diff options
Diffstat (limited to 'secure/lib/libcrypto/man/EVP_PKEY_keygen.3')
| -rw-r--r-- | secure/lib/libcrypto/man/EVP_PKEY_keygen.3 | 96 |
1 files changed, 67 insertions, 29 deletions
diff --git a/secure/lib/libcrypto/man/EVP_PKEY_keygen.3 b/secure/lib/libcrypto/man/EVP_PKEY_keygen.3 index c73fbacd822e0..514e36383f5a8 100644 --- a/secure/lib/libcrypto/man/EVP_PKEY_keygen.3 +++ b/secure/lib/libcrypto/man/EVP_PKEY_keygen.3 @@ -128,14 +128,14 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "EVP_PKEY_keygen 3" -.TH EVP_PKEY_keygen 3 "2018-08-14" "1.0.2p" "OpenSSL" +.IX Title "EVP_PKEY_KEYGEN 3" +.TH EVP_PKEY_KEYGEN 3 "2018-09-11" "1.1.1" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -EVP_PKEY_keygen_init, EVP_PKEY_keygen, EVP_PKEY_paramgen_init, EVP_PKEY_paramgen, EVP_PKEY_CTX_set_cb, EVP_PKEY_CTX_get_cb, EVP_PKEY_CTX_get_keygen_info, EVP_PKEVP_PKEY_CTX_set_app_data, EVP_PKEY_CTX_get_app_data \- key and parameter generation functions +EVP_PKEY_keygen_init, EVP_PKEY_keygen, EVP_PKEY_paramgen_init, EVP_PKEY_paramgen, EVP_PKEY_CTX_set_cb, EVP_PKEY_CTX_get_cb, EVP_PKEY_CTX_get_keygen_info, EVP_PKEY_CTX_set_app_data, EVP_PKEY_CTX_get_app_data, EVP_PKEY_gen_cb, EVP_PKEY_check, EVP_PKEY_public_check, EVP_PKEY_param_check \&\- key and parameter generation and check functions .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 @@ -155,13 +155,17 @@ EVP_PKEY_keygen_init, EVP_PKEY_keygen, EVP_PKEY_paramgen_init, EVP_PKEY_paramgen \& \& void EVP_PKEY_CTX_set_app_data(EVP_PKEY_CTX *ctx, void *data); \& void *EVP_PKEY_CTX_get_app_data(EVP_PKEY_CTX *ctx); +\& +\& int EVP_PKEY_check(EVP_PKEY_CTX *ctx); +\& int EVP_PKEY_public_check(EVP_PKEY_CTX *ctx); +\& int EVP_PKEY_param_check(EVP_PKEY_CTX *ctx); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" The \fIEVP_PKEY_keygen_init()\fR function initializes a public key algorithm -context using key \fBpkey\fR for a key genration operation. +context using key \fBpkey\fR for a key generation operation. .PP -The \fIEVP_PKEY_keygen()\fR function performs a key generation operation, the +The \fIEVP_PKEY_keygen()\fR function performs a key generation operation, the generated key is written to \fBppkey\fR. .PP The functions \fIEVP_PKEY_paramgen_init()\fR and \fIEVP_PKEY_paramgen()\fR are similar @@ -177,7 +181,7 @@ parameters available is returned. Any non negative value returns the value of that parameter. \fIEVP_PKEY_CTX_gen_keygen_info()\fR with a non-negative value for \&\fBidx\fR should only be called within the generation callback. .PP -If the callback returns 0 then the key genration operation is aborted and an +If the callback returns 0 then the key generation operation is aborted and an error occurs. This might occur during a time consuming operation where a user clicks on a \*(L"cancel\*(R" button. .PP @@ -185,6 +189,18 @@ The functions \fIEVP_PKEY_CTX_set_app_data()\fR and \fIEVP_PKEY_CTX_get_app_data and retrieve an opaque pointer. This can be used to set some application defined value which can be retrieved in the callback: for example a handle which is used to update a \*(L"progress dialog\*(R". +.PP +\&\fIEVP_PKEY_check()\fR validates the key-pair given by \fBctx\fR. This function first tries +to use customized key check method in \fB\s-1EVP_PKEY_METHOD\s0\fR if it's present; otherwise +it calls a default one defined in \fB\s-1EVP_PKEY_ASN1_METHOD\s0\fR. +.PP +\&\fIEVP_PKEY_public_check()\fR validates the public component of the key-pair given by \fBctx\fR. +This function first tries to use customized key check method in \fB\s-1EVP_PKEY_METHOD\s0\fR +if it's present; otherwise it calls a default one defined in \fB\s-1EVP_PKEY_ASN1_METHOD\s0\fR. +.PP +\&\fIEVP_PKEY_param_check()\fR validates the algorithm parameters of the key-pair given by \fBctx\fR. +This function first tries to use customized key check method