new file mode 100644 index 00000000000..92873ac4539 --- /dev/null +++ b/lib/libcrypto/man/EVP_OpenInit.3 @@ -0,0 +1,98 @@ +.Dd $Mdocdate: November 3 2016 $ +.Dt EVP_OPENINIT 3 +.Os +.Sh NAME +.Nm EVP_OpenInit , +.Nm EVP_OpenUpdate , +.Nm EVP_OpenFinal +.Nd EVP envelope decryption +.Sh SYNOPSIS +.In openssl/evp.h +.Ft int +.Fo EVP_OpenInit +.Fa "EVP_CIPHER_CTX *ctx" +.Fa "EVP_CIPHER *type" +.Fa "unsigned char *ek" +.Fa "int ekl" +.Fa "unsigned char *iv" +.Fa "EVP_PKEY *priv" +.Fc +.Ft int +.Fo EVP_OpenUpdate +.Fa "EVP_CIPHER_CTX *ctx" +.Fa "unsigned char *out" +.Fa "int *outl" +.Fa "unsigned char *in" +.Fa "int inl" +.Fc +.Ft int +.Fo EVP_OpenFinal +.Fa "EVP_CIPHER_CTX *ctx" +.Fa "unsigned char *out" +.Fa "int *outl" +.Fc +.Sh DESCRIPTION +The EVP envelope routines are a high level interface to envelope +decryption. +They decrypt a public key encrypted symmetric key and then decrypt data +using it. +.Pp +.Fn EVP_OpenInit +initializes a cipher context +.Fa ctx +for decryption with cipher +.Fa type . +It decrypts the encrypted symmetric key of length +.Fa ekl +bytes passed in the +.Fa ek +parameter using the private key +.Fa priv . +The IV is supplied in the +.Fa iv +parameter. +.Pp +.Fn EVP_OpenUpdate +and +.Fn EVP_OpenFinal +have exactly the same properties as the +.Xr EVP_DecryptUpdate 3 +and +.Xr EVP_DecryptFinal 3 +routines. +.Pp +It is possible to call +.Fn EVP_OpenInit +twice in the same way as +.Xr EVP_DecryptInit 3 . +The first call should have +.Fa priv +set to +.Dv NULL +and (after setting any cipher parameters) it should be +called again with +.Fa type +set to +.Dv NULL . +.Pp +If the cipher passed in the +.Fa type +parameter is a variable length cipher then the key length will be set to +the value of the recovered key length. +If the cipher is a fixed length cipher then the recovered key length +must match the fixed cipher length. +.Sh RETURN VALUES +.Fn EVP_OpenInit +returns 0 on error or a non zero integer (actually the recovered secret +key size) if successful. +.Pp +.Fn EVP_OpenUpdate +returns 1 for success or 0 for failure. +.Pp +.Fn EVP_OpenFinal +returns 0 if the decrypt failed or 1 for success. +.Sh SEE ALSO +.Xr evp 3 , +.Xr EVP_EncryptInit 3 , +.Xr EVP_SealInit 3 , +.Xr rand 3 diff --git a/lib/libcrypto/man/EVP_PKEY_CTX_ctrl.3 b/lib/libcrypto/man/EVP_PKEY_CTX_ctrl.3 new file mode 100644 index 00000000000..5b1b94653ae --- /dev/null +++ b/lib/libcrypto/man/EVP_PKEY_CTX_ctrl.3 @@ -0,0 +1,245 @@ +.Dd $Mdocdate: November 3 2016 $ +.Dt EVP_PKEY_CTX_CTRL 3 +.Os +.Sh NAME +.Nm EVP_PKEY_CTX_ctrl , +.Nm EVP_PKEY_CTX_ctrl_str , +.Nm EVP_PKEY_get_default_digest_nid , +.Nm EVP_PKEY_CTX_set_signature_md , +.Nm EVP_PKEY_CTX_set_rsa_padding , +.Nm EVP_PKEY_CTX_set_rsa_pss_saltlen , +.Nm EVP_PKEY_CTX_set_rsa_rsa_keygen_bits , +.Nm EVP_PKEY_CTX_set_rsa_keygen_pubexp , +.Nm EVP_PKEY_CTX_set_dsa_paramgen_bits , +.Nm EVP_PKEY_CTX_set_dh_paramgen_prime_len , +.Nm EVP_PKEY_CTX_set_dh_paramgen_generator , +.Nm EVP_PKEY_CTX_set_ec_paramgen_curve_nid +.Nd algorithm specific control operations +.Sh SYNOPSIS +.In openssl/evp.h +.Ft int +.Fo EVP_PKEY_CTX_ctrl +.Fa "EVP_PKEY_CTX *ctx" +.Fa "int keytype" +.Fa "int optype" +.Fa "int cmd" +.Fa "int p1" +.Fa "void *p2" +.Fc +.Ft int +.Fo EVP_PKEY_CTX_ctrl_str +.Fa "EVP_PKEY_CTX *ctx" +.Fa "const char *type" +.Fa "const char *value" +.Fc +.Ft int +.Fo EVP_PKEY_get_default_digest_nid +.Fa "EVP_PKEY *pkey" +.Fa "int *pnid" +.Fc +.In openssl/rsa.h +.Ft int +.Fo EVP_PKEY_CTX_set_signature_md +.Fa "EVP_PKEY_CTX *ctx" +.Fa "const EVP_MD *md" +.Fc +.Ft int +.Fo EVP_PKEY_CTX_set_rsa_padding +.Fa "EVP_PKEY_CTX *ctx" +.Fa "int pad" +.Fc +.Ft int +.Fo EVP_PKEY_CTX_set_rsa_pss_saltlen +.Fa "EVP_PKEY_CTX *ctx" +.Fa "int len" +.Fc +.Ft int +.Fo EVP_PKEY_CTX_set_rsa_rsa_keygen_bits +.Fa "EVP_PKEY_CTX *ctx" +.Fa "int mbits" +.Fc +.Ft int +.Fo EVP_PKEY_CTX_set_rsa_keygen_pubexp +.Fa "EVP_PKEY_CTX *ctx" +.Fa "BIGNUM *pubexp" +.Fc +.In openssl/dsa.h +.Ft int +.Fo EVP_PKEY_CTX_set_dsa_paramgen_bits +.Fa "EVP_PKEY_CTX *ctx" +.Fa "int nbits" +.Fc +.In openssl/dh.h +.Ft int +.Fo EVP_PKEY_CTX_set_dh_paramgen_prime_len +.Fa "EVP_PKEY_CTX *ctx" +.Fa "int len" +.Fc +.Ft int +.Fo EVP_PKEY_CTX_set_dh_paramgen_generator +.Fa "EVP_PKEY_CTX *ctx" +.Fa "int gen" +.Fc +.In openssl/ec.h +.Ft int +.Fo EVP_PKEY_CTX_set_ec_paramgen_curve_nid +.Fa "EVP_PKEY_CTX *ctx" +.Fa "int nid" +.Fc +.Sh DESCRIPTION +The function +.Fn EVP_PKEY_CTX_ctrl +sends a control operation to the context +.Fa ctx . +The key type used must match +.Fa keytype +if it is not -1. +The parameter +.Fa optype +is a mask indicating which operations the control can be applied to. +The control command is indicated in +.Fa cmd +and any additional arguments in +.Fa p1 +and +.Fa p2 . +.Pp +Applications will not normally call +.Fn EVP_PKEY_CTX_ctrl +directly but will instead call one of the algorithm specific macros +below. +.Pp +The function +.Fn EVP_PKEY_CTX_ctrl_str +allows an application to send an algorithm specific control operation to +a context +.Fa ctx +in string form. +This is intended to be used for options specified on the command line or +in text files. +The commands supported are documented in the +.Xr openssl 1 +utility command line pages for the option +.Fl pkeyopt +which is supported by the +.Cm pkeyutl , +.Cm genpkey , +and +.Cm req +commands. +.Pp +All the remaining "functions" are implemented as macros. +.Pp +The +.Fn EVP_PKEY_CTX_set_signature_md +macro sets the message digest type used in a signature. +It can be used with any public key algorithm supporting signature +operations. +.Pp +The macro +.Fn EVP_PKEY_CTX_set_rsa_padding +sets the RSA padding mode for +.Fa ctx . +The +.Fa pad +parameter can take the value +.Dv RSA_PKCS1_PADDING +for PKCS#1 padding, +.Dv RSA_SSLV23_PADDING +for SSLv23 padding, +.Dv RSA_NO_PADDING +for no padding, +.Dv RSA_PKCS1_OAEP_PADDING +for OAEP padding (encrypt and decrypt only), +.Dv RSA_X931_PADDING +for X9.31 padding (signature operations only) and +.Dv RSA_PKCS1_PSS_PADDING +(sign and verify only). +.Pp +Two RSA padding modes behave differently if +.Fn EVP_PKEY_CTX_set_signature_md +is used. +If this macro is called for PKCS#1 padding, the plaintext buffer is an +actual digest value and is encapsulated in a DigestInfo structure +according to PKCS#1 when signing and this structure is expected (and +stripped off) when verifying. +If this control is not used with RSA and PKCS#1 padding then the +supplied data is used directly and not encapsulated. +In the case of X9.31 padding for RSA the algorithm identifier byte is +added or checked and removed if this control is called. +If it is not called then the first byte of the plaintext buffer is +expected to be the algorithm identifier byte. +.Pp +The +.Fn EVP_PKEY_CTX_set_rsa_pss_saltlen +macro sets the RSA PSS salt length to +.Fa len +as its name implies it is only supported for PSS padding. +Two special values are supported: -1 sets the salt length to the digest +length. +When signing -2 sets the salt length to the maximum permissible value. +When verifying -2 causes the salt length to be automatically determined +based on the PSS block structure. +If this macro is not called a salt length value of -2 is used by +default. +.Pp +The +.Fn EVP_PKEY_CTX_set_rsa_rsa_keygen_bits +macro sets the RSA key length for RSA key generation to +.Fa mbits . +If not specified, 1024 bits is used. +.Pp +The +.Fn EVP_PKEY_CTX_set_rsa_keygen_pubexp +macro sets the public exponent value for RSA key generation to +.Fa pubexp . +Currently, it should be an odd integer. +The +.Fa pubexp +pointer is used internally by this function, so it should not be modified +or freed after the call. +If this macro is not called, then 65537 is used. +.Pp +The macro +.Fn EVP_PKEY_CTX_set_dsa_paramgen_bits +sets