laantungir/nostr_core_lib
1
1
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

.

Browse Source
This commit is contained in:
Laan Tungir
2025-08-14 18:30:16 -04:00
parent 9191d446d3
commit d6a0bd67b2
9309 changed files with 47274 additions and 396945 deletions
Download Patch File Download Diff File Expand all files Collapse all files

261
openssl-install/share/man/man7/EVP_ASYM_CIPHER-RSA.7ossl
View File

@@ -1,261 +0,0 @@
.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42)
.\"
.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..
.de Vb \" Begin verbatim text
.ft CW
.nf
.ne \\$1
..
.de Ve \" End verbatim text
.ft R
.fi
..
.\" Set up some character translations and predefined strings. \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote. \*(C+ will
.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
.\" nothing in troff, for use with C<>.
.tr \(*W-
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\
. ds -- \(*W-
. ds PI pi
. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
. ds L" ""
. ds R" ""
. ds C` ""
. ds C' ""
'br\}
.el\{\
. ds -- \|\(em\|
. ds PI \(*p
. ds L" ``
. ds R" ''
. ds C`
. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
.ie \n(.g .ds Aq \(aq
.el .ds Aq '
.\"
.\" If the F register is >0, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
.\"
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
.nr rF 0
.if \n(.g .if rF .nr rF 1
.if (\n(rF:(\n(.g==0)) \{\
. if \nF \{\
. de IX
. tm Index:\\$1\t\\n%\t"\\$2"
..
. if !\nF==2 \{\
. nr % 0
. nr F 2
. \}
. \}
.\}
.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
. \" fudge factors for nroff and troff
.if n \{\
. ds #H 0
. ds #V .8m
. ds #F .3m
. ds #[ \f1
. ds #] \fP
.\}
.if t \{\
. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
. ds #V .6m
. ds #F 0
. ds #[ \&
. ds #] \&
.\}
. \" simple accents for nroff and troff
.if n \{\
. ds ' \&
. ds ` \&
. ds ^ \&
. ds , \&
. ds ~ ~
. ds /
.\}
.if t \{\
. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
.\}
. \" troff and (daisy-wheel) nroff accents
.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
.ds ae a\h'-(\w'a'u*4/10)'e
.ds Ae A\h'-(\w'A'u*4/10)'E
. \" corrections for vroff
.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
. \" for low resolution devices (crt and lpr)
.if \n(.H>23 .if \n(.V>19 \
\{\
. ds : e
. ds 8 ss
. ds o a
. ds d- d\h'-1'\(ga
. ds D- D\h'-1'\(hy
. ds th \o'bp'
. ds Th \o'LP'
. ds ae ae
. ds Ae AE
.\}
.rm #[ #] #H #V #F C
.\" ========================================================================
.\"
.IX Title "EVP_ASYM_CIPHER-RSA 7ossl"
.TH EVP_ASYM_CIPHER-RSA 7ossl "2025-07-01" "3.4.2" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
.nh
.SH "NAME"
EVP_ASYM_CIPHER\-RSA
\&\- RSA Asymmetric Cipher algorithm support
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
Asymmetric Cipher support for the \fB\s-1RSA\s0\fR key type.
.SS "\s-1RSA\s0 Asymmetric Cipher parameters"
.IX Subsection "RSA Asymmetric Cipher parameters"
.ie n .IP """pad-mode"" (\fB\s-1OSSL_ASYM_CIPHER_PARAM_PAD_MODE\s0\fR) <\s-1UTF8\s0 string>" 4
.el .IP "``pad-mode'' (\fB\s-1OSSL_ASYM_CIPHER_PARAM_PAD_MODE\s0\fR) <\s-1UTF8\s0 string>" 4
.IX Item "pad-mode (OSSL_ASYM_CIPHER_PARAM_PAD_MODE) <UTF8 string>"
The default provider understands these \s-1RSA\s0 padding modes in string form:
.RS 4
.ie n .IP """none"" (\fB\s-1OSSL_PKEY_RSA_PAD_MODE_NONE\s0\fR)" 4
.el .IP "``none'' (\fB\s-1OSSL_PKEY_RSA_PAD_MODE_NONE\s0\fR)" 4
.IX Item "none (OSSL_PKEY_RSA_PAD_MODE_NONE)"
.PD 0
.ie n .IP """oaep"" (\fB\s-1OSSL_PKEY_RSA_PAD_MODE_OAEP\s0\fR)" 4
.el .IP "``oaep'' (\fB\s-1OSSL_PKEY_RSA_PAD_MODE_OAEP\s0\fR)" 4
.IX Item "oaep (OSSL_PKEY_RSA_PAD_MODE_OAEP)"
.ie n .IP """pkcs1"" (\fB\s-1OSSL_PKEY_RSA_PAD_MODE_PKCSV15\s0\fR)" 4
.el .IP "``pkcs1'' (\fB\s-1OSSL_PKEY_RSA_PAD_MODE_PKCSV15\s0\fR)" 4
.IX Item "pkcs1 (OSSL_PKEY_RSA_PAD_MODE_PKCSV15)"
.PD
This padding mode is no longer supported by the \s-1FIPS\s0 provider for key
agreement and key transport.
(This is a \s-1FIPS 140\-3\s0 requirement)
.ie n .IP """x931"" (\fB\s-1OSSL_PKEY_RSA_PAD_MODE_X931\s0\fR)" 4
.el .IP "``x931'' (\fB\s-1OSSL_PKEY_RSA_PAD_MODE_X931\s0\fR)" 4
.IX Item "x931 (OSSL_PKEY_RSA_PAD_MODE_X931)"
.RE
.RS 4
.RE
.PD 0
.ie n .IP """pad-mode"" (\fB\s-1OSSL_ASYM_CIPHER_PARAM_PAD_MODE\s0\fR) <integer>" 4
.el .IP "``pad-mode'' (\fB\s-1OSSL_ASYM_CIPHER_PARAM_PAD_MODE\s0\fR) <integer>" 4
.IX Item "pad-mode (OSSL_ASYM_CIPHER_PARAM_PAD_MODE) <integer>"
.PD
The default provider understands these \s-1RSA\s0 padding modes in integer form:
.RS 4
.IP "1 (\fB\s-1RSA_PKCS1_PADDING\s0\fR)" 4
.IX Item "1 (RSA_PKCS1_PADDING)"
This padding mode is no longer supported by the \s-1FIPS\s0 provider for key
agreement and key transport.
(This is a \s-1FIPS 140\-3\s0 requirement)
.IP "3 (\fB\s-1RSA_NO_PADDING\s0\fR)" 4
.IX Item "3 (RSA_NO_PADDING)"
.PD 0
.IP "4 (\fB\s-1RSA_PKCS1_OAEP_PADDING\s0\fR)" 4
.IX Item "4 (RSA_PKCS1_OAEP_PADDING)"
.IP "5 (\fB\s-1RSA_X931_PADDING\s0\fR)" 4
.IX Item "5 (RSA_X931_PADDING)"
.RE
.RS 4
.PD
.Sp
See \fBEVP_PKEY_CTX_set_rsa_padding\fR\|(3) for further details.
.RE
.ie n .IP """digest"" (\fB\s-1OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST\s0\fR) <\s-1UTF8\s0 string>" 4
.el .IP "``digest'' (\fB\s-1OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST\s0\fR) <\s-1UTF8\s0 string>" 4
.IX Item "digest (OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST) <UTF8 string>"
.PD 0
.ie n .IP """digest-props"" (\fB\s-1OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST_PROPS\s0\fR) <\s-1UTF8\s0 string>" 4
.el .IP "``digest-props'' (\fB\s-1OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST_PROPS\s0\fR) <\s-1UTF8\s0 string>" 4
.IX Item "digest-props (OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST_PROPS) <UTF8 string>"
.ie n .IP """mgf1\-digest"" (\fB\s-1OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST\s0\fR) <\s-1UTF8\s0 string>" 4
.el .IP "``mgf1\-digest'' (\fB\s-1OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST\s0\fR) <\s-1UTF8\s0 string>" 4
.IX Item "mgf1-digest (OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST) <UTF8 string>"
.ie n .IP """mgf1\-digest\-props"" (\fB\s-1OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST_PROPS\s0\fR) <\s-1UTF8\s0 string>" 4
.el .IP "``mgf1\-digest\-props'' (\fB\s-1OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST_PROPS\s0\fR) <\s-1UTF8\s0 string>" 4
.IX Item "mgf1-digest-props (OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST_PROPS) <UTF8 string>"
.ie n .IP """oaep-label"" (\fB\s-1OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL\s0\fR) <octet string>" 4
.el .IP "``oaep-label'' (\fB\s-1OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL\s0\fR) <octet string>" 4
.IX Item "oaep-label (OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL) <octet string>"
.ie n .IP """tls-client-version"" (\fB\s-1OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION\s0\fR) <unsigned integer>" 4
.el .IP "``tls-client-version'' (\fB\s-1OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION\s0\fR) <unsigned integer>" 4
.IX Item "tls-client-version (OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION) <unsigned integer>"
.PD
See \fB\s-1RSA_PKCS1_WITH_TLS_PADDING\s0\fR on the page \fBEVP_PKEY_CTX_set_rsa_padding\fR\|(3).
.ie n .IP """tls-negotiated-version"" (\fB\s-1OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION\s0\fR) <unsigned integer>" 4
.el .IP "``tls-negotiated-version'' (\fB\s-1OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION\s0\fR) <unsigned integer>" 4
.IX Item "tls-negotiated-version (OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION) <unsigned integer>"
See \fB\s-1RSA_PKCS1_WITH_TLS_PADDING\s0\fR on the page \fBEVP_PKEY_CTX_set_rsa_padding\fR\|(3).
.Sp
See \*(L"Asymmetric Cipher Parameters\*(R" in \fBprovider\-asym_cipher\fR\|(7) for more information.
.PP
The OpenSSL \s-1FIPS\s0 provider also supports the following parameters:
.ie n .IP """fips-indicator"" (\fB\s-1OSSL_ASYM_CIPHER_PARAM_FIPS_APPROVED_INDICATOR\s0\fR) <integer>" 4
.el .IP "``fips-indicator'' (\fB\s-1OSSL_ASYM_CIPHER_PARAM_FIPS_APPROVED_INDICATOR\s0\fR) <integer>" 4
.IX Item "fips-indicator (OSSL_ASYM_CIPHER_PARAM_FIPS_APPROVED_INDICATOR) <integer>"
.PD 0
.ie n .IP """key-check"" (\fB\s-1OSSL_ASYM_CIPHER_PARAM_FIPS_KEY_CHECK\s0\fR) <integer>" 4
.el .IP "``key-check'' (\fB\s-1OSSL_ASYM_CIPHER_PARAM_FIPS_KEY_CHECK\s0\fR) <integer>" 4
.IX Item "key-check (OSSL_ASYM_CIPHER_PARAM_FIPS_KEY_CHECK) <integer>"
.PD
See \*(L"Asymmetric Cipher Parameters\*(R" in \fBprovider\-asym_cipher\fR\|(7) for more information.
.ie n .IP """pkcs15\-pad\-disabled"" (\fB\s-1OSSL_ASYM_CIPHER_PARAM_FIPS_RSA_PKCS15_PAD_DISABLED\s0\fR) <integer>" 4
.el .IP "``pkcs15\-pad\-disabled'' (\fB\s-1OSSL_ASYM_CIPHER_PARAM_FIPS_RSA_PKCS15_PAD_DISABLED\s0\fR) <integer>" 4
.IX Item "pkcs15-pad-disabled (OSSL_ASYM_CIPHER_PARAM_FIPS_RSA_PKCS15_PAD_DISABLED) <integer>"
The default value of 1 causes an error during encryption if the \s-1RSA\s0 padding
mode is set to \*(L"pkcs1\*(R".
Setting this to zero will ignore the error and set the approved
\&\*(L"fips-indicator\*(R" to 0.
This option breaks \s-1FIPS\s0 compliance if it causes the approved \*(L"fips-indicator\*(R"
to return 0.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\s-1\fBEVP_PKEY\-RSA\s0\fR\|(7),
\&\s-1\fBEVP_PKEY\s0\fR\|(3),
\&\fBprovider\-asym_cipher\fR\|(7),
\&\fBprovider\-keymgmt\fR\|(7),
\&\fBOSSL_PROVIDER\-default\fR\|(7)
\&\s-1\fBOSSL_PROVIDER\-FIPS\s0\fR\|(7)
.SH "COPYRIGHT"
.IX Header "COPYRIGHT"
Copyright 2022\-2024 The OpenSSL Project Authors. All Rights Reserved.
.PP
Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use
this file except in compliance with the License. You can obtain a copy
in the file \s-1LICENSE\s0 in the source distribution or at
<https://www.openssl.org/source/license.html>.

172
openssl-install/share/man/man7/EVP_ASYM_CIPHER-SM2.7ossl
View File

@@ -1,172 +0,0 @@
.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42)
.\"
.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..
.de Vb \" Begin verbatim text
.ft CW
.nf
.ne \\$1
..
.de Ve \" End verbatim text
.ft R
.fi
..
.\" Set up some character translations and predefined strings. \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote. \*(C+ will
.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
.\" nothing in troff, for use with C<>.
.tr \(*W-
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\
. ds -- \(*W-
. ds PI pi
. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
. ds L" ""
. ds R" ""
. ds C` ""
. ds C' ""
'br\}
.el\{\
. ds -- \|\(em\|
. ds PI \(*p
. ds L" ``
. ds R" ''
. ds C`
. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
.ie \n(.g .ds Aq \(aq
.el .ds Aq '
.\"
.\" If the F register is >0, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
.\"
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
.nr rF 0
.if \n(.g .if rF .nr rF 1
.if (\n(rF:(\n(.g==0)) \{\
. if \nF \{\
. de IX
. tm Index:\\$1\t\\n%\t"\\$2"
..
. if !\nF==2 \{\
. nr % 0
. nr F 2
. \}
. \}
.\}
.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
. \" fudge factors for nroff and troff
.if n \{\
. ds #H 0
. ds #V .8m
. ds #F .3m
. ds #[ \f1
. ds #] \fP
.\}
.if t \{\
. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
. ds #V .6m
. ds #F 0
. ds #[ \&
. ds #] \&
.\}
. \" simple accents for nroff and troff
.if n \{\
. ds ' \&
. ds ` \&
. ds ^ \&
. ds , \&
. ds ~ ~
. ds /
.\}
.if t \{\
. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
.\}
. \" troff and (daisy-wheel) nroff accents
.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
.ds ae a\h'-(\w'a'u*4/10)'e
.ds Ae A\h'-(\w'A'u*4/10)'E
. \" corrections for vroff
.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
. \" for low resolution devices (crt and lpr)
.if \n(.H>23 .if \n(.V>19 \
\{\
. ds : e
. ds 8 ss
. ds o a
. ds d- d\h'-1'\(ga
. ds D- D\h'-1'\(hy
. ds th \o'bp'
. ds Th \o'LP'
. ds ae ae
. ds Ae AE
.\}
.rm #[ #] #H #V #F C
.\" ========================================================================
.\"
.IX Title "EVP_ASYM_CIPHER-SM2 7ossl"
.TH EVP_ASYM_CIPHER-SM2 7ossl "2025-07-01" "3.4.2" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
.nh
.SH "NAME"
EVP_ASYM_CIPHER\-SM2
\&\- SM2 Asymmetric Cipher algorithm support
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
Asymmetric Cipher support for the \fB\s-1SM2\s0\fR key type.
.SS "\s-1SM2\s0 Asymmetric Cipher parameters"
.IX Subsection "SM2 Asymmetric Cipher parameters"
.ie n .IP """digest"" (\fB\s-1OSSL_ASYM_CIPHER_PARAM_DIGEST\s0\fR) <\s-1UTF8\s0 string>" 4
.el .IP "``digest'' (\fB\s-1OSSL_ASYM_CIPHER_PARAM_DIGEST\s0\fR) <\s-1UTF8\s0 string>" 4
.IX Item "digest (OSSL_ASYM_CIPHER_PARAM_DIGEST) <UTF8 string>"
.PD 0
.ie n .IP """digest-props"" (\fB\s-1OSSL_ASYM_CIPHER_PARAM_DIGEST_PROPS\s0\fR) <\s-1UTF8\s0 string>" 4
.el .IP "``digest-props'' (\fB\s-1OSSL_ASYM_CIPHER_PARAM_DIGEST_PROPS\s0\fR) <\s-1UTF8\s0 string>" 4
.IX Item "digest-props (OSSL_ASYM_CIPHER_PARAM_DIGEST_PROPS) <UTF8 string>"
.PD
See \*(L"Asymmetric Cipher Parameters\*(R" in \fBprovider\-asym_cipher\fR\|(7).
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\s-1\fBEVP_PKEY\-SM2\s0\fR\|(7),
\&\s-1\fBEVP_PKEY\s0\fR\|(3),
\&\fBprovider\-asym_cipher\fR\|(7),
\&\fBprovider\-keymgmt\fR\|(7),
\&\fBOSSL_PROVIDER\-default\fR\|(7)
.SH "COPYRIGHT"
.IX Header "COPYRIGHT"
Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
.PP
Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use
this file except in compliance with the License. You can obtain a copy
in the file \s-1LICENSE\s0 in the source distribution or at
<https://www.openssl.org/source/license.html>.

