diff options
author | Matt Caswell <frodo@baggins.org> | 2013-06-13 00:42:08 +0200 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2013-06-13 00:42:08 +0200 |
commit | aafbe1ccd28439d0eb484f5b889272cbc71d62b5 (patch) | |
tree | aa2f33da04e7d4dfb5249882fd4afd4e0bc33de0 | |
parent | Exetended OAEP support. (diff) | |
download | openssl-aafbe1ccd28439d0eb484f5b889272cbc71d62b5.tar.xz openssl-aafbe1ccd28439d0eb484f5b889272cbc71d62b5.zip |
Document updates from wiki.
PR#3071
The primary changes made are:
- Updates to the "NAME" section of many pages to correctly reflect the
functions defined on those pages. This section is automatically parsed
by the util/extract-names.pl script, so if it is not correct then
running "man" will not correctly locate the right manual pages.
- Updates to take account of where functions are now deprecated
- Full documentation of the ec sub-library
- A number of other typo corrections and other minor tweaks
48 files changed, 1227 insertions, 133 deletions
diff --git a/doc/crypto/ASN1_STRING_length.pod b/doc/crypto/ASN1_STRING_length.pod index a08e9a0fa4..f651e4f2ae 100644 --- a/doc/crypto/ASN1_STRING_length.pod +++ b/doc/crypto/ASN1_STRING_length.pod @@ -3,7 +3,7 @@ =head1 NAME ASN1_STRING_dup, ASN1_STRING_cmp, ASN1_STRING_set, ASN1_STRING_length, -ASN1_STRING_length_set, ASN1_STRING_type, ASN1_STRING_data - +ASN1_STRING_length_set, ASN1_STRING_type, ASN1_STRING_data, ASN1_STRING_to_UTF8 - ASN1_STRING utility functions =head1 SYNOPSIS diff --git a/doc/crypto/ASN1_STRING_print_ex.pod b/doc/crypto/ASN1_STRING_print_ex.pod index 3891b88791..19c82ff1e4 100644 --- a/doc/crypto/ASN1_STRING_print_ex.pod +++ b/doc/crypto/ASN1_STRING_print_ex.pod @@ -2,7 +2,7 @@ =head1 NAME -ASN1_STRING_print_ex, ASN1_STRING_print_ex_fp - ASN1_STRING output routines. +ASN1_STRING_print_ex, ASN1_STRING_print_ex_fp, ASN1_STRING_print - ASN1_STRING output routines. =head1 SYNOPSIS diff --git a/doc/crypto/BIO_find_type.pod b/doc/crypto/BIO_find_type.pod index bd3b256196..2595200327 100644 --- a/doc/crypto/BIO_find_type.pod +++ b/doc/crypto/BIO_find_type.pod @@ -2,7 +2,7 @@ =head1 NAME -BIO_find_type, BIO_next - BIO chain traversal +BIO_find_type, BIO_next, BIO_method_type - BIO chain traversal =head1 SYNOPSIS diff --git a/doc/crypto/BIO_s_accept.pod b/doc/crypto/BIO_s_accept.pod index 7b63e4621b..34af1d229a 100644 --- a/doc/crypto/BIO_s_accept.pod +++ b/doc/crypto/BIO_s_accept.pod @@ -2,7 +2,7 @@ =head1 NAME -BIO_s_accept, BIO_set_accept_port, BIO_get_accept_port, +BIO_s_accept, BIO_set_accept_port, BIO_get_accept_port, BIO_new_accept, BIO_set_nbio_accept, BIO_set_accept_bios, BIO_set_bind_mode, BIO_get_bind_mode, BIO_do_accept - accept BIO diff --git a/doc/crypto/BIO_s_connect.pod b/doc/crypto/BIO_s_connect.pod index bcf7d8dcac..18ece4c91f 100644 --- a/doc/crypto/BIO_s_connect.pod +++ b/doc/crypto/BIO_s_connect.pod @@ -2,7 +2,7 @@ =head1 NAME -BIO_s_connect, BIO_set_conn_hostname, BIO_set_conn_port, +BIO_s_connect, BIO_new_connect, BIO_set_conn_hostname, BIO_set_conn_port, BIO_set_conn_ip, BIO_set_conn_int_port, BIO_get_conn_hostname, BIO_get_conn_port, BIO_get_conn_ip, BIO_get_conn_int_port, BIO_set_nbio, BIO_do_connect - connect BIO diff --git a/doc/crypto/BN_BLINDING_new.pod b/doc/crypto/BN_BLINDING_new.pod index 5f51fdb470..b96c56b376 100644 --- a/doc/crypto/BN_BLINDING_new.pod +++ b/doc/crypto/BN_BLINDING_new.pod @@ -4,7 +4,7 @@ BN_BLINDING_new, BN_BLINDING_free, BN_BLINDING_update, BN_BLINDING_convert, BN_BLINDING_invert, BN_BLINDING_convert_ex, BN_BLINDING_invert_ex, -BN_BLINDING_get_thread_id, BN_BLINDING_set_thread_id, BN_BLINDING_get_flags, +BN_BLINDING_get_thread_id, BN_BLINDING_set_thread_id, BN_BLINDING_thread_id, BN_BLINDING_get_flags, BN_BLINDING_set_flags, BN_BLINDING_create_param - blinding related BIGNUM functions. diff --git a/doc/crypto/BN_CTX_new.pod b/doc/crypto/BN_CTX_new.pod index ad8d07db89..bbedbb1778 100644 --- a/doc/crypto/BN_CTX_new.pod +++ b/doc/crypto/BN_CTX_new.pod @@ -10,9 +10,12 @@ BN_CTX_new, BN_CTX_init, BN_CTX_free - allocate and free BN_CTX structures BN_CTX *BN_CTX_new(void); + void BN_CTX_free(BN_CTX *c); + +Deprecated: + void BN_CTX_init(BN_CTX *c); - void BN_CTX_free(BN_CTX *c); =head1 DESCRIPTION @@ -22,8 +25,7 @@ is rather expensive when used in conjunction with repeated subroutine calls, the B<BN_CTX> structure is used. BN_CTX_new() allocates and initializes a B<BN_CTX> -structure. BN_CTX_init() initializes an existing uninitialized -B<BN_CTX>. +structure. BN_CTX_free() frees the components of the B<BN_CTX>, and if it was created by BN_CTX_new(), also the structure itself. @@ -31,6 +33,8 @@ If L<BN_CTX_start(3)|BN_CTX_start(3)> has been used on the B<BN_CTX>, L<BN_CTX_end(3)|BN_CTX_end(3)> must be called before the B<BN_CTX> may be freed by BN_CTX_free(). +BN_CTX_init() (deprecated) initializes an existing uninitialized B<BN_CTX>. +This should not be used for new programs. Use BN_CTX_new() instead. =head1 RETURN VALUES diff --git a/doc/crypto/BN_generate_prime.pod b/doc/crypto/BN_generate_prime.pod index 7dccacbc1e..bf1b5308ad 100644 --- a/doc/crypto/BN_generate_prime.pod +++ b/doc/crypto/BN_generate_prime.pod @@ -2,12 +2,31 @@ =head1 NAME -BN_generate_prime, BN_is_prime, BN_is_prime_fasttest - generate primes and test for primality +BN_generate_prime_ex, BN_is_prime_ex, BN_is_prime_fasttest_ex, BN_GENCB_call, +BN_GENCB_set_old, BN_GENCB_set, BN_generate_prime, BN_is_prime, +BN_is_prime_fasttest - generate primes and test for primality =head1 SYNOPSIS #include <openssl/bn.h> + int BN_generate_prime_ex(BIGNUM *ret,int bits,int safe, const BIGNUM *add, + const BIGNUM *rem, BN_GENCB *cb); + + int BN_is_prime_ex(const BIGNUM *p,int nchecks, BN_CTX *ctx, BN_GENCB *cb); + + int BN_is_prime_fasttest_ex(const BIGNUM *p,int nchecks, BN_CTX *ctx, + int do_trial_division, BN_GENCB *cb); + + int BN_GENCB_call(BN_GENCB *cb, int a, int b); + + #define BN_GENCB_set_old(gencb, callback, cb_arg) ... + + #define BN_GENCB_set(gencb, callback, cb_arg) ... + + +Deprecated: + BIGNUM *BN_generate_prime(BIGNUM *ret, int num, int safe, BIGNUM *add, BIGNUM *rem, void (*callback)(int, int, void *), void *cb_arg); @@ -20,27 +39,27 @@ BN_generate_prime, BN_is_prime, BN_is_prime_fasttest - generate primes and test =head1 DESCRIPTION -BN_generate_prime() generates a pseudo-random prime number of B<num> -bits. +BN_generate_prime_ex() generates a pseudo-random prime number of +bit length B<bits>. If B<ret> is not B<NULL>, it will be used to store the number. -If B<callback> is not B<NULL>, it is called as follows: +If B<cb> is not B<NULL>, it is used as follows: =over 4 =item * -B<callback(0, i, cb_arg)> is called after generating the i-th +B<BN_GENCB_call(cb, 0, i)> is called after generating the i-th potential prime number. =item * -While the number is being tested for primality, B<callback(1, j, -cb_arg)> is called as described below. +While the number is being tested for primality, +B<BN_GENCB_call(cb, 1, j)> is called as described below. =item * -When a prime has been found, B<callback(2, i, cb_arg)> is called. +When a prime has been found, B<BN_GENCB_call(cb, 2, i)> is called. =back @@ -54,38 +73,67 @@ generator. If B<safe> is true, it will be a safe prime (i.e. a prime p so that (p-1)/2 is also prime). -The PRNG must be seeded prior to calling BN_generate_prime(). +The PRNG must be seeded prior to calling BN_generate_prime_ex(). The prime number generation has a negligible error probability. -BN_is_prime() and BN_is_prime_fasttest() test if the number B<a> is +BN_is_prime_ex() and BN_is_prime_fasttest_ex() test if the number B<p> is prime. The following tests are performed until one of them shows that -B<a> is composite; if B<a> passes all these tests, it is considered +B<p> is composite; if B<p> passes all these tests, it is considered prime. -BN_is_prime_fasttest(), when called with B<do_trial_division == 1>, +BN_is_prime_fasttest_ex(), when called with B<do_trial_division == 1>, first attempts trial division by a number of small primes; -if no divisors are found by this test and B<callback> is not B<NULL>, -B<callback(1, -1, cb_arg)> is called. +if no divisors are found by this test and B<cb> is not B<NULL>, +B<BN_GENCB_call(cb, 1, -1)> is called. If B<do_trial_division == 0>, this test is skipped. -Both BN_is_prime() and BN_is_prime_fasttest() perform a Miller-Rabin -probabilistic primality test with B<checks> iterations. If -B<checks == BN_prime_checks>, a number of iterations is used that +Both BN_is_prime_ex() and BN_is_prime_fasttest_ex() perform a Miller-Rabin +probabilistic primality test with B<nchecks> iterations. If +B<nchecks == BN_prime_checks>, a number of iterations is used that yields a false positive rate of at most 2^-80 for random input. -If B<callback> is not B<NULL>, B<callback(1, j, cb_arg)> is called +If B<cb> is not B<NULL>, B<BN_GENCB_call(cb, 1, j)> is called after the j-th iteration (j = 0, 1, ...). B<ctx> is a pre-allocated B<BN_CTX> (to save the overhead of allocating and freeing the structure in a loop), or B<NULL>. +BN_GENCB_call calls the callback function held in the B<BN_GENCB> structure +and passes the ints B<a> and B<b> as arguments. There are two types of +B<BN_GENCB> structure that are supported: "new" style and "old" style. New +programs should prefer the "new" style, whilst the "old" style is provided +for backwards compatibility purposes. + +For "new" style callbacks a BN_GENCB structure should be initialised with a +call to BN_GENCB_set, where B<gencb> is a B<BN_GENCB *>, B<callback> is of +type B<int (*callback)(int, int, BN_GENCB *)> and B<cb_arg> is a B<void *>. +"Old" style callbacks are the same except they are initialised with a call +to BN_GENCB_set_old and B<callback> is of type +B<void (*callback)(int, int, void *)>. + +A callback is invoked through a call to B<BN_GENCB_call>. This will check +the type of the callback and will invoke B<callback(a, b, gencb)> for new +style callbacks or B<callback(a, b, cb_arg)> for old style. + +BN_generate_prime (deprecated) works in the same way as +BN_generate_prime_ex but expects an old style callback function +directly in the B<callback> parameter, and an argument to pass to it in +the B<cb_arg>. Similarly BN_is_prime and BN_is_prime_fasttest are +deprecated and can be compared to BN_is_prime_ex and +BN_is_prime_fasttest_ex respectively. + =head1 RETURN VALUES -BN_generate_prime() returns the prime number on success, B<NULL> otherwise. +BN_generate_prime_ex() return 1 on success or 0 on error. -BN_is_prime() returns 0 if the number is composite, 1 if it is -prime with an error probability of less than 0.25^B<checks>, and +BN_is_prime_ex(), BN_is_prime_fasttest_ex(), BN_is_prime() and +BN_is_prime_fasttest() return 0 if the number is composite, 1 if it is +prime with an error probability of less than 0.25^B<nchecks>, and -1 on error. +BN_generate_prime() returns the prime number on success, B<NULL> otherwise. + +Callback functions should return 1 on success or 0 on error. + The error codes can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>. =head1 SEE ALSO diff --git a/doc/crypto/BN_rand.pod b/doc/crypto/BN_rand.pod index 81f93c2eb3..d6b975ccf6 100644 --- a/doc/crypto/BN_rand.pod +++ b/doc/crypto/BN_rand.pod @@ -2,7 +2,7 @@ =head1 NAME -BN_rand, BN_pseudo_rand - generate pseudo-random number +BN_rand, BN_pseudo_rand, BN_rand_range, BN_pseudo_rand_range - generate pseudo-random number =head1 SYNOPSIS diff --git a/doc/crypto/CMS_add0_cert.pod b/doc/crypto/CMS_add0_cert.pod index 9c13f488f6..8678ca18a5 100644 --- a/doc/crypto/CMS_add0_cert.pod +++ b/doc/crypto/CMS_add0_cert.pod @@ -2,7 +2,7 @@ =head1 NAME - CMS_add0_cert, CMS_add1_cert, CMS_get1_certs, CMS_add0_crl, CMS_get1_crls, - CMS certificate and CRL utility functions +CMS_add0_cert, CMS_add1_cert, CMS_get1_certs, CMS_add0_crl, CMS_add1_crl, CMS_get1_crls, - CMS certificate and CRL utility functions =head1 SYNOPSIS diff --git a/doc/crypto/CMS_get0_RecipientInfos.pod b/doc/crypto/CMS_get0_RecipientInfos.pod index fa6bb169d1..fe49772a86 100644 --- a/doc/crypto/CMS_get0_RecipientInfos.pod +++ b/doc/crypto/CMS_get0_RecipientInfos.pod @@ -2,7 +2,7 @@ =head1 NAME - CMS_get0_RecipientInfos, CMS_RecipientInfo_type, CMS_RecipientInfo_ktri_get0_signer_id,CMS_RecipientInfo_ktri_cert_cmp, CMS_RecipientInfo_set0_pkey, CMS_RecipientInfo_kekri_get0_id, CMS_RecipientInfo_kekri_id_cmp, CMS_RecipientInfo_set0_key, CMS_RecipientInfo_decrypt - CMS envelopedData RecipientInfo routines +CMS_get0_RecipientInfos, CMS_RecipientInfo_type, CMS_RecipientInfo_ktri_get0_signer_id,CMS_RecipientInfo_ktri_cert_cmp, CMS_RecipientInfo_set0_pkey, CMS_RecipientInfo_kekri_get0_id, CMS_RecipientInfo_kekri_id_cmp, CMS_RecipientInfo_set0_key, CMS_RecipientInfo_decrypt, CMS_RecipientInfo_encrypt - CMS envelopedData RecipientInfo routines =head1 SYNOPSIS diff --git a/doc/crypto/CMS_get0_SignerInfos.pod b/doc/crypto/CMS_get0_SignerInfos.pod index 47f6d2a047..eca61f1879 100644 --- a/doc/crypto/CMS_get0_SignerInfos.pod +++ b/doc/crypto/CMS_get0_SignerInfos.pod @@ -2,7 +2,7 @@ =head1 NAME - CMS_get0_SignerInfos, CMS_SignerInfo_get0_signer_id, CMS_SignerInfo_cert_cmp, CMS_set1_signer_certs - CMS signedData signer functions. +CMS_get0_SignerInfos, CMS_SignerInfo_get0_signer_id, CMS_SignerInfo_cert_cmp, CMS_set1_signer_cert - CMS signedData signer functions. =head1 SYNOPSIS diff --git a/doc/crypto/CMS_verify.pod b/doc/crypto/CMS_verify.pod index 8f26fdab09..7a2c1ee251 100644 --- a/doc/crypto/CMS_verify.pod +++ b/doc/crypto/CMS_verify.pod @@ -2,7 +2,7 @@ =head1 NAME - CMS_verify - verify a CMS SignedData structure +CMS_verify, CMS_get0_signers - verify a CMS SignedData structure =head1 SYNOPSIS diff --git a/doc/crypto/DH_generate_parameters.pod b/doc/crypto/DH_generate_parameters.pod index 9081e9ea7c..7f81a04d91 100644 --- a/doc/crypto/DH_generate_parameters.pod +++ b/doc/crypto/DH_generate_parameters.pod @@ -2,32 +2,39 @@ =head1 NAME -DH_generate_parameters, DH_check - generate and check Diffie-Hellman parameters + +DH_generate_parameters_ex, DH_generate_parameters, +DH_check - generate and check Diffie-Hellman parameters =head1 SYNOPSIS #include <openssl/dh.h> - DH *DH_generate_parameters(int prime_len, int generator, - void (*callback)(int, int, void *), void *cb_arg); + int DH_generate_parameters_ex(DH *dh, int prime_len,int generator, BN_GENCB *cb); int DH_check(DH *dh, int *codes); +Deprecated: + + DH *DH_generate_parameters(int prime_len, int generator, + void (*callback)(int, int, void *), void *cb_arg); + =head1 DESCRIPTION -DH_generate_parameters() generates Diffie-Hellman parameters that can -be shared among a group of users, and returns them in a newly -allocated B<DH> structure. The pseudo-random number generator must be +DH_generate_parameters_ex() generates Diffie-Hellman parameters that can +be shared among a group of users, and stores them in the provided B<DH> +structure. The pseudo-random number generator must be seeded prior to calling DH_generate_parameters(). B<prime_len> is the length in bits of the safe prime to be generated. B<generator> is a small number E<gt> 1, typically 2 or 5. A callback function may be used to provide feedback about the progress -of the key generation. If B<callback> is not B<NULL>, it will be +of the key generation. If B<cb> is not B<NULL>, it will be called as described in L<BN_generate_prime(3)|BN_generate_prime(3)> while a random prime -number is generated, and when a prime has been found, B<callback(3, -0, cb_arg)> is called. +number is generated, and when a prime has been found, B<BN_GENCB_call(cb, 3, 0)> +is called. See L<BN_generate_prime(3)|BN_generate_prime(3)> for information on +the BN_GENCB_call() function. DH_check() validates Diffie-Hellman parameters. It checks that B<p> is a safe prime, and that B<g> is a suitable generator. In the case of an @@ -38,19 +45,21 @@ checked, i.e. it does not equal 2 or 5. =head1 RETURN VALUES -DH_generate_parameters() returns a pointer to the DH structure, or -NULL if the parameter generation fails. The error codes can be -obtained by L<ERR_get_error(3)|ERR_get_error(3)>. +DH_generate_parameters_ex() and DH_check() return 1 if the check could be +performed, 0 otherwise. + +DH_generate_parameters() (deprecated) returns a pointer to the DH structure, or +NULL if the parameter generation fails. -DH_check() returns 1 if the check could be performed, 0 otherwise. +The error codes can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>. =head1 NOTES -DH_generate_parameters() may run for several hours before finding a -suitable prime. +DH_generate_parameters_ex() and DH_generate_parameters() may run for several +hours before finding a suitable prime. -The parameters generated by DH_generate_parameters() are not to be -used in signature schemes. +The parameters generated by DH_generate_parameters_ex() and DH_generate_parameters() +are not to be used in signature schemes. =head1 BUGS diff --git a/doc/crypto/DSA_generate_parameters.pod b/doc/crypto/DSA_generate_parameters.pod index be7c924ff8..16a67f22b0 100644 --- a/doc/crypto/DSA_generate_parameters.pod +++ b/doc/crypto/DSA_generate_parameters.pod @@ -2,20 +2,26 @@ =head1 NAME -DSA_generate_parameters - generate DSA parameters +DSA_generate_parameters_ex, DSA_generate_parameters - generate DSA parameters =head1 SYNOPSIS #include <openssl/dsa.h> + int DSA_generate_parameters_ex(DSA *dsa, int bits, + const unsigned char *seed,int seed_len, + int *counter_ret, unsigned long *h_ret, BN_GENCB *cb); + +Deprecated: + DSA *DSA_generate_parameters(int bits, unsigned char *seed, int seed_len, int *counter_ret, unsigned long *h_ret, void (*callback)(int, int, void *), void *cb_arg); =head1 DESCRIPTION -DSA_generate_parameters() generates primes p and q and a generator g -for use in the DSA. +DSA_generate_parameters_ex() generates primes p and q and a generator g +for use in the DSA and stores the result in B<dsa>. B<bits> is the length of the prime to be generated; the DSS allows a maximum of 1024 bits. @@ -25,64 +31,74 @@ generated at random. Otherwise, the seed is used to generate them. If the given seed does not yield a prime q, a new random seed is chosen and placed at B<seed>. -DSA_generate_parameters() places the iteration count in +DSA_generate_parameters_ex() places the iteration count in *B<counter_ret> and a counter used for finding a generator in *B<h_ret>, unless these are B<NULL>. A callback function may be used to provide feedback about the progress -of the key generation. If B<callback> is not B<NULL>, it will be -called as follows: +of the key generation. If B<cb> is not B<NULL>, it will be +called as shown below. For information on the BN_GENCB structure and the +BN_GENCB_call function discussed below, refer to +L<BN_generate_prime(3)|BN_generate_prime(3)>. =over 4 =item * -When a candidate for q is generated, B<callback(0, m++, cb_arg)> is called +When a candidate for q is generated, B<BN_GENCB_call(cb, 0, m++)> is called (m is 0 for the first candidate). =item * When a candidate for q has passed a test by trial division, -B<callback(1, -1, cb_arg)> is called. +B<BN_GENCB_call(cb, 1, -1)> is called. While a candidate for q is tested by Miller-Rabin primality tests, -B<callback(1, i, cb_arg)> is called in the outer loop +B<BN_GENCB_call(cb, 1, i)> is called in the outer loop (once for each witness that confirms that the candidate may be prime); i is the loop counter (starting at 0). =item * -When a prime q has been found, B<callback(2, 0, cb_arg)> and -B<callback(3, 0, cb_arg)> are called. +When a prime q has been found, B<BN_GENCB_call(cb, 2, 0)> and +B<BN_GENCB_call(cb, 3, 0)> are called. =item * Before a candidate for p (other than the first) is generated and tested, -B<callback(0, counter, cb_arg)> is called. +B<BN_GENCB_call(cb, 0, counter)> is called. =item * When a candidate for p has passed the test by trial division, -B<callback(1, -1, cb_arg)> is called. +B<BN_GENCB_call(cb, 1, -1)> is called. While it is tested by the Miller-Rabin primality test, -B<callback(1, i, cb_arg)> is called in the outer loop +B<BN_GENCB_call(cb, 1, i)> is called in the outer loop (once for each witness that confirms that the candidate may be prime). i is the loop counter (starting at 0). =item * -When p has been found, B<callback(2, 1, cb_arg)> is called. +When p has been found, B<BN_GENCB_call(cb, 2, 1)> is called. =item * -When the generator has been found, B<callback(3, 1, cb_arg)> is called. +When the generator has been found, B<BN_GENCB_call(cb, 3, 1)> is called. =back +DSA_generate_parameters() (deprecated) works in much the same way as for DSA_generate_parameters_ex, except that no B<dsa> parameter is passed and +instead a newly allocated B<DSA> structure is returned. Additionally "old +style" callbacks are used instead of the newer BN_GENCB based approach. +Refer to L<BN_generate_prime(3)|BN_generate_prime(3)> for further information. + =head1 RETURN VALUE +DSA_generate_parameters_ex() returns a 1 on success, or 0 otherwise. + DSA_generate_parameters() returns a pointer to the DSA structure, or -B<NULL> if the parameter generation fails. The error codes can be -obtained by L<ERR_get_error(3)|ERR_get_error(3)>. +B<NULL> if the parameter generation fails. + +The error codes can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>. =head1 BUGS @@ -91,7 +107,7 @@ Seed lengths E<gt> 20 are not supported. =head1 SEE ALSO L<dsa(3)|dsa(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<rand(3)|rand(3)>, -L<DSA_free(3)|DSA_free(3)> +L<DSA_free(3)|DSA_free(3)>, L<BN_generate_prime(3)|BN_generate_prime(3)> =head1 HISTORY diff --git a/doc/crypto/EC_GFp_simple_method.pod b/doc/crypto/EC_GFp_simple_method.pod new file mode 100644 index 0000000000..aff20ac175 --- /dev/null +++ b/doc/crypto/EC_GFp_simple_method.pod @@ -0,0 +1,60 @@ +=pod + +=head1 NAME + +EC_GFp_simple_method, EC_GFp_mont_method, EC_GFp_nist_method, EC_GFp_nistp224_method, EC_GFp_nistp256_method, EC_GFp_nistp521_method, EC_GF2m_simple_method, EC_METHOD_get_field_type - Functions for obtaining B<EC_METHOD> objects. + +=head1 SYNOPSIS + + #include <openssl/ec.h> + + const EC_METHOD *EC_GFp_simple_method(void); + const EC_METHOD *EC_GFp_mont_method(void); + const EC_METHOD *EC_GFp_nist_method(void); + const EC_METHOD *EC_GFp_nistp224_method(void); + const EC_METHOD *EC_GFp_nistp256_method(void); + const EC_METHOD *EC_GFp_nistp521_method(void); + + const EC_METHOD *EC_GF2m_simple_method(void); + + int EC_METHOD_get_field_type(const EC_METHOD *meth); + +=head1 DESCRIPTION + +The Elliptic Curve library provides a number of different implementations through a single common interface. +When constructing a curve using EC_GROUP_new (see L<EC_GROUP_new(3)|EC_GROUP_new(3)>) an +implementation method must be provided. The functions described here all return a const pointer to an +B<EC_METHOD> structure that can be passed to EC_GROUP_NEW. It is important that the correct implementation +type for the form of curve selected is used. + +For F2^m curves there is only one implementation choice, i.e. EC_GF2_simple_method. + +For Fp curves the lowest common denominator implementation is the EC_GFp_simple_method implementation. All +other implementations are based on this one. EC_GFp_mont_method builds on EC_GFp_simple_method but adds the +use of montgomery multiplication (see L<BN_mod_mul_montgomery(3)|BN_mod_mul_montgomery(3)>). EC_GFp_nist_method +offers an implementation optimised for use with NIST recommended curves (NIST curves are available through +EC_GROUP_new_by_curve_name as described in L<EC_GROUP_new(3)|EC_GROUP_new(3)>). + +The functions EC_GFp_nistp224_method, EC_GFp_nistp256_method and EC_GFp_nistp521_method offer 64 bit +optimised implementations for the NIST P224, P256 and P521 curves respectively. Note, however, that these +implementations are not available on all platforms. + +EC_METHOD_get_field_type identifies what type of field the EC_METHOD structure supports, which will be either +F2^m or Fp. If the field type is Fp then the value B<NID_X9_62_prime_field> is returned. If the field type is +F2^m then the value B<NID_X9_62_characteristic_two_field> is returned. These values are defined in the +obj_mac.h header file. + +=head1 RETURN VALUES + +All EC_GFp* functions and EC_GF2m_simple_method always return a const pointer to an EC_METHOD structure. + +EC_METHOD_get_field_type returns an integer that identifies the type of field the EC_METHOD structure supports. + +=head1 SEE ALSO + +L<crypto(3)|crypto(3)>, L<ec(3)|ec(3)>, L<EC_GROUP_new(3)|EC_GROUP_new(3)>, L<EC_GROUP_copy(3)|EC_GROUP_copy(3)>, +L<EC_POINT_new(3)|EC_POINT_new(3)>, L<EC_POINT_add(3)|EC_POINT_add(3)>, L<EC_KEY_new(3)|EC_KEY_new(3)>, +L<d2i_ECPKParameters(3)|d2i_ECPKParameters(3)>, +L<BN_mod_mul_montgomery(3)|BN_mod_mul_montgomery(3)> + +=cut diff --git a/doc/crypto/EC_GROUP_copy.pod b/doc/crypto/EC_GROUP_copy.pod new file mode 100644 index 0000000000..954af469d5 --- /dev/null +++ b/doc/crypto/EC_GROUP_copy.pod @@ -0,0 +1,174 @@ +=pod + +=head1 NAME + +EC_GROUP_copy, EC_GROUP_dup, EC_GROUP_method_of, EC_GROUP_set_generator, EC_GROUP_get0_generator, EC_GROUP_get_order, EC_GROUP_get_cofactor, EC_GROUP_set_curve_name, EC_GROUP_get_curve_name, EC_GROUP_set_asn1_flag, EC_GROUP_get_asn1_flag, EC_GROUP_set_point_conversion_form, EC_GROUP_get_point_conversion_form, EC_GROUP_get0_seed, EC_GROUP_get_seed_len, EC_GROUP_set_seed, EC_GROUP_get_degree, EC_GROUP_check, EC_GROUP_check_discriminant, EC_GROUP_cmp, EC_GROUP_get_basis_type, EC_GROUP_get_trinomial_basis, EC_GROUP_get_pentanomial_basis - Functions for manipulating B<EC_GROUP> objects. + +=head1 SYNOPSIS + + #include <openssl/ec.h> + #include <openssl/bn.h> + + int EC_GROUP_copy(EC_GROUP *dst, const EC_GROUP *src); + EC_GROUP *EC_GROUP_dup(const EC_GROUP *src); + + const EC_METHOD *EC_GROUP_method_of(const EC_GROUP *group); + + int EC_GROUP_set_generator(EC_GROUP *group, const EC_POINT *generator, const BIGNUM *order, const BIGNUM *cofactor); + const EC_POINT *EC_GROUP_get0_generator(const EC_GROUP *group); + + int EC_GROUP_get_order(const EC_GROUP *group, BIGNUM *order, BN_CTX *ctx); + int EC_GROUP_get_cofactor(const EC_GROUP *group, BIGNUM *cofactor, BN_CTX *ctx); + + void EC_GROUP_set_curve_name(EC_GROUP *group, int nid); + int EC_GROUP_get_curve_name(const EC_GROUP *group); + + void EC_GROUP_set_asn1_flag(EC_GROUP *group, int flag); + int EC_GROUP_get_asn1_flag(const EC_GROUP *group); + + void EC_GROUP_set_point_conversion_form(EC_GROUP *group, point_conversion_form_t form); + point_conversion_form_t EC_GROUP_get_point_conversion_form(const EC_GROUP *); + + unsigned char *EC_GROUP_get0_seed(const EC_GROUP *x); + size_t EC_GROUP_get_seed_len(const EC_GROUP *); + size_t EC_GROUP_set_seed(EC_GROUP *, const unsigned char *, size_t len); + + int EC_GROUP_get_degree(const EC_GROUP *group); + + int EC_GROUP_check(const EC_GROUP *group, BN_CTX *ctx); + + int EC_GROUP_check_discriminant(const EC_GROUP *group, BN_CTX *ctx); + + int EC_GROUP_cmp(const EC_GROUP *a, const EC_GROUP *b, BN_CTX *ctx); + + int EC_GROUP_get_basis_type(const EC_GROUP *); + int EC_GROUP_get_trinomial_basis(const EC_GROUP *, unsigned int *k); + int EC_GROUP_get_pentanomial_basis(const EC_GROUP *, unsigned int *k1, + unsigned int *k2, unsigned int *k3); + +=head1 DESCRIPTION + +EC_GROUP_copy copies the curve B<src> into B<dst>. Both B<src> and B<dst> must use the same EC_METHOD. + +EC_GROUP_dup creates a new EC_GROUP object and copies the content from B<src> to the newly created +EC_GROUP object. + +EC_GROUP_method_of obtains the EC_METHOD of B<group>. + +EC_GROUP_set_generator sets curve paramaters that must be agreed by all participants using the curve. These +paramaters include the B<generator>, the B<order> and the B<cofactor>. The B<generator> is a well defined point on the +curve chosen for cryptographic operations. Integers used for point multiplications will be between 0 and +n-1 where n is the B<order>. The B<order> multipied by the B<cofactor> gives the number of points on the curve. + +EC_GROUP_get0_generator returns the generator for the identified B<group>. + +The functions EC_GROUP_get_order and EC_GROUP_get_cofactor populate the provided B<order> and B<cofactor> parameters +with the respective order and cofactors for the B<group>. + +The functions EC_GROUP_set_curve_name and EC_GROUP_get_curve_name, set and get the NID for the curve respectively +(see L<EC_GROUP_new(3)|EC_GROUP_new(3)>). If a curve does not have a NID associated with it, then EC_GROUP_get_curve_name +will return 0. + +The asn1_flag value on a curve is used to determine whether there is a specific ASN1 OID to describe the curve or not. +If the asn1_flag is 1 then this is a named curve with an associated ASN1 OID. If not then asn1_flag is 0. The functions +EC_GROUP_get_asn1_flag and EC_GROUP_set_asn1_flag get and set the status of the asn1_flag for the curve. If set then +the curve_name must also be set. + +The point_coversion_form for a curve controls how EC_POINT data is encoded as ASN1 as defined in X9.62 (ECDSA). +point_conversion_form_t is an enum defined as follows: + + typedef enum { + /** the point is encoded as z||x, where the octet z specifies + * which solution of the quadratic equation y is */ + POINT_CONVERSION_COMPRESSED = 2, + /** the point is encoded as z||x||y, where z is the octet 0x02 */ + POINT_CONVERSION_UNCOMPRESSED = 4, + /** the point is encoded as z||x||y, where the octet z specifies + * which solution of the quadratic equation y is */ + POINT_CONVERSION_HYBRID = 6 + } point_conversion_form_t; + + +For POINT_CONVERSION_UNCOMPRESSED the point is encoded as an octet signifying the UNCOMPRESSED form has been used followed by +the octets for x, followed by the octets for y. + +For any given x co-ordinate for a point on a curve it is possible to derive two possible y values. For +POINT_CONVERSION_COMPRESSED the point is encoded as an octet signifying that the COMPRESSED form has been used AND which of +the two possible solutions for y has been used, followed by the octets for x. + +For POINT_CONVERSION_HYBRID the point is encoded as an octet signifying the HYBRID form has been used AND which of the two +possible solutions for y has been used, followed by the octets for x, followed by the octets for y. + +The functions EC_GROUP_set_point_conversion_form and EC_GROUP_get_point_conversion_form set and get the point_conversion_form +for the curve respectively. + +ANSI X9.62 (ECDSA standard) defines a method of generating the curve parameter b from a random number. This provides advantages +in that a parameter obtained in this way is highly unlikely to be susceptible to special purpose attacks, or have any trapdoors in it. +If the seed is present for a curve then the b parameter was generated in a verifiable fashion using that seed. The OpenSSL EC library +does not use this seed value but does enable you to inspect it using EC_GROUP_get0_seed. This returns a pointer to a memory block +containing the seed that was used. The length of the memory block can be obtained using EC_GROUP_get_seed_len. A number of the +builtin curves within the library provide seed values that can be obtained. It is also possible to set a custom seed using +EC_GROUP_set_seed and passing a pointer to a memory block, along with the length of the seed. Again, the EC library will not use +this seed value, although it will be preserved in any ASN1 based communications. + +EC_GROUP_get_degree gets the degree of the field. For Fp fields this will be the number of bits in p. For F2^m fields this will be +the value m. + +The function EC_GROUP_check_discriminant calculates the discriminant for the curve and verifies that it is valid. +For a curve defined over Fp the discriminant is given by the formula 4*a^3 + 27*b^2 whilst for F2^m curves the discriminant is +simply b. In either case for the curve to be valid the discriminant must be non zero. + +The function EC_GROUP_check performs a number of checks on a curve to verify that it is valid. Checks performed include +verifying that the discriminant is non zero; that a generator has been defined; that the generator is on the curve and has +the correct order. + +EC_GROUP_cmp compares B<a> and B<b> to determine whether they represent the same curve or not. + +The functions EC_GROUP_get_basis_type, EC_GROUP_get_trinomial_basis and EC_GROUP_get_pentanomial_basis should only be called for curves +defined over an F2^m field. Addition and multiplication operations within an F2^m field are performed using an irreducible polynomial +function f(x). This function is either a trinomial of the form: + +f(x) = x^m + x^k + 1 with m > k >= 1 + +or a pentanomial of the form: + +f(x) = x^m + x^k3 + x^k2 + x^k1 + 1 with m > k3 > k2 > k1 >= 1 + +The function EC_GROUP_get_basis_type returns a NID identifying whether a trinomial or pentanomial is in use for the field. The +function EC_GROUP_get_trinomial_basis must only be called where f(x) is of the trinomial form, and returns the value of B<k>. Similary +the function EC_GROUP_get_pentanomial_basis must only be called where f(x) is of the pentanomial form, and returns the values of B<k1>, +B<k2> and B<k3> respectively. + +=head1 RETURN VALUES + +The following functions return 1 on success or 0 on error: EC_GROUP_copy, EC_GROUP_set_generator, EC_GROUP_check, +EC_GROUP_check_discriminant, EC_GROUP_get_trinomial_basis and EC_GROUP_get_pentanomial_basis. + +EC_GROUP_dup returns a pointer to the duplicated curve, or NULL on error. + +EC_GROUP_method_of returns the EC_METHOD implementation in use for the given curve or NULL on error. + +EC_GROUP_get0_generator returns the generator for the given curve or NULL on error. + +EC_GROUP_get_order, EC_GROUP_get_cofactor, EC_GROUP_get_curve_name, EC_GROUP_get_asn1_flag, EC_GROUP_get_point_conversion_form +and EC_GROUP_get_degree return the order, cofactor, curve name (NID), ASN1 flag, point_conversion_form and degree for the +specified curve respectively. If there is no curve name associated with a curve then EC_GROUP_get_curve_name will return 0. + +EC_GROUP_get0_seed returns a pointer to the seed that was used to generate the parameter b, or NULL if the seed is not +specified. EC_GROUP_get_seed_len returns the length of the seed or 0 if the seed is not specified. + +EC_GROUP_set_seed returns the length of the seed that has been set. If the supplied seed is NULL, or the supplied seed length is +0, the the return value will be 1. On error 0 is returned. + +EC_GROUP_cmp returns 0 if the curves are equal, 1 if they are not equal, or -1 on error. + +EC_GROUP_get_basis_type returns the values NID_X9_62_tpBasis or NID_X9_62_ppBasis (as defined in <openssl/obj_mac.h>) for a +trinomial or pentanomial respectively. Alternatively in the event of an error a 0 is returned. + +=head1 SEE ALSO + +L<crypto(3)|crypto(3)>, L<ec(3)|ec(3)>, L<EC_GROUP_new(3)|EC_GROUP_new(3)>, +L<EC_POINT_new(3)|EC_POINT_new(3)>, L<EC_POINT_add(3)|EC_POINT_add(3)>, L<EC_KEY_new(3)|EC_KEY_new(3)>, +L<EC_GFp_simple_method(3)|EC_GFp_simple_method(3)>, L<d2i_ECPKParameters(3)|d2i_ECPKParameters(3)> + +=cut diff --git a/doc/crypto/EC_GROUP_new.pod b/doc/crypto/EC_GROUP_new.pod new file mode 100644 index 0000000000..ff55bf33a3 --- /dev/null +++ b/doc/crypto/EC_GROUP_new.pod @@ -0,0 +1,95 @@ +=pod + +=head1 NAME + +EC_GROUP_new, EC_GROUP_free, EC_GROUP_clear_free, EC_GROUP_new_curve_GFp, EC_GROUP_new_curve_GF2m, EC_GROUP_new_by_curve_name, EC_GROUP_set_curve_GFp, EC_GROUP_get_curve_GFp, EC_GROUP_set_curve_GF2m, EC_GROUP_get_curve_GF2m, EC_get_builtin_curves - Functions for creating and destroying B<EC_GROUP> objects. + +=head1 SYNOPSIS + + #include <openssl/ec.h> + #include <openssl/bn.h> + + EC_GROUP *EC_GROUP_new(const EC_METHOD *meth); + void EC_GROUP_free(EC_GROUP *group); + void EC_GROUP_clear_free(EC_GROUP *group); + + EC_GROUP *EC_GROUP_new_curve_GFp(const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx); + EC_GROUP *EC_GROUP_new_curve_GF2m(const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx); + EC_GROUP *EC_GROUP_new_by_curve_name(int nid); + + int EC_GROUP_set_curve_GFp(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx); + int EC_GROUP_get_curve_GFp(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, BIGNUM *b, BN_CTX *ctx); + int EC_GROUP_set_curve_GF2m(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx); + int EC_GROUP_get_curve_GF2m(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, BIGNUM *b, BN_CTX *ctx); + + size_t EC_get_builtin_curves(EC_builtin_curve *r, size_t nitems); + +=head1 DESCRIPTION + +Within the library there are two forms of elliptic curve that are of interest. The first form is those defined over the +prime field Fp. The elements of Fp are the integers 0 to p-1, where p is a prime number. This gives us a revised +elliptic curve equation as follows: + +y^2 mod p = x^3 +ax + b mod p + +The second form is those defined over a binary field F2^m where the elements of the field are integers of length at +most m bits. For this form the elliptic curve equation is modified to: + +y^2 + xy = x^3 + ax^2 + b (where b != 0) + +Operations in a binary field are performed relative to an B<irreducible polynomial>. All such curves with OpenSSL +use a trinomial or a pentanomial for this parameter. + +A new curve can be constructed by calling EC_GROUP_new, using the implementation provided by B<meth> (see +L<EC_GFp_simple_method(3)|EC_GFp_simple_method(3)>). It is then necessary