the number of bits used for DSA parameter generation to +.Fa nbits . +If not specified, 1024 is used. +.Pp +The macro +.Fn EVP_PKEY_CTX_set_dh_paramgen_prime_len +sets the length of the DH prime parameter +.Fa len +for DH parameter generation. +If this macro is not called, then 1024 is used. +.Pp +The +.Fn EVP_PKEY_CTX_set_dh_paramgen_generator +macro sets DH generator to +.Fa gen +for DH parameter generation. +If not specified, 2 is used. +.Pp +The +.Fn EVP_PKEY_CTX_set_ec_paramgen_curve_nid +sets the EC curve for EC parameter generation to +.Fa nid . +For EC parameter generation, this macro must be called or an error occurs +because there is no default curve. +.Sh RETURN VALUES +.Fn EVP_PKEY_CTX_ctrl +and its macros return a positive value for success and 0 or a negative +value for failure. +In particular, a return value of -2 indicates the operation is not +supported by the public key algorithm. +.Sh SEE ALSO +.Xr EVP_PKEY_CTX_new 3 , +.Xr EVP_PKEY_decrypt 3 , +.Xr EVP_PKEY_derive 3 , +.Xr EVP_PKEY_encrypt 3 , +.Xr EVP_PKEY_keygen 3 , +.Xr EVP_PKEY_sign 3 , +.Xr EVP_PKEY_verify 3 , +.Xr EVP_PKEY_verify_recover 3 +.Sh HISTORY +These functions were first added to OpenSSL 1.0.0. diff --git a/lib/libcrypto/man/EVP_PKEY_CTX_new.3 b/lib/libcrypto/man/EVP_PKEY_CTX_new.3 new file mode 100644 index 00000000000..c08db1eb211 --- /dev/null +++ b/lib/libcrypto/man/EVP_PKEY_CTX_new.3 @@ -0,0 +1,85 @@ +.Dd $Mdocdate: November 3 2016 $ +.Dt EVP_PKEY_CTX_NEW 3 +.Os +.Sh NAME +.Nm EVP_PKEY_CTX_new , +.Nm EVP_PKEY_CTX_new_id , +.Nm EVP_PKEY_CTX_dup , +.Nm EVP_PKEY_CTX_free +.Nd public key algorithm context functions +.Sh SYNOPSIS +.In openssl/evp.h +.Ft EVP_PKEY_CTX * +.Fo EVP_PKEY_CTX_new +.Fa "EVP_PKEY *pkey" +.Fa "ENGINE *e" +.Fc +.Ft EVP_PKEY_CTX * +.Fo EVP_PKEY_CTX_new_id +.Fa "int id" +.Fa "ENGINE *e" +.Fc +.Ft EVP_PKEY_CTX * +.Fo EVP_PKEY_CTX_dup +.Fa "EVP_PKEY_CTX *ctx" +.Fc +.Ft void +.Fo EVP_PKEY_CTX_free +.Fa "EVP_PKEY_CTX *ctx" +.Fc +.Sh DESCRIPTION +The +.Fn EVP_PKEY_CTX_new +function allocates a public key algorithm context using the algorithm +specified in +.Fa pkey +and the +.Vt ENGINE +.Fa e . +.Pp +The +.Fn EVP_PKEY_CTX_new_id +function allocates a public key algorithm context using the algorithm +specified by +.Fa id +and +.Vt ENGINE +.Fa e . +It is normally used when no +.Vt EVP_PKEY +structure is associated with the operations, for example during +parameter generation of key generation for some algorithms. +.Pp +.Fn EVP_PKEY_CTX_dup +duplicates the context +.Fa ctx . +.Pp +.Fn EVP_PKEY_CTX_free +frees up the context +.Fa ctx . +.Sh RETURN VALUES +.Fn EVP_PKEY_CTX_new , +.Fn EVP_PKEY_CTX_new_id , +.Fn EVP_PKEY_CTX_dup +returns either the newly allocated +.Vt EVP_PKEY_CTX +structure of +.Dv NULL +if an error occurred. +.Pp +.Fn EVP_PKEY_CTX_free +does not return a value. +.Sh SEE ALSO +.Xr EVP_PKEY_new 3 +.Sh HISTORY +These functions were first added to OpenSSL 1.0.0. +.Sh CAVEATS +The +.Vt EVP_PKEY_CTX +structure is an opaque public key algorithm context used by the OpenSSL +high level public key API. +Contexts +.Sy MUST NOT +be shared between threads. +It is not permissible to use the same context simultaneously in two +threads. diff --git a/lib/libcrypto/man/EVP_PKEY_cmp.3 b/lib/libcrypto/man/EVP_PKEY_cmp.3 new file mode 100644 index 00000000000..a3c3ba4fec8 --- /dev/null +++ b/lib/libcrypto/man/EVP_PKEY_cmp.3 @@ -0,0 +1,92 @@ +.Dd $Mdocdate: November 3 2016 $ +.Dt EVP_PKEY_CMP 3 +.Os +.Sh NAME +.Nm EVP_PKEY_copy_parameters , +.Nm EVP_PKEY_missing_parameters , +.Nm EVP_PKEY_cmp_parameters , +.Nm EVP_PKEY_cmp +.Nd public key parameter and comparison functions +.Sh SYNOPSIS +.In openssl/evp.h +.Ft int +.Fo EVP_PKEY_missing_parameters +.Fa "const EVP_PKEY *pkey" +.Fc +.Ft int +.Fo EVP_PKEY_copy_parameters +.Fa "EVP_PKEY *to" +.Fa "const EVP_PKEY *from" +.Fc +.Ft int +.Fo EVP_PKEY_cmp_parameters +.Fa "const EVP_PKEY *a" +.Fa "const EVP_PKEY *b" +.Fc +.Ft int +.Fo EVP_PKEY_cmp +.Fa "const EVP_PKEY *a" +.Fa "const EVP_PKEY *b" +.Fc +.Sh DESCRIPTION +The function +.Fn EVP_PKEY_missing_parameters +returns 1 if the public key parameters of +.Fa pkey +are missing and 0 if they are present or the algorithm doesn't use +parameters. +.Pp +The function +.Fn EVP_PKEY_copy_parameters +copies the parameters from key +.Fa from +to key +.Fa to . +.Pp +The function +.Fn EVP_PKEY_cmp_parameters +compares the parameters of keys +.Fa a +and +.Fa b . +.Pp +The function +.Fn EVP_PKEY_cmp +compares the public key components and parameters (if present) of keys +.Fa a +and +.Fa b . +.Pp +The main purpose of the functions +.Fn EVP_PKEY_missing_parameters +and +.Fn EVP_PKEY_copy_parameters +is to handle public keys in certificates where the parameters are +sometimes omitted from a public key if they are inherited from the CA +that signed it. +.Pp +Since OpenSSL private keys contain public key components too, the +function +.Fn EVP_PKEY_cmp +can also be used to determine if a private key matches a public key. +.Sh RETURN VALUES +The function +.Fn EVP_PKEY_missing_parameters +returns 1 if the public key parameters of +.Fa pkey +are missing and 0 if they are present or the algorithm doesn't use +parameters. +.Pp +The function +.Fn EVP_PKEY_copy_parameters +returns 1 for success and 0 for failure. +.Pp +The function +.Fn EVP_PKEY_cmp_parameters +and +.Fn EVP_PKEY_cmp +return 1 if the keys match, 0 if they don't match, -1 if the key types +are different and -2 if the operation is not supported. +.Sh SEE ALSO +.Xr EVP_PKEY_CTX_new 3 , +.Xr EVP_PKEY_keygen 3 diff --git a/lib/libcrypto/man/EVP_PKEY_decrypt.3 b/lib/libcrypto/man/EVP_PKEY_decrypt.3 new file mode 100644 index 00000000000..28c343838d8 --- /dev/null +++ b/lib/libcrypto/man/EVP_PKEY_decrypt.3 @@ -0,0 +1,117 @@ +.Dd $Mdocdate: November 3 2016 $ +.Dt EVP_PKEY_DECRYPT 3 +.Os +.Sh NAME +.Nm EVP_PKEY_decrypt_init , +.Nm EVP_PKEY_decrypt +.Nd decrypt using a public key algorithm +.Sh SYNOPSIS +.In openssl/evp.h +.Ft int +.Fo EVP_PKEY_decrypt_init +.Fa "EVP_PKEY_CTX *ctx" +.Fc +.Ft int +.Fo EVP_PKEY_decrypt +.Fa "EVP_PKEY_CTX *ctx" +.Fa "unsigned char *out" +.Fa "size_t *outlen" +.Fa "const unsigned char *in" +.Fa "size_t inlen" +.Fc +.Sh DESCRIPTION +The +.Fn EVP_PKEY_decrypt_init +function initializes a public key algorithm context using key +.Fa ctx->pkey +for a decryption operation. +.Pp +The +.Fn EVP_PKEY_decrypt +function performs a public key decryption operation using +.Fa ctx . +The data to be decrypted is specified using the +.Fa in +and +.Fa inlen +parameters. +If +.Fa out +is +.Dv NULL +then the maximum size of the output buffer is written to the +.Fa outlen +parameter. +If +.Fa out +is not +.Dv NULL +then before the call the +.Fa outlen +parameter should contain the length of the +.Fa out +buffer, if the call is successful the decrypted data is written to +.Fa out +and the amount of data written to +.Fa outlen . +.Pp +After the call to +.Fn EVP_PKEY_decrypt_init , +algorithm specific control operations can be performed to set any +appropriate parameters for the operation. +.Pp +The function +.Fn EVP_PKEY_decrypt +can be called more than once on the same context if several operations +are performed using the same parameters. +.Sh RETURN VALUES +.Fn EVP_PKEY_decrypt_init +and +.Fn EVP_PKEY_decrypt +return 1 for success and 0 or a negative value for failure. +In particular, a return value of -2 indicates the operation is not +supported by the public key algorithm. +.Sh EXAMPLE +Decrypt data using OAEP (for RSA keys): +.Bd -literal +#include <openssl/evp.h> +#include <openssl/rsa.h> + +EVP_PKEY_CTX *ctx; +unsigned char *out, *in; +size_t outlen, inlen; +EVP_PKEY *key; +/* NB: assumes key in, inlen are already set up + * and that key is an RSA private key + */ +ctx = EVP_PKEY_CTX_new(key); +if (!ctx) + /* Error occurred */ +if (EVP_PKEY_decrypt_init(ctx) <= 0) + /* Error */ +if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_OAEP_PADDING) <= 0) + /* Error */ + +/* Determine buffer length */ +if (EVP_PKEY_decrypt(ctx, NULL, &outlen, in, inlen) <= 0) + /* Error */ + +out = malloc(outlen); + +if (!out) + /* malloc failure */ + +if (EVP_PKEY_decrypt(ctx, out, &outlen, in, inlen) <= 0) + /* Error */ + +/* Decrypted data is outlen bytes written to buffer out */ +.Ed +.Sh SEE ALSO +.Xr EVP_PKEY_CTX_new 3 , +.Xr EVP_PKEY_derive 3 , +.Xr EVP_PKEY_encrypt 3 , +.Xr EVP_PKEY_sign 3 , +.Xr EVP_PKEY_verify 3 , +.Xr EVP_PKEY_verify_recover 3 +.Sh HISTORY +These functions were first added to OpenSSL 1.0.0. diff --git a/lib/libcrypto/man/EVP_PKEY_derive.3 b/lib/libcrypto/man/EVP_PKEY_derive.3 new file mode 100644 index 00000000000..e67280cf20e --- /dev/null +++ b/lib/libcrypto/man/EVP_PKEY_derive.3 @@ -0,0 +1,120 @@ +.Dd $Mdocdate: November 3 2016 $ +.Dt EVP_PKEY_DERIVE 3 +.Os +.Sh NAME +.Nm EVP_PKEY_derive_init , +.Nm EVP_PKEY_derive_set_peer , +.Nm EVP_PKEY_derive +.Nd derive public key algorithm shared secret +.Sh SYNOPSIS +.In openssl/evp.h +.Ft int +.Fo EVP_PKEY_derive_init +.Fa "EVP_PKEY_CTX *ctx" +.Fc +.Ft int +.Fo EVP_PKEY_derive_set_peer +.Fa "EVP_PKEY_CTX *ctx" +.Fa "EVP_PKEY *peer" +.Fc +.Ft int +.Fo EVP_PKEY_derive +.Fa "EVP_PKEY_CTX *ctx" +.Fa "unsigned char *key" +.Fa "size_t *keylen" +.Fc +.Sh DESCRIPTION +The +.Fn EVP_PKEY_derive_init +function initializes a public key algorithm context using key +.Fa ctx->pkey +for shared secret derivation. +.Pp +The +.Fn EVP_PKEY_derive_set_peer +function sets the peer key: this will normally be a public key. +.Pp +The +.Fn EVP_PKEY_derive +derives a shared secret using +.Fa ctx . +If +.Fa key +is +.Dv NULL , +then the maximum size of the output buffer is written to the +.Fa keylen +parameter. +If +.Fa key +is not +.Dv NULL +then before the call the +.Fa keylen +parameter should contain the length of the +.Fa key +buffer. +If the call is successful, the shared secret is written to +.Fa key +and the amount of data written to +.Fa keylen . +.Pp +After the call to +.Fn EVP_PKEY_derive_init , +algorithm specific control operations can be performed to set any +appropriate parameters for the operation. +.Pp +The function +.Fn EVP_PKEY_derive +can be called more than once on the same context if several operations +are performed using the same parameters. +.Sh RETURN VALUES +.Fn EVP_PKEY_derive_init +and +.Fn EVP_PKEY_derive +return 1 for success and 0 or a negative value for failure. +In particular, a return value of -2 indicates the operation is not +supported by the public key algorithm. +.Sh EXAMPLES +Derive shared secret (for example DH or EC keys): +.Bd -literal +#include <openssl/evp.h> +#include <openssl/rsa.h> + +EVP_PKEY_CTX *ctx; +unsigned char *skey; +size_t skeylen; +EVP_PKEY *pkey, *peerkey; +/* NB: assumes pkey, peerkey have been already set up */ + +ctx = EVP_PKEY_CTX_new(pkey); +if (!ctx) + /* Error occurred */ +if (EVP_PKEY_derive_init(ctx) <= 0) + /* Error */ +if (EVP_PKEY_derive_set_peer(ctx, peerkey) <= 0) + /* Error */ + +/* Determine buffer length */ +if (EVP_PKEY_derive(ctx, NULL, &skeylen) <= 0) + /* Error */ + +skey = malloc(skeylen); + +if (!skey) + /* malloc failure */ + +if (EVP_PKEY_derive(ctx, skey, &skeylen) <= 0) + /* Error */ + +/* Shared secret is skey bytes written to buffer skey */ +.Ed +.Sh SEE ALSO +.Xr EVP_PKEY_CTX_new 3 , +.Xr EVP_PKEY_decrypt 3 , +.Xr EVP_PKEY_encrypt 3 , +.Xr EVP_PKEY_sign 3 , +.Xr EVP_PKEY_verify 3 , +.Xr EVP_PKEY_verify_recover 3 +.Sh HISTORY +These functions were first added to OpenSSL 1.0.0. diff --git a/lib/libcrypto/man/EVP_PKEY_encrypt.3 b/lib/libcrypto/man/EVP_PKEY_encrypt.3 new file mode 100644 index 00000000000..bda37ef160f --- /dev/null +++ b/lib/libcrypto/man/EVP_PKEY_encrypt.3 @@ -0,0 +1,117 @@ +.Dd $Mdocdate: November 3 2016 $ +.Dt EVP_PKEY_ENCRYPT 3 +.Os +.Sh NAME +.Nm EVP_PKEY_encrypt_init , +.Nm EVP_PKEY_encrypt +.Nd encrypt using a public key algorithm +.Sh SYNOPSIS +.In openssl/evp.h +.Ft int +.Fo EVP_PKEY_encrypt_init +.Fa "EVP_PKEY_CTX *ctx" +.Fc +.Ft int +.Fo EVP_PKEY_encrypt +.Fa "EVP_PKEY_CTX *ctx" +.Fa "unsigned char *out" +.Fa "size_t *outlen" +.Fa "const unsigned char *in" +.Fa "size_t inlen" +.Fc +.Sh DESCRIPTION +The +.Fn EVP_PKEY_encrypt_init +function initializes a public key algorithm context using key +.Fa ctx->pkey +for an encryption operation. +.Pp +The +.Fn EVP_PKEY_encrypt +function performs a public key encryption operation using +.Fa ctx . +The data to be encrypted is specified using the +.Fa in +and +.Fa inlen +parameters. +If +.Fa out +is +.Dv NULL , +then the maximum size of the output buffer is written to the +.Fa outlen +parameter. +If +.Fa out +is not +.Dv NULL , +then before the call the +.Fa outlen +parameter should contain the length of the +.Fa out +buffer, if the call is successful the encrypted data is written to +.Fa out +and the amount of data written to +.Fa outlen . +.Pp +After the call to +.Fn EVP_PKEY_encrypt_init , +algorithm specific control operations can be performed to set any +appropriate parameters for the operation. +.Pp +The function +.Fn EVP_PKEY_encrypt +can be called more than once on the same context if several operations +are performed using the same parameters. +.Sh RETURN VALUES +.Fn EVP_PKEY_encrypt_init +and +.Fn EVP_PKEY_encrypt +return 1 for success and 0 or a negative value for failure. +In particular, a return value of -2 indicates the operation is not +supported by the public key algorithm. +.Sh EXAMPLES +Encrypt data using OAEP (for RSA keys): +.Bd -literal +#include <openssl/evp.h> +#include <openssl/rsa.h> + +EVP_PKEY_CTX *ctx; +unsigned char *out, *in; +size_t outlen, inlen; +EVP_PKEY *key; +/* NB: assumes key in, inlen are already set up + * and that key is an RSA public key + */ +ctx = EVP_PKEY_CTX_new(key); +if (!ctx) + /* Error occurred */ +if (EVP_PKEY_encrypt_init(ctx) <= 0) + /* Error */ +if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_OAEP_PADDING) <= 0) + /* Error */ + +/* Determine buffer length */ +if (EVP_PKEY_encrypt(ctx, NULL, &outlen, in, inlen) <= 0) + /* Error */ + +out = malloc(outlen); + +if (!out) + /* malloc failure */ + +if (EVP_PKEY_encrypt(ctx, out, &outlen, in, inlen) <= 0) + /* Error */ + +/* Encrypted data is outlen bytes written to buffer out */ +.Ed +.Sh SEE ALSO +.Xr EVP_PKEY_CTX_new 3 , +.Xr EVP_PKEY_decrypt 3 , +.Xr EVP_PKEY_derive 3 , +.Xr EVP_PKEY_sign 3 , +.Xr EVP_PKEY_verify 3 , +.Xr EVP_PKEY_verify_recover 3 +.Sh HISTORY +These functions were first added to OpenSSL 1.0.0. diff --git a/lib/libcrypto/man/EVP_PKEY_get_default_digest.3 b/lib/libcrypto/man/EVP_PKEY_get_default_digest.3 new file mode 100644 index 00000000000..2266adadf3f --- /dev/null +++ b/lib/libcrypto/man/EVP_PKEY_get_default_digest.3 @@ -0,0 +1,39 @@ +.Dd $Mdocdate: November 3 2016 $ +.Dt EVP_PKEY_GET_DEFAULT_DIGEST 3 +.Os +.Sh NAME +.Nm EVP_PKEY_get_default_digest_nid +.Nd get default signature digest +.Sh SYNOPSIS +.In openssl/evp.h +.Ft int +.Fo EVP_PKEY_get_default_digest_nid +.Fa "EVP_PKEY *pkey" +.Fa "int *pnid" +.Fc +.Sh DESCRIPTION +The +.Fn EVP_PKEY_get_default_digest_nid +function sets +.Fa pnid +to the default message digest NID for the public key signature +operations associated with key +.Fa pkey . +.Pp +For all current standard OpenSSL public key algorithms, SHA1 is returned. +.Sh RETURN VALUES +The +.Fn EVP_PKEY_get_default_digest_nid +function returns 1 if the message digest is advisory (that is other +digests can be used) and 2 if it is mandatory (other digests cannot be +used). +It returns 0 or a negative value for failure. +In particular, a return value of -2 indicates the operation is not +supported by the public