228
openssl-install/share/man/man7/EVP_CIPHER-AES.7ossl
View File

@@ -1,228 +0,0 @@
.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42)
.\"
.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..
.de Vb \" Begin verbatim text
.ft CW
.nf
.ne \\$1
..
.de Ve \" End verbatim text
.ft R
.fi
..
.\" Set up some character translations and predefined strings. \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote. \*(C+ will
.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
.\" nothing in troff, for use with C<>.
.tr \(*W-
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\
. ds -- \(*W-
. ds PI pi
. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
. ds L" ""
. ds R" ""
. ds C` ""
. ds C' ""
'br\}
.el\{\
. ds -- \|\(em\|
. ds PI \(*p
. ds L" ``
. ds R" ''
. ds C`
. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
.ie \n(.g .ds Aq \(aq
.el .ds Aq '
.\"
.\" If the F register is >0, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
.\"
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
.nr rF 0
.if \n(.g .if rF .nr rF 1
.if (\n(rF:(\n(.g==0)) \{\
. if \nF \{\
. de IX
. tm Index:\\$1\t\\n%\t"\\$2"
..
. if !\nF==2 \{\
. nr % 0
. nr F 2
. \}
. \}
.\}
.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
. \" fudge factors for nroff and troff
.if n \{\
. ds #H 0
. ds #V .8m
. ds #F .3m
. ds #[ \f1
. ds #] \fP
.\}
.if t \{\
. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
. ds #V .6m
. ds #F 0
. ds #[ \&
. ds #] \&
.\}
. \" simple accents for nroff and troff
.if n \{\
. ds ' \&
. ds ` \&
. ds ^ \&
. ds , \&
. ds ~ ~
. ds /
.\}
.if t \{\
. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
.\}
. \" troff and (daisy-wheel) nroff accents
.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
.ds ae a\h'-(\w'a'u*4/10)'e
.ds Ae A\h'-(\w'A'u*4/10)'E
. \" corrections for vroff
.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
. \" for low resolution devices (crt and lpr)
.if \n(.H>23 .if \n(.V>19 \
\{\
. ds : e
. ds 8 ss
. ds o a
. ds d- d\h'-1'\(ga
. ds D- D\h'-1'\(hy
. ds th \o'bp'
. ds Th \o'LP'
. ds ae ae
. ds Ae AE
.\}
.rm #[ #] #H #V #F C
.\" ========================================================================
.\"
.IX Title "EVP_CIPHER-AES 7ossl"
.TH EVP_CIPHER-AES 7ossl "2025-07-01" "3.4.2" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
.nh
.SH "NAME"
EVP_CIPHER\-AES \- The AES EVP_CIPHER implementations
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
Support for \s-1AES\s0 symmetric encryption using the \fB\s-1EVP_CIPHER\s0\fR \s-1API.\s0
.SS "Algorithm Names"
.IX Subsection "Algorithm Names"
The following algorithms are available in the \s-1FIPS\s0 provider as well as the
default provider:
.ie n .IP """\s-1AES\-128\-CBC"", ""AES\-192\-CBC""\s0 and ""\s-1AES\-256\-CBC""\s0" 4
.el .IP "``\s-1AES\-128\-CBC'', ``AES\-192\-CBC''\s0 and ``\s-1AES\-256\-CBC''\s0" 4
.IX Item "AES-128-CBC, AES-192-CBC and AES-256-CBC"
.PD 0
.ie n .IP """\s-1AES\-128\-CBC\-CTS"", ""AES\-192\-CBC\-CTS""\s0 and ""\s-1AES\-256\-CBC\-CTS""\s0" 4
.el .IP "``\s-1AES\-128\-CBC\-CTS'', ``AES\-192\-CBC\-CTS''\s0 and ``\s-1AES\-256\-CBC\-CTS''\s0" 4
.IX Item "AES-128-CBC-CTS, AES-192-CBC-CTS and AES-256-CBC-CTS"
.ie n .IP """\s-1AES\-128\-CFB"", ""AES\-192\-CFB"", ""AES\-256\-CFB"", ""AES\-128\-CFB1"", ""AES\-192\-CFB1"", ""AES\-256\-CFB1"", ""AES\-128\-CFB8"", ""AES\-192\-CFB8""\s0 and ""\s-1AES\-256\-CFB8""\s0" 4
.el .IP "``\s-1AES\-128\-CFB'', ``AES\-192\-CFB'', ``AES\-256\-CFB'', ``AES\-128\-CFB1'', ``AES\-192\-CFB1'', ``AES\-256\-CFB1'', ``AES\-128\-CFB8'', ``AES\-192\-CFB8''\s0 and ``\s-1AES\-256\-CFB8''\s0" 4
.IX Item "AES-128-CFB, AES-192-CFB, AES-256-CFB, AES-128-CFB1, AES-192-CFB1, AES-256-CFB1, AES-128-CFB8, AES-192-CFB8 and AES-256-CFB8"
.ie n .IP """\s-1AES\-128\-CTR"", ""AES\-192\-CTR""\s0 and ""\s-1AES\-256\-CTR""\s0" 4
.el .IP "``\s-1AES\-128\-CTR'', ``AES\-192\-CTR''\s0 and ``\s-1AES\-256\-CTR''\s0" 4
.IX Item "AES-128-CTR, AES-192-CTR and AES-256-CTR"
.ie n .IP """\s-1AES\-128\-ECB"", ""AES\-192\-ECB""\s0 and ""\s-1AES\-256\-ECB""\s0" 4
.el .IP "``\s-1AES\-128\-ECB'', ``AES\-192\-ECB''\s0 and ``\s-1AES\-256\-ECB''\s0" 4
.IX Item "AES-128-ECB, AES-192-ECB and AES-256-ECB"
.ie n .IP """\s-1AES\-192\-OFB"", ""AES\-128\-OFB""\s0 and ""\s-1AES\-256\-OFB""\s0" 4
.el .IP "``\s-1AES\-192\-OFB'', ``AES\-128\-OFB''\s0 and ``\s-1AES\-256\-OFB''\s0" 4
.IX Item "AES-192-OFB, AES-128-OFB and AES-256-OFB"
.ie n .IP """\s-1AES\-128\-XTS""\s0 and ""\s-1AES\-256\-XTS""\s0" 4
.el .IP "``\s-1AES\-128\-XTS''\s0 and ``\s-1AES\-256\-XTS''\s0" 4
.IX Item "AES-128-XTS and AES-256-XTS"
.ie n .IP """\s-1AES\-128\-CCM"", ""AES\-192\-CCM""\s0 and ""\s-1AES\-256\-CCM""\s0" 4
.el .IP "``\s-1AES\-128\-CCM'', ``AES\-192\-CCM''\s0 and ``\s-1AES\-256\-CCM''\s0" 4
.IX Item "AES-128-CCM, AES-192-CCM and AES-256-CCM"
.ie n .IP """\s-1AES\-128\-GCM"", ""AES\-192\-GCM""\s0 and ""\s-1AES\-256\-GCM""\s0" 4
.el .IP "``\s-1AES\-128\-GCM'', ``AES\-192\-GCM''\s0 and ``\s-1AES\-256\-GCM''\s0" 4
.IX Item "AES-128-GCM, AES-192-GCM and AES-256-GCM"
.ie n .IP """\s-1AES\-128\-WRAP"", ""AES\-192\-WRAP"", ""AES\-256\-WRAP"", ""AES\-128\-WRAP\-PAD"", ""AES\-192\-WRAP\-PAD"", ""AES\-256\-WRAP\-PAD"", ""AES\-128\-WRAP\-INV"", ""AES\-192\-WRAP\-INV"", ""AES\-256\-WRAP\-INV"", ""AES\-128\-WRAP\-PAD\-INV"", ""AES\-192\-WRAP\-PAD\-INV""\s0 and ""\s-1AES\-256\-WRAP\-PAD\-INV""\s0" 4
.el .IP "``\s-1AES\-128\-WRAP'', ``AES\-192\-WRAP'', ``AES\-256\-WRAP'', ``AES\-128\-WRAP\-PAD'', ``AES\-192\-WRAP\-PAD'', ``AES\-256\-WRAP\-PAD'', ``AES\-128\-WRAP\-INV'', ``AES\-192\-WRAP\-INV'', ``AES\-256\-WRAP\-INV'', ``AES\-128\-WRAP\-PAD\-INV'', ``AES\-192\-WRAP\-PAD\-INV''\s0 and ``\s-1AES\-256\-WRAP\-PAD\-INV''\s0" 4
.IX Item "AES-128-WRAP, AES-192-WRAP, AES-256-WRAP, AES-128-WRAP-PAD, AES-192-WRAP-PAD, AES-256-WRAP-PAD, AES-128-WRAP-INV, AES-192-WRAP-INV, AES-256-WRAP-INV, AES-128-WRAP-PAD-INV, AES-192-WRAP-PAD-INV and AES-256-WRAP-PAD-INV"
.ie n .IP """\s-1AES\-128\-CBC\-HMAC\-SHA1"", ""AES\-256\-CBC\-HMAC\-SHA1"", ""AES\-128\-CBC\-HMAC\-SHA256""\s0 and ""\s-1AES\-256\-CBC\-HMAC\-SHA256""\s0" 4
.el .IP "``\s-1AES\-128\-CBC\-HMAC\-SHA1'', ``AES\-256\-CBC\-HMAC\-SHA1'', ``AES\-128\-CBC\-HMAC\-SHA256''\s0 and ``\s-1AES\-256\-CBC\-HMAC\-SHA256''\s0" 4
.IX Item "AES-128-CBC-HMAC-SHA1, AES-256-CBC-HMAC-SHA1, AES-128-CBC-HMAC-SHA256 and AES-256-CBC-HMAC-SHA256"
.PD
.PP
The following algorithms are available in the default provider, but not the
\&\s-1FIPS\s0 provider:
.ie n .IP """\s-1AES\-128\-OCB"", ""AES\-192\-OCB""\s0 and ""\s-1AES\-256\-OCB""\s0" 4
.el .IP "``\s-1AES\-128\-OCB'', ``AES\-192\-OCB''\s0 and ``\s-1AES\-256\-OCB''\s0" 4
.IX Item "AES-128-OCB, AES-192-OCB and AES-256-OCB"
.PD 0
.ie n .IP """\s-1AES\-128\-SIV"", ""AES\-192\-SIV""\s0 and ""\s-1AES\-256\-SIV""\s0" 4
.el .IP "``\s-1AES\-128\-SIV'', ``AES\-192\-SIV''\s0 and ``\s-1AES\-256\-SIV''\s0" 4
.IX Item "AES-128-SIV, AES-192-SIV and AES-256-SIV"
.ie n .IP """\s-1AES\-128\-GCM\-SIV"", ""AES\-192\-GCM\-SIV""\s0 and ""\s-1AES\-256\-GCM\-SIV""\s0" 4
.el .IP "``\s-1AES\-128\-GCM\-SIV'', ``AES\-192\-GCM\-SIV''\s0 and ``\s-1AES\-256\-GCM\-SIV''\s0" 4
.IX Item "AES-128-GCM-SIV, AES-192-GCM-SIV and AES-256-GCM-SIV"
.PD
.SS "Parameters"
.IX Subsection "Parameters"
This implementation supports the parameters described in
\&\*(L"\s-1PARAMETERS\*(R"\s0 in \fBEVP_EncryptInit\fR\|(3).
.SH "NOTES"
.IX Header "NOTES"
The AES-SIV and AES-WRAP mode implementations do not support streaming. That
means to obtain correct results there can be only one \fBEVP_EncryptUpdate\fR\|(3)
or \fBEVP_DecryptUpdate\fR\|(3) call after the initialization of the context.
.PP
The AES-XTS implementations allow streaming to be performed, but each
\&\fBEVP_EncryptUpdate\fR\|(3) or \fBEVP_DecryptUpdate\fR\|(3) call requires each input
to be a multiple of the blocksize. Only the final \fBEVP_EncryptUpdate()\fR or
\&\fBEVP_DecryptUpdate()\fR call can optionally have an input that is not a multiple
of the blocksize but is larger than one block. In that case ciphertext
stealing (\s-1CTS\s0) is used to fill the block.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\fBprovider\-cipher\fR\|(7), \s-1\fBOSSL_PROVIDER\-FIPS\s0\fR\|(7), \fBOSSL_PROVIDER\-default\fR\|(7)
.SH "HISTORY"
.IX Header "HISTORY"
The GCM-SIV mode ciphers were added in OpenSSL version 3.2.
.SH "COPYRIGHT"
.IX Header "COPYRIGHT"
Copyright 2021\-2023 The OpenSSL Project Authors. All Rights Reserved.
.PP
Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use
this file except in compliance with the License. You can obtain a copy
in the file \s-1LICENSE\s0 in the source distribution or at
<https://www.openssl.org/source/license.html>.

189
openssl-install/share/man/man7/EVP_CIPHER-ARIA.7ossl
View File

@@ -1,189 +0,0 @@
.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42)
.\"
.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..
.de Vb \" Begin verbatim text
.ft CW
.nf
.ne \\$1
..
.de Ve \" End verbatim text
.ft R
.fi
..
.\" Set up some character translations and predefined strings. \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote. \*(C+ will
.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
.\" nothing in troff, for use with C<>.
.tr \(*W-
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\
. ds -- \(*W-
. ds PI pi
. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
. ds L" ""
. ds R" ""
. ds C` ""
. ds C' ""
'br\}
.el\{\
. ds -- \|\(em\|
. ds PI \(*p
. ds L" ``
. ds R" ''
. ds C`
. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
.ie \n(.g .ds Aq \(aq
.el .ds Aq '
.\"
.\" If the F register is >0, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
.\"
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
.nr rF 0
.if \n(.g .if rF .nr rF 1
.if (\n(rF:(\n(.g==0)) \{\
. if \nF \{\
. de IX
. tm Index:\\$1\t\\n%\t"\\$2"
..
. if !\nF==2 \{\
. nr % 0
. nr F 2
. \}
. \}
.\}
.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
. \" fudge factors for nroff and troff
.if n \{\
. ds #H 0
. ds #V .8m
. ds #F .3m
. ds #[ \f1
. ds #] \fP
.\}
.if t \{\
. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
. ds #V .6m
. ds #F 0
. ds #[ \&
. ds #] \&
.\}
. \" simple accents for nroff and troff
.if n \{\
. ds ' \&
. ds ` \&
. ds ^ \&
. ds , \&
. ds ~ ~
. ds /
.\}
.if t \{\
. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
.\}
. \" troff and (daisy-wheel) nroff accents
.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
.ds ae a\h'-(\w'a'u*4/10)'e
.ds Ae A\h'-(\w'A'u*4/10)'E
. \" corrections for vroff
.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
. \" for low resolution devices (crt and lpr)
.if \n(.H>23 .if \n(.V>19 \
\{\
. ds : e
. ds 8 ss
. ds o a
. ds d- d\h'-1'\(ga
. ds D- D\h'-1'\(hy
. ds th \o'bp'
. ds Th \o'LP'
. ds ae ae
. ds Ae AE
.\}
.rm #[ #] #H #V #F C
.\" ========================================================================
.\"
.IX Title "EVP_CIPHER-ARIA 7ossl"
.TH EVP_CIPHER-ARIA 7ossl "2025-07-01" "3.4.2" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
.nh
.SH "NAME"
EVP_CIPHER\-ARIA \- The ARIA EVP_CIPHER implementations
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
Support for \s-1ARIA\s0 symmetric encryption using the \fB\s-1EVP_CIPHER\s0\fR \s-1API.\s0
.SS "Algorithm Names"
.IX Subsection "Algorithm Names"
The following algorithms are available in the default provider:
.ie n .IP """\s-1ARIA\-128\-CBC"", ""ARIA\-192\-CBC""\s0 and ""\s-1ARIA\-256\-CBC""\s0" 4
.el .IP "``\s-1ARIA\-128\-CBC'', ``ARIA\-192\-CBC''\s0 and ``\s-1ARIA\-256\-CBC''\s0" 4
.IX Item "ARIA-128-CBC, ARIA-192-CBC and ARIA-256-CBC"
.PD 0
.ie n .IP """\s-1ARIA\-128\-CFB"", ""ARIA\-192\-CFB"", ""ARIA\-256\-CFB"", ""ARIA\-128\-CFB1"", ""ARIA\-192\-CFB1"", ""ARIA\-256\-CFB1"", ""ARIA\-128\-CFB8"", ""ARIA\-192\-CFB8""\s0 and ""\s-1ARIA\-256\-CFB8""\s0" 4
.el .IP "``\s-1ARIA\-128\-CFB'', ``ARIA\-192\-CFB'', ``ARIA\-256\-CFB'', ``ARIA\-128\-CFB1'', ``ARIA\-192\-CFB1'', ``ARIA\-256\-CFB1'', ``ARIA\-128\-CFB8'', ``ARIA\-192\-CFB8''\s0 and ``\s-1ARIA\-256\-CFB8''\s0" 4
.IX Item "ARIA-128-CFB, ARIA-192-CFB, ARIA-256-CFB, ARIA-128-CFB1, ARIA-192-CFB1, ARIA-256-CFB1, ARIA-128-CFB8, ARIA-192-CFB8 and ARIA-256-CFB8"
.ie n .IP """\s-1ARIA\-128\-CTR"", ""ARIA\-192\-CTR""\s0 and ""\s-1ARIA\-256\-CTR""\s0" 4
.el .IP "``\s-1ARIA\-128\-CTR'', ``ARIA\-192\-CTR''\s0 and ``\s-1ARIA\-256\-CTR''\s0" 4
.IX Item "ARIA-128-CTR, ARIA-192-CTR and ARIA-256-CTR"
.ie n .IP """\s-1ARIA\-128\-ECB"", ""ARIA\-192\-ECB""\s0 and ""\s-1ARIA\-256\-ECB""\s0" 4
.el .IP "``\s-1ARIA\-128\-ECB'', ``ARIA\-192\-ECB''\s0 and ``\s-1ARIA\-256\-ECB''\s0" 4
.IX Item "ARIA-128-ECB, ARIA-192-ECB and ARIA-256-ECB"
.ie n .IP """\s-1AES\-192\-OCB"", ""AES\-128\-OCB""\s0 and ""\s-1AES\-256\-OCB""\s0" 4
.el .IP "``\s-1AES\-192\-OCB'', ``AES\-128\-OCB''\s0 and ``\s-1AES\-256\-OCB''\s0" 4
.IX Item "AES-192-OCB, AES-128-OCB and AES-256-OCB"
.ie n .IP """\s-1ARIA\-128\-OFB"", ""ARIA\-192\-OFB""\s0 and ""\s-1ARIA\-256\-OFB""\s0" 4
.el .IP "``\s-1ARIA\-128\-OFB'', ``ARIA\-192\-OFB''\s0 and ``\s-1ARIA\-256\-OFB''\s0" 4
.IX Item "ARIA-128-OFB, ARIA-192-OFB and ARIA-256-OFB"
.ie n .IP """\s-1ARIA\-128\-CCM"", ""ARIA\-192\-CCM""\s0 and ""\s-1ARIA\-256\-CCM""\s0" 4
.el .IP "``\s-1ARIA\-128\-CCM'', ``ARIA\-192\-CCM''\s0 and ``\s-1ARIA\-256\-CCM''\s0" 4
.IX Item "ARIA-128-CCM, ARIA-192-CCM and ARIA-256-CCM"
.ie n .IP """\s-1ARIA\-128\-GCM"", ""ARIA\-192\-GCM""\s0 and ""\s-1ARIA\-256\-GCM""\s0" 4
.el .IP "``\s-1ARIA\-128\-GCM'', ``ARIA\-192\-GCM''\s0 and ``\s-1ARIA\-256\-GCM''\s0" 4
.IX Item "ARIA-128-GCM, ARIA-192-GCM and ARIA-256-GCM"
.PD
.SS "Parameters"
.IX Subsection "Parameters"
This implementation supports the parameters described in
\&\*(L"\s-1PARAMETERS\*(R"\s0 in \fBEVP_EncryptInit\fR\|(3).
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\fBprovider\-cipher\fR\|(7), \fBOSSL_PROVIDER\-default\fR\|(7)
.SH "COPYRIGHT"
.IX Header "COPYRIGHT"
Copyright 2021 The OpenSSL Project Authors. All Rights Reserved.
.PP
Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use
this file except in compliance with the License. You can obtain a copy
in the file \s-1LICENSE\s0 in the source distribution or at
<https://www.openssl.org/source/license.html>.