to call either EC_GROUP_set_curve_GFp or +EC_GROUP_set_curve_GF2m as appropriate to create a curve defined over Fp or over F2^m respectively. + +EC_GROUP_set_curve_GFp sets the curve parameters B<p>, B<a> and B<b> for a curve over Fp stored in B<group>. +EC_group_get_curve_GFp obtains the previously set curve parameters. + +EC_GROUP_set_curve_GF2m sets the equivalent curve parameters for a curve over F2^m. In this case B<p> represents +the irreducible polybnomial - each bit represents a term in the polynomial. Therefore there will either be three +or five bits set dependant on whether the polynomial is a trinomial or a pentanomial. +EC_group_get_curve_GF2m obtains the previously set curve parameters. + +The functions EC_GROUP_new_curve_GFp and EC_GROUP_new_curve_GF2m are shortcuts for calling EC_GROUP_new and the +appropriate EC_group_set_curve function. An appropriate default implementation method will be used. + +Whilst the library can be used to create any curve using the functions described above, there are also a number of +predefined curves that are available. In order to obtain a list of all of the predefined curves, call the function +EC_get_builtin_curves. The parameter B<r> should be an array of EC_builtin_curve structures of size B<nitems>. The function +will populate the B<r> array with information about the builtin curves. If B<nitems> is less than the total number of +curves available, then the first B<nitems> curves will be returned. Otherwise the total number of curves will be +provided. The return value is the total number of curves available (whether that number has been populated in B<r> or +not). Passing a NULL B<r>, or setting B<nitems> to 0 will do nothing other than return the total number of curves available. +The EC_builtin_curve structure is defined as follows: + + typedef struct { + int nid; + const char *comment; + } EC_builtin_curve; + +Each EC_builtin_curve item has a unique integer id (B<nid>), and a human readable comment string describing the curve. + +In order to construct a builtin curve use the function EC_GROUP_new_by_curve_name and provide the B<nid> of the curve to +be constructed. + +EC_GROUP_free frees the memory associated with the EC_GROUP. + +EC_GROUP_clear_free destroys any sensitive data held within the EC_GROUP and then frees its memory. + +=head1 RETURN VALUES + +All EC_GROUP_new* functions return a pointer to the newly constructed group, or NULL on error. + +EC_get_builtin_curves returns the number of builtin curves that are available. + +EC_GROUP_set_curve_GFp, EC_GROUP_get_curve_GFp, EC_GROUP_set_curve_GF2m, EC_GROUP_get_curve_GF2m return 1 on success or 0 on error. + +=head1 SEE ALSO + +L<crypto(3)|crypto(3)>, L<ec(3)|ec(3)>, L<EC_GROUP_copy(3)|EC_GROUP_copy(3)>, +L<EC_POINT_new(3)|EC_POINT_new(3)>, L<EC_POINT_add(3)|EC_POINT_add(3)>, L<EC_KEY_new(3)|EC_KEY_new(3)>, +L<EC_GFp_simple_method(3)|EC_GFp_simple_method(3)>, L<d2i_ECPKParameters(3)|d2i_ECPKParameters(3)> + +=cut diff --git a/doc/crypto/EC_KEY_new.pod b/doc/crypto/EC_KEY_new.pod new file mode 100644 index 0000000000..b762cbcb73 --- /dev/null +++ b/doc/crypto/EC_KEY_new.pod @@ -0,0 +1,115 @@ +=pod + +=head1 NAME + +EC_KEY_new, EC_KEY_get_flags, EC_KEY_set_flags, EC_KEY_clear_flags, EC_KEY_new_by_curve_name, EC_KEY_free, EC_KEY_copy, EC_KEY_dup, EC_KEY_up_ref, EC_KEY_get0_group, EC_KEY_set_group, EC_KEY_get0_private_key, EC_KEY_set_private_key, EC_KEY_get0_public_key, EC_KEY_set_public_key, EC_KEY_get_enc_flags, EC_KEY_set_enc_flags, EC_KEY_get_conv_form, EC_KEY_set_conv_form, EC_KEY_get_key_method_data, EC_KEY_insert_key_method_data, EC_KEY_set_asn1_flag, EC_KEY_precompute_mult, EC_KEY_generate_key, EC_KEY_check_key, EC_KEY_set_public_key_affine_coordinates - Functions for creating, destroying and manipulating B<EC_KEY> objects. + +=head1 SYNOPSIS + + #include <openssl/ec.h> + #include <openssl/bn.h> + + EC_KEY *EC_KEY_new(void); + int EC_KEY_get_flags(const EC_KEY *key); + void EC_KEY_set_flags(EC_KEY *key, int flags); + void EC_KEY_clear_flags(EC_KEY *key, int flags); + EC_KEY *EC_KEY_new_by_curve_name(int nid); + void EC_KEY_free(EC_KEY *key); + EC_KEY *EC_KEY_copy(EC_KEY *dst, const EC_KEY *src); + EC_KEY *EC_KEY_dup(const EC_KEY *src); + int EC_KEY_up_ref(EC_KEY *key); + const EC_GROUP *EC_KEY_get0_group(const EC_KEY *key); + int EC_KEY_set_group(EC_KEY *key, const EC_GROUP *group); + const BIGNUM *EC_KEY_get0_private_key(const EC_KEY *key); + int EC_KEY_set_private_key(EC_KEY *key, const BIGNUM *prv); + const EC_POINT *EC_KEY_get0_public_key(const EC_KEY *key); + int EC_KEY_set_public_key(EC_KEY *key, const EC_POINT *pub); + unsigned int EC_KEY_get_enc_flags(const EC_KEY *key); + void EC_KEY_set_enc_flags(EC_KEY *eckey, unsigned int flags); + point_conversion_form_t EC_KEY_get_conv_form(const EC_KEY *key); + void EC_KEY_set_conv_form(EC_KEY *eckey, point_conversion_form_t cform); + void *EC_KEY_get_key_method_data(EC_KEY *key, + void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *)); + void EC_KEY_insert_key_method_data(EC_KEY *key, void *data, + void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *)); + void EC_KEY_set_asn1_flag(EC_KEY *eckey, int asn1_flag); + int EC_KEY_precompute_mult(EC_KEY *key, BN_CTX *ctx); + int EC_KEY_generate_key(EC_KEY *key); + int EC_KEY_check_key(const EC_KEY *key); + int EC_KEY_set_public_key_affine_coordinates(EC_KEY *key, BIGNUM *x, BIGNUM *y); + +=head1 DESCRIPTION + +An EC_KEY represents a public key and (optionaly) an associated private key. A new EC_KEY (with no associated curve) can be constructed by calling EC_KEY_new. +The reference count for the newly created EC_KEY is initially set to 1. A curve can be associated with the EC_KEY by calling +EC_KEY_set_group. + +Alternatively a new EC_KEY can be constructed by calling EC_KEY_new_by_curve_name and supplying the nid of the associated curve. Refer to L<EC_GROUP_new(3)|EC_GROUP_new(3)> for a description of curve names. This function simply wraps calls to EC_KEY_new and +EC_GROUP_new_by_curve_name. + +Calling EC_KEY_free decrements the reference count for the EC_KEY object, and if it has dropped to zero then frees the memory associated +with it. + +EC_KEY_copy copies the contents of the EC_KEY in B<src> into B<dest>. + +EC_KEY_dup creates a new EC_KEY object and copies B<ec_key> into it. + +EC_KEY_up_ref increments the reference count associated with the EC_KEY object. + +EC_KEY_generate_key generates a new public and private key for the supplied B<eckey> object. B<eckey> must have an EC_GROUP object +associated with it before calling this function. The private key is a random integer (0 < priv_key < order, where order is the order +of the EC_GROUP object). The public key is an EC_POINT on the curve calculated by multiplying the generator for the curve by the +private key. + +EC_KEY_check_key performs various sanity checks on the EC_KEY object to confirm that it is valid. + +EC_KEY_set_public_key_affine_coordinates sets the public key for B<key> based on its affine co-ordinates, i.e. it constructs an EC_POINT +object based on the supplied B<x> and B<y> values and sets the public key to be this EC_POINT. It will also performs certain sanity checks +on the key to confirm that it is valid. + +The functions EC_KEY_get0_group, EC_KEY_set_group, EC_KEY_get0_private_key, EC_KEY_set_private_key, EC_KEY_get0_public_key, and EC_KEY_set_public_key get and set the EC_GROUP object, the private key and the EC_POINT public key for the B<key> respectively. + +The functions EC_KEY_get_enc_flags and EC_KEY_set_enc_flags get and set the value of the encoding flags for the B<key>. There are two encoding +flags currently defined - EC_PKEY_NO_PARAMETERS and EC_PKEY_NO_PUBKEY. These flags define the behaviour of how the B<key> is +converted into ASN1 in a call to i2d_ECPrivateKey. If EC_PKEY_NO_PARAMETERS is set then the public parameters for the curve are not encoded +along with the private key. If EC_PKEY_NO_PUBKEY is set then the public key is not encoded along with the private key. + +The functions EC_KEY_get_conv_form and EC_KEY_set_conv_form get and set the point_conversion_form for the B<key>. For a description +of point_conversion_forms please refer to L<EC_POINT_new(3)|EC_POINT_new(3)>. + +EC_KEY_insert_key_method_data and EC_KEY_get_key_method_data enable the caller to associate arbitary additional data specific to the +elliptic curve scheme being used with the EC_KEY object. This data is treated as a "black box" by the ec library. The data to be stored by EC_KEY_insert_key_method_data is provided in the B<data> parameter, which must have have associated functions for duplicating, freeing and "clear_freeing" the data item. If a subsequent EC_KEY_get_key_method_data call is issued, the functions for duplicating, freeing and "clear_freeing" the data item must be provided again, and they must be the same as they were when the data item was inserted. + +EC_KEY_set_flags sets the flags in the B<flags> parameter on the EC_KEY object. Any flags that are already set are left set. The currently defined standard flags are EC_FLAG_NON_FIPS_ALLOW and EC_FLAG_FIPS_CHECKED. In addition there is the flag EC_FLAG_COFACTOR_ECDH which is specific to ECDH and is defined in ecdh.h. EC_KEY_get_flags returns the current flags that are set for this EC_KEY. EC_KEY_clear_flags clears the flags indicated by the B<flags> parameter. All other flags are left in their existing state. + +EC_KEY_set_asn1_flag sets the asn1_flag on the underlying EC_GROUP object (if set). Refer to L<EC_GROUP_copy(3)|EC_GROUP_copy(3)> for further information on the asn1_flag. + +EC_KEY_precompute_mult stores multiples of the underlying EC_GROUP generator for faster point multiplication. See also L<EC_POINT_add(3)|EC_POINT_add(3)>. + + +=head1 RETURN VALUES + +EC_KEY_new, EC_KEY_new_by_curve_name and EC_KEY_dup return a pointer to the newly created EC_KEY object, or NULL on error. + +EC_KEY_get_flags returns the flags associated with the EC_KEY object as an integer. + +EC_KEY_copy returns a pointer to the destination key, or NULL on error. + +EC_KEY_up_ref, EC_KEY_set_group, EC_KEY_set_private_key, EC_KEY_set_public_key, EC_KEY_precompute_mult, EC_KEY_generate_key, EC_KEY_check_key and EC_KEY_set_public_key_affine_coordinates return 1 on success or 0 on error. + +EC_KEY_get0_group returns the EC_GROUP associated with the EC_KEY. + +EC_KEY_get0_private_key returns the private key associated with the EC_KEY. + +EC_KEY_get_enc_flags returns the value of the current encoding flags for the EC_KEY. + +EC_KEY_get_conv_form return the point_conversion_form for the EC_KEY. + + +=head1 SEE ALSO + +L<crypto(3)|crypto(3)>, L<ec(3)|ec(3)>, L<EC_GROUP_new(3)|EC_GROUP_new(3)>, L<EC_GROUP_copy(3)|EC_GROUP_copy(3)>, +L<EC_POINT_new(3)|EC_POINT_new(3)>, L<EC_POINT_add(3)|EC_POINT_add(3)>, +L<EC_GFp_simple_method(3)|EC_GFp_simple_method(3)>, L<d2i_ECPKParameters(3)|d2i_ECPKParameters(3)> + +=cut diff --git a/doc/crypto/EC_POINT_add.pod b/doc/crypto/EC_POINT_add.pod new file mode 100644 index 0000000000..ae92640843 --- /dev/null +++ b/doc/crypto/EC_POINT_add.pod @@ -0,0 +1,72 @@ +=pod + +=head1 NAME + +EC_POINT_add, EC_POINT_dbl, EC_POINT_invert, EC_POINT_is_at_infinity, EC_POINT_is_on_curve, EC_POINT_cmp, EC_POINT_make_affine, EC_POINTs_make_affine, EC_POINTs_mul, EC_POINT_mul, EC_GROUP_precompute_mult, EC_GROUP_have_precompute_mult - Functions for performing mathematical operations and tests on B<EC_POINT> objects. + +=head1 SYNOPSIS + + #include <openssl/ec.h> + #include <openssl/bn.h> + + int EC_POINT_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, const EC_POINT *b, BN_CTX *ctx); + int EC_POINT_dbl(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, BN_CTX *ctx); + int EC_POINT_invert(const EC_GROUP *group, EC_POINT *a, BN_CTX *ctx); + int EC_POINT_is_at_infinity(const EC_GROUP *group, const EC_POINT *p); + int EC_POINT_is_on_curve(const EC_GROUP *group, const EC_POINT *point, BN_CTX *ctx); + int EC_POINT_cmp(const EC_GROUP *group, const EC_POINT *a, const EC_POINT *b, BN_CTX *ctx); + int EC_POINT_make_affine(const EC_GROUP *group, EC_POINT *point, BN_CTX *ctx); + int EC_POINTs_make_affine(const EC_GROUP *group, size_t num, EC_POINT *points[], BN_CTX *ctx); + int EC_POINTs_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *n, size_t num, const EC_POINT *p[], const BIGNUM *m[], BN_CTX *ctx); + int EC_POINT_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *n, const EC_POINT *q, const BIGNUM *m, BN_CTX *ctx); + int EC_GROUP_precompute_mult(EC_GROUP *group, BN_CTX *ctx); + int EC_GROUP_have_precompute_mult(const EC_GROUP *group); + + +=head1 DESCRIPTION + +EC_POINT_add adds the two points B<a> and B<b> and places the result in B<r>. Similarly EC_POINT_dbl doubles the point B<a> and places the +result in B<r>. In both cases it is valid for B<r> to be one of B<a> or B<b>. + +EC_POINT_invert calculates the inverse of the supplied point B<a>. The result is placed back in B<a>. + +The function EC_POINT_is_at_infinity tests whether the supplied point is at infinity or not. + +EC_POINT_is_on_curve tests whether the supplied point is on the curve or not. + +EC_POINT_cmp compares the two supplied points and tests whether or not they are equal. + +The functions EC_POINT_make_affine and EC_POINTs_make_affine force the internal representation of the EC_POINT(s) into the affine +co-ordinate system. In the case of EC_POINTs_make_affine the value B<num> provides the number of points in the array B<points> to be +forced. + +EC_POINT_mul calculates the value generator * B<n> + B<q> * B<m> and stores the result in B<r>. The value B<n> may be NULL in which case the result is just B<q> * B<m>. + +EC_POINTs_mul calculates the value generator * B<n> + B<q[0]> * B<m[0]> + ... + B<q[num-1]> * B<m[num-1]>. As for EC_POINT_mul the value +B<n> may be NULL. + +The function EC_GROUP_precompute_mult stores multiples of the generator for faster point multiplication, whilst +EC_GROUP_have_precompute_mult tests whether precomputation has already been done. See L<EC_GROUP_copy(3)|EC_GROUP_copy(3)> for information +about the generator. + + +=head1 RETURN VALUES + +The following functions return 1 on success or 0 on error: EC_POINT_add, EC_POINT_dbl, EC_POINT_invert, EC_POINT_make_affine, +EC_POINTs_make_affine, EC_POINTs_make_affine, EC_POINT_mul, EC_POINTs_mul and EC_GROUP_precompute_mult. + +EC_POINT_is_at_infinity returns 1 if the point is at infinity, or 0 otherwise. + +EC_POINT_is_on_curve returns 1 if the point is on the curve, 0 if not, or -1 on error. + +EC_POINT_cmp returns 1 if the points are not equal, 0 if they are, or -1 on error. + +EC_GROUP_have_precompute_mult return 1 if a precomputation has been done, or 0 if not. + +=head1 SEE ALSO + +L<crypto(3)|crypto(3)>, L<ec(3)|ec(3)>, L<EC_GROUP_new(3)|EC_GROUP_new(3)>, L<EC_GROUP_copy(3)|EC_GROUP_copy(3)>, +L<EC_POINT_new(3)|EC_POINT_new(3)>, L<EC_KEY_new(3)|EC_KEY_new(3)>, +L<EC_GFp_simple_method(3)|EC_GFp_simple_method(3)>, L<d2i_ECPKParameters(3)|d2i_ECPKParameters(3)> + +=cut diff --git a/doc/crypto/EC_POINT_new.pod b/doc/crypto/EC_POINT_new.pod new file mode 100644 index 0000000000..69eb0d1a09 --- /dev/null +++ b/doc/crypto/EC_POINT_new.pod @@ -0,0 +1,123 @@ +=pod + +=head1 NAME + +EC_POINT_new, EC_POINT_free, EC_POINT_clear_free, EC_POINT_copy, EC_POINT_dup, EC_POINT_method_of, EC_POINT_set_to_infinity, EC_POINT_set_Jprojective_coordinates, EC_POINT_get_Jprojective_coordinates_GFp, EC_POINT_set_affine_coordinates_GFp, EC_POINT_get_affine_coordinates_GFp, EC_POINT_set_compressed_coordinates_GFp, EC_POINT_set_affine_coordinates_GF2m, EC_POINT_get_affine_coordinates_GF2m, EC_POINT_set_compressed_coordinates_GF2m, EC_POINT_point2oct, EC_POINT_oct2point, EC_POINT_point2bn, EC_POINT_bn2point, EC_POINT_point2hex, EC_POINT_hex2point - Functions for creating, destroying and manipulating B<EC_POINT> objects. + +=head1 SYNOPSIS + + #include <openssl/ec.h> + #include <openssl/bn.h> + + EC_POINT *EC_POINT_new(const EC_GROUP *group); + void EC_POINT_free(EC_POINT *point); + void EC_POINT_clear_free(EC_POINT *point); + int EC_POINT_copy(EC_POINT *dst, const EC_POINT *src); + EC_POINT *EC_POINT_dup(const EC_POINT *src, const EC_GROUP *group); + const EC_METHOD *EC_POINT_method_of(const EC_POINT *point); + int EC_POINT_set_to_infinity(const EC_GROUP *group, EC_POINT *point); + int EC_POINT_set_Jprojective_coordinates_GFp(const EC_GROUP *group, EC_POINT *p, + const BIGNUM *x, const BIGNUM *y, const BIGNUM *z, BN_CTX *ctx); + int EC_POINT_get_Jprojective_coordinates_GFp(const EC_GROUP *group, + const EC_POINT *p, BIGNUM *x, BIGNUM *y, BIGNUM *z, BN_CTX *ctx); + int EC_POINT_set_affine_coordinates_GFp(const EC_GROUP *group, EC_POINT *p, + const BIGNUM *x, const BIGNUM *y, BN_CTX *ctx); + int EC_POINT_get_affine_coordinates_GFp(const EC_GROUP *group, + const EC_POINT *p, BIGNUM *x, BIGNUM *y, BN_CTX *ctx); + int EC_POINT_set_compressed_coordinates_GFp(const EC_GROUP *group, EC_POINT *p, + const BIGNUM *x, int y_bit, BN_CTX *ctx); + int EC_POINT_set_affine_coordinates_GF2m(const EC_GROUP *group, EC_POINT *p, + const BIGNUM *x, const BIGNUM *y, BN_CTX *ctx); + int EC_POINT_get_affine_coordinates_GF2m(const EC_GROUP *group, + const EC_POINT *p, BIGNUM *x, BIGNUM *y, BN_CTX *ctx); + int EC_POINT_set_compressed_coordinates_GF2m(const EC_GROUP *group, EC_POINT *p, + const BIGNUM *x, int y_bit, BN_CTX *ctx); + size_t EC_POINT_point2oct(const EC_GROUP *group, const EC_POINT *p, + point_conversion_form_t form, + unsigned char *buf, size_t len, BN_CTX *ctx); + int EC_POINT_oct2point(const EC_GROUP *group, EC_POINT *p, + const unsigned char *buf, size_t len, BN_CTX *ctx); + BIGNUM *EC_POINT_point2bn(const EC_GROUP *, const EC_POINT *, + point_conversion_form_t form, BIGNUM *, BN_CTX *); + EC_POINT *EC_POINT_bn2point(const EC_GROUP *, const BIGNUM *, + EC_POINT *, BN_CTX *); + char *EC_POINT_point2hex(const EC_GROUP *, const EC_POINT *, + point_conversion_form_t form, BN_CTX *); + EC_POINT *EC_POINT_hex2point(const EC_GROUP *, const char *, + EC_POINT *, BN_CTX *); + + +=head1 DESCRIPTION + +An EC_POINT represents a point on a curve. A new point is constructed by calling the function EC_POINT_new and providing the B<group> +object that the point relates to. + +EC_POINT_free frees the memory associated with the EC_POINT. + +EC_POINT_clear_free destroys any sensitive data held within the EC_POINT and then frees its memory. + +EC_POINT_copy copies the point B<src> into B<dst>. Both B<src> and B<dst> must use the same EC_METHOD. + +EC_POINT_dup creates a new EC_POINT object and copies the content from B<src> to the newly created +EC_POINT object. + +EC_POINT_method_of obtains the EC_METHOD associated with B<point>. + +A valid point on a curve is the special point at infinity. A point is set to be at infinity by calling EC_POINT_set_to_infinity. + +The affine co-ordinates for a point describe a point in terms of its x and y position. The functions +EC_POINT_set_affine_coordinates_GFp and EC_POINT_set_affine_coordinates_GF2m set the B<x> and B<y> co-ordinates for the point +B<p> defined over the curve given in B<group>. + +As well as the affine co-ordinates, a point can alternatively be described in terms of its Jacobian +projective co-ordinates (for Fp curves only). Jacobian projective co-ordinates are expressed as three values x, y and z. Working in +this co-ordinate system provides more efficient point multiplication operations. +A mapping exists between Jacobian projective co-ordinates and affine co-ordinates. A Jacobian projective co-ordinate (x, y, z) can be written as an affine co-ordinate as (x/(z^2), y/(z^3)). Conversion to Jacobian projective to affine co-ordinates is simple. The co-ordinate (x, y) is +mapped to (x, y, 1). To set or get the projective co-ordinates use EC_POINT_set_Jprojective_coordinates_GFp and +EC_POINT_get_Jprojective_coordinates_GFp respectively. + +Points can also be described in terms of their compressed co-ordinates. For a point (x, y), for any given value for x such that the point is +on the curve there will only ever be two possible values for y. Therefore a point can be set using the EC_POINT_set_compressed_coordinates_GFp +and EC_POINT_set_compressed_coordinates_GF2m functions where B<x> is the x co-ordinate and B<y_bit> is a value 0 or 1 to identify which of +the two possible values for y should be used. + +In addition EC_POINTs can be converted to and from various external representations. Supported representations are octet strings, BIGNUMs and hexadecimal. The format of the external representation is described by the point_conversion_form. See L<EC_GROUP_copy(3)|EC_GROUP_copy(3)> for +a description of point_conversion_form. Octet strings are stored in a buffer along with an associated buffer length. A point held in a BIGNUM is calculated by converting the point to an octet string and then converting that octet string into a BIGNUM integer. Points in hexadecimal format are stored in a NULL terminated character string where each character is one of the printable values 0-9 or A-F (or a-f). + +The functions EC_POINT_point2oct, EC_POINT_oct2point, EC_POINT_point2bn, EC_POINT_bn2point, EC_POINT_point2hex and EC_POINT_hex2point convert +from and to EC_POINTs for the formats: octet string, BIGNUM and hexadecimal respectively. + +The function EC_POINT_point2oct must be supplied with a buffer long enough to store the octet string. The return value provides the number of +octets stored. Calling the function with a NULL buffer will not perform the conversion but will still return the required buffer length. + +The function EC_POINT_point2hex will allocate sufficient memory to store the hexadecimal string. It is the caller's responsibility to free +this memory with a subsequent call to OPENSSL_free(). + +=head1 RETURN VALUES + +EC_POINT_new and EC_POINT_dup return the newly allocated EC_POINT or NULL on error. + +The following functions return 1 on success or 0 on error: EC_POINT_copy, EC_POINT_set_to_infinity, EC_POINT_set_Jprojective_coordinates_GFp, +EC_POINT_get_Jprojective_coordinates_GFp, EC_POINT_set_affine_coordinates_GFp, EC_POINT_get_affine_coordinates_GFp, +EC_POINT_set_compressed_coordinates_GFp, EC_POINT_set_affine_coordinates_GF2m, EC_POINT_get_affine_coordinates_GF2m, +EC_POINT_set_compressed_coordinates_GF2m and EC_POINT_oct2point. + +EC_POINT_method_of returns the EC_METHOD associated with the supplied EC_POINT. + +EC_POINT_point2oct returns the length of the required buffer, or 0 on error. + +EC_POINT_point2bn returns the pointer to the BIGNUM supplied, or NULL on error. + +EC_POINT_bn2point returns the pointer to the EC_POINT supplied, or NULL on error. + +EC_POINT_point2hex returns a pointer to the hex string, or NULL on error. + +EC_POINT_hex2point returns the pointer to the EC_POINT supplied, or NULL on error. + +=head1 SEE ALSO + +L<crypto(3)|crypto(3)>, L<ec(3)|ec(3)>, L<EC_GROUP_new(3)|EC_GROUP_new(3)>, L<EC_GROUP_copy(3)|EC_GROUP_copy(3)>, +L<EC_POINT_add(3)|EC_POINT_add(3)>, L<EC_KEY_new(3)|EC_KEY_new(3)>, +L<EC_GFp_simple_method(3)|EC_GFp_simple_method(3)>, L<d2i_ECPKParameters(3)|d2i_ECPKParameters(3)> + +=cut diff --git a/doc/crypto/ERR_remove_state.pod b/doc/crypto/ERR_remove_state.pod index 72925fb9f4..a4d38c17fd 100644 --- a/doc/crypto/ERR_remove_state.pod +++ b/doc/crypto/ERR_remove_state.pod @@ -2,26 +2,35 @@ =head1 NAME -ERR_remove_state - free a thread's error queue +ERR_remove_thread_state, ERR_remove_state - free a thread's error queue =head1 SYNOPSIS #include <openssl/err.h> + void ERR_remove_thread_state(const CRYPTO_THREADID *tid); + +Deprecated: + void ERR_remove_state(unsigned long pid); =head1 DESCRIPTION -ERR_remove_state() frees the error queue associated with thread B<pid>. -If B<pid> == 0, the current thread will have its error queue removed. +ERR_remove_thread_state() frees the error queue associated with thread B<tid>. +If B<tid> == B<NULL>, the current thread will have its error queue removed. Since error queue data structures are allocated automatically for new threads, they must be freed when threads are terminated in order to avoid memory leaks. +ERR_remove_state is deprecated and has been replaced by +ERR_remove_thread_state. Since threads in OpenSSL are no longer identified +by unsigned long values any argument to this function is ignored. Calling +ERR_remove_state is equivalent to B<ERR_remove_thread_state(NULL)>. + =head1 RETURN VALUE -ERR_remove_state() returns no value. +ERR_remove_thread_state and ERR_remove_state() return no value. =head1 SEE ALSO @@ -29,6 +38,8 @@ L<err(3)|err(3)> =head1 HISTORY -ERR_remove_state() is available in all versions of SSLeay and OpenSSL. +ERR_remove_state() is available in all versions of SSLeay and OpenSSL. It +was deprecated in OpenSSL 1.0.0 when ERR_remove_thread_state was introduced +and thread IDs were introduced to identify threads instead of 'unsigned long'. =cut diff --git a/doc/crypto/EVP_BytesToKey.pod