in \fB\s-1EVP_PKEY_METHOD\s0\fR +if it's present; otherwise it calls a default one defined in \fB\s-1EVP_PKEY_ASN1_METHOD\s0\fR. .SH "NOTES" .IX Header "NOTES" After the call to \fIEVP_PKEY_keygen_init()\fR or \fIEVP_PKEY_paramgen_init()\fR algorithm @@ -196,7 +212,7 @@ once on the same context if several operations are performed using the same parameters. .PP The meaning of the parameters passed to the callback will depend on the -algorithm and the specifiic implementation of the algorithm. Some might not +algorithm and the specific implementation of the algorithm. Some might not give any useful information at all during key or parameter generation. Others might not even call the callback. .PP @@ -214,6 +230,10 @@ in functions which require the use of a public key or parameters. \&\fIEVP_PKEY_paramgen()\fR return 1 for success and 0 or a negative value for failure. In particular a return value of \-2 indicates the operation is not supported by the public key algorithm. +.PP +\&\fIEVP_PKEY_check()\fR, \fIEVP_PKEY_public_check()\fR and \fIEVP_PKEY_param_check()\fR return 1 +for success or others for failure. They return \-2 if the operation is not supported +for the specific algorithm. .SH "EXAMPLES" .IX Header "EXAMPLES" Generate a 2048 bit \s-1RSA\s0 key: @@ -224,17 +244,18 @@ Generate a 2048 bit \s-1RSA\s0 key: \& \& EVP_PKEY_CTX *ctx; \& EVP_PKEY *pkey = NULL; +\& \& ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL); \& if (!ctx) -\& /* Error occurred */ +\& /* Error occurred */ \& if (EVP_PKEY_keygen_init(ctx) <= 0) -\& /* Error */ +\& /* Error */ \& if (EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, 2048) <= 0) -\& /* Error */ +\& /* Error */ \& \& /* Generate key */ \& if (EVP_PKEY_keygen(ctx, &pkey) <= 0) -\& /* Error */ +\& /* Error */ .Ve .PP Generate a key from a set of parameters: @@ -244,17 +265,19 @@ Generate a key from a set of parameters: \& #include <openssl/rsa.h> \& \& EVP_PKEY_CTX *ctx; +\& ENGINE *eng; \& EVP_PKEY *pkey = NULL, *param; -\& /* Assumed param is set up already */ -\& ctx = EVP_PKEY_CTX_new(param); +\& +\& /* Assumed param, eng are set up already */ +\& ctx = EVP_PKEY_CTX_new(param, eng); \& if (!ctx) -\& /* Error occurred */ +\& /* Error occurred */ \& if (EVP_PKEY_keygen_init(ctx) <= 0) -\& /* Error */ +\& /* Error */ \& \& /* Generate key */ \& if (EVP_PKEY_keygen(ctx, &pkey) <= 0) -\& /* Error */ +\& /* Error */ .Ve .PP Example of generation callback for OpenSSL public key implementations: @@ -265,19 +288,23 @@ Example of generation callback for OpenSSL public key implementations: \& EVP_PKEY_CTX_set_app_data(ctx, status_bio); \& \& static int genpkey_cb(EVP_PKEY_CTX *ctx) -\& { -\& char c=\*(Aq*\*(Aq; -\& BIO *b = EVP_PKEY_CTX_get_app_data(ctx); -\& int p; -\& p = EVP_PKEY_CTX_get_keygen_info(ctx, 0); -\& if (p == 0) c=\*(Aq.\*(Aq; -\& if (p == 1) c=\*(Aq+\*(Aq; -\& if (p == 2) c=\*(Aq*\*(Aq; -\& if (p == 3) c=\*(Aq\en\*(Aq; -\& BIO_write(b,&c,1); -\& (void)BIO_flush(b); -\& return 1; -\& } +\& { +\& char c = \*(Aq*\*(Aq; +\& BIO *b = EVP_PKEY_CTX_get_app_data(ctx); +\& int p = EVP_PKEY_CTX_get_keygen_info(ctx, 0); +\& +\& if (p == 0) +\& c = \*(Aq.\*(Aq; +\& if (p == 1) +\& c = \*(Aq+\*(Aq; +\& if (p == 2) +\& c = \*(Aq*\*(Aq; +\& if (p == 3) +\& c = \*(Aq\en\*(Aq; +\& BIO_write(b, &c, 1); +\& (void)BIO_flush(b); +\& return 1; +\& } .Ve .SH "SEE ALSO" .IX Header "SEE ALSO" @@ -291,3 +318,14 @@ Example of generation callback for OpenSSL public key implementations: .SH "HISTORY" .IX Header "HISTORY" These functions were first added to OpenSSL 1.0.0. +.PP +\&\fIEVP_PKEY_check()\fR, \fIEVP_PKEY_public_check()\fR and \fIEVP_PKEY_param_check()\fR were added +in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2006\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +<https://www.openssl.org/source/license.html>. |