177
openssl-install/share/man/man7/EVP_CIPHER-BLOWFISH.7ossl
View File

@@ -1,177 +0,0 @@
.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42)
.\"
.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..
.de Vb \" Begin verbatim text
.ft CW
.nf
.ne \\$1
..
.de Ve \" End verbatim text
.ft R
.fi
..
.\" Set up some character translations and predefined strings. \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote. \*(C+ will
.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
.\" nothing in troff, for use with C<>.
.tr \(*W-
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\
. ds -- \(*W-
. ds PI pi
. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
. ds L" ""
. ds R" ""
. ds C` ""
. ds C' ""
'br\}
.el\{\
. ds -- \|\(em\|
. ds PI \(*p
. ds L" ``
. ds R" ''
. ds C`
. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
.ie \n(.g .ds Aq \(aq
.el .ds Aq '
.\"
.\" If the F register is >0, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
.\"
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
.nr rF 0
.if \n(.g .if rF .nr rF 1
.if (\n(rF:(\n(.g==0)) \{\
. if \nF \{\
. de IX
. tm Index:\\$1\t\\n%\t"\\$2"
..
. if !\nF==2 \{\
. nr % 0
. nr F 2
. \}
. \}
.\}
.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
. \" fudge factors for nroff and troff
.if n \{\
. ds #H 0
. ds #V .8m
. ds #F .3m
. ds #[ \f1
. ds #] \fP
.\}
.if t \{\
. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
. ds #V .6m
. ds #F 0
. ds #[ \&
. ds #] \&
.\}
. \" simple accents for nroff and troff
.if n \{\
. ds ' \&
. ds ` \&
. ds ^ \&
. ds , \&
. ds ~ ~
. ds /
.\}
.if t \{\
. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
.\}
. \" troff and (daisy-wheel) nroff accents
.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
.ds ae a\h'-(\w'a'u*4/10)'e
.ds Ae A\h'-(\w'A'u*4/10)'E
. \" corrections for vroff
.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
. \" for low resolution devices (crt and lpr)
.if \n(.H>23 .if \n(.V>19 \
\{\
. ds : e
. ds 8 ss
. ds o a
. ds d- d\h'-1'\(ga
. ds D- D\h'-1'\(hy
. ds th \o'bp'
. ds Th \o'LP'
. ds ae ae
. ds Ae AE
.\}
.rm #[ #] #H #V #F C
.\" ========================================================================
.\"
.IX Title "EVP_CIPHER-BLOWFISH 7ossl"
.TH EVP_CIPHER-BLOWFISH 7ossl "2025-07-01" "3.4.2" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
.nh
.SH "NAME"
EVP_CIPHER\-BLOWFISH \- The BLOBFISH EVP_CIPHER implementations
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
Support for \s-1BLOWFISH\s0 symmetric encryption using the \fB\s-1EVP_CIPHER\s0\fR \s-1API.\s0
.SS "Algorithm Names"
.IX Subsection "Algorithm Names"
The following algorithms are available in the legacy provider:
.ie n .IP """BF-ECB""" 4
.el .IP "``BF-ECB''" 4
.IX Item "BF-ECB"
.PD 0
.ie n .IP """BF-CBC""" 4
.el .IP "``BF-CBC''" 4
.IX Item "BF-CBC"
.ie n .IP """BF-OFB""" 4
.el .IP "``BF-OFB''" 4
.IX Item "BF-OFB"
.ie n .IP """BF-CFB""" 4
.el .IP "``BF-CFB''" 4
.IX Item "BF-CFB"
.PD
.SS "Parameters"
.IX Subsection "Parameters"
This implementation supports the parameters described in
\&\*(L"\s-1PARAMETERS\*(R"\s0 in \fBEVP_EncryptInit\fR\|(3).
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\fBprovider\-cipher\fR\|(7), \fBOSSL_PROVIDER\-legacy\fR\|(7)
.SH "COPYRIGHT"
.IX Header "COPYRIGHT"
Copyright 2021 The OpenSSL Project Authors. All Rights Reserved.
.PP
Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use
this file except in compliance with the License. You can obtain a copy
in the file \s-1LICENSE\s0 in the source distribution or at
<https://www.openssl.org/source/license.html>.

183
openssl-install/share/man/man7/EVP_CIPHER-CAMELLIA.7ossl
View File

@@ -1,183 +0,0 @@
.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42)
.\"
.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..
.de Vb \" Begin verbatim text
.ft CW
.nf
.ne \\$1
..
.de Ve \" End verbatim text
.ft R
.fi
..
.\" Set up some character translations and predefined strings. \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote. \*(C+ will
.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
.\" nothing in troff, for use with C<>.
.tr \(*W-
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\
. ds -- \(*W-
. ds PI pi
. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
. ds L" ""
. ds R" ""
. ds C` ""
. ds C' ""
'br\}
.el\{\
. ds -- \|\(em\|
. ds PI \(*p
. ds L" ``
. ds R" ''
. ds C`
. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
.ie \n(.g .ds Aq \(aq
.el .ds Aq '
.\"
.\" If the F register is >0, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
.\"
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
.nr rF 0
.if \n(.g .if rF .nr rF 1
.if (\n(rF:(\n(.g==0)) \{\
. if \nF \{\
. de IX
. tm Index:\\$1\t\\n%\t"\\$2"
..
. if !\nF==2 \{\
. nr % 0
. nr F 2
. \}
. \}
.\}
.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
. \" fudge factors for nroff and troff
.if n \{\
. ds #H 0
. ds #V .8m
. ds #F .3m
. ds #[ \f1
. ds #] \fP
.\}
.if t \{\
. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
. ds #V .6m
. ds #F 0
. ds #[ \&
. ds #] \&
.\}
. \" simple accents for nroff and troff
.if n \{\
. ds ' \&
. ds ` \&
. ds ^ \&
. ds , \&
. ds ~ ~
. ds /
.\}
.if t \{\
. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
.\}
. \" troff and (daisy-wheel) nroff accents
.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
.ds ae a\h'-(\w'a'u*4/10)'e
.ds Ae A\h'-(\w'A'u*4/10)'E
. \" corrections for vroff
.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
. \" for low resolution devices (crt and lpr)
.if \n(.H>23 .if \n(.V>19 \
\{\
. ds : e
. ds 8 ss
. ds o a
. ds d- d\h'-1'\(ga
. ds D- D\h'-1'\(hy
. ds th \o'bp'
. ds Th \o'LP'
. ds ae ae
. ds Ae AE
.\}
.rm #[ #] #H #V #F C
.\" ========================================================================
.\"
.IX Title "EVP_CIPHER-CAMELLIA 7ossl"
.TH EVP_CIPHER-CAMELLIA 7ossl "2025-07-01" "3.4.2" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
.nh
.SH "NAME"
EVP_CIPHER\-CAMELLIA \- The CAMELLIA EVP_CIPHER implementations
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
Support for \s-1CAMELLIA\s0 symmetric encryption using the \fB\s-1EVP_CIPHER\s0\fR \s-1API.\s0
.SS "Algorithm Names"
.IX Subsection "Algorithm Names"
The following algorithms are available in the default provider:
.ie n .IP """\s-1CAMELLIA\-128\-CBC"", ""CAMELLIA\-192\-CBC""\s0 and ""\s-1CAMELLIA\-256\-CBC""\s0" 4
.el .IP "``\s-1CAMELLIA\-128\-CBC'', ``CAMELLIA\-192\-CBC''\s0 and ``\s-1CAMELLIA\-256\-CBC''\s0" 4
.IX Item "CAMELLIA-128-CBC, CAMELLIA-192-CBC and CAMELLIA-256-CBC"
.PD 0
.ie n .IP """\s-1CAMELLIA\-128\-CBC\-CTS"", ""CAMELLIA\-192\-CBC\-CTS""\s0 and ""\s-1CAMELLIA\-256\-CBC\-CTS""\s0" 4
.el .IP "``\s-1CAMELLIA\-128\-CBC\-CTS'', ``CAMELLIA\-192\-CBC\-CTS''\s0 and ``\s-1CAMELLIA\-256\-CBC\-CTS''\s0" 4
.IX Item "CAMELLIA-128-CBC-CTS, CAMELLIA-192-CBC-CTS and CAMELLIA-256-CBC-CTS"
.ie n .IP """\s-1CAMELLIA\-128\-CFB"", ""CAMELLIA\-192\-CFB"", ""CAMELLIA\-256\-CFB"", ""CAMELLIA\-128\-CFB1"", ""CAMELLIA\-192\-CFB1"", ""CAMELLIA\-256\-CFB1"", ""CAMELLIA\-128\-CFB8"", ""CAMELLIA\-192\-CFB8""\s0 and ""\s-1CAMELLIA\-256\-CFB8""\s0" 4
.el .IP "``\s-1CAMELLIA\-128\-CFB'', ``CAMELLIA\-192\-CFB'', ``CAMELLIA\-256\-CFB'', ``CAMELLIA\-128\-CFB1'', ``CAMELLIA\-192\-CFB1'', ``CAMELLIA\-256\-CFB1'', ``CAMELLIA\-128\-CFB8'', ``CAMELLIA\-192\-CFB8''\s0 and ``\s-1CAMELLIA\-256\-CFB8''\s0" 4
.IX Item "CAMELLIA-128-CFB, CAMELLIA-192-CFB, CAMELLIA-256-CFB, CAMELLIA-128-CFB1, CAMELLIA-192-CFB1, CAMELLIA-256-CFB1, CAMELLIA-128-CFB8, CAMELLIA-192-CFB8 and CAMELLIA-256-CFB8"
.ie n .IP """\s-1CAMELLIA\-128\-CTR"", ""CAMELLIA\-192\-CTR""\s0 and ""\s-1CAMELLIA\-256\-CTR""\s0" 4
.el .IP "``\s-1CAMELLIA\-128\-CTR'', ``CAMELLIA\-192\-CTR''\s0 and ``\s-1CAMELLIA\-256\-CTR''\s0" 4
.IX Item "CAMELLIA-128-CTR, CAMELLIA-192-CTR and CAMELLIA-256-CTR"
.ie n .IP """\s-1CAMELLIA\-128\-ECB"", ""CAMELLIA\-192\-ECB""\s0 and ""\s-1CAMELLIA\-256\-ECB""\s0" 4
.el .IP "``\s-1CAMELLIA\-128\-ECB'', ``CAMELLIA\-192\-ECB''\s0 and ``\s-1CAMELLIA\-256\-ECB''\s0" 4
.IX Item "CAMELLIA-128-ECB, CAMELLIA-192-ECB and CAMELLIA-256-ECB"
.ie n .IP """\s-1CAMELLIA\-192\-OFB"", ""CAMELLIA\-128\-OFB""\s0 and ""\s-1CAMELLIA\-256\-OFB""\s0" 4
.el .IP "``\s-1CAMELLIA\-192\-OFB'', ``CAMELLIA\-128\-OFB''\s0 and ``\s-1CAMELLIA\-256\-OFB''\s0" 4
.IX Item "CAMELLIA-192-OFB, CAMELLIA-128-OFB and CAMELLIA-256-OFB"
.PD
.SS "Parameters"
.IX Subsection "Parameters"
This implementation supports the parameters described in
\&\*(L"\s-1PARAMETERS\*(R"\s0 in \fBEVP_EncryptInit\fR\|(3).
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\fBprovider\-cipher\fR\|(7), \fBOSSL_PROVIDER\-default\fR\|(7)
.SH "COPYRIGHT"
.IX Header "COPYRIGHT"
Copyright 2021 The OpenSSL Project Authors. All Rights Reserved.
.PP
Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use
this file except in compliance with the License. You can obtain a copy
in the file \s-1LICENSE\s0 in the source distribution or at
<https://www.openssl.org/source/license.html>.

177
openssl-install/share/man/man7/EVP_CIPHER-CAST.7ossl
View File

@@ -1,177 +0,0 @@
.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42)
.\"
.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..
.de Vb \" Begin verbatim text
.ft CW
.nf
.ne \\$1
..
.de Ve \" End verbatim text
.ft R
.fi
..
.\" Set up some character translations and predefined strings. \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote. \*(C+ will
.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
.\" nothing in troff, for use with C<>.
.tr \(*W-
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\
. ds -- \(*W-
. ds PI pi
. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
. ds L" ""
. ds R" ""
. ds C` ""
. ds C' ""
'br\}
.el\{\
. ds -- \|\(em\|
. ds PI \(*p
. ds L" ``
. ds R" ''
. ds C`
. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
.ie \n(.g .ds Aq \(aq
.el .ds Aq '
.\"
.\" If the F register is >0, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
.\"
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
.nr rF 0
.if \n(.g .if rF .nr rF 1
.if (\n(rF:(\n(.g==0)) \{\
. if \nF \{\
. de IX
. tm Index:\\$1\t\\n%\t"\\$2"
..
. if !\nF==2 \{\
. nr % 0
. nr F 2
. \}
. \}
.\}
.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
. \" fudge factors for nroff and troff
.if n \{\
. ds #H 0
. ds #V .8m
. ds #F .3m
. ds #[ \f1
. ds #] \fP
.\}
.if t \{\
. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
. ds #V .6m
. ds #F 0
. ds #[ \&
. ds #] \&
.\}
. \" simple accents for nroff and troff
.if n \{\
. ds ' \&
. ds ` \&
. ds ^ \&
. ds , \&
. ds ~ ~
. ds /
.\}
.if t \{\
. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
.\}
. \" troff and (daisy-wheel) nroff accents
.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
.ds ae a\h'-(\w'a'u*4/10)'e
.ds Ae A\h'-(\w'A'u*4/10)'E
. \" corrections for vroff
.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
. \" for low resolution devices (crt and lpr)
.if \n(.H>23 .if \n(.V>19 \
\{\
. ds : e
. ds 8 ss
. ds o a
. ds d- d\h'-1'\(ga
. ds D- D\h'-1'\(hy
. ds th \o'bp'
. ds Th \o'LP'
. ds ae ae
. ds Ae AE
.\}
.rm #[ #] #H #V #F C
.\" ========================================================================
.\"
.IX Title "EVP_CIPHER-CAST 7ossl"
.TH EVP_CIPHER-CAST 7ossl "2025-07-01" "3.4.2" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
.nh
.SH "NAME"
EVP_CIPHER\-CAST \- The CAST EVP_CIPHER implementations
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
Support for \s-1CAST\s0 symmetric encryption using the \fB\s-1EVP_CIPHER\s0\fR \s-1API.\s0
.SS "Algorithm Names"
.IX Subsection "Algorithm Names"
The following algorithms are available in the legacy provider:
.ie n .IP """\s-1CAST\-128\-CBC"", ""CAST\-192\-CBC""\s0 and ""\s-1CAST\-256\-CBC""\s0" 4
.el .IP "``\s-1CAST\-128\-CBC'', ``CAST\-192\-CBC''\s0 and ``\s-1CAST\-256\-CBC''\s0" 4
.IX Item "CAST-128-CBC, CAST-192-CBC and CAST-256-CBC"
.PD 0
.ie n .IP """\s-1CAST\-128\-CFB"", ""CAST\-192\-CFB"", ""CAST\-256\-CFB""\s0" 4
.el .IP "``\s-1CAST\-128\-CFB'', ``CAST\-192\-CFB'', ``CAST\-256\-CFB''\s0" 4
.IX Item "CAST-128-CFB, CAST-192-CFB, CAST-256-CFB"
.ie n .IP """\s-1CAST\-128\-ECB"", ""CAST\-192\-ECB""\s0 and ""\s-1CAST\-256\-ECB""\s0" 4
.el .IP "``\s-1CAST\-128\-ECB'', ``CAST\-192\-ECB''\s0 and ``\s-1CAST\-256\-ECB''\s0" 4
.IX Item "CAST-128-ECB, CAST-192-ECB and CAST-256-ECB"
.ie n .IP """\s-1CAST\-192\-OFB"", ""CAST\-128\-OFB""\s0 and ""\s-1CAST\-256\-OFB""\s0" 4
.el .IP "``\s-1CAST\-192\-OFB'', ``CAST\-128\-OFB''\s0 and ``\s-1CAST\-256\-OFB''\s0" 4
.IX Item "CAST-192-OFB, CAST-128-OFB and CAST-256-OFB"
.PD
.SS "Parameters"
.IX Subsection "Parameters"
This implementation supports the parameters described in
\&\*(L"\s-1PARAMETERS\*(R"\s0 in \fBEVP_EncryptInit\fR\|(3).
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\fBprovider\-cipher\fR\|(7), \fBOSSL_PROVIDER\-legacy\fR\|(7)
.SH "COPYRIGHT"
.IX Header "COPYRIGHT"
Copyright 2021 The OpenSSL Project Authors. All Rights Reserved.
.PP
Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use
this file except in compliance with the License. You can obtain a copy
in the file \s-1LICENSE\s0 in the source distribution or at
<https://www.openssl.org/source/license.html>.

171
openssl-install/share/man/man7/EVP_CIPHER-CHACHA.7ossl
View File

@@ -1,171 +0,0 @@
.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42)
.\"
.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..
.de Vb \" Begin verbatim text
.ft CW
.nf
.ne \\$1
..
.de Ve \" End verbatim text
.ft R
.fi
..
.\" Set up some character translations and predefined strings. \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote. \*(C+ will
.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
.\" nothing in troff, for use with C<>.
.tr \(*W-
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\
. ds -- \(*W-
. ds PI pi
. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
. ds L" ""
. ds R" ""
. ds C` ""
. ds C' ""
'br\}
.el\{\
. ds -- \|\(em\|
. ds PI \(*p
. ds L" ``
. ds R" ''
. ds C`
. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
.ie \n(.g .ds Aq \(aq
.el .ds Aq '
.\"
.\" If the F register is >0, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
.\"
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
.nr rF 0
.if \n(.g .if rF .nr rF 1
.if (\n(rF:(\n(.g==0)) \{\
. if \nF \{\
. de IX
. tm Index:\\$1\t\\n%\t"\\$2"
..
. if !\nF==2 \{\
. nr % 0
. nr F 2
. \}
. \}
.\}
.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
. \" fudge factors for nroff and troff
.if n \{\
. ds #H 0
. ds #V .8m
. ds #F .3m
. ds #[ \f1
. ds #] \fP
.\}
.if t \{\
. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
. ds #V .6m
. ds #F 0
. ds #[ \&
. ds #] \&
.\}
. \" simple accents for nroff and troff
.if n \{\
. ds ' \&
. ds ` \&
. ds ^ \&
. ds , \&
. ds ~ ~
. ds /
.\}
.if t \{\
. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
.\}
. \" troff and (daisy-wheel) nroff accents
.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
.ds ae a\h'-(\w'a'u*4/10)'e
.ds Ae A\h'-(\w'A'u*4/10)'E
. \" corrections for vroff
.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
. \" for low resolution devices (crt and lpr)
.if \n(.H>23 .if \n(.V>19 \
\{\
. ds : e
. ds 8 ss
. ds o a
. ds d- d\h'-1'\(ga
. ds D- D\h'-1'\(hy
. ds th \o'bp'
. ds Th \o'LP'
. ds ae ae
. ds Ae AE
.\}
.rm #[ #] #H #V #F C
.\" ========================================================================
.\"
.IX Title "EVP_CIPHER-CHACHA 7ossl"
.TH EVP_CIPHER-CHACHA 7ossl "2025-07-01" "3.4.2" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
.nh
.SH "NAME"
EVP_CIPHER\-CHACHA \- The CHACHA EVP_CIPHER implementations
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
Support for \s-1CHACHA\s0 symmetric encryption using the \fB\s-1EVP_CIPHER\s0\fR \s-1API.\s0
.SS "Algorithm Names"
.IX Subsection "Algorithm Names"
The following algorithms are available in the default provider:
.ie n .IP """ChaCha20""" 4
.el .IP "``ChaCha20''" 4
.IX Item "ChaCha20"
.PD 0
.ie n .IP """ChaCha20\-Poly1305""" 4
.el .IP "``ChaCha20\-Poly1305''" 4
.IX Item "ChaCha20-Poly1305"
.PD
.SS "Parameters"
.IX Subsection "Parameters"
This implementation supports the parameters described in
\&\*(L"\s-1PARAMETERS\*(R"\s0 in \fBEVP_EncryptInit\fR\|(3).
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\fBprovider\-cipher\fR\|(7), \fBOSSL_PROVIDER\-default\fR\|(7)
.SH "COPYRIGHT"
.IX Header "COPYRIGHT"
Copyright 2021 The OpenSSL Project Authors. All Rights Reserved.
.PP
Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use
this file except in compliance with the License. You can obtain a copy
in the file \s-1LICENSE\s0 in the source distribution or at
<https://www.openssl.org/source/license.html>.