b/doc/crypto/EVP_BytesToKey.pod index abbbdb2d4b..10e2be68f5 100644 --- a/doc/crypto/EVP_BytesToKey.pod +++ b/doc/crypto/EVP_BytesToKey.pod @@ -36,8 +36,8 @@ If the total key and IV length is less than the digest length and B<MD5> is used then the derivation algorithm is compatible with PKCS#5 v1.5 otherwise a non standard extension is used to derive the extra data. -Newer applications should use more standard algorithms such as PKCS#5 -v2.0 for key derivation. +Newer applications should use more standard algorithms such as PBKDF2 as +defined in PKCS#5v2.1 for key derivation. =head1 KEY DERIVATION ALGORITHM diff --git a/doc/crypto/EVP_DigestInit.pod b/doc/crypto/EVP_DigestInit.pod index 367691cc7a..1ef69ec54b 100644 --- a/doc/crypto/EVP_DigestInit.pod +++ b/doc/crypto/EVP_DigestInit.pod @@ -4,10 +4,10 @@ EVP_MD_CTX_init, EVP_MD_CTX_create, EVP_DigestInit_ex, EVP_DigestUpdate, EVP_DigestFinal_ex, EVP_MD_CTX_cleanup, EVP_MD_CTX_destroy, EVP_MAX_MD_SIZE, -EVP_MD_CTX_copy_ex, EVP_MD_CTX_copy, EVP_MD_type, EVP_MD_pkey_type, EVP_MD_size, -EVP_MD_block_size, EVP_MD_CTX_md, EVP_MD_CTX_size, EVP_MD_CTX_block_size, EVP_MD_CTX_type, -EVP_md_null, EVP_md2, EVP_md5, EVP_sha, EVP_sha1, EVP_sha224, EVP_sha256, -EVP_sha384, EVP_sha512, EVP_dss, EVP_dss1, EVP_mdc2, +EVP_MD_CTX_copy_ex, EVP_DigestInit, EVP_DigestFinal, EVP_MD_CTX_copy, EVP_MD_type, +EVP_MD_pkey_type, EVP_MD_size, EVP_MD_block_size, EVP_MD_CTX_md, EVP_MD_CTX_size, +EVP_MD_CTX_block_size, EVP_MD_CTX_type, EVP_md_null, EVP_md2, EVP_md5, EVP_sha, EVP_sha1, +EVP_sha224, EVP_sha256, EVP_sha384, EVP_sha512, EVP_dss, EVP_dss1, EVP_mdc2, EVP_ripemd160, EVP_get_digestbyname, EVP_get_digestbynid, EVP_get_digestbyobj - EVP digest routines diff --git a/doc/crypto/EVP_EncryptInit.pod b/doc/crypto/EVP_EncryptInit.pod index d0943e847b..1e1328fe1a 100644 --- a/doc/crypto/EVP_EncryptInit.pod +++ b/doc/crypto/EVP_EncryptInit.pod @@ -16,7 +16,17 @@ EVP_CIPHER_CTX_nid, EVP_CIPHER_CTX_block_size, EVP_CIPHER_CTX_key_length, EVP_CIPHER_CTX_iv_length, EVP_CIPHER_CTX_get_app_data, EVP_CIPHER_CTX_set_app_data, EVP_CIPHER_CTX_type, EVP_CIPHER_CTX_flags, EVP_CIPHER_CTX_mode, EVP_CIPHER_param_to_asn1, EVP_CIPHER_asn1_to_param, -EVP_CIPHER_CTX_set_padding - EVP cipher routines +EVP_CIPHER_CTX_set_padding, EVP_enc_null, EVP_des_cbc, EVP_des_ecb, +EVP_des_cfb, EVP_des_ofb, EVP_des_ede_cbc, EVP_des_ede, EVP_des_ede_ofb, +EVP_des_ede_cfb, EVP_des_ede3_cbc, EVP_des_ede3, EVP_des_ede3_ofb, +EVP_des_ede3_cfb, EVP_desx_cbc, EVP_rc4, EVP_rc4_40, EVP_idea_cbc, +EVP_idea_ecb, EVP_idea_cfb, EVP_idea_ofb, EVP_idea_cbc, EVP_rc2_cbc, +EVP_rc2_ecb, EVP_rc2_cfb, EVP_rc2_ofb, EVP_rc2_40_cbc, EVP_rc2_64_cbc, +EVP_bf_cbc, EVP_bf_ecb, EVP_bf_cfb, EVP_bf_ofb, EVP_cast5_cbc, +EVP_cast5_ecb, EVP_cast5_cfb, EVP_cast5_ofb, EVP_rc5_32_12_16_cbc, +EVP_rc5_32_12_16_ecb, EVP_rc5_32_12_16_cfb, EVP_rc5_32_12_16_ofb, +EVP_aes_128_gcm, EVP_aes_192_gcm, EVP_aes_256_gcm, EVP_aes_128_ccm, +EVP_aes_192_ccm, EVP_aes_256_ccm - EVP cipher routines =head1 SYNOPSIS diff --git a/doc/crypto/EVP_PKEY_CTX_ctrl.pod b/doc/crypto/EVP_PKEY_CTX_ctrl.pod index 13b91f1e6e..44b5fdb7f2 100644 --- a/doc/crypto/EVP_PKEY_CTX_ctrl.pod +++ b/doc/crypto/EVP_PKEY_CTX_ctrl.pod @@ -2,7 +2,13 @@ =head1 NAME -EVP_PKEY_ctrl, EVP_PKEY_ctrl_str - algorithm specific control operations +EVP_PKEY_CTX_ctrl, EVP_PKEY_CTX_ctrl_str, EVP_PKEY_get_default_digest_nid, +EVP_PKEY_CTX_set_signature_md, EVP_PKEY_CTX_set_rsa_padding, +EVP_PKEY_CTX_set_rsa_pss_saltlen, EVP_PKEY_CTX_set_rsa_rsa_keygen_bits, +EVP_PKEY_CTX_set_rsa_keygen_pubexp, EVP_PKEY_CTX_set_dsa_paramgen_bits, +EVP_PKEY_CTX_set_dh_paramgen_prime_len, +EVP_PKEY_CTX_set_dh_paramgen_generator, +EVP_PKEY_CTX_set_ec_paramgen_curve_nid - algorithm specific control operations =head1 SYNOPSIS @@ -45,7 +51,7 @@ B<p1> and B<p2>. Applications will not normally call EVP_PKEY_CTX_ctrl() directly but will instead call one of the algorithm specific macros below. -The function EVP_PKEY_ctrl_str() allows an application to send an algorithm +The function EVP_PKEY_CTX_ctrl_str() allows an application to send an algorithm specific control operation to a context B<ctx> in string form. This is intended to be used for options specified on the command line or in text files. The commands supported are documented in the openssl utility diff --git a/doc/crypto/OPENSSL_ia32cap.pod b/doc/crypto/OPENSSL_ia32cap.pod index 4f0a94648e..90156d2190 100644 --- a/doc/crypto/OPENSSL_ia32cap.pod +++ b/doc/crypto/OPENSSL_ia32cap.pod @@ -2,7 +2,7 @@ =head1 NAME -OPENSSL_ia32cap - the IA-32 processor capabilities vector +OPENSSL_ia32cap, OPENSSL_ia32cap_loc - the IA-32 processor capabilities vector =head1 SYNOPSIS @@ -20,6 +20,8 @@ set up automatically upon toolkit initialization, but can be manipulated afterwards to modify crypto library behaviour. For the moment of this writing following bits are significant: +=over + =item bit #4 denoting presence of Time-Stamp Counter. =item bit #19 denoting availability of CLFLUSH instruction; @@ -34,8 +36,8 @@ moment of this writing following bits are significant: =item bit #26 denoting SSE2 support; -=item bit #28 denoting Hyperthreading, which is used to distiguish - cores with shared cache; +=item bit #28 denoting Hyperthreading, which is used to distinguish +cores with shared cache; =item bit #30, reserved by Intel, denotes specifically Intel CPUs; @@ -53,6 +55,8 @@ moment of this writing following bits are significant: =item bit #62 denoting availability of RDRAND instruction; +=back + For example, clearing bit #26 at run-time disables high-performance SSE2 code present in the crypto library, while clearing bit #24 disables SSE2 code operating on 128-bit XMM register bank. You might @@ -66,7 +70,7 @@ better yet 'env OPENSSL_ia32cap=~0x1000000 apps/openssl' to achieve same effect without modifying the application source code. Alternatively you can reconfigure the toolkit with no-sse2 option and recompile. -Less intuituve is clearing bit #28. The truth is that it's not copied +Less intuitive is clearing bit #28. The truth is that it's not copied from CPUID output verbatim, but is adjusted to reflect whether or not the data cache is actually shared between logical cores. This in turn affects the decision on whether or not expensive countermeasures @@ -76,13 +80,17 @@ module. The vector is further extended with EBX value returned by CPUID with EAX=7 and ECX=0 as input. Following bits are significant: +=over + =item bit #64+3 denoting availability of BMI1 instructions, e.g. ANDN; =item bit #64+5 denoting availability of AVX2 instructions; =item bit #64+8 denoting availability of BMI2 instructions, e.g. MUXL - and RORX; +and RORX; =item bit #64+18 denoting availability of RDSEED instruction; -=itme bit #64+19 denoting availability of ADCX and ADOX instructions; +=item bit #64+19 denoting availability of ADCX and ADOX instructions; + +=back diff --git a/doc/crypto/OPENSSL_instrument_bus.pod b/doc/crypto/OPENSSL_instrument_bus.pod index 539957b0bf..4ed83e4950 100644 --- a/doc/crypto/OPENSSL_instrument_bus.pod +++ b/doc/crypto/OPENSSL_instrument_bus.pod @@ -2,7 +2,7 @@ =head1 NAME -OPENSSL_instrument_bus[2] - instrument references to memory bus +OPENSSL_instrument_bus, OPENSSL_instrument_bus2 - instrument references to memory bus =head1 SYNOPSIS diff --git a/doc/crypto/OPENSSL_load_builtin_modules.pod b/doc/crypto/OPENSSL_load_builtin_modules.pod index f14dfaf005..de62912ff2 100644 --- a/doc/crypto/OPENSSL_load_builtin_modules.pod +++ b/doc/crypto/OPENSSL_load_builtin_modules.pod @@ -2,7 +2,7 @@ =head1 NAME -OPENSSL_load_builtin_modules - add standard configuration modules +OPENSSL_load_builtin_modules, ASN1_add_oid_module, ENGINE_add_conf_module - add standard configuration modules =head1 SYNOPSIS diff --git a/doc/crypto/OpenSSL_add_all_algorithms.pod b/doc/crypto/OpenSSL_add_all_algorithms.pod index e63411b5bb..bcb79e5f6b 100644 --- a/doc/crypto/OpenSSL_add_all_algorithms.pod +++ b/doc/crypto/OpenSSL_add_all_algorithms.pod @@ -2,7 +2,7 @@ =head1 NAME -OpenSSL_add_all_algorithms, OpenSSL_add_all_ciphers, OpenSSL_add_all_digests - +OpenSSL_add_all_algorithms, OpenSSL_add_all_ciphers, OpenSSL_add_all_digests, EVP_cleanup - add algorithms to internal table =head1 SYNOPSIS diff --git a/doc/crypto/PKCS7_verify.pod b/doc/crypto/PKCS7_verify.pod index 7c10a4cc3c..dcad4f5ef3 100644 --- a/doc/crypto/PKCS7_verify.pod +++ b/doc/crypto/PKCS7_verify.pod @@ -2,7 +2,7 @@ =head1 NAME -PKCS7_verify - verify a PKCS#7 signedData structure +PKCS7_verify, PKCS7_get0_signers - verify a PKCS#7 signedData structure =head1 SYNOPSIS diff --git a/doc/crypto/RAND_egd.pod b/doc/crypto/RAND_egd.pod index 8b8c61d161..80fa734d18 100644 --- a/doc/crypto/RAND_egd.pod +++ b/doc/crypto/RAND_egd.pod @@ -2,7 +2,7 @@ =head1 NAME -RAND_egd - query entropy gathering daemon +RAND_egd, RAND_egd_bytes, RAND_query_egd_bytes - query entropy gathering daemon =head1 SYNOPSIS diff --git a/doc/crypto/RSA_generate_key.pod b/doc/crypto/RSA_generate_key.pod index 52dbb14a53..881391a045 100644 --- a/doc/crypto/RSA_generate_key.pod +++ b/doc/crypto/RSA_generate_key.pod @@ -2,28 +2,33 @@ =head1 NAME -RSA_generate_key - generate RSA key pair +RSA_generate_key_ex, RSA_generate_key - generate RSA key pair =head1 SYNOPSIS #include <openssl/rsa.h> + int RSA_generate_key_ex(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb); + +Deprecated: + RSA *RSA_generate_key(int num, unsigned long e, void (*callback)(int,int,void *), void *cb_arg); =head1 DESCRIPTION -RSA_generate_key() generates a key pair and returns it in a newly -allocated B<RSA> structure. The pseudo-random number generator must -be seeded prior to calling RSA_generate_key(). +RSA_generate_key_ex() generates a key pair and stores it in the B<RSA> +structure provided in B<rsa>. The pseudo-random number generator must +be seeded prior to calling RSA_generate_key_ex(). -The modulus size will be B<num> bits, and the public exponent will be +The modulus size will be of length B<bits>, and the public exponent will be B<e>. Key sizes with B<num> E<lt> 1024 should be considered insecure. The exponent is an odd number, typically 3, 17 or 65537. A callback function may be used to provide feedback about the -progress of the key generation. If B<callback> is not B<NULL>, it -will be called as follows: +progress of the key generation. If B<cb> is not B<NULL>, it +will be called as follows using the BN_GENCB_call() function +described on the L<BN_generate_prime(3)|BN_generate_prime(3)> page. =over 4 @@ -35,32 +40,38 @@ described in L<BN_generate_prime(3)|BN_generate_prime(3)>. =item * When the n-th randomly generated prime is rejected as not -suitable for the key, B<callback(2, n, cb_arg)> is called. +suitable for the key, B<BN_GENCB_call(cb, 2, n)> is called. =item * When a random p has been found with p-1 relatively prime to B<e>, -it is called as B<callback(3, 0, cb_arg)>. +it is called as B<BN_GENCB_call(cb, 3, 0)>. =back -The process is then repeated for prime q with B<callback(3, 1, cb_arg)>. +The process is then repeated for prime q with B<BN_GENCB_call(cb, 3, 1)>. + +RSA_generate_key is deprecated (new applications should use +RSA_generate_key_ex instead). RSA_generate_key works in the same was as +RSA_generate_key_ex except it uses "old style" call backs. See +L<BN_generate_prime(3)|BN_generate_prime(3)> for further details. =head1 RETURN VALUE -If key generation fails, RSA_generate_key() returns B<NULL>; the -error codes can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>. +If key generation fails, RSA_generate_key() returns B<NULL>. + +The error codes can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>. =head1 BUGS -B<callback(2, x, cb_arg)> is used with two different meanings. +B<BN_GENCB_call(cb, 2, x)> is used with two different meanings. RSA_generate_key() goes into an infinite loop for illegal input values. =head1 SEE ALSO L<ERR_get_error(3)|ERR_get_error(3)>, L<rand(3)|rand(3)>, L<rsa(3)|rsa(3)>, -L<RSA_free(3)|RSA_free(3)> +L<RSA_free(3)|RSA_free(3)>, L<BN_generate_prime(3)|BN_generate_prime(3)> =head1 HISTORY diff --git a/doc/crypto/crypto.pod b/doc/crypto/crypto.pod index 7a527992bb..f18edfe305 100644 --- a/doc/crypto/crypto.pod +++ b/doc/crypto/crypto.pod @@ -56,7 +56,7 @@ L<pkcs7(3)|pkcs7(3)>, L<pkcs12(3)|pkcs12(3)> =item INTERNAL FUNCTIONS -L<bn(3)|bn(3)>, L<buffer(3)|buffer(3)>, L<lhash(3)|lhash(3)>, +L<bn(3)|bn(3)>, L<buffer(3)|buffer(3)>, L<ec(3)|ec(3)>, L<lhash(3)|lhash(3)>, L<objects(3)|objects(3)>, L<stack(3)|stack(3)>, L<txt_db(3)|txt_db(3)> diff --git a/doc/crypto/d2i_DSAPublicKey.pod b/doc/crypto/d2i_DSAPublicKey.pod index 22c1b50f22..e999376492 100644 --- a/doc/crypto/d2i_DSAPublicKey.pod +++ b/doc/crypto/d2i_DSAPublicKey.pod @@ -3,7 +3,7 @@ =head1 NAME d2i_DSAPublicKey, i2d_DSAPublicKey, d2i_DSAPrivateKey, i2d_DSAPrivateKey, -d2i_DSA_PUBKEY, i2d_DSA_PUBKEY, d2i_DSA_SIG, i2d_DSA_SIG - DSA key encoding +d2i_DSA_PUBKEY, i2d_DSA_PUBKEY, d2i_DSAparams, i2d_DSAparams, d2i_DSA_SIG, i2d_DSA_SIG - DSA key encoding and parsing functions. =head1 SYNOPSIS diff --git a/doc/crypto/d2i_ECPKParameters.pod b/doc/crypto/d2i_ECPKParameters.pod new file mode 100644 index 0000000000..3768c410d8 --- /dev/null +++ b/doc/crypto/d2i_ECPKParameters.pod @@ -0,0 +1,84 @@ +=pod + +=head1 NAME + +d2i_ECPKParameters, i2d_ECPKParameters, d2i_ECPKParameters_bio, i2d_ECPKParameters_bio, d2i_ECPKParameters_fp, i2d_ECPKParameters_fp(fp,x), ECPKParameters_print, ECPKParameters_print_fp - Functions for decoding and encoding ASN1 representations of elliptic curve entities + +=head1 SYNOPSIS + + #include <openssl/ec.h> + + EC_GROUP *d2i_ECPKParameters(EC_GROUP **px, const unsigned char **in, long len); + int i2d_ECPKParameters(const EC_GROUP *x, unsigned char **out); + #define d2i_ECPKParameters_bio(bp,x) ASN1_d2i_bio_of(EC_GROUP,NULL,d2i_ECPKParameters,bp,x) + #define i2d_ECPKParameters_bio(bp,x) ASN1_i2d_bio_of_const(EC_GROUP,i2d_ECPKParameters,bp,x) + #define d2i_ECPKParameters_fp(fp,x) (EC_GROUP *)ASN1_d2i_fp(NULL, \ + (char *(*)())d2i_ECPKParameters,(fp),(unsigned char **)(x)) + #define i2d_ECPKParameters_fp(fp,x) ASN1_i2d_fp(i2d_ECPKParameters,(fp), \ + (unsigned char *)(x)) + int ECPKParameters_print(BIO *bp, const EC_GROUP *x, int off); + int ECPKParameters_print_fp(FILE *fp, const EC_GROUP *x, int off); + + +=head1 DESCRIPTION + +The ECPKParameters encode and decode routines encode and parse the public parameters for an +B<EC_GROUP> structure, which represents a curve. + +d2i_ECPKParameters() attempts to decode B<len> bytes at B<*in>. If +successful a pointer to the B<EC_GROUP> structure is returned. If an error +occurred then B<NULL> is returned. If B<px> is not B<NULL> then the +returned structure is written to B<*px>. If B<*px> is not B<NULL> +then it is assumed that B<*px> contains a valid B<EC_GROUP> +structure and an attempt is made to reuse it. If the call is +successful B<*in> is incremented to the byte following the +parsed data. + +i2d_ECPKParameters() encodes the structure pointed to by B<x> into DER format. +If B<out> is not B<NULL> is writes the DER encoded data to the buffer +at B<*out>, and increments it to point after the data just written. +If the return value is negative an error occurred, otherwise it +returns the length of the encoded data. + +If B<*out> is B<NULL> memory will be allocated for a buffer and the encoded +data written to it. In this case B<*out> is not incremented and it points to +the start of the data just written. + +d2i_ECPKParameters_bio() is similar to d2i_ECPKParameters() except it attempts +to parse data from BIO B<bp>. + +d2i_ECPKParameters_fp() is similar to d2i_ECPKParameters() except it attempts +to parse data from FILE pointer B<fp>. + +i2d_ECPKParameters_bio() is similar to i2d_ECPKParameters() except it writes +the encoding of the structure B<x> to BIO B<bp> and it +returns 1 for success and 0 for failure. + +i2d_ECPKParameters_fp() is similar to i2d_ECPKParameters() except it writes +the encoding of the structure B<x> to BIO B<bp> and it +returns 1 for success and 0 for failure. + +These functions are very similar to the X509 functions described in L<d2i_X509(3)|d2i_X509(3)>, +where further notes and examples are available. + +The ECPKParameters_print and ECPKParameters_print_fp functions print a human-readable output +of the public parameters of the EC_GROUP to B<bp> or B<fp>. The output lines are indented by B<off> spaces. + +=head1 RETURN VALUES + +d2i_ECPKParameters(), d2i_ECPKParameters_bio() and d2i_ECPKParameters_fp() return a valid B<EC_GROUP> structure +or B<NULL> if an error occurs. + +i2d_ECPKParameters() returns the number of bytes successfully encoded or a negative +value if an error occurs. + +i2d_ECPKParameters_bio(), i2d_ECPKParameters_fp(), ECPKParameters_print and ECPKParameters_print_fp +return 1 for success and 0 if an error occurs. + +=head1 SEE ALSO + +L<crypto(3)|crypto(3)>, L<ec(3)|ec(3)>, L<EC_GROUP_new(3)|EC_GROUP_new(3)>, L<EC_GROUP_copy(3)|EC_GROUP_copy(3)>, +L<EC_POINT_new(3)|EC_POINT_new(3)>, L<EC_POINT_add(3)|EC_POINT_add(3)>, L<EC_KEY_new(3)|EC_KEY_new(3)>, +L<EC_GFp_simple_method(3)|EC_GFp_simple_method(3)>, L<d2i_X509(3)|d2i_X509(3)> + +=cut diff --git a/doc/crypto/d2i_X509_CRL.pod b/doc/crypto/d2i_X509_CRL.pod index 224f9e082b..675d38b3e5 100644 --- a/doc/crypto/d2i_X509_CRL.pod +++ b/doc/crypto/d2i_X509_CRL.pod @@ -2,7 +2,7 @@ =head1 NAME -d2i_X509_CRL, i2d_X509_CRL, d2i_X509_CRL_bio, d2i_509_CRL_fp, +d2i_X509_CRL, i2d_X509_CRL, d2i_X509_CRL_bio, d2i_X509_CRL_fp, i2d_X509_CRL_bio, i2d_X509_CRL_fp - PKCS#10 certificate request functions. =head1 SYNOPSIS diff --git a/doc/crypto/ec.pod b/doc/crypto/ec.pod new file mode 100644 index 0000000000..7d57ba8ea0 --- /dev/null +++ b/doc/crypto/ec.pod @@ -0,0 +1,201 @@ +=pod + +=head1 NAME + +ec - Elliptic Curve functions + +=head1 SYNOPSIS + + #include <openssl/ec.h> + #include <openssl/bn.h> + + const EC_METHOD *EC_GFp_simple_method(void); + const EC_METHOD *EC_GFp_mont_method(void); + const EC_METHOD *EC_GFp_nist_method(void); + const EC_METHOD *EC_GFp_nistp224_method(void); + const EC_METHOD *EC_GFp_nistp256_method(void); + const EC_METHOD *EC_GFp_nistp521_method(void); + + const EC_METHOD *EC_GF2m_simple_method(void); + + EC_GROUP *EC_GROUP_new(const EC_METHOD *meth); + void EC_GROUP_free(EC_GROUP *group); + void EC_GROUP_clear_free(EC_GROUP *group); + int EC_GROUP_copy(EC_GROUP *dst, const EC_GROUP *src); + EC_GROUP *EC_GROUP_dup(const EC_GROUP *src); + const EC_METHOD *EC_GROUP_method_of(const EC_GROUP *group); + int EC_METHOD_get_field_type(const EC_METHOD *meth); + int EC_GROUP_set_generator(EC_GROUP *group, const EC_POINT *generator, const BIGNUM *order, const BIGNUM *cofactor); + const EC_POINT *EC_GROUP_get0_generator(const EC_GROUP *group); + int EC_GROUP_get_order(const EC_GROUP *group, BIGNUM *order, BN_CTX *ctx); + int EC_GROUP_get_cofactor(const EC_GROUP *group, BIGNUM *cofactor, BN_CTX *ctx); + void EC_GROUP_set_curve_name(EC_GROUP *group, int nid); + int EC_GROUP_get_curve_name(const EC_GROUP *group); + void EC_GROUP_set_asn1_flag(EC_GROUP *group, int flag); + int EC_GROUP_get_asn1_flag(const EC_GROUP *group); + void EC_GROUP_set_point_conversion_form(EC_GROUP *group, point_conversion_form_t form); + point_conversion_form_t EC_GROUP_get_point_conversion_form(const EC_GROUP *); + unsigned char *EC_GROUP_get0_seed(const EC_GROUP *x); + size_t EC_GROUP_get_seed_len(const EC_GROUP *); + size_t EC_GROUP_set_seed(EC_GROUP *, const unsigned char *, size_t len); + int EC_GROUP_set_curve_GFp(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx); + int EC_GROUP_get_curve_GFp(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, BIGNUM *b, BN_CTX *ctx); + int EC_GROUP_set_curve_GF2m(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx); + int EC_GROUP_get_curve_GF2m(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, BIGNUM *b, BN_CTX *ctx); + int EC_GROUP_get_degree(const EC_GROUP *group); + int EC_GROUP_check(const EC_GROUP *group, BN_CTX *ctx); + int EC_GROUP_check_discriminant(const EC_GROUP *group, BN_CTX *ctx); + int EC_GROUP_cmp(const EC_GROUP *a, const EC_GROUP *b, BN_CTX *ctx); + EC_GROUP *EC_GROUP_new_curve_GFp(const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx); + EC_GROUP *EC_GROUP_new_curve_GF2m(const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx); + EC_GROUP *EC_GROUP_new_by_curve_name(int nid); + + size_t EC_get_builtin_curves(EC_builtin_curve *r, size_t nitems); + + EC_POINT *EC_POINT_new(const EC_GROUP *group); + void EC_POINT_free(EC_POINT *point); + void EC_POINT_clear_free(EC_POINT *point); + int EC_POINT_copy(EC_POINT *dst, const EC_POINT *src); + EC_POINT *EC_POINT_dup(const EC_POINT *src, const EC_GROUP *group); + const EC_METHOD *EC_POINT_method_of(const EC_POINT *point); + int EC_POINT_set_to_infinity(const EC_GROUP *group, EC_POINT *point); + int EC_POINT_set_Jprojective_coordinates_GFp(const EC_GROUP *group, EC_POINT *p, + const BIGNUM *x, const BIGNUM *y, const BIGNUM *z, BN_CTX *ctx); + int EC_POINT_get_Jprojective_coordinates_GFp(const EC_GROUP *group, + const EC_POINT *p, BIGNUM *x, BIGNUM *y, BIGNUM *z, BN_CTX *ctx); + int EC_POINT_set_affine_coordinates_GFp(const EC_GROUP *group, EC_POINT *p, + const BIGNUM *x, const BIGNUM *y, BN_CTX *ctx); + int EC_POINT_get_affine_coordinates_GFp(const EC_GROUP *group, + const EC_POINT *p, BIGNUM *x, BIGNUM *y, BN_CTX *ctx); + int EC_POINT_set_compressed_coordinates_GFp(const EC_GROUP *group, EC_POINT *p, + const BIGNUM *x, int y_bit, BN_CTX *ctx); + int EC_POINT_set_affine_coordinates_GF2m(const EC_GROUP *group, EC_POINT *p, + const BIGNUM *x, const BIGNUM *y, BN_CTX *ctx); + int EC_POINT_get_affine_coordinates_GF2m(const EC_GROUP *group, + const EC_POINT *p, BIGNUM *x, BIGNUM *y, BN_CTX *ctx); + int EC_POINT_set_compressed_coordinates_GF2m(const EC_GROUP *group, EC_POINT *p, + const BIGNUM *x, int y_bit, BN_CTX *ctx); + size_t EC_POINT_point2oct(const EC_GROUP *group, const EC_POINT *p, + point_conversion_form_t form, + unsigned char *buf, size_t len, BN_CTX *ctx); + int EC_POINT_oct2point(const EC_GROUP *group, EC_POINT *p, + const unsigned char *buf, size_t len, BN_CTX *ctx); + BIGNUM *EC_POINT_point2bn(const EC_GROUP *, const EC_POINT *, + point_conversion_form_t form, BIGNUM *, BN_CTX *); + EC_POINT *EC_POINT_bn2point(const EC_GROUP *, const BIGNUM *, + EC_POINT *, BN_CTX *); + char *EC_POINT_point2hex(const EC_GROUP *, const EC_POINT *, + point_conversion_form_t form, BN_CTX *); + EC_POINT *EC_POINT_hex2point(const EC_GROUP *, const char *, + EC_POINT *, BN_CTX *); + + int EC_POINT_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, const EC_POINT *b, BN_CTX *ctx); + int EC_POINT_dbl(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, BN_CTX *ctx); + int EC_POINT_invert(const EC_GROUP *group, EC_POINT *a, BN_CTX *ctx); + int EC_POINT_is_at_infinity(const EC_GROUP *group, const EC_POINT *p); + int EC_POINT_is_on_curve(const EC_GROUP *group, const EC_POINT *point, BN_CTX *ctx); + int EC_POINT_cmp(const EC_GROUP *group, const EC_POINT *a, const EC_POINT *b, BN_CTX *ctx); + int EC_POINT_make_affine(const EC_GROUP *group, EC_POINT *point, BN_CTX *ctx); + int EC_POINTs_make_affine(const EC_GROUP *group, size_t num, EC_POINT *points[], BN_CTX *ctx); + int EC_POINTs_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *n, size_t num, const EC_POINT *p[], const BIGNUM *m[], BN_CTX *ctx); + int EC_POINT_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *n, const EC_POINT *q, const BIGNUM *m, BN_CTX *ctx); + int EC_GROUP_precompute_mult(EC_GROUP *group, BN_CTX *ctx); + int EC_GROUP_have_precompute_mult(const EC_GROUP *group); + + int EC_GROUP_get_basis_type(const EC_GROUP *); + int EC_GROUP_get_trinomial_basis(const EC_GROUP *, unsigned int *k); + int EC_GROUP_get_pentanomial_basis(const EC_GROUP *, unsigned int *k1, + unsigned int *k2, unsigned int *k3); + EC_GROUP *d2i_ECPKParameters(EC_GROUP **, const unsigned char **in, long len); + int i2d_ECPKParameters(const EC_GROUP *, unsigned char **out); + #define d2i_ECPKParameters_bio(bp,x) ASN1_d2i_bio_of(EC_GROUP,NULL,d2i_ECPKParameters,bp,x) + #define i2d_ECPKParameters_bio(bp,x) ASN1_i2d_bio_of_const(EC_GROUP,i2d_ECPKParameters,bp,x) + #define d2i_ECPKParameters_fp(fp,x) (EC_GROUP *)ASN1_d2i_fp(NULL, \ + (char *(*)())d2i_ECPKParameters,(fp),(unsigned char **)(x)) + #define i2d_ECPKParameters_fp(fp,x) ASN1_i2d_fp(i2d_ECPKParameters,(fp), \ + (unsigned char *)(x)) + int ECPKParameters_print(BIO *bp, const EC_GROUP *x, int off); + int ECPKParameters_print_fp(FILE *fp, const EC_GROUP *x, int off); + + EC_KEY *EC_KEY_new(void); + int EC_KEY_get_flags(const EC_KEY *key); + void EC_KEY_set_flags(EC_KEY *key, int flags); + void EC_KEY_clear_flags(EC_KEY *key, int flags); + EC_KEY *EC_KEY_new_by_curve_name(int nid); + void EC_KEY_free(EC_KEY *key); + EC_KEY *EC_KEY_copy(EC_KEY *dst, const EC_KEY *src); + EC_KEY *EC_KEY_dup(const EC_KEY *src); + int EC_KEY_up_ref(EC_KEY *key); + const EC_GROUP *EC_KEY_get0_group(const EC_KEY *key); + int EC_KEY_set_group(EC_KEY *key, const EC_GROUP *group); + const BIGNUM *EC_KEY_get0_private_key(const EC_KEY *key); + int EC_KEY_set_private_key(EC_KEY *key, const BIGNUM *prv); + const EC_POINT *EC_KEY_get0_public_key(const EC_KEY *key); + int EC_KEY_set_public_key(EC_KEY *key, const EC_POINT *pub); + unsigned EC_KEY_get_enc_flags(const EC_KEY *key); + void EC_KEY_set_enc_flags(EC_KEY *eckey, unsigned int flags); + point_conversion_form_t EC_KEY_get_conv_form(const EC_KEY *key); + void EC_KEY_set_conv_form(EC_KEY *eckey, point_conversion_form_t cform); + void *EC_KEY_get_key_method_data(EC_KEY *key, + void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *)); + void EC_KEY_insert_key_method_data(EC_KEY *key, void *data, + void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *)); + void EC_KEY_set_asn1_flag(EC_KEY *eckey, int asn1_flag); + int EC_KEY_precompute_mult(EC_KEY *key, BN_CTX *ctx); + int EC_KEY_generate_key(EC_KEY *key); + int EC_KEY_check_key(const EC_KEY *key); + int EC_KEY_set_public_key_affine_coordinates(EC_KEY *key, BIGNUM *x, BIGNUM *y); + + EC_KEY *d2i_ECPrivateKey(EC_KEY **key, const unsigned char **in, long len); + int i2d_ECPrivateKey(EC_KEY *key, unsigned char **out); + + EC_KEY *d2i_ECParameters(EC_KEY **key, const unsigned char **in, long len); + int i2d_ECParameters(EC_KEY *key, unsigned char **out); + + EC_KEY *o2i_ECPublicKey(EC_KEY **key, const unsigned char **in, long len); + int i2o_ECPublicKey(EC_KEY *key, unsigned char **out); + int ECParameters_print(BIO *bp, const EC_KEY *key); + int EC_KEY_print(BIO *bp, const EC_KEY *key, int off); + int ECParameters_print_fp(FILE *fp, const EC_KEY *key); + int EC_KEY_print_fp(FILE *fp, const EC_KEY *key, int off); + #define ECParameters_dup(x) ASN1_dup_of(EC_KEY,i2d_ECParameters,d2i_ECParameters,x) + #define EVP_PKEY_CTX_set_ec_paramgen_curve_nid(ctx, nid) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, EVP_PKEY_OP_PARAMGEN, \ + EVP_PKEY_CTRL_EC_PARAMGEN_CURVE_NID, nid, NULL) + + +=head1 DESCRIPTION + +This library provides an extensive set of functions for performing operations on elliptic curves over finite fields. +In general an elliptic curve is one with an equation of the form: + +y^2 = x^3 + ax + b + +An B<EC_GROUP> structure is used to represent the definition of an elliptic curve. Points on a curve are stored using an +B<EC_POINT> structure. An B<EC_KEY> is used to hold a private/public key pair, where a private key is simply a BIGNUM and a +public key is a point on a curve (represented by an B<EC_POINT>). + +The library contains a number of alternative implementations of the different functions. Each implementation is optimised +for different scenarios. No matter which implementation is being used, the interface remains the same. The library +handles calling the correct implementation when an interface function is invoked. An implementation is represented by +an B<EC_METHOD> structure. + +The creation and destruction of B<EC_GROUP> objects is described in L<EC_GROUP_new(3)|EC_GROUP_new(3)>. Functions for +manipulating B<EC_GROUP> objects are described in L<EC_GROUP_copy(3)|EC_GROUP_copy(3)>. + +Functions for creating, destroying and manipulating B<EC_POINT> objects are explained in L<EC_POINT_new(3)|EC_POINT_new(3)>, +whilst functions for performing mathematical operations and tests on B<EC_POINTs> are coverd in L<EC_POINT_add(3)|EC_POINT_add(3)>. + +For working with private and public keys refer to L<EC_KEY_new(3)|EC_KEY_new(3)>. Implementations are covered in +L<EC_GFp_simple_method(3)|EC_GFp_simple_method(3)>. + +For information on encoding and decoding curve parameters to and from ASN1 see L<d2i_ECPKParameters(3)|d2i_ECPKParameters(3)>. + +=head1 SEE ALSO + +L<crypto(3)|crypto(3)>, L<EC_GROUP_new(3)|EC_GROUP_new(3)>, L<EC_GROUP_copy(3)|EC_GROUP_copy(3)>, +L<EC_POINT_new(3)|EC_POINT_new(3)>, L<EC_POINT_add(3)|EC_POINT_add(3)>, L<EC_KEY_new(3)|EC_KEY_new(3)>, +L<EC_GFp_simple_method(3)|EC_GFp_simple_method(3)>, L<d2i_ECPKParameters(3)|d2i_ECPKParameters(3)> + + +=cut diff --git a/doc/crypto/ecdsa.pod b/doc/crypto/ecdsa.pod index 20edff97ff..123784ee16 100644 --- a/doc/crypto/ecdsa.pod +++ b/doc/crypto/ecdsa.pod @@ -2,7 +2,7 @@ =head1 NAME -ecdsa - Elliptic Curve Digital Signature Algorithm +ECDSA_SIG_new, ECDSA_SIG_free, i2d_ECDSA_SIG, d2i_ECDSA_SIG, ECDSA_size, ECDSA_sign_setup, ECDSA_sign, ECDSA_sign_ex, ECDSA_verify, ECDSA_do_sign, ECDSA_do_sign_ex, ECDSA_do_verify - Elliptic Curve Digital Signature Algorithm =head1 SYNOPSIS diff --git a/doc/crypto/evp.pod b/doc/crypto/evp.pod index 9faa349243..8a9ed9660c 100644 --- a/doc/crypto/evp.pod +++ b/doc/crypto/evp.pod @@ -13,22 +13,57 @@ evp - high-level cryptographic functions The EVP library provides a high-level interface to cryptographic functions. -B<EVP_Seal>I<...> and B<EVP_Open>I<...> provide public key encryption -and decryption to implement digital "envelopes". +L<B<EVP_Seal>I<...>|EVP_SealInit(3)> and L<B<EVP_Open>I<...>|EVP_OpenInit(3)> +provide public key encryption and decryption to implement digital "envelopes". -The B<EVP_Sign>I<...> and B<EVP_Verify>I<...> functions implement -digital signatures. +The L<B<EVP_DigestSign>I<...>|EVP_DigestSignInit(3)> and +L<B<EVP_DigestVerify>I<...>|EVP_DigestVerifyInit(3)> functions implement +digital signatures and Message Authentication Codes (MACs). Also see the older +L<B<EVP_Sign>I<...>|EVP_SignInit(3)> and L<B<EVP_Verify>I<...>|EVP_VerifyInit(3)> +functions. -Symmetric encryption is available with the B<EVP_Encrypt>I<...> -functions. The B<EVP_Digest>I<...> functions provide message digests. +Symmetric encryption is available with the L<B<EVP_Encrypt>I<...>|EVP_EncryptInit(3)> +functions. The L<B<EVP_Digest>I<...>|EVP_DigestInit(3)> functions provide message digests. The B<EVP_PKEY>I<...> functions provide a high level interface to -asymmetric algorithms. - -Algorithms are loaded with OpenSSL_add_all_algorithms(3). +asymmetric algorithms. To create a new EVP_PKEY see +L<EVP_PKEY_new(3)|EVP_PKEY_new(3)>. EVP_PKEYs can be associated +with a private key of a particular algorithm by using the functions +described on the L<EVP_PKEY_set1_RSA(3)|EVP_PKEY_set1_RSA(3)> page, or +new keys can be generated using L<EVP_PKEY_keygen(3)|EVP_PKEY_keygen(3)>. +EVP_PKEYs can be compared using L<EVP_PKEY_cmp(3)|EVP_PKEY_cmp(3)>, or printed using +L<EVP_PKEY_print_private(3)|EVP_PKEY_print_private(3)>. + +The EVP_PKEY functions support the full range of asymmetric algorithm operations: +=over + +=item For key agreement see L<EVP_PKEY_derive(3)|EVP_PKEY_derive(3)> + +=item For signing and verifying see L<EVP_PKEY_sign(3)|EVP_PKEY_sign(3)>, +L<EVP_PKEY_verify(3)|EVP_PKEY_verify(3)> and L<EVP_PKEY_verify_recover(3)|EVP_PKEY_verify_recover(3)>. +However, note that +these functions do not perform a digest of the data to be signed. Therefore +normally you would use the L<B<EVP_DigestSign>I<...>|EVP_DigestSignInit(3)> +functions for this purpose. + +=item For encryption and decryption see L<EVP_PKEY_encrypt(3)|EVP_PKEY_encrypt(3)> +and L<EVP_PKEY_decrypt(3)|EVP_PKEY_decrypt(3)> respectively. However, note that +these functions perform encryption and decryption only. As public key +encryption is an expensive operation, normally you would wrap +an encrypted message in a "digital envelope" using the L<B<EVP_Seal>I<...>|EVP_SealInit(3)> and +L<B<EVP_Open>I<...>|EVP_OpenInit(3)> functions. + +=back + +The L<EVP_BytesToKey(3)|EVP_BytesToKey(3)> function provides some limited support for password +based encryption. Careful selection of the parameters will provide a PKCS#5 PBKDF1 compatible +implementation. However, new applications should not typically use this (preferring, for example, +PBKDF2 from PCKS#5). + +Algorithms are loaded with L<OpenSSL_add_all_algorithms(3)|OpenSSL_add_all_algorithms(3)>. All the symmetric algorithms (ciphers), digests and asymmetric algorithms -(public key algorithms) can be replaced by ENGINE modules providing alternative +(public key algorithms) can be replaced by L<ENGINE|engine(3)> modules providing alternative implementations. If ENGINE implementations of ciphers or digests are registered as defaults, then the various EVP functions will automatically use those implementations automatically in preference to built in software @@ -47,8 +82,20 @@ L<EVP_DigestInit(3)|EVP_DigestInit(3)>, L<EVP_EncryptInit(3)|EVP_EncryptInit(3)>, L<EVP_OpenInit(3)|EVP_OpenInit(3)>, L<EVP_SealInit(3)|EVP_SealInit(3)>, +L<EVP_DigestSignInit(3)|EVP_DigestSignInit(3)>, L<EVP_SignInit(3)|EVP_SignInit(3)>, L<EVP_VerifyInit(3)|EVP_VerifyInit(3)>, +L<EVP_PKEY_new(3)|EVP_PKEY_new(3)>, +L<EVP_PKEY_set1_RSA(3)|EVP_PKEY_set1_RSA(3)>, +L<EVP_PKEY_keygen(3)|EVP_PKEY_keygen(3)>, +L<EVP_PKEY_print_private(3)|EVP_PKEY_print_private(3)>, +L<EVP_PKEY_decrypt(3)|EVP_PKEY_decrypt(3)>, +L<EVP_PKEY_encrypt(3)|EVP_PKEY_encrypt(3)>, +L<EVP_PKEY_sign(3)|EVP_PKEY_sign(3)>, +L<EVP_PKEY_verify(3)|EVP_PKEY_verify(3)>, +L<EVP_PKEY_verify_recover(3)|EVP_PKEY_verify_recover(3)>, +L<EVP_PKEY_derive(3)|EVP_PKEY_derive(3)>, +L<EVP_BytesToKey(3)|EVP_BytesToKey(3)>, L<OpenSSL_add_all_algorithms(3)|OpenSSL_add_all_algorithms(3)>, L<engine(3)|engine(3)> diff --git a/doc/crypto/hmac.pod b/doc/crypto/hmac.pod index d92138d273..58a57f47bb 100644 --- a/doc/crypto/hmac.pod +++ b/doc/crypto/hmac.pod @@ -2,8 +2,8 @@ =head1 NAME -HMAC, HMAC_Init, HMAC_Update, HMAC_Final, HMAC_cleanup - HMAC message -authentication code +HMAC, HMAC_CTX_init, HMAC_Init, HMAC_Init_ex, HMAC_Update, HMAC_Final, HMAC_CTX_cleanup, +HMAC_cleanup - HMAC message authentication code =head1 SYNOPSIS diff --git a/doc/crypto/i2d_PKCS7_bio_stream.pod b/doc/crypto/i2d_PKCS7_bio_stream.pod index dc4d884c59..a37231e267 100644 --- a/doc/crypto/i2d_PKCS7_bio_stream.pod +++ b/doc/crypto/i2d_PKCS7_bio_stream.pod @@ -23,7 +23,7 @@ streaming. =head1 BUGS -The prefix "d2i" is arguably wrong because the function outputs BER format. +The prefix "i2d" is arguably wrong because the function outputs BER format. =head1 RETURN VALUES diff --git a/doc/ssl/SSL_CTX_new.pod b/doc/ssl/SSL_CTX_new.pod index 34d8dd7653..23e13e134e 100644 --- a/doc/ssl/SSL_CTX_new.pod +++ b/doc/ssl/SSL_CTX_new.pod @@ -2,7 +2,7 @@ =head1 NAME -SSL_CTX_new - create a new SSL_CTX object as framework for TLS/SSL enabled functions +SSL_CTX_new, SSLv2_method, SSLv2_server_method, SSLv2_client_method, SSLv3_method, SSLv3_server_method, SSLv3_client_method, TLSv1_method(void), TLSv1_server_method(void), TLSv1_client_method, TLSv1_1_method, TLSv1_1_server_method, TLSv1_1_client_method, SSLv23_method, SSLv23_server_method, SSLv23_client_method - create a new SSL_CTX object as framework for TLS/SSL enabled functions =head1 SYNOPSIS diff --git a/doc/ssl/SSL_get_fd.pod b/doc/ssl/SSL_get_fd.pod index 89260b522c..19e52d68d0 100644 --- a/doc/ssl/SSL_get_fd.pod +++ b/doc/ssl/SSL_get_fd.pod @@ -2,7 +2,7 @@ =head1 NAME -SSL_get_fd - get file descriptor linked to an SSL object +SSL_get_fd, SSL_get_rfd, SSL_get_wfd - get file descriptor linked to an SSL object =head1 SYNOPSIS diff --git a/doc/ssl/SSL_get_rbio.pod b/doc/ssl/SSL_get_rbio.pod index 3d98233cac..08dea6a6cd 100644 --- a/doc/ssl/SSL_get_rbio.pod +++ b/doc/ssl/SSL_get_rbio.pod @@ -2,7 +2,7 @@ =head1 NAME -SSL_get_rbio - get BIO linked to an SSL object +SSL_get_rbio, SSL_get_wbio - get BIO linked to an SSL object =head1 SYNOPSIS diff --git a/doc/ssl/SSL_get_session.pod b/doc/ssl/SSL_get_session.pod index 0c41caa922..1a30f7bb5f 100644 --- a/doc/ssl/SSL_get_session.pod +++ b/doc/ssl/SSL_get_session.pod @@ -2,7 +2,7 @@ =head1 NAME -SSL_get_session - retrieve TLS/SSL session data +SSL_get_session, SSL_get0_session, SSL_get1_session - retrieve TLS/SSL session data =head1 SYNOPSIS diff --git a/doc/ssl/SSL_set_connect_state.pod b/doc/ssl/SSL_set_connect_state.pod index d88a057def..a68de31e0e 100644 --- a/doc/ssl/SSL_set_connect_state.pod +++ b/doc/ssl/SSL_set_connect_state.pod @@ -2,7 +2,7 @@ =head1 NAME -SSL_set_connect_state, SSL_get_accept_state - prepare SSL object to work in client or server mode +SSL_set_connect_state, SSL_set_accept_state - prepare SSL object to work in client or server mode =head1 SYNOPSIS diff --git a/doc/ssl/SSL_set_fd.pod b/doc/ssl/SSL_set_fd.pod index 70291128fc..e020b4ccfa 100644 --- a/doc/ssl/SSL_set_fd.pod +++ b/doc/ssl/SSL_set_fd.pod @@ -2,7 +2,7 @@ =head1 NAME -SSL_set_fd - connect the SSL object with a file descriptor +SSL_set_fd, SSL_set_rfd, SSL_set_wfd - connect the SSL object with a file descriptor =head1 SYNOPSIS |