key algorithm. +.Sh SEE ALSO +.Xr EVP_PKEY_CTX_new 3 , +.Xr EVP_PKEY_sign 3 , +.Xr EVP_PKEY_verify 3 , +.Xr EVP_PKEY_verify_recover 3 +.Sh HISTORY +This function was first added to OpenSSL 1.0.0. diff --git a/lib/libcrypto/man/EVP_PKEY_keygen.3 b/lib/libcrypto/man/EVP_PKEY_keygen.3 new file mode 100644 index 00000000000..8a5c7be0c66 --- /dev/null +++ b/lib/libcrypto/man/EVP_PKEY_keygen.3 @@ -0,0 +1,235 @@ +.Dd $Mdocdate: November 3 2016 $ +.Dt EVP_PKEY_KEYGEN 3 +.Os +.Sh NAME +.Nm EVP_PKEY_keygen_init , +.Nm EVP_PKEY_keygen , +.Nm EVP_PKEY_paramgen_init , +.Nm EVP_PKEY_paramgen , +.Nm EVP_PKEY_CTX_set_cb , +.Nm EVP_PKEY_CTX_get_cb , +.Nm EVP_PKEY_CTX_get_keygen_info , +.Nm EVP_PKEY_CTX_set_app_data , +.Nm EVP_PKEY_CTX_get_app_data +.Nd key and parameter generation functions +.Sh SYNOPSIS +.In openssl/evp.h +.Ft int +.Fo EVP_PKEY_keygen_init +.Fa "EVP_PKEY_CTX *ctx" +.Fc +.Ft int +.Fo EVP_PKEY_keygen +.Fa "EVP_PKEY_CTX *ctx" +.Fa "EVP_PKEY **ppkey" +.Fc +.Ft int +.Fo EVP_PKEY_paramgen_init +.Fa "EVP_PKEY_CTX *ctx" +.Fc +.Ft int +.Fo EVP_PKEY_paramgen +.Fa "EVP_PKEY_CTX *ctx" +.Fa "EVP_PKEY **ppkey" +.Fc +.Ft typedef int +.Fo EVP_PKEY_gen_cb +.Fa "EVP_PKEY_CTX *ctx" +.Fc +.Ft void +.Fo EVP_PKEY_CTX_set_cb +.Fa "EVP_PKEY_CTX *ctx" +.Fa "EVP_PKEY_gen_cb *cb" +.Fc +.Ft EVP_PKEY_gen_cb * +.Fo EVP_PKEY_CTX_get_cb +.Fa "EVP_PKEY_CTX *ctx" +.Fc +.Ft int +.Fo EVP_PKEY_CTX_get_keygen_info +.Fa "EVP_PKEY_CTX *ctx" +.Fa "int idx" +.Fc +.Ft void +.Fo EVP_PKEY_CTX_set_app_data +.Fa "EVP_PKEY_CTX *ctx" +.Fa "void *data" +.Fc +.Ft void * +.Fo EVP_PKEY_CTX_get_app_data +.Fa "EVP_PKEY_CTX *ctx" +.Fc +.Sh DESCRIPTION +The +.Fn EVP_PKEY_keygen_init +function initializes a public key algorithm context using key +.Fa ctx->pkey +for a key generation operation. +.Pp +The +.Fn EVP_PKEY_keygen +function performs a key generation operation, the generated key is +written to +.Fa ppkey . +.Pp +The functions +.Fn EVP_PKEY_paramgen_init +and +.Fn EVP_PKEY_paramgen +are similar except parameters are generated. +.Pp +The function +.Fn EVP_PKEY_CTX_set_cb +sets the key or parameter generation callback to +.Fa cb . +The function +.Fn EVP_PKEY_CTX_get_cb +returns the key or parameter generation callback. +.Pp +The function +.Fn EVP_PKEY_CTX_get_keygen_info +returns parameters associated with the generation operation. +If +.Fa idx +is -1, the total number of parameters available is returned. +Any non negative value returns the value of that parameter. +.Fn EVP_PKEY_CTX_get_keygen_info +with a non-negative value for +.Fa idx +should only be called within the generation callback. +.Pp +If the callback returns 0, then the key generation operation is aborted +and an error occurs. +This might occur during a time consuming operation where a user clicks +on a "cancel" button. +.Pp +The functions +.Fn EVP_PKEY_CTX_set_app_data +and +.Fn EVP_PKEY_CTX_get_app_data +set and retrieve an opaque pointer. +This can be used to set some application defined value which can be +retrieved in the callback: for example a handle which is used to update +a "progress dialog". +.Pp +After the call to +.Fn EVP_PKEY_keygen_init +or +.Fn EVP_PKEY_paramgen_init , +algorithm specific control operations can be performed to set any +appropriate parameters for the operation. +.Pp +The functions +.Fn EVP_PKEY_keygen +and +.Fn EVP_PKEY_paramgen +can be called more than once on the same context if several operations +are performed using the same parameters. +.Pp +The meaning of the parameters passed to the callback will depend on the +algorithm and the specific implementation of the algorithm. +Some might not give any useful information at all during key or +parameter generation. +Others might not even call the callback. +.Pp +The operation performed by key or parameter generation depends on the +algorithm used. +In some cases (e.g. EC with a supplied named curve) the "generation" +option merely sets the appropriate fields in an +.Vt EVP_PKEY +structure. +.Pp +In OpenSSL, an +.Vt EVP_PKEY +structure containing a private key also contains the public key +components and parameters (if any). +An OpenSSL private key is equivalent to what some libraries call a "key +pair". +A private key can be used in functions which require the use of a public +key or parameters. +.Sh RETURN VALUES +.Fn EVP_PKEY_keygen_init , +.Fn EVP_PKEY_paramgen_init , +.Fn EVP_PKEY_keygen , +and +.Fn EVP_PKEY_paramgen +return 1 for success and 0 or a negative value for failure. +In particular, a return value of -2 indicates the operation is not +supported by the public key algorithm. +.Sh EXAMPLES +Generate a 2048 bit RSA key: +.Bd -literal +#include <openssl/evp.h> +#include <openssl/rsa.h> + +EVP_PKEY_CTX *ctx; +EVP_PKEY *pkey = NULL; +ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL); +if (!ctx) + /* Error occurred */ +if (EVP_PKEY_keygen_init(ctx) <= 0) + /* Error */ +if (EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, 2048) <= 0) + /* Error */ + +/* Generate key */ +if (EVP_PKEY_keygen(ctx, &pkey) <= 0) + /* Error */ +.Ed +.Pp +Generate a key from a set of parameters: +.Bd -literal +#include <openssl/evp.h> +#include <openssl/rsa.h> + +EVP_PKEY_CTX *ctx; +EVP_PKEY *pkey = NULL, *param; +/* Assumed param is set up already */ +ctx = EVP_PKEY_CTX_new(param); +if (!ctx) + /* Error occurred */ +if (EVP_PKEY_keygen_init(ctx) <= 0) + /* Error */ + +/* Generate key */ +if (EVP_PKEY_keygen(ctx, &pkey) <= 0) + /* Error */ +.Ed +.Pp +Example of generation callback for OpenSSL public key implementations: +.Bd -literal +/* Application data is a BIO to output status to */ + +EVP_PKEY_CTX_set_app_data(ctx, status_bio); + +static int +genpkey_cb(EVP_PKEY_CTX *ctx) +{ + char c = '*'; + BIO *b = EVP_PKEY_CTX_get_app_data(ctx); + int p; + + p = EVP_PKEY_CTX_get_keygen_info(ctx, 0); + if (p == 0) + c='.'; + if (p == 1) + c='+'; + if (p == 2) + c='*'; + if (p == 3) + c='\en'; + BIO_write(b,&c,1); + (void)BIO_flush(b); + return 1; +} +.Ed +.Sh SEE ALSO +.Xr EVP_PKEY_CTX_new 3 , +.Xr EVP_PKEY_decrypt 3 , +.Xr EVP_PKEY_derive 3 , +.Xr EVP_PKEY_encrypt 3 , +.Xr EVP_PKEY_sign 3 , +.Xr EVP_PKEY_verify 3 , +.Xr EVP_PKEY_verify_recover 3 +.Sh HISTORY +These functions were first added to OpenSSL 1.0.0. diff --git a/lib/libcrypto/man/EVP_PKEY_new.3 b/lib/libcrypto/man/EVP_PKEY_new.3 new file mode 100644 index 00000000000..155ca9ad240 --- /dev/null +++ b/lib/libcrypto/man/EVP_PKEY_new.3 @@ -0,0 +1,44 @@ +.Dd $Mdocdate: November 3 2016 $ +.Dt EVP_PKEY_NEW 3 +.Os +.Sh NAME +.Nm EVP_PKEY_new , +.Nm EVP_PKEY_free +.Nd private key allocation functions +.Sh SYNOPSIS +.In openssl/evp.h +.Ft EVP_PKEY * +.Fn EVP_PKEY_new void +.Ft void +.Fo EVP_PKEY_free +.Fa "EVP_PKEY *key" +.Fc +.Sh DESCRIPTION +The +.Vt EVP_PKEY +structure is used by various OpenSSL functions which require a general +private key without reference to any particular algorithm. +.Pp +The +.Fn EVP_PKEY_new +function allocates an empty +.Vt EVP_PKEY +structure. +To add a private key to it, use the functions described in +.Xr EVP_PKEY_set1_RSA 3 . +.Pp +.Fn EVP_PKEY_free +frees up the private key +.Fa key . +.Sh RETURN VALUES +.Fn EVP_PKEY_new +returns either the newly allocated +.Vt EVP_PKEY +structure or +.Dv NULL +if an error occurred. +.Pp +.Fn EVP_PKEY_free +does not return a value. +.Sh SEE ALSO +.Xr EVP_PKEY_set1_RSA 3 diff --git a/lib/libcrypto/man/EVP_PKEY_print_private.3 b/lib/libcrypto/man/EVP_PKEY_print_private.3 new file mode 100644 index 00000000000..d1f627c6a06 --- /dev/null +++ b/lib/libcrypto/man/EVP_PKEY_print_private.3 @@ -0,0 +1,76 @@ +.Dd $Mdocdate: November 3 2016 $ +.Dt EVP_PKEY_PRINT_PRIVATE 3 +.Os +.Sh NAME +.Nm EVP_PKEY_print_public , +.Nm EVP_PKEY_print_private , +.Nm EVP_PKEY_print_params +.Nd public key algorithm printing routines +.Sh SYNOPSIS +.In openssl/evp.h +.Ft int +.Fo EVP_PKEY_print_public +.Fa "BIO *out" +.Fa "const EVP_PKEY *pkey" +.Fa "int indent" +.Fa "ASN1_PCTX *pctx" +.Fc +.Ft int +.Fo EVP_PKEY_print_private +.Fa "BIO *out" +.Fa "const EVP_PKEY *pkey" +.Fa "int indent" +.Fa "ASN1_PCTX *pctx" +.Fc +.Ft int +.Fo EVP_PKEY_print_params +.Fa "BIO *out" +.Fa "const EVP_PKEY *pkey" +.Fa "int indent" +.Fa "ASN1_PCTX *pctx" +.Fc +.Sh DESCRIPTION +The functions +.Fn EVP_PKEY_print_public , +.Fn EVP_PKEY_print_private , +and +.Fn EVP_PKEY_print_params +print out the public, private or parameter components of key +.Fa pkey , +respectively. +The key is sent to +.Vt BIO +.Fa out +in human readable form. +The parameter +.Fa indent +indicates how far the printout should be indented. +.Pp +The +.Fa pctx +parameter allows the print output to be finely tuned by using ASN1 +printing options. +If +.Fa pctx +is set to +.Dv NULL , +then default values will be used. +Currently, no public key algorithms include any options in the +.Fa pctx +parameter. +.Pp +If the key does not include all the components indicated by the function, +then only those contained in the key will be printed. +For example, passing a public key to +.Fn EVP_PKEY_print_private +will only print the public components. +.Sh RETURN VALUES +These functions all return 1 for success and 0 or a negative value for +failure. +In particular, a return value of -2 indicates the operation is not +supported by the public key algorithm. +.Sh SEE ALSO +.Xr EVP_PKEY_CTX_new 3 , +.Xr EVP_PKEY_keygen 3 +.Sh HISTORY +These functions were first added to OpenSSL 1.0.0. diff --git a/lib/libcrypto/man/EVP_PKEY_set1_RSA.3 b/lib/libcrypto/man/EVP_PKEY_set1_RSA.3 new file mode 100644 index 00000000000..986918dc2f1 --- /dev/null +++ b/lib/libcrypto/man/EVP_PKEY_set1_RSA.3 @@ -0,0 +1,171 @@ +.Dd $Mdocdate: November 3 2016 $ +.Dt EVP_PKEY_SET1_RSA 3 +.Os +.Sh NAME +.Nm EVP_PKEY_set1_RSA , +.Nm EVP_PKEY_set1_DSA , +.Nm EVP_PKEY_set1_DH , +.Nm EVP_PKEY_set1_EC_KEY , +.Nm EVP_PKEY_get1_RSA , +.Nm EVP_PKEY_get1_DSA , +.Nm EVP_PKEY_get1_DH , +.Nm EVP_PKEY_get1_EC_KEY , +.Nm EVP_PKEY_assign_RSA , +.Nm EVP_PKEY_assign_DSA , +.Nm EVP_PKEY_assign_DH , +.Nm EVP_PKEY_assign_EC_KEY , +.Nm EVP_PKEY_type +.Nd EVP_PKEY assignment functions +.Sh SYNOPSIS +.In openssl/evp.h +.Ft int +.Fo EVP_PKEY_set1_RSA +.Fa "EVP_PKEY *pkey" +.Fa "RSA *key" +.Fc +.Ft int +.Fo EVP_PKEY_set1_DSA +.Fa "EVP_PKEY *pkey" +.Fa "DSA *key" +.Fc +.Ft int +.Fo EVP_PKEY_set1_DH +.Fa "EVP_PKEY *pkey" +.Fa "DH *key" +.Fc +.Ft int +.Fo EVP_PKEY_set1_EC_KEY +.Fa "EVP_PKEY *pkey" +.Fa "EC_KEY *key" +.Fc +.Ft RSA * +.Fo EVP_PKEY_get1_RSA +.Fa "EVP_PKEY *pkey" +.Fc +.Ft DSA * +.Fo EVP_PKEY_get1_DSA +.Fa "EVP_PKEY *pkey" +.Fc +.Ft DH * +.Fo EVP_PKEY_get1_DH +.Fa "EVP_PKEY *pkey" +.Fc +.Ft EC_KEY * +.Fo EVP_PKEY_get1_EC_KEY +.Fa "EVP_PKEY *pkey" +.Fc +.Ft int +.Fo EVP_PKEY_assign_RSA +.Fa "EVP_PKEY *pkey" +.Fa "RSA *key" +.Fc +.Ft int +.Fo EVP_PKEY_assign_DSA +.Fa "EVP_PKEY *pkey" +.Fa "DSA *key" +.Fc +.Ft int +.Fo EVP_PKEY_assign_DH +.Fa "EVP_PKEY *pkey" +.Fa "DH *key" +.Fc +.Ft int +.Fo EVP_PKEY_assign_EC_KEY +.Fa "EVP_PKEY *pkey" +.Fa "EC_KEY *key" +.Fc +.Ft int +.Fo EVP_PKEY_type +.Fa "int type" +.Fc +.Sh DESCRIPTION +.Fn EVP_PKEY_set1_RSA , +.Fn EVP_PKEY_set1_DSA , +.Fn EVP_PKEY_set1_DH , +and +.Fn EVP_PKEY_set1_EC_KEY +set the key referenced by +.Fa pkey +to +.Fa key . +.Pp +.Fn EVP_PKEY_get1_RSA , +.Fn EVP_PKEY_get1_DSA , +.Fn EVP_PKEY_get1_DH , +and +.Fn EVP_PKEY_get1_EC_KEY +return the key referenced in +.Fa pkey +or +.Dv NULL +if the key is not of the correct type. +.Pp +.Fn EVP_PKEY_assign_RSA , +.Fn EVP_PKEY_assign_DSA , +.Fn EVP_PKEY_assign_DH , +and +.Fn EVP_PKEY_assign_EC_KEY +also set the referenced key to +.Fa key ; +however these use the supplied +.Fa key +internally and so +.Fa key +will be freed when the parent +.Fa pkey +is freed. +.Pp +.Fn EVP_PKEY_type +returns the type of key corresponding to the value +.Fa type . +The type of a key can be obtained with +.Fn EVP_PKEY_type pkey->type . +The return value will be +.Dv EVP_PKEY_RSA , +.Dv EVP_PKEY_DSA , +.Dv EVP_PKEY_DH , +or +.Dv EVP_PKEY_EC +for the corresponding key types or +.Dv NID_undef +if the key type is unassigned. +.Pp +In accordance with the OpenSSL naming convention, the key obtained from +or assigned to +.Fa pkey +using the +.Sy 1 +functions must be freed as well as +.Fa pkey . +.Pp +.Fn EVP_PKEY_assign_RSA , +.Fn EVP_PKEY_assign_DSA , +.Fn EVP_PKEY_assign_DH , +and +.Fn EVP_PKEY_assign_EC_KEY +are implemented as macros. +.Sh RETURN VALUES +.Fn EVP_PKEY_set1_RSA , +.Fn EVP_PKEY_set1_DSA , +.Fn EVP_PKEY_set1_DH , +and +.Fn EVP_PKEY_set1_EC_KEY +return 1 for success or 0 for failure. +.Pp +.Fn EVP_PKEY_get1_RSA , +.Fn EVP_PKEY_get1_DSA , +.Fn EVP_PKEY_get1_DH , +and +.Fn EVP_PKEY_get1_EC_KEY +return the referenced key or +.Dv NULL +if an error occurred. +.Pp +.Fn EVP_PKEY_assign_RSA , +.Fn EVP_PKEY_assign_DSA , +.Fn EVP_PKEY_assign_DH , +and +.Fn EVP_PKEY_assign_EC_KEY +return 1 for success and 0 for failure. +.Sh SEE ALSO +.Xr EVP_PKEY_new 3 diff --git a/lib/libcrypto/man/EVP_PKEY_sign.3 b/lib/libcrypto/man/EVP_PKEY_sign.3 new file mode 100644 index 00000000000..f8e4da7a9d5 --- /dev/null +++ b/lib/libcrypto/man/EVP_PKEY_sign.3 @@ -0,0 +1,120 @@ +.Dd $Mdocdate: November 3 2016 $ +.Dt EVP_PKEY_SIGN 3 +.Os +.Sh NAME +.Nm EVP_PKEY_sign_init , +.Nm EVP_PKEY_sign +.Nd sign using a public key algorithm +.Sh SYNOPSIS +.In openssl/evp.h +.Ft int +.Fo EVP_PKEY_sign_init +.Fa "EVP_PKEY_CTX *ctx" +.Fc +.Ft int +.Fo EVP_PKEY_sign +.Fa "EVP_PKEY_CTX *ctx" +.Fa "unsigned char *sig" +.Fa "size_t *siglen" +.Fa "const unsigned char *tbs" +.Fa "size_t tbslen" +.Fc +.Sh DESCRIPTION +The +.Fn EVP_PKEY_sign_init +function initializes a public key algorithm context using the key +.Fa ctx->pkey +for a signing operation. +.Pp +The +.Fn EVP_PKEY_sign +function performs a public key signing operation using +.Fa ctx . +The data to be signed is specified using the +.Fa tbs +and +.Fa tbslen +parameters. +If +.Fa sig +is +.Dv NULL , +then the maximum size of the output buffer is written to the +.Fa siglen +parameter. +If +.Fa sig +is not +.Dv NULL , +then before the call the +.Fa siglen +parameter should contain the length of the +.Fa sig +buffer. +If the call is successful the signature is written to +.Fa sig +and the amount of data written to +.Fa siglen . +.Pp +After the call to +.Fn EVP_PKEY_sign_init , +algorithm specific control operations can be performed to set any +appropriate parameters for the operation. +.Pp +The function +.Fn EVP_PKEY_sign +can be called more than once on the same context if several operations +are performed using the same parameters. +.Sh RETURN VALUES +.Fn EVP_PKEY_sign_init +and +.Fn EVP_PKEY_sign +return 1 for success and 0 or a negative value for failure. +In particular, a return value of -2 indicates the operation is not +supported by the public key algorithm. +.Sh EXAMPLES +Sign data using RSA with PKCS#1 padding and SHA256 digest: +.Bd -literal +#include <openssl/evp.h> +#include <openssl/rsa.h> + +EVP_PKEY_CTX *ctx; +unsigned char *md, *sig; +size_t mdlen, siglen; +EVP_PKEY *signing_key; +/* NB: assumes signing_key, md and mdlen are already set up + * and that signing_key is an RSA private key + */ +ctx = EVP_PKEY_CTX_new(signing_key); +if (!ctx) + /* Error occurred */ +if (EVP_PKEY_sign_init(ctx) <= 0) + /* Error */ +if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_PADDING) <= 0) + /* Error */ +if (EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256()) <= 0) + /* Error */ + +/* Determine buffer length */ +if (EVP_PKEY_sign(ctx, NULL, &siglen, md, mdlen) <= 0) + /* Error */ + +sig = malloc(siglen); + +if (!sig) + /* malloc failure */ + +if (EVP_PKEY_sign(ctx, sig, &siglen, md, mdlen) <= 0) + /* Error */ + +/* Signature is siglen bytes written to buffer sig */ +.Ed +.Sh SEE ALSO +.Xr EVP_PKEY_CTX_new 3 , +.Xr EVP_PKEY_decrypt 3 , +.Xr EVP_PKEY_derive 3 , +.Xr EVP_PKEY_encrypt 3 , +.Xr EVP_PKEY_verify 3 , +.Xr EVP_PKEY_verify_recover 3 +.Sh HISTORY +These functions were first added to OpenSSL 1.0.0. diff --git a/lib/libcrypto/man/EVP_PKEY_verify.3 b/lib/libcrypto/man/EVP_PKEY_verify.3 new file mode 100644 index 00000000000..bec32833493 --- /dev/null +++ b/lib/libcrypto/man/EVP_PKEY_verify.3 @@ -0,0 +1,109 @@ +.Dd $Mdocdate: November 3 2016 $ +.Dt EVP_PKEY_VERIFY 3 +.Os +.Sh NAME +.Nm EVP_PKEY_verify_init , +.Nm EVP_PKEY_verify +.Nd signature verification using a public key algorithm +.Sh SYNOPSIS +.In openssl/evp.h +.Ft int +.Fo EVP_PKEY_verify_init +.Fa "EVP_PKEY_CTX *ctx" +.Fc +.Ft int +.Fo EVP_PKEY_verify +.Fa "EVP_PKEY_CTX *ctx" +.Fa "const unsigned char *sig" +.Fa "size_t siglen" +.Fa "const unsigned char *tbs" +.Fa "size_t tbslen" +.Fc +.Sh DESCRIPTION +The +.Fn EVP_PKEY_verify_init +function initializes a public key algorithm context using key +.Fa ctx->pkey +for a signature verification operation. +.Pp +The +.Fn EVP_PKEY_verify +function performs a public key verification operation using +.Fa ctx . +The signature is specified using the +.Fa sig +and +.Fa siglen +parameters. +The verified data (i.e. the data believed originally signed) is +specified using the +.Fa tbs +and +.Fa tbslen +parameters. +.Pp +After the call to +.Fn EVP_PKEY_verify_init , +algorithm specific control operations can be performed to set any +appropriate parameters for the operation. +.Pp +The function +.Fn EVP_PKEY_verify +can be called more than once on the same context if several operations +are performed using the same parameters. +.Sh RETURN VALUES +.Fn EVP_PKEY_verify_init +and +.Fn EVP_PKEY_verify +return 1 if the verification was successful and 0 if it failed. +Unlike other functions the return value 0 from +.Fn EVP_PKEY_verify +only indicates that the signature did not verify successfully. +That is, +.Fa tbs +did not match the original data or the signature was of invalid form. +It is not an indication of a more serious error. +.Pp +A negative value indicates an error other that signature verification +failure. +In particular, a return value of -2 indicates the operation is not +supported by the public key algorithm. +.Sh EXAMPLES +Verify signature using PKCS#1 and SHA256 digest: +.Bd -literal +#include <openssl/evp.h> +#include <openssl/rsa.h> + +EVP_PKEY_CTX *ctx; +unsigned char *md, *sig; +size_t mdlen, siglen; +EVP_PKEY *verify_key; +/* NB: assumes verify_key, sig, siglen md and mdlen are already set up + * and that verify_key is an RSA public key + */ +ctx = EVP_PKEY_CTX_new(verify_key); +if (!ctx) + /* Error occurred */ +if (EVP_PKEY_verify_init(ctx) <= 0) + /* Error */ +if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_PADDING) <= 0) + /* Error */ +if (EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256()) <= 0) + /* Error */ + +/* Perform operation */ +ret = EVP_PKEY_verify(ctx, sig, siglen, md, mdlen); + +/* ret == 1 indicates success, 0 verify failure and < 0 for some + * other error. + */ +.Ed +.Sh SEE ALSO +.Xr EVP_PKEY_CTX_new 3 , +.Xr EVP_PKEY_decrypt 3 , +.Xr EVP_PKEY_derive 3 , +.Xr EVP_PKEY_encrypt 3 , +.Xr EVP_PKEY_sign 3 , +.Xr EVP_PKEY_verify_recover 3 +.Sh HISTORY +These functions were first added to OpenSSL 1.0.0. diff --git a/lib/libcrypto/man/EVP_PKEY_verify_recover.3 b/lib/libcrypto/man/EVP_PKEY_verify_recover.3 new file mode 100644 index 00000000000..fc26152ae64 --- /dev/null +++ b/lib/libcrypto/man/EVP_PKEY_verify_recover.3 @@ -0,0 +1,131 @@ +.Dd $Mdocdate: November 3 2016 $ +.Dt EVP_PKEY_VERIFY_RECOVER 3 +.Os +.Sh NAME +.Nm EVP_PKEY_verify_recover_init , +.Nm EVP_PKEY_verify_recover +.Nd recover signature using a public key algorithm +.Sh SYNOPSIS +.In openssl/evp.h +.Ft int +.Fo EVP_PKEY_verify_recover_init +.Fa "EVP_PKEY_CTX *ctx" +.Fc +.Ft int +.Fo EVP_PKEY_verify_recover +.Fa "EVP_PKEY_CTX *ctx" +.Fa "unsigned char *rout" +.Fa "size_t *routlen" +.Fa "const unsigned char *sig" +.Fa "size_t siglen" +.Fc +.Sh DESCRIPTION +The +.Fn EVP_PKEY_verify_recover_init +function initializes a public key algorithm context using key +.Fa ctx->pkey +for a verify recover operation. +.Pp +The +.Fn EVP_PKEY_verify_recover +function recovers signed data using +.Fa ctx . +The signature is specified using the +.Fa sig +and +.Fa siglen +parameters. +If +.Fa rout +is +.Dv NULL , +then the maximum size of the output buffer is written to the +.Fa routlen +parameter. +If +.Fa rout +is not +.Dv NULL , +then before the call the +.Fa routlen +parameter should contain the length of the +.Fa rout +buffer. +If the call is successful, recovered data is written to +.Fa rout +and the amount of data written to +.Fa routlen . +.Pp +Normally an application is only interested in whether a signature +verification operation is successful. +In those cases, the +.Xr EVP_verify 3 +function should be used. +.Pp +Sometimes however it is useful to obtain the data originally signed +using a signing operation. +Only certain public key algorithms can recover a signature in this way +(for example RSA in PKCS padding mode). +.Pp +After the call to +.Fn EVP_PKEY_verify_recover_init , +algorithm specific control operations can be performed to set any +appropriate parameters for the operation. +.Pp +The function +.Fn EVP_PKEY_verify_recover +can be called more than once on the same context if several operations +are performed using the same parameters. +.Sh RETURN VALUES +.Fn EVP_PKEY_verify_recover_init +and +.Fn EVP_PKEY_verify_recover +return 1 for success and 0 or a negative value for failure. +In particular, a return value of -2 indicates the operation is not +supported by the public key algorithm. +.Sh EXAMPLES +Recover digest originally signed using PKCS#1 and SHA256 digest: +.Bd -literal +#include <openssl/evp.h> +#include <openssl/rsa.h> + +EVP_PKEY_CTX *ctx; +unsigned char *rout, *sig; +size_t routlen, siglen; +EVP_PKEY *verify_key; +/* NB: assumes verify_key, sig and siglen are already set up + * and that verify_key is an RSA public key + */ +ctx = EVP_PKEY_CTX_new(verify_key); +if (!ctx) + /* Error occurred */ +if (EVP_PKEY_verify_recover_init(ctx) <= 0) + /* Error */ +if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_PADDING) <= 0) + /* Error */ +if (EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256()) <= 0) + /* Error */ + +/* Determine buffer length */ +if (EVP_PKEY_verify_recover(ctx, NULL, &routlen, sig, siglen) <= 0) + /* Error */ + +rout = malloc(routlen); + +if (!rout) + /* malloc failure */ + +if (EVP_PKEY_verify_recover(ctx, rout, &routlen, sig, siglen) <= 0) + /* Error */ + +/* Recovered data is routlen bytes written to buffer rout */ +.Ed +.Sh SEE ALSO +.Xr EVP_PKEY_CTX_new 3 , +.Xr EVP_PKEY_encrypt 3 , +.Xr EVP_PKEY_decrypt 3 , +.Xr EVP_PKEY_sign 3 , +.Xr EVP_PKEY_verify 3 , +.Xr EVP_PKEY_derive 3 +.Sh HISTORY +These functions were first added to OpenSSL 1.0.0. diff --git a/lib/libcrypto/man/EVP_SealInit.3 b/lib/libcrypto/man/EVP_SealInit.3 new file mode 100644 index 00000000000..9511111486c --- /dev/null +++ b/lib/libcrypto/man/EVP_SealInit.3 @@ -0,0 +1,131 @@ +.Dd $Mdocdate: November 3 2016 $ +.Dt EVP_SEALINIT 3 +.Os +.Sh NAME +.Nm EVP_SealInit , +.Nm EVP_SealUpdate , +.Nm EVP_SealFinal +.Nd EVP envelope encryption +.Sh SYNOPSIS +.In openssl/evp.h +.Ft int +.Fo EVP_SealInit +.Fa "EVP_CIPHER_CTX *ctx" +.Fa "const EVP_CIPHER *type" +.Fa "unsigned char **ek" +.Fa "int *ekl" +.Fa "unsigned char *iv" +.Fa "EVP_PKEY **pubk" +.Fa "int npubk" +.Fc +.Ft int +.Fo EVP_SealUpdate +.Fa "EVP_CIPHER_CTX *ctx" +.Fa "unsigned char *out" +.Fa "int *outl" +.Fa "unsigned char *in" +.Fa "int inl" +.Fc +.Ft int +.Fo EVP_SealFinal +.Fa "EVP_CIPHER_CTX *ctx" +.Fa "unsigned char *out" +.Fa "int *outl" +.Fc +.Sh DESCRIPTION +The EVP envelope routines are a high level interface to envelope +encryption. +They generate a random key and IV (if required) then "envelope" it by +using public key encryption. +Data can then be encrypted using this key. +.Pp +.Fn EVP_SealInit +initializes a cipher context +.Fa ctx +for encryption with cipher +.Fa type +using a random secret key and IV. +.Fa type +is normally supplied by a function such as +.Fn EVP_aes_256_cbc 3 ; +see +.Xr EVP_EncryptInit 3 +for details. +The secret key is encrypted using one or more public keys. +This allows the same encrypted data to be decrypted using any of +the corresponding private keys. +.Fa ek +is an array of buffers where the public key encrypted secret key will be +written. +Each buffer must contain enough room for the corresponding encrypted +key: that is +.Fa ek[i] +must have room for +.Fn EVP_PKEY_size pubk[i] +bytes. +The actual size of each encrypted secret key is written to the array +.Fa ekl . +.Fa pubk +is an array of +.Fa npubk +public keys. +.Pp +The +.Fa iv +parameter is a buffer where the generated IV is written to. +It must contain enough room for the corresponding cipher's IV, as +determined by (for example) +.Fn EVP_CIPHER_iv_length type . +.Pp +If the cipher does not require an IV then the +.Fa iv +parameter is ignored and can be +.Dv NULL . +.Pp +.Fn EVP_SealUpdate +and +.Fn EVP_SealFinal +have exactly the same properties as the +.Xr EVP_EncryptUpdate 3 +and +.Xr EVP_EncryptFinal 3 +routines. +.Pp +The public key must be RSA because it is the only OpenSSL public key +algorithm that supports key transport. +.Pp +Envelope encryption is the usual method of using public key encryption +on large amounts of data. +This is because public key encryption is slow but symmetric encryption +is fast. +So symmetric encryption is used for bulk encryption and the small random +symmetric key used is transferred using public key encryption. +.Pp +It is possible to call +.Fn EVP_SealInit +twice in the same way as +.Xr EVP_EncryptInit 3 . +The first call should have +.Fa npubk +set to 0 and (after setting any cipher parameters) it should be called +again with +.Fa type +set to NULL. +.Sh RETURN VALUES +.Fn EVP_SealInit +returns 0 on error or +.Fa npubk +if successful. +.Pp +.Fn EVP_SealUpdate +and +.Fn EVP_SealFinal +return 1 for success and 0 for failure. +.Sh SEE ALSO +.Xr evp 3 , +.Xr EVP_EncryptInit 3 , +.Xr EVP_OpenInit 3 , +.Xr rand 3 +.Sh HISTORY +.Fn EVP_SealFinal +did not return a value before OpenSSL 0.9.7. diff --git a/lib/libcrypto/man/EVP_SignInit.3 b/lib/libcrypto/man/EVP_SignInit.3 new file mode 100644 index 00000000000..22f81148a26 --- /dev/null +++ b/lib/libcrypto/man/EVP_SignInit.3 @@ -0,0 +1,167 @@ +.Dd $Mdocdate: November 3 2016 $ +.Dt EVP_SIGNINIT 3 +.Os +.Sh NAME +.Nm EVP_SignInit , +.Nm EVP_SignUpdate , +.Nm EVP_SignFinal , +.Nm EVP_PKEY_size +.Nd EVP signing functions +.Sh SYNOPSIS +.In openssl/evp.h +.Ft int +.Fo EVP_SignInit_ex +.Fa "EVP_MD_CTX *ctx" +.Fa "const EVP_MD *type" +.Fa "ENGINE *impl" +.Fc +.Ft int +.Fo EVP_SignUpdate +.Fa "EVP_MD_CTX *ctx" +.Fa "const void *d" +.Fa "unsigned int cnt" +.Fc +.Ft int +.Fo EVP_SignFinal +.Fa "EVP_MD_CTX *ctx" +.Fa "unsigned char *sig" +.Fa "unsigned int *s" +.Fa "EVP_PKEY *pkey" +.Fc +.Ft void +.Fo EVP_SignInit +.Fa "EVP_MD_CTX *ctx" +.Fa "const EVP_MD *type" +.Fc +.Ft int +.Fo EVP_PKEY_size +.Fa "EVP_PKEY *pkey" +.Fc +.Sh DESCRIPTION +The EVP signature routines are a high level interface to digital +signatures. +.Pp +.Fn EVP_SignInit_ex +sets up a signing context +.Fa ctx +to use the digest +.Fa type +from +.Vt ENGINE +.Fa impl . +.Fa ctx +must be initialized with +.Xr EVP_MD_CTX_init 3 +before calling this function. +.Pp +.Fn EVP_SignUpdate +hashes +.Fa cnt +bytes of data at +.Fa d +into the signature context +.Fa ctx . +This function can be called several times on the same +.Fa ctx +to include additional data. +.Pp +.Fn EVP_SignFinal +signs the data in +.Fa ctx +using the private key +.Fa pkey +and places the signature in +.Fa sig . +.Fa sig +must be at least +.Fn EVP_PKEY_size pkey +bytes in size. +.Fa s +is an OUT parameter, and not used as an IN parameter. +The number of bytes of data written (i.e. +the length of the signature) will be written to the integer at +.Fa s . +At most +.Fn EVP_PKEY_size pkey +bytes will be written. +.Pp +.Fn EVP_SignInit +initializes a signing context +.Fa ctx +to use the default implementation of digest +.Fa type . +.Pp +.Fn EVP_PKEY_size +returns the maximum size of a signature in bytes. +The actual signature returned by +.Fn EVP_SignFinal +may be smaller. +.Pp +The EVP interface to digital signatures should almost always be +used in preference to the low level interfaces. +This is because the code then becomes transparent to the algorithm used +and much more flexible. +.Pp +Due to the link between message digests and public key algorithms the +correct digest algorithm must be used with the correct public key type. +A list of algorithms and associated public key algorithms appears in +.Xr EVP_DigestInit 3 . +.Pp +The call to +.Fn EVP_SignFinal +internally finalizes a copy of the digest context. +This means that calls to +.Fn EVP_SignUpdate +and +.Fn EVP_SignFinal +can be called later to digest and sign additional data. +.Pp +Since only a copy of the digest context is ever finalized, the context +must be cleaned up after use by calling +.Xr EVP_MD_CTX_cleanup 3 +or a memory leak will occur. +.Sh RETURN VALUES +.Fn EVP_SignInit_ex , +.Fn EVP_SignUpdate , +and +.Fn EVP_SignFinal +return 1 for success and 0 for failure. +.Pp +.Fn EVP_PKEY_size +returns the maximum size of a signature in bytes. +.Pp +The error codes can be obtained by +.Xr ERR_get_error 3 . +.Sh SEE ALSO +.Xr ERR 3 , +.Xr evp 3 , +.Xr EVP_DigestInit 3 , +.Xr EVP_VerifyInit 3 +.Sh HISTORY +.Fn EVP_SignInit , +.Fn EVP_SignUpdate , +and +.Fn EVP_SignFinal +are available in all versions of SSLeay and OpenSSL. +.Pp +.Fn EVP_SignInit_ex +was added in OpenSSL 0.9.7. +.Sh BUGS +Older versions of this documentation wrongly stated that calls to +.Fn EVP_SignUpdate +could not be made after calling +.Fn EVP_SignFinal . +.Pp +Since the private key is passed in the call to +.Fn EVP_SignFinal +any error relating to the private key (for example an unsuitable key and +digest combination) will not be indicated until after potentially large +amounts of data have been passed through +.Fn EVP_SignUpdate . +.Pp +It is not possible to change the signing parameters using these +function. +.Pp +The previous two bugs are fixed in the newer +.Xr EVP_SignDigest* 3 +function. diff --git a/lib/libcrypto/man/EVP_VerifyInit.3 b/lib/libcrypto/man/EVP_VerifyInit.3 new file mode 100644 index 00000000000..b1635d4cac1 --- /dev/null +++ b/lib/libcrypto/man/EVP_VerifyInit.3 @@ -0,0 +1,146 @@ +.Dd $Mdocdate: November 3 2016 $ +.Dt EVP_VERIFYINIT 3 +.Os +.Sh NAME +.Nm EVP_VerifyInit , +.Nm EVP_VerifyUpdate , +.Nm EVP_VerifyFinal +.Nd EVP signature verification functions +.Sh SYNOPSIS +.In openssl/evp.h +.Ft int +.Fo EVP_VerifyInit_ex +.Fa "EVP_MD_CTX *ctx" +.Fa "const EVP_MD *type" +.Fa "ENGINE *impl" +.Fc +.Ft int +.Fo EVP_VerifyUpdate +.Fa "EVP_MD_CTX *ctx" +.Fa "const void *d" +.Fa "unsigned int cnt" +.Fc +.Ft int +.Fo EVP_VerifyFinal +.Fa "EVP_MD_CTX *ctx" +.Fa "unsigned char *sigbuf" +.Fa "unsigned int siglen" +.Fa "EVP_PKEY *pkey" +.Fc +.Ft int +.Fo EVP_VerifyInit +.Fa "EVP_MD_CTX *ctx" +.Fa "const EVP_MD *type" +.Fc +.Sh DESCRIPTION +The EVP signature verification routines are a high level interface to +digital signatures. +.Pp +.Fn EVP_VerifyInit_ex +sets up a verification context +.Fa ctx +to use the digest +.Fa type +from +.Vt ENGINE +.Fa impl . +.Fa ctx +must be initialized by calling +.Xr EVP_MD_CTX_init 3 +before calling this function. +.Pp +.Fn EVP_VerifyUpdate +hashes +.Fa cnt +bytes of data at +.Fa d +into the verification context +.Fa ctx . +This function can be called several times on the same +.Fa ctx +to include additional data. +.Pp +.Fn EVP_VerifyFinal +verifies the data in +.Fa ctx +using the public key +.Fa pkey +and against the +.Fa siglen +bytes at +.Fa sigbuf . +.Pp +.Fn EVP_VerifyInit +initializes a verification context +.Fa ctx +to use the default implementation of digest +.Fa type . +.Pp +The EVP interface to digital signatures should almost always be +used in preference to the low level interfaces. +This is because the code then becomes transparent to the algorithm used +and much more flexible. +.Pp +Due to the link between message digests and public key algorithms, the +correct digest algorithm must be used with the correct public key type. +A list of algorithms and associated public key algorithms appears in +.Xr EVP_DigestInit 3 . +.Pp +The call to +.Fn EVP_VerifyFinal +internally finalizes a copy of the digest context. +This means that calls to +.Fn EVP_VerifyUpdate +and +.Fn EVP_VerifyFinal +can be called later to digest and verify additional data. +.Pp +Since only a copy of the digest context is ever finalized, the context +must be cleaned up after use by calling +.Xr EVP_MD_CTX_cleanup 3 , +or a memory leak will occur. +.Sh RETURN VALUES +.Fn EVP_VerifyInit_ex +and +.Fn EVP_VerifyUpdate +return 1 for success and 0 for failure. +.Pp +.Fn EVP_VerifyFinal +returns 1 for a correct signature, 0 for failure, and -1 if some other +error occurred. +.Pp +The error codes can be obtained by +.Xr ERR_get_error 3 . +.Sh SEE ALSO +.Xr ERR 3 , +.Xr evp 3 , +.Xr EVP_DigestInit 3 , +.Xr EVP_SignInit 3 +.Sh HISTORY +.Fn EVP_VerifyInit , +.Fn EVP_VerifyUpdate , +and +.Fn EVP_VerifyFinal +are available in all versions of SSLeay and OpenSSL. +.Pp +.Fn EVP_VerifyInit_ex +was added in OpenSSL 0.9.7. +.Sh BUGS +Older versions of this documentation wrongly stated that calls to +.Fn EVP_VerifyUpdate +could not be made after calling +.Fn EVP_VerifyFinal . +.Pp +Since the public key is passed in the call to +.Xr EVP_SignFinal 3 , +any error relating to the private key (for example an unsuitable key and +digest combination) will not be indicated until after potentially large +amounts of data have been passed through +.Xr EVP_SignUpdate 3 . +.Pp +It is not possible to change the signing parameters using these +functions. +.Pp +The previous two bugs are fixed in the newer functions of the +.Xr EVP_DigestVerifyInit 3 +family. diff --git a/lib/libcrypto/man/Makefile b/lib/libcrypto/man/Makefile index 5d19e023ab2..f4fd152ff72 100644 --- a/lib/libcrypto/man/Makefile +++ b/lib/libcrypto/man/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.37 2016/11/02 15:23:41 schwarze Exp $ +# $OpenBSD: Makefile,v 1.38 2016/11/03 09:35:34 schwarze Exp $ .include <bsd.own.mk> # for NOMAN @@ -92,14 +92,6 @@ MAN= \ ERR_remove_state.3 \ ERR_set_mark.3 \ EVP_AEAD_CTX_init.3 \ - UI_new.3 \ - bn_dump.3 \ - crypto.3 \ - d2i_PKCS8PrivateKey_bio.3 \ - des_read_pw.3 \ - lh_new.3 \ - -GENMAN= \ EVP_BytesToKey.3 \ EVP_DigestInit.3 \ EVP_DigestSignInit.3 \ @@ -123,6 +115,15 @@ GENMAN= \ EVP_SealInit.3 \ EVP_SignInit.3 \ EVP_VerifyInit.3 \ + UI_new.3 \ + bn_dump.3 \ + crypto.3 \ + d2i_PKCS8PrivateKey_bio.3 \ + des_read_pw.3 \ + evp.3 \ + lh_new.3 \ + +GENMAN= \ HMAC.3 \ MD5.3 \ OBJ_nid2obj.3 \ @@ -192,7 +193,6 @@ GENMAN= \ dsa.3 \ ec.3 \ engine.3 \ - evp.3 \ i2d_PKCS7_bio_stream.3 \ lh_stats.3 \ rsa.3 \ diff --git a/lib/libcrypto/man/evp.3 b/lib/libcrypto/man/evp.3 new file mode 100644 index 00000000000..7bf7dfec818 --- /dev/null +++ b/lib/libcrypto/man/evp.3 @@ -0,0 +1,151 @@ +.Dd $Mdocdate: November 3 2016 $ +.Dt EVP 3 +.Os +.Sh NAME +.Nm evp +.Nd high-level cryptographic functions +.Sh SYNOPSIS +.In openssl/evp.h +.Sh DESCRIPTION +The EVP library provides a high-level interface to cryptographic +functions. +.Pp +.Xr EVP_SealInit 3 +and +.Xr EVP_OpenInit 3 +provide public key encryption and decryption to implement digital +"envelopes". +.Pp +The +.Xr EVP_DigestSignInit 3 +and +.Xr EVP_DigestVerifyInit 3 +functions implement digital signatures and Message Authentication Codes +(MACs). +Also see the older +.Xr EVP_SignInit 3 +and +.Xr EVP_VerifyInit 3 +functions. +.Pp +Symmetric encryption is available with the +.Xr EVP_EncryptInit 3 +functions. +The +.Xr EVP_DigestInit 3 +functions provide message digests. +.Pp +Authenticated encryption with additional data (AEAD) is available with +the +.Xr EVP_AEAD_CTX_init 3 +functions. +.Pp +The +.Fn EVP_PKEY_* +functions provide a high level interface to asymmetric algorithms. +To create a new +.Vt EVP_PKEY , +see +.Xr EVP_PKEY_new 3 . +.Vt EVP_PKEY Ns s +can be associated with a private key of a particular algorithm +by using the functions described in the +.Xr EVP_PKEY_set1_RSA 3 +page, or new keys can be generated using +.Xr EVP_PKEY_keygen 3 . +.Vt EVP_PKEY Ns s +can be compared using +.Xr EVP_PKEY_cmp 3 +or printed using +.Xr EVP_PKEY_print_private 3 . +.Pp +The +.Fn EVP_PKEY_* +functions support the full range of asymmetric algorithm operations: +.Bl -bullet +.It +For key agreement, see +.Xr EVP_PKEY_derive 3 . +.It +For signing and verifying, see +.Xr EVP_PKEY_sign 3 , +.Xr EVP_PKEY_verify 3 , +and +.Xr EVP_PKEY_verify_recover 3 . +However, note that these functions do not perform a digest of the +data to be signed. +Therefore normally you would use the +.Xr EVP_DigestSignInit 3 +functions for this purpose. +.It +For encryption and decryption see +.Xr EVP_PKEY_encrypt 3 +and +.Xr EVP_PKEY_decrypt 3 , +respectively. +However, note that these functions perform encryption and decryption only. +As public key encryption is an expensive operation, normally you +would wrap an encrypted message in a digital envelope using the +.Xr EVP_SealInit 3 +and +.Xr EVP_OpenInit 3 +functions. +.El +.Pp +The +.Xr EVP_BytesToKey 3 +function provides some limited support for password based encryption. +Careful selection of the parameters will provide a PKCS#5 PBKDF1 +compatible implementation. +However, new applications should typically not use this (preferring, for +example, PBKDF2 from PCKS#5). +.Pp +Algorithms are loaded with +.Xr OpenSSL_add_all_algorithms 3 . +.Pp +All the symmetric algorithms (ciphers), digests and asymmetric +algorithms (public key algorithms) can be replaced by +.Xr engine 3 +modules providing alternative implementations. +If +.Vt ENGINE +implementations of ciphers or digests are registered as defaults, +then the various EVP functions will automatically use those +implementations in preference to built in software implementations. +For more information, consult the +.Xr engine 3 +manual page. +.Pp +Although low level algorithm specific functions exist for many +algorithms, their use is discouraged. +They cannot be used with an +.Vt ENGINE , +and +.Vt ENGINE +versions of new algorithms cannot be accessed using the low level +functions. +Using them also makes code harder to adapt to new algorithms, some +options are not cleanly supported at the low level, and some +operations are more efficient using the high level interfaces. +.Sh SEE ALSO +.Xr engine 3 , +.Xr EVP_AEAD_CTX_init 3 , +.Xr EVP_BytesToKey 3 , +.Xr EVP_DigestInit 3 , +.Xr EVP_DigestSignInit 3 , +.Xr EVP_EncryptInit 3 , +.Xr EVP_OpenInit 3 , +.Xr EVP_PKEY_decrypt 3 , +.Xr EVP_PKEY_derive 3 , +.Xr EVP_PKEY_encrypt 3 , +.Xr EVP_PKEY_keygen 3 , +.Xr EVP_PKEY_new 3 , +.Xr EVP_PKEY_print_private 3 , +.Xr EVP_PKEY_set1_RSA 3 , +.Xr EVP_PKEY_sign 3 , +.Xr EVP_PKEY_verify 3 , +.Xr EVP_PKEY_verify_recover 3 , +.Xr EVP_SealInit 3 , +.Xr EVP_SignInit 3 , +.Xr EVP_VerifyInit 3 , +.Xr OpenSSL_add_all_algorithms 3 |