215
openssl-install/share/man/man7/EVP_CIPHER-DES.7ossl
View File

@@ -1,215 +0,0 @@
.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42)
.\"
.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..
.de Vb \" Begin verbatim text
.ft CW
.nf
.ne \\$1
..
.de Ve \" End verbatim text
.ft R
.fi
..
.\" Set up some character translations and predefined strings. \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote. \*(C+ will
.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
.\" nothing in troff, for use with C<>.
.tr \(*W-
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\
. ds -- \(*W-
. ds PI pi
. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
. ds L" ""
. ds R" ""
. ds C` ""
. ds C' ""
'br\}
.el\{\
. ds -- \|\(em\|
. ds PI \(*p
. ds L" ``
. ds R" ''
. ds C`
. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
.ie \n(.g .ds Aq \(aq
.el .ds Aq '
.\"
.\" If the F register is >0, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
.\"
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
.nr rF 0
.if \n(.g .if rF .nr rF 1
.if (\n(rF:(\n(.g==0)) \{\
. if \nF \{\
. de IX
. tm Index:\\$1\t\\n%\t"\\$2"
..
. if !\nF==2 \{\
. nr % 0
. nr F 2
. \}
. \}
.\}
.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
. \" fudge factors for nroff and troff
.if n \{\
. ds #H 0
. ds #V .8m
. ds #F .3m
. ds #[ \f1
. ds #] \fP
.\}
.if t \{\
. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
. ds #V .6m
. ds #F 0
. ds #[ \&
. ds #] \&
.\}
. \" simple accents for nroff and troff
.if n \{\
. ds ' \&
. ds ` \&
. ds ^ \&
. ds , \&
. ds ~ ~
. ds /
.\}
.if t \{\
. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
.\}
. \" troff and (daisy-wheel) nroff accents
.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
.ds ae a\h'-(\w'a'u*4/10)'e
.ds Ae A\h'-(\w'A'u*4/10)'E
. \" corrections for vroff
.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
. \" for low resolution devices (crt and lpr)
.if \n(.H>23 .if \n(.V>19 \
\{\
. ds : e
. ds 8 ss
. ds o a
. ds d- d\h'-1'\(ga
. ds D- D\h'-1'\(hy
. ds th \o'bp'
. ds Th \o'LP'
. ds ae ae
. ds Ae AE
.\}
.rm #[ #] #H #V #F C
.\" ========================================================================
.\"
.IX Title "EVP_CIPHER-DES 7ossl"
.TH EVP_CIPHER-DES 7ossl "2025-07-01" "3.4.2" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
.nh
.SH "NAME"
EVP_CIPHER\-DES \- The DES EVP_CIPHER implementations
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
Support for \s-1DES\s0 symmetric encryption using the \fB\s-1EVP_CIPHER\s0\fR \s-1API.\s0
.SS "Algorithm Names"
.IX Subsection "Algorithm Names"
The following algorithms are available in the \s-1FIPS\s0 provider as well as the
default provider:
.ie n .IP """\s-1DES\-EDE3\-ECB""\s0 or ""\s-1DES\-EDE3""\s0" 4
.el .IP "``\s-1DES\-EDE3\-ECB''\s0 or ``\s-1DES\-EDE3''\s0" 4
.IX Item "DES-EDE3-ECB or DES-EDE3"
.PD 0
.ie n .IP """\s-1DES\-EDE3\-CBC""\s0 or ""\s-1DES3""\s0" 4
.el .IP "``\s-1DES\-EDE3\-CBC''\s0 or ``\s-1DES3''\s0" 4
.IX Item "DES-EDE3-CBC or DES3"
.PD
.PP
The following algorithms are available in the default provider, but not the
\&\s-1FIPS\s0 provider:
.ie n .IP """\s-1DES\-EDE3\-CFB8""\s0 and ""\s-1DES\-EDE3\-CFB1""\s0" 4
.el .IP "``\s-1DES\-EDE3\-CFB8''\s0 and ``\s-1DES\-EDE3\-CFB1''\s0" 4
.IX Item "DES-EDE3-CFB8 and DES-EDE3-CFB1"
.PD 0
.ie n .IP """DES-EDE-ECB"" or ""DES-EDE""" 4
.el .IP "``DES-EDE-ECB'' or ``DES-EDE''" 4
.IX Item "DES-EDE-ECB or DES-EDE"
.ie n .IP """DES-EDE-CBC""" 4
.el .IP "``DES-EDE-CBC''" 4
.IX Item "DES-EDE-CBC"
.ie n .IP """DES-EDE-OFB""" 4
.el .IP "``DES-EDE-OFB''" 4
.IX Item "DES-EDE-OFB"
.ie n .IP """DES-EDE-CFB""" 4
.el .IP "``DES-EDE-CFB''" 4
.IX Item "DES-EDE-CFB"
.ie n .IP """\s-1DES3\-WRAP""\s0" 4
.el .IP "``\s-1DES3\-WRAP''\s0" 4
.IX Item "DES3-WRAP"
.PD
.PP
The following algorithms are available in the legacy provider:
.ie n .IP """DES-ECB""" 4
.el .IP "``DES-ECB''" 4
.IX Item "DES-ECB"
.PD 0
.ie n .IP """DES-CBC""" 4
.el .IP "``DES-CBC''" 4
.IX Item "DES-CBC"
.ie n .IP """DES-OFB""" 4
.el .IP "``DES-OFB''" 4
.IX Item "DES-OFB"
.ie n .IP """DES-CFB"", ""\s-1DES\-CFB1""\s0 and ""\s-1DES\-CFB8""\s0" 4
.el .IP "``DES-CFB'', ``\s-1DES\-CFB1''\s0 and ``\s-1DES\-CFB8''\s0" 4
.IX Item "DES-CFB, DES-CFB1 and DES-CFB8"
.ie n .IP """DESX-CBC""" 4
.el .IP "``DESX-CBC''" 4
.IX Item "DESX-CBC"
.PD
.SS "Parameters"
.IX Subsection "Parameters"
This implementation supports the parameters described in
\&\*(L"\s-1PARAMETERS\*(R"\s0 in \fBEVP_EncryptInit\fR\|(3) including \*(L"encrypt-check\*(R" and \*(L"fips-indicator\*(R".
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\fBprovider\-cipher\fR\|(7), \s-1\fBOSSL_PROVIDER\-FIPS\s0\fR\|(7), \fBOSSL_PROVIDER\-default\fR\|(7),
\&\fBOSSL_PROVIDER\-legacy\fR\|(7),
.SH "COPYRIGHT"
.IX Header "COPYRIGHT"
Copyright 2021\-2024 The OpenSSL Project Authors. All Rights Reserved.
.PP
Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use
this file except in compliance with the License. You can obtain a copy
in the file \s-1LICENSE\s0 in the source distribution or at
<https://www.openssl.org/source/license.html>.

177
openssl-install/share/man/man7/EVP_CIPHER-IDEA.7ossl
View File

@@ -1,177 +0,0 @@
.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42)
.\"
.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..
.de Vb \" Begin verbatim text
.ft CW
.nf
.ne \\$1
..
.de Ve \" End verbatim text
.ft R
.fi
..
.\" Set up some character translations and predefined strings. \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote. \*(C+ will
.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
.\" nothing in troff, for use with C<>.
.tr \(*W-
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\
. ds -- \(*W-
. ds PI pi
. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
. ds L" ""
. ds R" ""
. ds C` ""
. ds C' ""
'br\}
.el\{\
. ds -- \|\(em\|
. ds PI \(*p
. ds L" ``
. ds R" ''
. ds C`
. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
.ie \n(.g .ds Aq \(aq
.el .ds Aq '
.\"
.\" If the F register is >0, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
.\"
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
.nr rF 0
.if \n(.g .if rF .nr rF 1
.if (\n(rF:(\n(.g==0)) \{\
. if \nF \{\
. de IX
. tm Index:\\$1\t\\n%\t"\\$2"
..
. if !\nF==2 \{\
. nr % 0
. nr F 2
. \}
. \}
.\}
.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
. \" fudge factors for nroff and troff
.if n \{\
. ds #H 0
. ds #V .8m
. ds #F .3m
. ds #[ \f1
. ds #] \fP
.\}
.if t \{\
. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
. ds #V .6m
. ds #F 0
. ds #[ \&
. ds #] \&
.\}
. \" simple accents for nroff and troff
.if n \{\
. ds ' \&
. ds ` \&
. ds ^ \&
. ds , \&
. ds ~ ~
. ds /
.\}
.if t \{\
. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
.\}
. \" troff and (daisy-wheel) nroff accents
.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
.ds ae a\h'-(\w'a'u*4/10)'e
.ds Ae A\h'-(\w'A'u*4/10)'E
. \" corrections for vroff
.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
. \" for low resolution devices (crt and lpr)
.if \n(.H>23 .if \n(.V>19 \
\{\
. ds : e
. ds 8 ss
. ds o a
. ds d- d\h'-1'\(ga
. ds D- D\h'-1'\(hy
. ds th \o'bp'
. ds Th \o'LP'
. ds ae ae
. ds Ae AE
.\}
.rm #[ #] #H #V #F C
.\" ========================================================================
.\"
.IX Title "EVP_CIPHER-IDEA 7ossl"
.TH EVP_CIPHER-IDEA 7ossl "2025-07-01" "3.4.2" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
.nh
.SH "NAME"
EVP_CIPHER\-IDEA \- The IDEA EVP_CIPHER implementations
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
Support for \s-1IDEA\s0 symmetric encryption using the \fB\s-1EVP_CIPHER\s0\fR \s-1API.\s0
.SS "Algorithm Names"
.IX Subsection "Algorithm Names"
The following algorithms are available in the legacy provider:
.ie n .IP """IDEA-ECB""" 4
.el .IP "``IDEA-ECB''" 4
.IX Item "IDEA-ECB"
.PD 0
.ie n .IP """IDEA-CBC""" 4
.el .IP "``IDEA-CBC''" 4
.IX Item "IDEA-CBC"
.ie n .IP """IDEA-OFB"" or ""\s-1IDEA\-OFB64""\s0" 4
.el .IP "``IDEA-OFB'' or ``\s-1IDEA\-OFB64''\s0" 4
.IX Item "IDEA-OFB or IDEA-OFB64"
.ie n .IP """IDEA-CFB"" or ""\s-1IDEA\-CFB64""\s0" 4
.el .IP "``IDEA-CFB'' or ``\s-1IDEA\-CFB64''\s0" 4
.IX Item "IDEA-CFB or IDEA-CFB64"
.PD
.SS "Parameters"
.IX Subsection "Parameters"
This implementation supports the parameters described in
\&\*(L"\s-1PARAMETERS\*(R"\s0 in \fBEVP_EncryptInit\fR\|(3).
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\fBprovider\-cipher\fR\|(7), \fBOSSL_PROVIDER\-legacy\fR\|(7)
.SH "COPYRIGHT"
.IX Header "COPYRIGHT"
Copyright 2021 The OpenSSL Project Authors. All Rights Reserved.
.PP
Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use
this file except in compliance with the License. You can obtain a copy
in the file \s-1LICENSE\s0 in the source distribution or at
<https://www.openssl.org/source/license.html>.

199
openssl-install/share/man/man7/EVP_CIPHER-NULL.7ossl
View File

@@ -1,199 +0,0 @@
.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42)
.\"
.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..
.de Vb \" Begin verbatim text
.ft CW
.nf
.ne \\$1
..
.de Ve \" End verbatim text
.ft R
.fi
..
.\" Set up some character translations and predefined strings. \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote. \*(C+ will
.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
.\" nothing in troff, for use with C<>.
.tr \(*W-
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\
. ds -- \(*W-
. ds PI pi
. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
. ds L" ""
. ds R" ""
. ds C` ""
. ds C' ""
'br\}
.el\{\
. ds -- \|\(em\|
. ds PI \(*p
. ds L" ``
. ds R" ''
. ds C`
. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
.ie \n(.g .ds Aq \(aq
.el .ds Aq '
.\"
.\" If the F register is >0, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
.\"
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
.nr rF 0
.if \n(.g .if rF .nr rF 1
.if (\n(rF:(\n(.g==0)) \{\
. if \nF \{\
. de IX
. tm Index:\\$1\t\\n%\t"\\$2"
..
. if !\nF==2 \{\
. nr % 0
. nr F 2
. \}
. \}
.\}
.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
. \" fudge factors for nroff and troff
.if n \{\
. ds #H 0
. ds #V .8m
. ds #F .3m
. ds #[ \f1
. ds #] \fP
.\}
.if t \{\
. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
. ds #V .6m
. ds #F 0
. ds #[ \&
. ds #] \&
.\}
. \" simple accents for nroff and troff
.if n \{\
. ds ' \&
. ds ` \&
. ds ^ \&
. ds , \&
. ds ~ ~
. ds /
.\}
.if t \{\
. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
.\}
. \" troff and (daisy-wheel) nroff accents
.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
.ds ae a\h'-(\w'a'u*4/10)'e
.ds Ae A\h'-(\w'A'u*4/10)'E
. \" corrections for vroff
.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
. \" for low resolution devices (crt and lpr)
.if \n(.H>23 .if \n(.V>19 \
\{\
. ds : e
. ds 8 ss
. ds o a
. ds d- d\h'-1'\(ga
. ds D- D\h'-1'\(hy
. ds th \o'bp'
. ds Th \o'LP'
. ds ae ae
. ds Ae AE
.\}
.rm #[ #] #H #V #F C
.\" ========================================================================
.\"
.IX Title "EVP_CIPHER-NULL 7ossl"
.TH EVP_CIPHER-NULL 7ossl "2025-07-01" "3.4.2" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
.nh
.SH "NAME"
EVP_CIPHER\-NULL \- The NULL EVP_CIPHER implementation
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
Support for a \s-1NULL\s0 symmetric encryption using the \fB\s-1EVP_CIPHER\s0\fR \s-1API.\s0
This is used when the \s-1TLS\s0 cipher suite is \s-1TLS_NULL_WITH_NULL_NULL.\s0
This does no encryption (just copies the data) and has a mac size of zero.
.SS "Algorithm Name"
.IX Subsection "Algorithm Name"
The following algorithm is available in the default provider:
.ie n .IP """\s-1NULL""\s0" 4
.el .IP "``\s-1NULL''\s0" 4
.IX Item "NULL"
.SS "Parameters"
.IX Subsection "Parameters"
This implementation supports the following parameters:
.PP
\fIGettable \s-1EVP_CIPHER\s0 parameters\fR
.IX Subsection "Gettable EVP_CIPHER parameters"
.PP
See \*(L"Gettable \s-1EVP_CIPHER\s0 parameters\*(R" in \fBEVP_EncryptInit\fR\|(3)
.PP
\fIGettable \s-1EVP_CIPHER_CTX\s0 parameters\fR
.IX Subsection "Gettable EVP_CIPHER_CTX parameters"
.ie n .IP """keylen"" (\fB\s-1OSSL_CIPHER_PARAM_KEYLEN\s0\fR) <unsigned integer>" 4
.el .IP "``keylen'' (\fB\s-1OSSL_CIPHER_PARAM_KEYLEN\s0\fR) <unsigned integer>" 4
.IX Item "keylen (OSSL_CIPHER_PARAM_KEYLEN) <unsigned integer>"
.PD 0
.ie n .IP """ivlen"" (\fB\s-1OSSL_CIPHER_PARAM_IVLEN\s0\fR and <\fB\s-1OSSL_CIPHER_PARAM_AEAD_IVLEN\s0\fR) <unsigned integer>" 4
.el .IP "``ivlen'' (\fB\s-1OSSL_CIPHER_PARAM_IVLEN\s0\fR and <\fB\s-1OSSL_CIPHER_PARAM_AEAD_IVLEN\s0\fR) <unsigned integer>" 4
.IX Item "ivlen (OSSL_CIPHER_PARAM_IVLEN and <OSSL_CIPHER_PARAM_AEAD_IVLEN) <unsigned integer>"
.ie n .IP """tls-mac"" (\fB\s-1OSSL_CIPHER_PARAM_TLS_MAC\s0\fR) <octet ptr>" 4
.el .IP "``tls-mac'' (\fB\s-1OSSL_CIPHER_PARAM_TLS_MAC\s0\fR) <octet ptr>" 4
.IX Item "tls-mac (OSSL_CIPHER_PARAM_TLS_MAC) <octet ptr>"
.PD
.PP
See \*(L"\s-1PARAMETERS\*(R"\s0 in \fBEVP_EncryptInit\fR\|(3) for further information.
.PP
\fISettable \s-1EVP_CIPHER_CTX\s0 parameters\fR
.IX Subsection "Settable EVP_CIPHER_CTX parameters"
.ie n .IP """tls-mac-size"" (\fB\s-1OSSL_CIPHER_PARAM_TLS_MAC_SIZE\s0\fR) <unsigned integer>" 4
.el .IP "``tls-mac-size'' (\fB\s-1OSSL_CIPHER_PARAM_TLS_MAC_SIZE\s0\fR) <unsigned integer>" 4
.IX Item "tls-mac-size (OSSL_CIPHER_PARAM_TLS_MAC_SIZE) <unsigned integer>"
.PP
See \*(L"\s-1PARAMETERS\*(R"\s0 in \fBEVP_EncryptInit\fR\|(3) for further information.
.SH "CONFORMING TO"
.IX Header "CONFORMING TO"
\&\s-1RFC 5246\s0 section\-6.2.3.1
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\fBprovider\-cipher\fR\|(7), \fBOSSL_PROVIDER\-default\fR\|(7)
.SH "COPYRIGHT"
.IX Header "COPYRIGHT"
Copyright 2023 The OpenSSL Project Authors. All Rights Reserved.
.PP
Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use
this file except in compliance with the License. You can obtain a copy
in the file \s-1LICENSE\s0 in the source distribution or at
<https://www.openssl.org/source/license.html>.

183
openssl-install/share/man/man7/EVP_CIPHER-RC2.7ossl
View File

@@ -1,183 +0,0 @@
.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42)
.\"
.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..
.de Vb \" Begin verbatim text
.ft CW
.nf
.ne \\$1
..
.de Ve \" End verbatim text
.ft R
.fi
..
.\" Set up some character translations and predefined strings. \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote. \*(C+ will
.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
.\" nothing in troff, for use with C<>.
.tr \(*W-
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\
. ds -- \(*W-
. ds PI pi
. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
. ds L" ""
. ds R" ""
. ds C` ""
. ds C' ""
'br\}
.el\{\
. ds -- \|\(em\|
. ds PI \(*p
. ds L" ``
. ds R" ''
. ds C`
. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
.ie \n(.g .ds Aq \(aq
.el .ds Aq '
.\"
.\" If the F register is >0, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
.\"
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
.nr rF 0
.if \n(.g .if rF .nr rF 1
.if (\n(rF:(\n(.g==0)) \{\
. if \nF \{\
. de IX
. tm Index:\\$1\t\\n%\t"\\$2"
..
. if !\nF==2 \{\
. nr % 0
. nr F 2
. \}
. \}
.\}
.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
. \" fudge factors for nroff and troff
.if n \{\
. ds #H 0
. ds #V .8m
. ds #F .3m
. ds #[ \f1
. ds #] \fP
.\}
.if t \{\
. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
. ds #V .6m
. ds #F 0
. ds #[ \&
. ds #] \&
.\}
. \" simple accents for nroff and troff
.if n \{\
. ds ' \&
. ds ` \&
. ds ^ \&
. ds , \&
. ds ~ ~
. ds /
.\}
.if t \{\
. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
.\}
. \" troff and (daisy-wheel) nroff accents
.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
.ds ae a\h'-(\w'a'u*4/10)'e
.ds Ae A\h'-(\w'A'u*4/10)'E
. \" corrections for vroff
.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
. \" for low resolution devices (crt and lpr)
.if \n(.H>23 .if \n(.V>19 \
\{\
. ds : e
. ds 8 ss
. ds o a
. ds d- d\h'-1'\(ga
. ds D- D\h'-1'\(hy
. ds th \o'bp'
. ds Th \o'LP'
. ds ae ae
. ds Ae AE
.\}
.rm #[ #] #H #V #F C
.\" ========================================================================
.\"
.IX Title "EVP_CIPHER-RC2 7ossl"
.TH EVP_CIPHER-RC2 7ossl "2025-07-01" "3.4.2" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
.nh
.SH "NAME"
EVP_CIPHER\-RC2 \- The RC2 EVP_CIPHER implementations
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
Support for \s-1RC2\s0 symmetric encryption using the \fB\s-1EVP_CIPHER\s0\fR \s-1API.\s0
.SS "Algorithm Names"
.IX Subsection "Algorithm Names"
The following algorithms are available in the legacy provider:
.ie n .IP """\s-1RC2\-CBC"", ""RC2""\s0 or ""\s-1RC2\-128""\s0" 4
.el .IP "``\s-1RC2\-CBC'', ``RC2''\s0 or ``\s-1RC2\-128''\s0" 4
.IX Item "RC2-CBC, RC2 or RC2-128"
.PD 0
.ie n .IP """\s-1RC2\-40\-CBC""\s0 or ""\s-1RC2\-40""\s0" 4
.el .IP "``\s-1RC2\-40\-CBC''\s0 or ``\s-1RC2\-40''\s0" 4
.IX Item "RC2-40-CBC or RC2-40"
.ie n .IP """\s-1RC2\-64\-CBC""\s0 or ""\s-1RC2\-64""\s0" 4
.el .IP "``\s-1RC2\-64\-CBC''\s0 or ``\s-1RC2\-64''\s0" 4
.IX Item "RC2-64-CBC or RC2-64"
.ie n .IP """\s-1RC2\-ECB""\s0" 4
.el .IP "``\s-1RC2\-ECB''\s0" 4
.IX Item "RC2-ECB"
.ie n .IP """\s-1RC2\-CFB""\s0" 4
.el .IP "``\s-1RC2\-CFB''\s0" 4
.IX Item "RC2-CFB"
.ie n .IP """\s-1RC2\-OFB""\s0" 4
.el .IP "``\s-1RC2\-OFB''\s0" 4
.IX Item "RC2-OFB"
.PD
.SS "Parameters"
.IX Subsection "Parameters"
This implementation supports the parameters described in
\&\*(L"\s-1PARAMETERS\*(R"\s0 in \fBEVP_EncryptInit\fR\|(3).
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\fBprovider\-cipher\fR\|(7), \fBOSSL_PROVIDER\-legacy\fR\|(7)
.SH "COPYRIGHT"
.IX Header "COPYRIGHT"
Copyright 2021 The OpenSSL Project Authors. All Rights Reserved.
.PP
Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use
this file except in compliance with the License. You can obtain a copy
in the file \s-1LICENSE\s0 in the source distribution or at
<https://www.openssl.org/source/license.html>.

174
openssl-install/share/man/man7/EVP_CIPHER-RC4.7ossl
View File

@@ -1,174 +0,0 @@
.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42)
.\"
.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..
.de Vb \" Begin verbatim text
.ft CW
.nf
.ne \\$1
..
.de Ve \" End verbatim text
.ft R
.fi
..
.\" Set up some character translations and predefined strings. \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote. \*(C+ will
.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
.\" nothing in troff, for use with C<>.
.tr \(*W-
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\
. ds -- \(*W-
. ds PI pi
. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
. ds L" ""
. ds R" ""
. ds C` ""
. ds C' ""
'br\}
.el\{\
. ds -- \|\(em\|
. ds PI \(*p
. ds L" ``
. ds R" ''
. ds C`
. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
.ie \n(.g .ds Aq \(aq
.el .ds Aq '
.\"
.\" If the F register is >0, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
.\"
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
.nr rF 0
.if \n(.g .if rF .nr rF 1
.if (\n(rF:(\n(.g==0)) \{\
. if \nF \{\
. de IX
. tm Index:\\$1\t\\n%\t"\\$2"
..
. if !\nF==2 \{\
. nr % 0
. nr F 2
. \}
. \}
.\}
.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
. \" fudge factors for nroff and troff
.if n \{\
. ds #H 0
. ds #V .8m
. ds #F .3m
. ds #[ \f1
. ds #] \fP
.\}
.if t \{\
. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
. ds #V .6m
. ds #F 0
. ds #[ \&
. ds #] \&
.\}
. \" simple accents for nroff and troff
.if n \{\
. ds ' \&
. ds ` \&
. ds ^ \&
. ds , \&
. ds ~ ~
. ds /
.\}
.if t \{\
. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
.\}
. \" troff and (daisy-wheel) nroff accents
.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
.ds ae a\h'-(\w'a'u*4/10)'e
.ds Ae A\h'-(\w'A'u*4/10)'E
. \" corrections for vroff
.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
. \" for low resolution devices (crt and lpr)
.if \n(.H>23 .if \n(.V>19 \
\{\
. ds : e
. ds 8 ss
. ds o a
. ds d- d\h'-1'\(ga
. ds D- D\h'-1'\(hy
. ds th \o'bp'
. ds Th \o'LP'
. ds ae ae
. ds Ae AE
.\}
.rm #[ #] #H #V #F C
.\" ========================================================================
.\"
.IX Title "EVP_CIPHER-RC4 7ossl"
.TH EVP_CIPHER-RC4 7ossl "2025-07-01" "3.4.2" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
.nh
.SH "NAME"
EVP_CIPHER\-RC4 \- The RC4 EVP_CIPHER implementations
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
Support for \s-1RC4\s0 symmetric encryption using the \fB\s-1EVP_CIPHER\s0\fR \s-1API.\s0
.SS "Algorithm Names"
.IX Subsection "Algorithm Names"
The following algorithms are available in the legacy provider:
.ie n .IP """\s-1RC4""\s0" 4
.el .IP "``\s-1RC4''\s0" 4
.IX Item "RC4"
.PD 0
.ie n .IP """\s-1RC4\-40""\s0" 4
.el .IP "``\s-1RC4\-40''\s0" 4
.IX Item "RC4-40"
.ie n .IP """\s-1RC4\-HMAC\-MD5""\s0" 4
.el .IP "``\s-1RC4\-HMAC\-MD5''\s0" 4
.IX Item "RC4-HMAC-MD5"
.PD
.SS "Parameters"
.IX Subsection "Parameters"
This implementation supports the parameters described in
\&\*(L"\s-1PARAMETERS\*(R"\s0 in \fBEVP_EncryptInit\fR\|(3).
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\fBprovider\-cipher\fR\|(7), \fBOSSL_PROVIDER\-legacy\fR\|(7)
.SH "COPYRIGHT"
.IX Header "COPYRIGHT"
Copyright 2021 The OpenSSL Project Authors. All Rights Reserved.
.PP
Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use
this file except in compliance with the License. You can obtain a copy
in the file \s-1LICENSE\s0 in the source distribution or at
<https://www.openssl.org/source/license.html>.

179
openssl-install/share/man/man7/EVP_CIPHER-RC5.7ossl
View File

@@ -1,179 +0,0 @@
.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42)
.\"
.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..
.de Vb \" Begin verbatim text
.ft CW
.nf
.ne \\$1
..
.de Ve \" End verbatim text
.ft R
.fi
..
.\" Set up some character translations and predefined strings. \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote. \*(C+ will
.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
.\" nothing in troff, for use with C<>.
.tr \(*W-
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\
. ds -- \(*W-
. ds PI pi
. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
. ds L" ""
. ds R" ""
. ds C` ""
. ds C' ""
'br\}
.el\{\
. ds -- \|\(em\|
. ds PI \(*p
. ds L" ``
. ds R" ''
. ds C`
. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
.ie \n(.g .ds Aq \(aq
.el .ds Aq '
.\"
.\" If the F register is >0, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
.\"
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
.nr rF 0
.if \n(.g .if rF .nr rF 1
.if (\n(rF:(\n(.g==0)) \{\
. if \nF \{\
. de IX
. tm Index:\\$1\t\\n%\t"\\$2"
..
. if !\nF==2 \{\
. nr % 0
. nr F 2
. \}
. \}
.\}
.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
. \" fudge factors for nroff and troff
.if n \{\
. ds #H 0
. ds #V .8m
. ds #F .3m
. ds #[ \f1
. ds #] \fP
.\}
.if t \{\
. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
. ds #V .6m
. ds #F 0
. ds #[ \&
. ds #] \&
.\}
. \" simple accents for nroff and troff
.if n \{\
. ds ' \&
. ds ` \&
. ds ^ \&
. ds , \&
. ds ~ ~
. ds /
.\}
.if t \{\
. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
.\}
. \" troff and (daisy-wheel) nroff accents
.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
.ds ae a\h'-(\w'a'u*4/10)'e
.ds Ae A\h'-(\w'A'u*4/10)'E
. \" corrections for vroff
.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
. \" for low resolution devices (crt and lpr)
.if \n(.H>23 .if \n(.V>19 \
\{\
. ds : e
. ds 8 ss
. ds o a
. ds d- d\h'-1'\(ga
. ds D- D\h'-1'\(hy
. ds th \o'bp'
. ds Th \o'LP'
. ds ae ae
. ds Ae AE
.\}
.rm #[ #] #H #V #F C
.\" ========================================================================
.\"
.IX Title "EVP_CIPHER-RC5 7ossl"
.TH EVP_CIPHER-RC5 7ossl "2025-07-01" "3.4.2" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
.nh
.SH "NAME"
EVP_CIPHER\-RC5 \- The RC5 EVP_CIPHER implementations
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
Support for \s-1RC5\s0 symmetric encryption using the \fB\s-1EVP_CIPHER\s0\fR \s-1API.\s0
.PP
Disabled by default. Use the \fIenable\-rc5\fR configuration option to enable.
.SS "Algorithm Names"
.IX Subsection "Algorithm Names"
The following algorithms are available in the legacy provider:
.ie n .IP """\s-1RC5\-CBC""\s0 or ""\s-1RC5""\s0" 4
.el .IP "``\s-1RC5\-CBC''\s0 or ``\s-1RC5''\s0" 4
.IX Item "RC5-CBC or RC5"
.PD 0
.ie n .IP """\s-1RC5\-ECB""\s0" 4
.el .IP "``\s-1RC5\-ECB''\s0" 4
.IX Item "RC5-ECB"
.ie n .IP """\s-1RC5\-OFB""\s0" 4
.el .IP "``\s-1RC5\-OFB''\s0" 4
.IX Item "RC5-OFB"
.ie n .IP """\s-1RC5\-CFB""\s0" 4
.el .IP "``\s-1RC5\-CFB''\s0" 4
.IX Item "RC5-CFB"
.PD
.SS "Parameters"
.IX Subsection "Parameters"
This implementation supports the parameters described in
\&\*(L"\s-1PARAMETERS\*(R"\s0 in \fBEVP_EncryptInit\fR\|(3).
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\fBprovider\-cipher\fR\|(7), \fBOSSL_PROVIDER\-legacy\fR\|(7)
.SH "COPYRIGHT"
.IX Header "COPYRIGHT"
Copyright 2021 The OpenSSL Project Authors. All Rights Reserved.
.PP
Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use
this file except in compliance with the License. You can obtain a copy
in the file \s-1LICENSE\s0 in the source distribution or at
<https://www.openssl.org/source/license.html>.

177
openssl-install/share/man/man7/EVP_CIPHER-SEED.7ossl
View File

@@ -1,177 +0,0 @@
.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42)
.\"
.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..
.de Vb \" Begin verbatim text
.ft CW
.nf
.ne \\$1
..
.de Ve \" End verbatim text
.ft R
.fi
..
.\" Set up some character translations and predefined strings. \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote. \*(C+ will
.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
.\" nothing in troff, for use with C<>.
.tr \(*W-
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\
. ds -- \(*W-
. ds PI pi
. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
. ds L" ""
. ds R" ""
. ds C` ""
. ds C' ""
'br\}
.el\{\
. ds -- \|\(em\|
. ds PI \(*p
. ds L" ``
. ds R" ''
. ds C`
. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
.ie \n(.g .ds Aq \(aq
.el .ds Aq '
.\"
.\" If the F register is >0, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
.\"
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
.nr rF 0
.if \n(.g .if rF .nr rF 1
.if (\n(rF:(\n(.g==0)) \{\
. if \nF \{\
. de IX
. tm Index:\\$1\t\\n%\t"\\$2"
..
. if !\nF==2 \{\
. nr % 0
. nr F 2
. \}
. \}
.\}
.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
. \" fudge factors for nroff and troff
.if n \{\
. ds #H 0
. ds #V .8m
. ds #F .3m
. ds #[ \f1
. ds #] \fP
.\}
.if t \{\
. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
. ds #V .6m
. ds #F 0
. ds #[ \&
. ds #] \&
.\}
. \" simple accents for nroff and troff
.if n \{\
. ds ' \&
. ds ` \&
. ds ^ \&
. ds , \&
. ds ~ ~
. ds /
.\}
.if t \{\
. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
.\}
. \" troff and (daisy-wheel) nroff accents
.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
.ds ae a\h'-(\w'a'u*4/10)'e
.ds Ae A\h'-(\w'A'u*4/10)'E
. \" corrections for vroff
.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
. \" for low resolution devices (crt and lpr)
.if \n(.H>23 .if \n(.V>19 \
\{\
. ds : e
. ds 8 ss
. ds o a
. ds d- d\h'-1'\(ga
. ds D- D\h'-1'\(hy
. ds th \o'bp'
. ds Th \o'LP'
. ds ae ae
. ds Ae AE
.\}
.rm #[ #] #H #V #F C
.\" ========================================================================
.\"
.IX Title "EVP_CIPHER-SEED 7ossl"
.TH EVP_CIPHER-SEED 7ossl "2025-07-01" "3.4.2" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
.nh
.SH "NAME"
EVP_CIPHER\-SEED \- The SEED EVP_CIPHER implementations
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
Support for \s-1SEED\s0 symmetric encryption using the \fB\s-1EVP_CIPHER\s0\fR \s-1API.\s0
.SS "Algorithm Names"
.IX Subsection "Algorithm Names"
The following algorithms are available in the legacy provider:
.ie n .IP """SEED-CBC"" or ""\s-1SEED""\s0" 4
.el .IP "``SEED-CBC'' or ``\s-1SEED''\s0" 4
.IX Item "SEED-CBC or SEED"
.PD 0
.ie n .IP """SEED-ECB""" 4
.el .IP "``SEED-ECB''" 4
.IX Item "SEED-ECB"
.ie n .IP """SEED-OFB"" or ""\s-1SEED\-OFB128""\s0" 4
.el .IP "``SEED-OFB'' or ``\s-1SEED\-OFB128''\s0" 4
.IX Item "SEED-OFB or SEED-OFB128"
.ie n .IP """SEED-CFB"" or ""\s-1SEED\-CFB128""\s0" 4
.el .IP "``SEED-CFB'' or ``\s-1SEED\-CFB128''\s0" 4
.IX Item "SEED-CFB or SEED-CFB128"
.PD
.SS "Parameters"
.IX Subsection "Parameters"
This implementation supports the parameters described in
\&\*(L"\s-1PARAMETERS\*(R"\s0 in \fBEVP_EncryptInit\fR\|(3).
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\fBprovider\-cipher\fR\|(7), \fBOSSL_PROVIDER\-legacy\fR\|(7)
.SH "COPYRIGHT"
.IX Header "COPYRIGHT"
Copyright 2021 The OpenSSL Project Authors. All Rights Reserved.
.PP
Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use
this file except in compliance with the License. You can obtain a copy
in the file \s-1LICENSE\s0 in the source distribution or at
<https://www.openssl.org/source/license.html>.

197
openssl-install/share/man/man7/EVP_CIPHER-SM4.7ossl
View File

@@ -1,197 +0,0 @@
.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42)
.\"
.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..
.de Vb \" Begin verbatim text
.ft CW
.nf
.ne \\$1
..
.de Ve \" End verbatim text
.ft R
.fi
..
.\" Set up some character translations and predefined strings. \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote. \*(C+ will
.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
.\" nothing in troff, for use with C<>.
.tr \(*W-
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\
. ds -- \(*W-
. ds PI pi
. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
. ds L" ""
. ds R" ""
. ds C` ""
. ds C' ""
'br\}
.el\{\
. ds -- \|\(em\|
. ds PI \(*p
. ds L" ``
. ds R" ''
. ds C`
. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
.ie \n(.g .ds Aq \(aq
.el .ds Aq '
.\"
.\" If the F register is >0, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
.\"
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
.nr rF 0
.if \n(.g .if rF .nr rF 1
.if (\n(rF:(\n(.g==0)) \{\
. if \nF \{\
. de IX
. tm Index:\\$1\t\\n%\t"\\$2"
..
. if !\nF==2 \{\
. nr % 0
. nr F 2
. \}
. \}
.\}
.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
. \" fudge factors for nroff and troff
.if n \{\
. ds #H 0
. ds #V .8m
. ds #F .3m
. ds #[ \f1
. ds #] \fP
.\}
.if t \{\
. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
. ds #V .6m
. ds #F 0
. ds #[ \&
. ds #] \&
.\}
. \" simple accents for nroff and troff
.if n \{\
. ds ' \&
. ds ` \&
. ds ^ \&
. ds , \&
. ds ~ ~
. ds /
.\}
.if t \{\
. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
.\}
. \" troff and (daisy-wheel) nroff accents
.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
.ds ae a\h'-(\w'a'u*4/10)'e
.ds Ae A\h'-(\w'A'u*4/10)'E
. \" corrections for vroff
.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
. \" for low resolution devices (crt and lpr)
.if \n(.H>23 .if \n(.V>19 \
\{\
. ds : e
. ds 8 ss
. ds o a
. ds d- d\h'-1'\(ga
. ds D- D\h'-1'\(hy
. ds th \o'bp'
. ds Th \o'LP'
. ds ae ae
. ds Ae AE
.\}
.rm #[ #] #H #V #F C
.\" ========================================================================
.\"
.IX Title "EVP_CIPHER-SM4 7ossl"
.TH EVP_CIPHER-SM4 7ossl "2025-07-01" "3.4.2" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
.nh
.SH "NAME"
EVP_CIPHER\-SM4 \- The SM4 EVP_CIPHER implementations
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
Support for \s-1SM4\s0 symmetric encryption using the \fB\s-1EVP_CIPHER\s0\fR \s-1API.\s0
.SS "Algorithm Names"
.IX Subsection "Algorithm Names"
The following algorithms are available in the default provider:
.ie n .IP """\s-1SM4\-CBC:SM4""\s0" 4
.el .IP "``\s-1SM4\-CBC:SM4''\s0" 4
.IX Item "SM4-CBC:SM4"
.PD 0
.ie n .IP """\s-1SM4\-ECB""\s0" 4
.el .IP "``\s-1SM4\-ECB''\s0" 4
.IX Item "SM4-ECB"
.ie n .IP """\s-1SM4\-CTR""\s0" 4
.el .IP "``\s-1SM4\-CTR''\s0" 4
.IX Item "SM4-CTR"
.ie n .IP """\s-1SM4\-OFB""\s0 or ""\s-1SM4\-OFB128""\s0" 4
.el .IP "``\s-1SM4\-OFB''\s0 or ``\s-1SM4\-OFB128''\s0" 4
.IX Item "SM4-OFB or SM4-OFB128"
.ie n .IP """\s-1SM4\-CFB""\s0 or ""\s-1SM4\-CFB128""\s0" 4
.el .IP "``\s-1SM4\-CFB''\s0 or ``\s-1SM4\-CFB128''\s0" 4
.IX Item "SM4-CFB or SM4-CFB128"
.ie n .IP """\s-1SM4\-GCM""\s0" 4
.el .IP "``\s-1SM4\-GCM''\s0" 4
.IX Item "SM4-GCM"
.ie n .IP """\s-1SM4\-CCM""\s0" 4
.el .IP "``\s-1SM4\-CCM''\s0" 4
.IX Item "SM4-CCM"
.ie n .IP """\s-1SM4\-XTS""\s0" 4
.el .IP "``\s-1SM4\-XTS''\s0" 4
.IX Item "SM4-XTS"
.PD
.SS "Parameters"
.IX Subsection "Parameters"
This implementation supports the parameters described in
\&\*(L"\s-1PARAMETERS\*(R"\s0 in \fBEVP_EncryptInit\fR\|(3).
.SH "NOTES"
.IX Header "NOTES"
The \s-1SM4\-XTS\s0 implementation allows streaming to be performed, but each
\&\fBEVP_EncryptUpdate\fR\|(3) or \fBEVP_DecryptUpdate\fR\|(3) call requires each input
to be a multiple of the blocksize. Only the final \fBEVP_EncryptUpdate()\fR or
\&\fBEVP_DecryptUpdate()\fR call can optionally have an input that is not a multiple
of the blocksize but is larger than one block. In that case ciphertext
stealing (\s-1CTS\s0) is used to fill the block.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\fBprovider\-cipher\fR\|(7), \fBOSSL_PROVIDER\-default\fR\|(7)
.SH "COPYRIGHT"
.IX Header "COPYRIGHT"
Copyright 2021 The OpenSSL Project Authors. All Rights Reserved.
.PP
Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use
this file except in compliance with the License. You can obtain a copy
in the file \s-1LICENSE\s0 in the source distribution or at
<https://www.openssl.org/source/license.html>.

326
openssl-install/share/man/man7/EVP_KDF-ARGON2.7ossl
View File

@@ -1,326 +0,0 @@
.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42)
.\"
.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..
.de Vb \" Begin verbatim text
.ft CW
.nf
.ne \\$1
..
.de Ve \" End verbatim text
.ft R
.fi
..
.\" Set up some character translations and predefined strings. \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote. \*(C+ will
.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
.\" nothing in troff, for use with C<>.
.tr \(*W-
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\
. ds -- \(*W-
. ds PI pi
. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
. ds L" ""
. ds R" ""
. ds C` ""
. ds C' ""
'br\}
.el\{\
. ds -- \|\(em\|
. ds PI \(*p
. ds L" ``
. ds R" ''
. ds C`
. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
.ie \n(.g .ds Aq \(aq
.el .ds Aq '
.\"
.\" If the F register is >0, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
.\"
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
.nr rF 0
.if \n(.g .if rF .nr rF 1
.if (\n(rF:(\n(.g==0)) \{\
. if \nF \{\
. de IX
. tm Index:\\$1\t\\n%\t"\\$2"
..
. if !\nF==2 \{\
. nr % 0
. nr F 2
. \}
. \}
.\}
.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
. \" fudge factors for nroff and troff
.if n \{\
. ds #H 0
. ds #V .8m
. ds #F .3m
. ds #[ \f1
. ds #] \fP
.\}
.if t \{\
. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
. ds #V .6m
. ds #F 0
. ds #[ \&
. ds #] \&
.\}
. \" simple accents for nroff and troff
.if n \{\
. ds ' \&
. ds ` \&
. ds ^ \&
. ds , \&
. ds ~ ~
. ds /
.\}
.if t \{\
. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
.\}
. \" troff and (daisy-wheel) nroff accents
.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
.ds ae a\h'-(\w'a'u*4/10)'e
.ds Ae A\h'-(\w'A'u*4/10)'E
. \" corrections for vroff
.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
. \" for low resolution devices (crt and lpr)
.if \n(.H>23 .if \n(.V>19 \
\{\
. ds : e
. ds 8 ss
. ds o a
. ds d- d\h'-1'\(ga
. ds D- D\h'-1'\(hy
. ds th \o'bp'
. ds Th \o'LP'
. ds ae ae
. ds Ae AE
.\}
.rm #[ #] #H #V #F C
.\" ========================================================================
.\"
.IX Title "EVP_KDF-ARGON2 7ossl"
.TH EVP_KDF-ARGON2 7ossl "2025-07-01" "3.4.2" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
.nh
.SH "NAME"
EVP_KDF\-ARGON2 \- The Argon2 EVP KDF implementation
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
Support for computing the \fBargon2\fR password-based \s-1KDF\s0 through the \fB\s-1EVP_KDF\s0\fR
\&\s-1API.\s0
.PP
The \s-1EVP_KDF\-ARGON2\s0 algorithm implements the Argon2 password-based key
derivation function, as described in \s-1IETF RFC 9106.\s0 It is memory-hard in
the sense that it deliberately requires a significant amount of \s-1RAM\s0 for efficient
computation. The intention of this is to render brute forcing of passwords on
systems that lack large amounts of main memory (such as GPUs or ASICs)
computationally infeasible.
.PP
Argon2d (Argon2i) uses data-dependent (data-independent) memory access and
primary seek to address trade-off (side-channel) attacks.
.PP
Argon2id is a hybrid construction which, in the first two slices of the first
pass, generates reference addresses data-independently as in Argon2i, whereas
in later slices and next passes it generates them data-dependently as in
Argon2d.
.PP
Sbox-hardened version Argon2ds is not supported.
.PP
For more information, please refer to \s-1RFC 9106.\s0
.SS "Supported parameters"
.IX Subsection "Supported parameters"
The supported parameters are:
.ie n .IP """pass"" (\fB\s-1OSSL_KDF_PARAM_PASSWORD\s0\fR) <octet string>" 4
.el .IP "``pass'' (\fB\s-1OSSL_KDF_PARAM_PASSWORD\s0\fR) <octet string>" 4
.IX Item "pass (OSSL_KDF_PARAM_PASSWORD) <octet string>"
.PD 0
.ie n .IP """salt"" (\fB\s-1OSSL_KDF_PARAM_SALT\s0\fR) <octet string>" 4
.el .IP "``salt'' (\fB\s-1OSSL_KDF_PARAM_SALT\s0\fR) <octet string>" 4
.IX Item "salt (OSSL_KDF_PARAM_SALT) <octet string>"
.ie n .IP """secret"" (\fB\s-1OSSL_KDF_PARAM_SECRET\s0\fR) <octet string>" 4
.el .IP "``secret'' (\fB\s-1OSSL_KDF_PARAM_SECRET\s0\fR) <octet string>" 4
.IX Item "secret (OSSL_KDF_PARAM_SECRET) <octet string>"
.ie n .IP """iter"" (\fB\s-1OSSL_KDF_PARAM_ITER\s0\fR) <unsigned integer>" 4
.el .IP "``iter'' (\fB\s-1OSSL_KDF_PARAM_ITER\s0\fR) <unsigned integer>" 4
.IX Item "iter (OSSL_KDF_PARAM_ITER) <unsigned integer>"
.ie n .IP """size"" (\fB\s-1OSSL_KDF_PARAM_SIZE\s0\fR) <unsigned integer>" 4
.el .IP "``size'' (\fB\s-1OSSL_KDF_PARAM_SIZE\s0\fR) <unsigned integer>" 4
.IX Item "size (OSSL_KDF_PARAM_SIZE) <unsigned integer>"
.ie n .IP """properties"" (\fB\s-1OSSL_KDF_PARAM_PROPERTIES\s0\fR) <\s-1UTF8\s0 string>" 4
.el .IP "``properties'' (\fB\s-1OSSL_KDF_PARAM_PROPERTIES\s0\fR) <\s-1UTF8\s0 string>" 4
.IX Item "properties (OSSL_KDF_PARAM_PROPERTIES) <UTF8 string>"
.PD
These parameters work as described in \*(L"\s-1PARAMETERS\*(R"\s0 in \s-1\fBEVP_KDF\s0\fR\|(3).
.Sp
Note that \s-1RFC 9106\s0 recommends 128 bits salt for most applications, or 64 bits
salt in the case of space constraints. At least 128 bits output length is
recommended.
.Sp
Note that secret (or pepper) is an optional secret data used along the
password.
.ie n .IP """threads"" (\fB\s-1OSSL_KDF_PARAM_THREADS\s0\fR) <unsigned integer>" 4
.el .IP "``threads'' (\fB\s-1OSSL_KDF_PARAM_THREADS\s0\fR) <unsigned integer>" 4
.IX Item "threads (OSSL_KDF_PARAM_THREADS) <unsigned integer>"
The number of threads, bounded above by the number of lanes.
.Sp
This can only be used with built-in thread support. Threading must be
explicitly enabled. See \s-1EXAMPLES\s0 section for more information.
.ie n .IP """ad"" (\fB\s-1OSSL_KDF_PARAM_ARGON2_AD\s0\fR) <octet string>" 4
.el .IP "``ad'' (\fB\s-1OSSL_KDF_PARAM_ARGON2_AD\s0\fR) <octet string>" 4
.IX Item "ad (OSSL_KDF_PARAM_ARGON2_AD) <octet string>"
Optional associated data, may be used to \*(L"tag\*(R" a group of keys, or tie them
to a particular public key, without having to modify salt.
.ie n .IP """lanes"" (\fB\s-1OSSL_KDF_PARAM_ARGON2_LANES\s0\fR) <unsigned integer>" 4
.el .IP "``lanes'' (\fB\s-1OSSL_KDF_PARAM_ARGON2_LANES\s0\fR) <unsigned integer>" 4
.IX Item "lanes (OSSL_KDF_PARAM_ARGON2_LANES) <unsigned integer>"
Argon2 splits the requested memory size into lanes, each of which is designed
to be processed in parallel. For example, on a system with p cores, it's
recommended to use p lanes.
.Sp
The number of lanes is used to derive the key. It is possible to specify
more lanes than the number of available computational threads. This is
especially encouraged if multi-threading is disabled.
.ie n .IP """memcost"" (\fB\s-1OSSL_KDF_PARAM_ARGON2_MEMCOST\s0\fR) <unsigned integer>" 4
.el .IP "``memcost'' (\fB\s-1OSSL_KDF_PARAM_ARGON2_MEMCOST\s0\fR) <unsigned integer>" 4
.IX Item "memcost (OSSL_KDF_PARAM_ARGON2_MEMCOST) <unsigned integer>"
Memory cost parameter (the number of 1k memory blocks used).
.ie n .IP """version"" (\fB\s-1OSSL_KDF_PARAM_ARGON2_VERSION\s0\fR) <unsigned integer>" 4
.el .IP "``version'' (\fB\s-1OSSL_KDF_PARAM_ARGON2_VERSION\s0\fR) <unsigned integer>" 4
.IX Item "version (OSSL_KDF_PARAM_ARGON2_VERSION) <unsigned integer>"
Argon2 version. Supported values: 0x10, 0x13 (default).
.ie n .IP """early_clean"" (\fB\s-1OSSL_KDF_PARAM_EARLY_CLEAN\s0\fR) <unsigned integer>" 4
.el .IP "``early_clean'' (\fB\s-1OSSL_KDF_PARAM_EARLY_CLEAN\s0\fR) <unsigned integer>" 4
.IX Item "early_clean (OSSL_KDF_PARAM_EARLY_CLEAN) <unsigned integer>"
If set (nonzero), password and secret stored in Argon2 context are zeroed
early during initial hash computation, as soon as they are not needed.
Otherwise, they are zeroed along the rest of Argon2 context data on clear,
free, reset.
.Sp
This can be useful if, for example, multiple keys with different ad value
are to be generated from a single password and secret.
.SH "EXAMPLES"
.IX Header "EXAMPLES"
This example uses Argon2d with password \*(L"1234567890\*(R", salt \*(L"saltsalt\*(R",
using 2 lanes, 2 threads, and memory cost of 65536:
.PP
.Vb 5
\& #include <string.h> /* strlen */
\& #include <openssl/core_names.h> /* OSSL_KDF_* */
\& #include <openssl/params.h> /* OSSL_PARAM_* */
\& #include <openssl/thread.h> /* OSSL_set_max_threads */
\& #include <openssl/kdf.h> /* EVP_KDF_* */
\&
\& int main(void)
\& {
\& int retval = 1;
\&
\& EVP_KDF *kdf = NULL;
\& EVP_KDF_CTX *kctx = NULL;
\& OSSL_PARAM params[6], *p = params;
\&
\& /* argon2 params, please refer to RFC9106 for recommended defaults */
\& uint32_t lanes = 2, threads = 2, memcost = 65536;
\& char pwd[] = "1234567890", salt[] = "saltsalt";
\&
\& /* derive result */
\& size_t outlen = 128;
\& unsigned char result[outlen];
\&
\& /* required if threads > 1 */
\& if (OSSL_set_max_threads(NULL, threads) != 1)
\& goto fail;
\&
\& p = params;
\& *p++ = OSSL_PARAM_construct_uint32(OSSL_KDF_PARAM_THREADS, &threads);
\& *p++ = OSSL_PARAM_construct_uint32(OSSL_KDF_PARAM_ARGON2_LANES,
\& &lanes);
\& *p++ = OSSL_PARAM_construct_uint32(OSSL_KDF_PARAM_ARGON2_MEMCOST,
\& &memcost);
\& *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT,
\& salt,
\& strlen((const char *)salt));
\& *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_PASSWORD,
\& pwd,
\& strlen((const char *)pwd));
\& *p++ = OSSL_PARAM_construct_end();
\&
\& if ((kdf = EVP_KDF_fetch(NULL, "ARGON2D", NULL)) == NULL)
\& goto fail;
\& if ((kctx = EVP_KDF_CTX_new(kdf)) == NULL)
\& goto fail;
\& if (EVP_KDF_derive(kctx, &result[0], outlen, params) != 1)
\& goto fail;
\&
\& printf("Output = %s\en", OPENSSL_buf2hexstr(result, outlen));
\& retval = 0;
\&
\& fail:
\& EVP_KDF_free(kdf);
\& EVP_KDF_CTX_free(kctx);
\& OSSL_set_max_threads(NULL, 0);
\&
\& return retval;
\& }
.Ve
.SH "NOTES"
.IX Header "NOTES"
\&\*(L"\s-1ARGON2I\*(R", \*(L"ARGON2D\*(R",\s0 and \*(L"\s-1ARGON2ID\*(R"\s0 are the names for this implementation; it
can be used with the \fBEVP_KDF_fetch()\fR function.
.SH "CONFORMING TO"
.IX Header "CONFORMING TO"
\&\s-1RFC 9106\s0 Argon2, see <https://www.rfc\-editor.org/rfc/rfc9106.txt>.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\s-1\fBEVP_KDF\s0\fR\|(3),
\&\fBEVP_KDF_CTX_new\fR\|(3),
\&\fBEVP_KDF_CTX_free\fR\|(3),
\&\fBEVP_KDF_CTX_set_params\fR\|(3),
\&\fBEVP_KDF_derive\fR\|(3),
\&\*(L"\s-1PARAMETERS\*(R"\s0 in \s-1\fBEVP_KDF\s0\fR\|(3)
.SH "HISTORY"
.IX Header "HISTORY"
This functionality was added to OpenSSL 3.2.
.SH "COPYRIGHT"
.IX Header "COPYRIGHT"
Copyright 2022\-2024 The OpenSSL Project Authors. All Rights Reserved.
.PP
Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use
this file except in compliance with the License. You can obtain a copy
in the file \s-1LICENSE\s0 in the source distribution or at
<https://www.openssl.org/source/license.html>.

307
openssl-install/share/man/man7/EVP_KDF-HKDF.7ossl
View File

@@ -1,307 +0,0 @@
.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42)
.\"
.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..
.de Vb \" Begin verbatim text
.ft CW
.nf
.ne \\$1
..
.de Ve \" End verbatim text
.ft R
.fi
..
.\" Set up some character translations and predefined strings. \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote. \*(C+ will
.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
.\" nothing in troff, for use with C<>.
.tr \(*W-
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\
. ds -- \(*W-
. ds PI pi
. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
. ds L" ""
. ds R" ""
. ds C` ""
. ds C' ""
'br\}
.el\{\
. ds -- \|\(em\|
. ds PI \(*p
. ds L" ``
. ds R" ''
. ds C`
. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
.ie \n(.g .ds Aq \(aq
.el .ds Aq '
.\"
.\" If the F register is >0, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
.\"
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
.nr rF 0
.if \n(.g .if rF .nr rF 1
.if (\n(rF:(\n(.g==0)) \{\
. if \nF \{\
. de IX
. tm Index:\\$1\t\\n%\t"\\$2"
..
. if !\nF==2 \{\
. nr % 0
. nr F 2
. \}
. \}
.\}
.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
. \" fudge factors for nroff and troff
.if n \{\
. ds #H 0
. ds #V .8m
. ds #F .3m
. ds #[ \f1
. ds #] \fP
.\}
.if t \{\
. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
. ds #V .6m
. ds #F 0
. ds #[ \&
. ds #] \&
.\}
. \" simple accents for nroff and troff
.if n \{\
. ds ' \&
. ds ` \&
. ds ^ \&
. ds , \&
. ds ~ ~
. ds /
.\}
.if t \{\
. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
.\}
. \" troff and (daisy-wheel) nroff accents
.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
.ds ae a\h'-(\w'a'u*4/10)'e
.ds Ae A\h'-(\w'A'u*4/10)'E
. \" corrections for vroff
.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
. \" for low resolution devices (crt and lpr)
.if \n(.H>23 .if \n(.V>19 \
\{\
. ds : e
. ds 8 ss
. ds o a
. ds d- d\h'-1'\(ga
. ds D- D\h'-1'\(hy
. ds th \o'bp'
. ds Th \o'LP'
. ds ae ae
. ds Ae AE
.\}
.rm #[ #] #H #V #F C
.\" ========================================================================
.\"
.IX Title "EVP_KDF-HKDF 7ossl"
.TH EVP_KDF-HKDF 7ossl "2025-07-01" "3.4.2" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
.nh
.SH "NAME"
EVP_KDF\-HKDF \- The HKDF EVP_KDF implementation
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
Support for computing the \fB\s-1HKDF\s0\fR \s-1KDF\s0 through the \fB\s-1EVP_KDF\s0\fR \s-1API.\s0
.PP
The \s-1EVP_KDF\-HKDF\s0 algorithm implements the \s-1HKDF\s0 key derivation function.
\&\s-1HKDF\s0 follows the \*(L"extract-then-expand\*(R" paradigm, where the \s-1KDF\s0 logically
consists of two modules. The first stage takes the input keying material
and \*(L"extracts\*(R" from it a fixed-length pseudorandom key K. The second stage
\&\*(L"expands\*(R" the key K into several additional pseudorandom keys (the output
of the \s-1KDF\s0).
.PP
The output is considered to be keying material.
.SS "Identity"
.IX Subsection "Identity"
\&\*(L"\s-1HKDF\*(R"\s0 is the name for this implementation; it
can be used with the \fBEVP_KDF_fetch()\fR function.
.SS "Supported parameters"
.IX Subsection "Supported parameters"
The supported parameters are:
.ie n .IP """properties"" (\fB\s-1OSSL_KDF_PARAM_PROPERTIES\s0\fR) <\s-1UTF8\s0 string>" 4
.el .IP "``properties'' (\fB\s-1OSSL_KDF_PARAM_PROPERTIES\s0\fR) <\s-1UTF8\s0 string>" 4
.IX Item "properties (OSSL_KDF_PARAM_PROPERTIES) <UTF8 string>"
.PD 0
.ie n .IP """digest"" (\fB\s-1OSSL_KDF_PARAM_DIGEST\s0\fR) <\s-1UTF8\s0 string>" 4
.el .IP "``digest'' (\fB\s-1OSSL_KDF_PARAM_DIGEST\s0\fR) <\s-1UTF8\s0 string>" 4
.IX Item "digest (OSSL_KDF_PARAM_DIGEST) <UTF8 string>"
.ie n .IP """key"" (\fB\s-1OSSL_KDF_PARAM_KEY\s0\fR) <octet string>" 4
.el .IP "``key'' (\fB\s-1OSSL_KDF_PARAM_KEY\s0\fR) <octet string>" 4
.IX Item "key (OSSL_KDF_PARAM_KEY) <octet string>"
.ie n .IP """salt"" (\fB\s-1OSSL_KDF_PARAM_SALT\s0\fR) <octet string>" 4
.el .IP "``salt'' (\fB\s-1OSSL_KDF_PARAM_SALT\s0\fR) <octet string>" 4
.IX Item "salt (OSSL_KDF_PARAM_SALT) <octet string>"
.PD
These parameters work as described in \*(L"\s-1PARAMETERS\*(R"\s0 in \s-1\fBEVP_KDF\s0\fR\|(3).
.ie n .IP """info"" (\fB\s-1OSSL_KDF_PARAM_INFO\s0\fR) <octet string>" 4
.el .IP "``info'' (\fB\s-1OSSL_KDF_PARAM_INFO\s0\fR) <octet string>" 4
.IX Item "info (OSSL_KDF_PARAM_INFO) <octet string>"
This parameter sets the info value.
The length of the context info buffer cannot exceed 1024 bytes;
this should be more than enough for any normal use of \s-1HKDF.\s0
.ie n .IP """mode"" (\fB\s-1OSSL_KDF_PARAM_MODE\s0\fR) <\s-1UTF8\s0 string> or <integer>" 4
.el .IP "``mode'' (\fB\s-1OSSL_KDF_PARAM_MODE\s0\fR) <\s-1UTF8\s0 string> or <integer>" 4
.IX Item "mode (OSSL_KDF_PARAM_MODE) <UTF8 string> or <integer>"
This parameter sets the mode for the \s-1HKDF\s0 operation.
There are three modes that are currently defined:
.RS 4
.ie n .IP """\s-1EXTRACT_AND_EXPAND""\s0 or \fB\s-1EVP_KDF_HKDF_MODE_EXTRACT_AND_EXPAND\s0\fR" 4
.el .IP "``\s-1EXTRACT_AND_EXPAND''\s0 or \fB\s-1EVP_KDF_HKDF_MODE_EXTRACT_AND_EXPAND\s0\fR" 4
.IX Item "EXTRACT_AND_EXPAND or EVP_KDF_HKDF_MODE_EXTRACT_AND_EXPAND"
This is the default mode. Calling \fBEVP_KDF_derive\fR\|(3) on an \s-1EVP_KDF_CTX\s0 set
up for \s-1HKDF\s0 will perform an extract followed by an expand operation in one go.
The derived key returned will be the result after the expand operation. The
intermediate fixed-length pseudorandom key K is not returned.
.Sp
In this mode the digest, key, salt and info values must be set before a key is
derived otherwise an error will occur.
.ie n .IP """\s-1EXTRACT_ONLY""\s0 or \fB\s-1EVP_KDF_HKDF_MODE_EXTRACT_ONLY\s0\fR" 4
.el .IP "``\s-1EXTRACT_ONLY''\s0 or \fB\s-1EVP_KDF_HKDF_MODE_EXTRACT_ONLY\s0\fR" 4
.IX Item "EXTRACT_ONLY or EVP_KDF_HKDF_MODE_EXTRACT_ONLY"
In this mode calling \fBEVP_KDF_derive\fR\|(3) will just perform the extract
operation. The value returned will be the intermediate fixed-length pseudorandom
key K. The \fIkeylen\fR parameter must match the size of K, which can be looked
up by calling \fBEVP_KDF_CTX_get_kdf_size()\fR after setting the mode and digest.
.Sp
The digest, key and salt values must be set before a key is derived otherwise
an error will occur.
.ie n .IP """\s-1EXPAND_ONLY""\s0 or \fB\s-1EVP_KDF_HKDF_MODE_EXPAND_ONLY\s0\fR" 4
.el .IP "``\s-1EXPAND_ONLY''\s0 or \fB\s-1EVP_KDF_HKDF_MODE_EXPAND_ONLY\s0\fR" 4
.IX Item "EXPAND_ONLY or EVP_KDF_HKDF_MODE_EXPAND_ONLY"
In this mode calling \fBEVP_KDF_derive\fR\|(3) will just perform the expand
operation. The input key should be set to the intermediate fixed-length
pseudorandom key K returned from a previous extract operation.
.Sp
The digest, key and info values must be set before a key is derived otherwise
an error will occur.
.RE
.RS 4
.RE
.PP
The OpenSSL \s-1FIPS\s0 provider also supports the following parameters:
.ie n .IP """fips-indicator"" (\fB\s-1OSSL_KDF_PARAM_FIPS_APPROVED_INDICATOR\s0\fR) <integer>" 4
.el .IP "``fips-indicator'' (\fB\s-1OSSL_KDF_PARAM_FIPS_APPROVED_INDICATOR\s0\fR) <integer>" 4
.IX Item "fips-indicator (OSSL_KDF_PARAM_FIPS_APPROVED_INDICATOR) <integer>"
A getter that returns 1 if the operation is \s-1FIPS\s0 approved, or 0 otherwise.
This may be used after calling EVP_KDF_derive. It returns 0 if \*(L"key-check\*(R"
is set to 0 and the check fails.
.ie n .IP """key-check"" (\fB\s-1OSSL_KDF_PARAM_FIPS_KEY_CHECK\s0\fR) <integer>" 4
.el .IP "``key-check'' (\fB\s-1OSSL_KDF_PARAM_FIPS_KEY_CHECK\s0\fR) <integer>" 4
.IX Item "key-check (OSSL_KDF_PARAM_FIPS_KEY_CHECK) <integer>"
The default value of 1 causes an error during \fBEVP_KDF_CTX_set_params()\fR if the
length of used key-derivation key (\fB\s-1OSSL_KDF_PARAM_KEY\s0\fR) is shorter than 112
bits.
Setting this to zero will ignore the error and set the approved
\&\*(L"fips-indicator\*(R" to 0.
This option breaks \s-1FIPS\s0 compliance if it causes the approved \*(L"fips-indicator\*(R"
to return 0.
.SH "NOTES"
.IX Header "NOTES"
A context for \s-1HKDF\s0 can be obtained by calling:
.PP
.Vb 2
\& EVP_KDF *kdf = EVP_KDF_fetch(NULL, "HKDF", NULL);
\& EVP_KDF_CTX *kctx = EVP_KDF_CTX_new(kdf);
.Ve
.PP
The output length of an \s-1HKDF\s0 expand operation is specified via the \fIkeylen\fR
parameter to the \fBEVP_KDF_derive\fR\|(3) function. When using
\&\s-1EVP_KDF_HKDF_MODE_EXTRACT_ONLY\s0 the \fIkeylen\fR parameter must equal the size of
the intermediate fixed-length pseudorandom key otherwise an error will occur.
For that mode, the fixed output size can be looked up by calling \fBEVP_KDF_CTX_get_kdf_size()\fR
after setting the mode and digest on the \fB\s-1EVP_KDF_CTX\s0\fR.
.SH "EXAMPLES"
.IX Header "EXAMPLES"
This example derives 10 bytes using \s-1SHA\-256\s0 with the secret key \*(L"secret\*(R",
salt value \*(L"salt\*(R" and info value \*(L"label\*(R":
.PP
.Vb 4
\& EVP_KDF *kdf;
\& EVP_KDF_CTX *kctx;
\& unsigned char out[10];
\& OSSL_PARAM params[5], *p = params;
\&
\& kdf = EVP_KDF_fetch(NULL, "HKDF", NULL);
\& kctx = EVP_KDF_CTX_new(kdf);
\& EVP_KDF_free(kdf);
\&
\& *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST,
\& SN_sha256, strlen(SN_sha256));
\& *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY,
\& "secret", (size_t)6);
\& *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_INFO,
\& "label", (size_t)5);
\& *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT,
\& "salt", (size_t)4);
\& *p = OSSL_PARAM_construct_end();
\& if (EVP_KDF_derive(kctx, out, sizeof(out), params) <= 0) {
\& error("EVP_KDF_derive");
\& }
\&
\& EVP_KDF_CTX_free(kctx);
.Ve
.SH "CONFORMING TO"
.IX Header "CONFORMING TO"
\&\s-1RFC 5869\s0
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\s-1\fBEVP_KDF\s0\fR\|(3),
\&\fBEVP_KDF_CTX_new\fR\|(3),
\&\fBEVP_KDF_CTX_free\fR\|(3),
\&\fBEVP_KDF_CTX_get_kdf_size\fR\|(3),
\&\fBEVP_KDF_CTX_set_params\fR\|(3),
\&\fBEVP_KDF_derive\fR\|(3),
\&\*(L"\s-1PARAMETERS\*(R"\s0 in \s-1\fBEVP_KDF\s0\fR\|(3),
\&\s-1\fBEVP_KDF\-TLS13_KDF\s0\fR\|(7)
.SH "HISTORY"
.IX Header "HISTORY"
This functionality was added in OpenSSL 3.0.
.SH "COPYRIGHT"
.IX Header "COPYRIGHT"
Copyright 2016\-2024 The OpenSSL Project Authors. All Rights Reserved.
.PP
Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use
this file except in compliance with the License. You can obtain a copy
in the file \s-1LICENSE\s0 in the source distribution or at
<https://www.openssl.org/source/license.html>.

199
openssl-install/share/man/man7/EVP_KDF-HMAC-DRBG.7ossl
View File

@@ -1,199 +0,0 @@
.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42)
.\"
.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..
.de Vb \" Begin verbatim text
.ft CW
.nf
.ne \\$1
..
.de Ve \" End verbatim text
.ft R
.fi
..
.\" Set up some character translations and predefined strings. \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote. \*(C+ will
.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
.\" nothing in troff, for use with C<>.
.tr \(*W-
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\
. ds -- \(*W-
. ds PI pi
. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
. ds L" ""
. ds R" ""
. ds C` ""
. ds C' ""
'br\}
.el\{\
. ds -- \|\(em\|
. ds PI \(*p
. ds L" ``
. ds R" ''
. ds C`
. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
.ie \n(.g .ds Aq \(aq
.el .ds Aq '
.\"
.\" If the F register is >0, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
.\"
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
.nr rF 0
.if \n(.g .if rF .nr rF 1
.if (\n(rF:(\n(.g==0)) \{\
. if \nF \{\
. de IX
. tm Index:\\$1\t\\n%\t"\\$2"
..
. if !\nF==2 \{\
. nr % 0
. nr F 2
. \}
. \}
.\}
.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
. \" fudge factors for nroff and troff
.if n \{\
. ds #H 0
. ds #V .8m
. ds #F .3m
. ds #[ \f1
. ds #] \fP
.\}
.if t \{\
. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
. ds #V .6m
. ds #F 0
. ds #[ \&
. ds #] \&
.\}
. \" simple accents for nroff and troff
.if n \{\
. ds ' \&
. ds ` \&
. ds ^ \&
. ds , \&
. ds ~ ~
. ds /
.\}
.if t \{\
. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
.\}
. \" troff and (daisy-wheel) nroff accents
.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
.ds ae a\h'-(\w'a'u*4/10)'e
.ds Ae A\h'-(\w'A'u*4/10)'E
. \" corrections for vroff
.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
. \" for low resolution devices (crt and lpr)
.if \n(.H>23 .if \n(.V>19 \
\{\
. ds : e
. ds 8 ss
. ds o a
. ds d- d\h'-1'\(ga
. ds D- D\h'-1'\(hy
. ds th \o'bp'
. ds Th \o'LP'
. ds ae ae
. ds Ae AE
.\}
.rm #[ #] #H #V #F C
.\" ========================================================================
.\"
.IX Title "EVP_KDF-HMAC-DRBG 7ossl"
.TH EVP_KDF-HMAC-DRBG 7ossl "2025-07-01" "3.4.2" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
.nh
.SH "NAME"
EVP_KDF\-HMAC\-DRBG
\&\- The HMAC DRBG DETERMINISTIC EVP_KDF implementation
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
Support for a deterministic \s-1HMAC DRBG\s0 using the \fB\s-1EVP_KDF\s0\fR \s-1API.\s0 This is similar
to \s-1\fBEVP_RAND\-HMAC\-DRBG\s0\fR\|(7), but uses fixed values for its entropy and nonce
values. This is used to generate deterministic nonce value required by \s-1ECDSA\s0
and \s-1DSA\s0 (as defined in \s-1RFC 6979\s0).
.SS "Identity"
.IX Subsection "Identity"
\&\*(L"HMAC-DRBG-KDF\*(R" is the name for this implementation; it can be used
with the \fBEVP_KDF_fetch()\fR function.
.SS "Supported parameters"
.IX Subsection "Supported parameters"
The supported parameters are:
.ie n .IP """digest"" (\fB\s-1OSSL_DRBG_PARAM_DIGEST\s0\fR) <\s-1UTF8\s0 string>" 4
.el .IP "``digest'' (\fB\s-1OSSL_DRBG_PARAM_DIGEST\s0\fR) <\s-1UTF8\s0 string>" 4
.IX Item "digest (OSSL_DRBG_PARAM_DIGEST) <UTF8 string>"
.PD 0
.ie n .IP """properties"" (\fB\s-1OSSL_DRBG_PARAM_PROPERTIES\s0\fR) <\s-1UTF8\s0 string>" 4
.el .IP "``properties'' (\fB\s-1OSSL_DRBG_PARAM_PROPERTIES\s0\fR) <\s-1UTF8\s0 string>" 4
.IX Item "properties (OSSL_DRBG_PARAM_PROPERTIES) <UTF8 string>"
.PD
These parameters work as described in \*(L"\s-1PARAMETERS\*(R"\s0 in \s-1\fBEVP_KDF\s0\fR\|(3).
.ie n .IP """entropy"" (\fB\s-1OSSL_KDF_PARAM_HMACDRBG_ENTROPY\s0\fR) <octet string>" 4
.el .IP "``entropy'' (\fB\s-1OSSL_KDF_PARAM_HMACDRBG_ENTROPY\s0\fR) <octet string>" 4
.IX Item "entropy (OSSL_KDF_PARAM_HMACDRBG_ENTROPY) <octet string>"
Sets the entropy bytes supplied to the HMAC-DRBG.
.ie n .IP """nonce"" (\fB\s-1OSSL_KDF_PARAM_HMACDRBG_NONCE\s0\fR) <octet string>" 4
.el .IP "``nonce'' (\fB\s-1OSSL_KDF_PARAM_HMACDRBG_NONCE\s0\fR) <octet string>" 4
.IX Item "nonce (OSSL_KDF_PARAM_HMACDRBG_NONCE) <octet string>"
Sets the nonce bytes supplied to the HMAC-DRBG.
.SH "NOTES"
.IX Header "NOTES"
A context for \s-1KDF HMAC DRBG\s0 can be obtained by calling:
.PP
.Vb 2
\& EVP_KDF *kdf = EVP_KDF_fetch(NULL, "HMAC\-DRBG\-KDF", NULL);
\& EVP_KDF_CTX *kdf_ctx = EVP_KDF_CTX_new(kdf, NULL);
.Ve
.SH "CONFORMING TO"
.IX Header "CONFORMING TO"
\&\s-1RFC 6979\s0
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\s-1\fBEVP_KDF\s0\fR\|(3),
\&\*(L"\s-1PARAMETERS\*(R"\s0 in \s-1\fBEVP_KDF\s0\fR\|(3)
.SH "HISTORY"
.IX Header "HISTORY"
The \s-1EVP_KDF\-HMAC\-DRBG\s0 functionality was added in OpenSSL 3.2.
.SH "COPYRIGHT"
.IX Header "COPYRIGHT"
Copyright 2022\-2023 The OpenSSL Project Authors. All Rights Reserved.
.PP
Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use
this file except in compliance with the License. You can obtain a copy
in the file \s-1LICENSE\s0 in the source distribution or at
<https://www.openssl.org/source/license.html>.

336
openssl-install/share/man/man7/EVP_KDF-KB.7ossl
View File

@@ -1,336 +0,0 @@
.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42)
.\"
.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..
.de Vb \" Begin verbatim text
.ft CW
.nf
.ne \\$1
..
.de Ve \" End verbatim text
.ft R
.fi
..
.\" Set up some character translations and predefined strings. \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote. \*(C+ will
.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
.\" nothing in troff, for use with C<>.
.tr \(*W-
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\
. ds -- \(*W-
. ds PI pi
. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
. ds L" ""
. ds R" ""
. ds C` ""
. ds C' ""
'br\}
.el\{\
. ds -- \|\(em\|
. ds PI \(*p
. ds L" ``
. ds R" ''
. ds C`
. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
.ie \n(.g .ds Aq \(aq
.el .ds Aq '
.\"
.\" If the F register is >0, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
.\"
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
.nr rF 0
.if \n(.g .if rF .nr rF 1
.if (\n(rF:(\n(.g==0)) \{\
. if \nF \{\
. de IX
. tm Index:\\$1\t\\n%\t"\\$2"
..
. if !\nF==2 \{\
. nr % 0
. nr F 2
. \}
. \}
.\}
.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
. \" fudge factors for nroff and troff
.if n \{\
. ds #H 0
. ds #V .8m
. ds #F .3m
. ds #[ \f1
. ds #] \fP
.\}
.if t \{\
. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
. ds #V .6m
. ds #F 0
. ds #[ \&
. ds #] \&
.\}
. \" simple accents for nroff and troff
.if n \{\
. ds ' \&
. ds ` \&
. ds ^ \&
. ds , \&
. ds ~ ~
. ds /
.\}
.if t \{\
. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
.\}
. \" troff and (daisy-wheel) nroff accents
.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
.ds ae a\h'-(\w'a'u*4/10)'e
.ds Ae A\h'-(\w'A'u*4/10)'E
. \" corrections for vroff
.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
. \" for low resolution devices (crt and lpr)
.if \n(.H>23 .if \n(.V>19 \
\{\
. ds : e
. ds 8 ss
. ds o a
. ds d- d\h'-1'\(ga
. ds D- D\h'-1'\(hy
. ds th \o'bp'
. ds Th \o'LP'
. ds ae ae
. ds Ae AE
.\}
.rm #[ #] #H #V #F C
.\" ========================================================================
.\"
.IX Title "EVP_KDF-KB 7ossl"
.TH EVP_KDF-KB 7ossl "2025-07-01" "3.4.2" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
.nh
.SH "NAME"
EVP_KDF\-KB \- The Key\-Based EVP_KDF implementation
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
The \s-1EVP_KDF\-KB\s0 algorithm implements the Key-Based key derivation function
(\s-1KBKDF\s0). \s-1KBKDF\s0 derives a key from repeated application of a keyed \s-1MAC\s0 to an
input secret (and other optional values).
.PP
The output is considered to be keying material.
.SS "Identity"
.IX Subsection "Identity"
\&\*(L"\s-1KBKDF\*(R"\s0 is the name for this implementation; it can be used with the
\&\fBEVP_KDF_fetch()\fR function.
.SS "Supported parameters"
.IX Subsection "Supported parameters"
The supported parameters are:
.ie n .IP """mode"" (\fB\s-1OSSL_KDF_PARAM_MODE\s0\fR) <\s-1UTF8\s0 string>" 4
.el .IP "``mode'' (\fB\s-1OSSL_KDF_PARAM_MODE\s0\fR) <\s-1UTF8\s0 string>" 4
.IX Item "mode (OSSL_KDF_PARAM_MODE) <UTF8 string>"
The mode parameter determines which flavor of \s-1KBKDF\s0 to use \- currently the
choices are \*(L"counter\*(R" and \*(L"feedback\*(R". \*(L"counter\*(R" is the default, and will be
used if unspecified.
.ie n .IP """mac"" (\fB\s-1OSSL_KDF_PARAM_MAC\s0\fR) <\s-1UTF8\s0 string>" 4
.el .IP "``mac'' (\fB\s-1OSSL_KDF_PARAM_MAC\s0\fR) <\s-1UTF8\s0 string>" 4
.IX Item "mac (OSSL_KDF_PARAM_MAC) <UTF8 string>"
The value is either \s-1CMAC, HMAC, KMAC128\s0 or \s-1KMAC256.\s0
.ie n .IP """digest"" (\fB\s-1OSSL_KDF_PARAM_DIGEST\s0\fR) <\s-1UTF8\s0 string>" 4
.el .IP "``digest'' (\fB\s-1OSSL_KDF_PARAM_DIGEST\s0\fR) <\s-1UTF8\s0 string>" 4
.IX Item "digest (OSSL_KDF_PARAM_DIGEST) <UTF8 string>"
.PD 0
.ie n .IP """cipher"" (\fB\s-1OSSL_KDF_PARAM_CIPHER\s0\fR) <\s-1UTF8\s0 string>" 4
.el .IP "``cipher'' (\fB\s-1OSSL_KDF_PARAM_CIPHER\s0\fR) <\s-1UTF8\s0 string>" 4
.IX Item "cipher (OSSL_KDF_PARAM_CIPHER) <UTF8 string>"
.ie n .IP """properties"" (\fB\s-1OSSL_KDF_PARAM_PROPERTIES\s0\fR) <\s-1UTF8\s0 string>" 4
.el .IP "``properties'' (\fB\s-1OSSL_KDF_PARAM_PROPERTIES\s0\fR) <\s-1UTF8\s0 string>" 4
.IX Item "properties (OSSL_KDF_PARAM_PROPERTIES) <UTF8 string>"
.ie n .IP """key"" (\fB\s-1OSSL_KDF_PARAM_KEY\s0\fR) <octet string>" 4
.el .IP "``key'' (\fB\s-1OSSL_KDF_PARAM_KEY\s0\fR) <octet string>" 4
.IX Item "key (OSSL_KDF_PARAM_KEY) <octet string>"
.ie n .IP """salt"" (\fB\s-1OSSL_KDF_PARAM_SALT\s0\fR) <octet string>" 4
.el .IP "``salt'' (\fB\s-1OSSL_KDF_PARAM_SALT\s0\fR) <octet string>" 4
.IX Item "salt (OSSL_KDF_PARAM_SALT) <octet string>"
.IP """info (\fB\s-1OSSL_KDF_PARAM_INFO\s0\fR) <octet string>" 4
.IX Item """info (OSSL_KDF_PARAM_INFO) <octet string>"
.ie n .IP """seed"" (\fB\s-1OSSL_KDF_PARAM_SEED\s0\fR) <octet string>" 4
.el .IP "``seed'' (\fB\s-1OSSL_KDF_PARAM_SEED\s0\fR) <octet string>" 4
.IX Item "seed (OSSL_KDF_PARAM_SEED) <octet string>"
.PD
The seed parameter is unused in counter mode.
.ie n .IP """use-l"" (\fB\s-1OSSL_KDF_PARAM_KBKDF_USE_L\s0\fR) <integer>" 4
.el .IP "``use-l'' (\fB\s-1OSSL_KDF_PARAM_KBKDF_USE_L\s0\fR) <integer>" 4
.IX Item "use-l (OSSL_KDF_PARAM_KBKDF_USE_L) <integer>"
Set to \fB0\fR to disable use of the optional Fixed Input data 'L' (see \s-1SP800\-108\s0).
The default value of \fB1\fR will be used if unspecified.
.ie n .IP """use-separator"" (\fB\s-1OSSL_KDF_PARAM_KBKDF_USE_SEPARATOR\s0\fR) <integer>" 4
.el .IP "``use-separator'' (\fB\s-1OSSL_KDF_PARAM_KBKDF_USE_SEPARATOR\s0\fR) <integer>" 4
.IX Item "use-separator (OSSL_KDF_PARAM_KBKDF_USE_SEPARATOR) <integer>"
Set to \fB0\fR to disable use of the optional Fixed Input data 'zero separator'
(see \s-1SP800\-108\s0) that is placed between the Label and Context.
The default value of \fB1\fR will be used if unspecified.
.ie n .IP """r"" (\fB\s-1OSSL_KDF_PARAM_KBKDF_R\s0\fR) <integer>" 4
.el .IP "``r'' (\fB\s-1OSSL_KDF_PARAM_KBKDF_R\s0\fR) <integer>" 4
.IX Item "r (OSSL_KDF_PARAM_KBKDF_R) <integer>"
Set the fixed value 'r', indicating the length of the counter in bits.
.Sp
Supported values are \fB8\fR, \fB16\fR, \fB24\fR, and \fB32\fR.
The default value of \fB32\fR will be used if unspecified.
.PP
The OpenSSL \s-1FIPS\s0 provider also supports the following parameters:
.ie n .IP """fips-indicator"" (\fB\s-1OSSL_KDF_PARAM_FIPS_APPROVED_INDICATOR\s0\fR) <integer>" 4
.el .IP "``fips-indicator'' (\fB\s-1OSSL_KDF_PARAM_FIPS_APPROVED_INDICATOR\s0\fR) <integer>" 4
.IX Item "fips-indicator (OSSL_KDF_PARAM_FIPS_APPROVED_INDICATOR) <integer>"
A getter that returns 1 if the operation is \s-1FIPS\s0 approved, or 0 otherwise.
This may be used after calling EVP_KDF_derive. It returns 0 if \*(L"key-check\*(R"
is set to 0 and the check fails.
.ie n .IP """key-check"" (\fB\s-1OSSL_KDF_PARAM_FIPS_KEY_CHECK\s0\fR) <integer>" 4
.el .IP "``key-check'' (\fB\s-1OSSL_KDF_PARAM_FIPS_KEY_CHECK\s0\fR) <integer>" 4
.IX Item "key-check (OSSL_KDF_PARAM_FIPS_KEY_CHECK) <integer>"
The default value of 1 causes an error during \fBEVP_KDF_CTX_set_params()\fR if the
length of used key-derivation key (\fB\s-1OSSL_KDF_PARAM_KEY\s0\fR) is shorter than 112
bits.
Setting this to zero will ignore the error and set the approved
\&\*(L"fips-indicator\*(R" to 0.
This option breaks \s-1FIPS\s0 compliance if it causes the approved \*(L"fips-indicator\*(R"
to return 0.
.PP
Depending on whether mac is \s-1CMAC\s0 or \s-1HMAC,\s0 either digest or cipher is required
(respectively) and the other is unused. They are unused for \s-1KMAC128\s0 and \s-1KMAC256.\s0
.PP
The parameters key, salt, info, and seed correspond to \s-1KI,\s0 Label, Context, and
\&\s-1IV\s0 (respectively) in \s-1SP800\-108.\s0 As in that document, salt, info, and seed are
optional and may be omitted.
.PP
\&\*(L"mac\*(R", \*(L"digest\*(R", cipher\*(L" and \*(R"properties" are described in
\&\*(L"\s-1PARAMETERS\*(R"\s0 in \s-1\fBEVP_KDF\s0\fR\|(3).
.SH "NOTES"
.IX Header "NOTES"
A context for \s-1KBKDF\s0 can be obtained by calling:
.PP
.Vb 2
\& EVP_KDF *kdf = EVP_KDF_fetch(NULL, "KBKDF", NULL);
\& EVP_KDF_CTX *kctx = EVP_KDF_CTX_new(kdf);
.Ve
.PP
The output length of an \s-1KBKDF\s0 is specified via the \f(CW\*(C`keylen\*(C'\fR
parameter to the \fBEVP_KDF_derive\fR\|(3) function.
.PP
Note that currently OpenSSL only implements counter and feedback modes. Other
variants may be supported in the future.
.SH "EXAMPLES"
.IX Header "EXAMPLES"
This example derives 10 bytes using \s-1COUNTER\-HMAC\-SHA256,\s0 with \s-1KI\s0 \*(L"secret\*(R",
Label \*(L"label\*(R", and Context \*(L"context\*(R".
.PP
.Vb 4
\& EVP_KDF *kdf;
\& EVP_KDF_CTX *kctx;
\& unsigned char out[10];
\& OSSL_PARAM params[6], *p = params;
\&
\& kdf = EVP_KDF_fetch(NULL, "KBKDF", NULL);
\& kctx = EVP_KDF_CTX_new(kdf);
\& EVP_KDF_free(kdf);
\&
\& *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST,
\& "SHA2\-256", 0);
\& *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_MAC,
\& "HMAC", 0);
\& *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY,
\& "secret", strlen("secret"));
\& *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT,
\& "label", strlen("label"));
\& *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_INFO,
\& "context", strlen("context"));
\& *p = OSSL_PARAM_construct_end();
\& if (EVP_KDF_derive(kctx, out, sizeof(out), params) <= 0)
\& error("EVP_KDF_derive");
\&
\& EVP_KDF_CTX_free(kctx);
.Ve
.PP
This example derives 10 bytes using \s-1FEEDBACK\-CMAC\-AES256,\s0 with \s-1KI\s0 \*(L"secret\*(R",
Label \*(L"label\*(R", and \s-1IV\s0 \*(L"sixteen bytes iv\*(R".
.PP
.Vb 5
\& EVP_KDF *kdf;
\& EVP_KDF_CTX *kctx;
\& unsigned char out[10];
\& OSSL_PARAM params[8], *p = params;
\& unsigned char *iv = "sixteen bytes iv";
\&
\& kdf = EVP_KDF_fetch(NULL, "KBKDF", NULL);
\& kctx = EVP_KDF_CTX_new(kdf);
\& EVP_KDF_free(kdf);
\&
\& *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_CIPHER, "AES256", 0);
\& *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_MAC, "CMAC", 0);
\& *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_MODE, "FEEDBACK", 0);
\& *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY,
\& "secret", strlen("secret"));
\& *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT,
\& "label", strlen("label"));
\& *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_INFO,
\& "context", strlen("context"));
\& *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SEED,
\& iv, strlen(iv));
\& *p = OSSL_PARAM_construct_end();
\& if (EVP_KDF_derive(kctx, out, sizeof(out), params) <= 0)
\& error("EVP_KDF_derive");
\&
\& EVP_KDF_CTX_free(kctx);
.Ve
.SH "CONFORMING TO"
.IX Header "CONFORMING TO"
\&\s-1NIST SP800\-108, IETF RFC 6803, IETF RFC 8009.\s0
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\s-1\fBEVP_KDF\s0\fR\|(3),
\&\fBEVP_KDF_CTX_free\fR\|(3),
\&\fBEVP_KDF_CTX_get_kdf_size\fR\|(3),
\&\fBEVP_KDF_derive\fR\|(3),
\&\*(L"\s-1PARAMETERS\*(R"\s0 in \s-1\fBEVP_KDF\s0\fR\|(3)
.SH "HISTORY"
.IX Header "HISTORY"
This functionality was added in OpenSSL 3.0.
.PP
Support for \s-1KMAC\s0 was added in OpenSSL 3.1.
.SH "COPYRIGHT"
.IX Header "COPYRIGHT"
Copyright 2019\-2024 The OpenSSL Project Authors. All Rights Reserved.
Copyright 2019 Red Hat, Inc.
.PP
Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use
this file except in compliance with the License. You can obtain a copy
in the file \s-1LICENSE\s0 in the source distribution or at
<https://www.openssl.org/source/license.html>.

244
openssl-install/share/man/man7/EVP_KDF-KRB5KDF.7ossl
View File

@@ -1,244 +0,0 @@
.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42)
.\"
.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..
.de Vb \" Begin verbatim text
.ft CW
.nf
.ne \\$1
..
.de Ve \" End verbatim text
.ft R
.fi
..
.\" Set up some character translations and predefined strings. \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote. \*(C+ will
.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
.\" nothing in troff, for use with C<>.
.tr \(*W-
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\
. ds -- \(*W-
. ds PI pi
. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
. ds L" ""
. ds R" ""
. ds C` ""
. ds C' ""
'br\}
.el\{\
. ds -- \|\(em\|
. ds PI \(*p
. ds L" ``
. ds R" ''
. ds C`
. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
.ie \n(.g .ds Aq \(aq
.el .ds Aq '
.\"
.\" If the F register is >0, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
.\"
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
.nr rF 0
.if \n(.g .if rF .nr rF 1
.if (\n(rF:(\n(.g==0)) \{\
. if \nF \{\
. de IX
. tm Index:\\$1\t\\n%\t"\\$2"
..
. if !\nF==2 \{\
. nr % 0
. nr F 2
. \}
. \}
.\}
.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
. \" fudge factors for nroff and troff
.if n \{\
. ds #H 0
. ds #V .8m
. ds #F .3m
. ds #[ \f1
. ds #] \fP
.\}
.if t \{\
. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
. ds #V .6m
. ds #F 0
. ds #[ \&
. ds #] \&
.\}
. \" simple accents for nroff and troff
.if n \{\
. ds ' \&
. ds ` \&
. ds ^ \&
. ds , \&
. ds ~ ~
. ds /
.\}
.if t \{\
. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
.\}
. \" troff and (daisy-wheel) nroff accents
.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
.ds ae a\h'-(\w'a'u*4/10)'e
.ds Ae A\h'-(\w'A'u*4/10)'E
. \" corrections for vroff
.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
. \" for low resolution devices (crt and lpr)
.if \n(.H>23 .if \n(.V>19 \
\{\
. ds : e
. ds 8 ss
. ds o a
. ds d- d\h'-1'\(ga
. ds D- D\h'-1'\(hy
. ds th \o'bp'
. ds Th \o'LP'
. ds ae ae
. ds Ae AE
.\}
.rm #[ #] #H #V #F C
.\" ========================================================================
.\"
.IX Title "EVP_KDF-KRB5KDF 7ossl"
.TH EVP_KDF-KRB5KDF 7ossl "2025-07-01" "3.4.2" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
.nh
.SH "NAME"
EVP_KDF\-KRB5KDF \- The RFC3961 Krb5 KDF EVP_KDF implementation
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
Support for computing the \fB\s-1KRB5KDF\s0\fR \s-1KDF\s0 through the \fB\s-1EVP_KDF\s0\fR \s-1API.\s0
.PP
The \s-1EVP_KDF\-KRB5KDF\s0 algorithm implements the key derivation function defined
in \s-1RFC 3961,\s0 section 5.1 and is used by Krb5 to derive session keys.
Three inputs are required to perform key derivation: a cipher, (for example
\&\s-1AES\-128\-CBC\s0), the initial key, and a constant.
.SS "Identity"
.IX Subsection "Identity"
\&\*(L"\s-1KRB5KDF\*(R"\s0 is the name for this implementation;
it can be used with the \fBEVP_KDF_fetch()\fR function.
.SS "Supported parameters"
.IX Subsection "Supported parameters"
The supported parameters are:
.ie n .IP """properties"" (\fB\s-1OSSL_KDF_PARAM_PROPERTIES\s0\fR) <\s-1UTF8\s0 string>" 4
.el .IP "``properties'' (\fB\s-1OSSL_KDF_PARAM_PROPERTIES\s0\fR) <\s-1UTF8\s0 string>" 4
.IX Item "properties (OSSL_KDF_PARAM_PROPERTIES) <UTF8 string>"
.PD 0
.ie n .IP """cipher"" (\fB\s-1OSSL_KDF_PARAM_CIPHER\s0\fR) <\s-1UTF8\s0 string>" 4
.el .IP "``cipher'' (\fB\s-1OSSL_KDF_PARAM_CIPHER\s0\fR) <\s-1UTF8\s0 string>" 4
.IX Item "cipher (OSSL_KDF_PARAM_CIPHER) <UTF8 string>"
.ie n .IP """key"" (\fB\s-1OSSL_KDF_PARAM_KEY\s0\fR) <octet string>" 4
.el .IP "``key'' (\fB\s-1OSSL_KDF_PARAM_KEY\s0\fR) <octet string>" 4
.IX Item "key (OSSL_KDF_PARAM_KEY) <octet string>"
.PD
These parameters work as described in \*(L"\s-1PARAMETERS\*(R"\s0 in \s-1\fBEVP_KDF\s0\fR\|(3).
.ie n .IP """constant"" (\fB\s-1OSSL_KDF_PARAM_CONSTANT\s0\fR) <octet string>" 4
.el .IP "``constant'' (\fB\s-1OSSL_KDF_PARAM_CONSTANT\s0\fR) <octet string>" 4
.IX Item "constant (OSSL_KDF_PARAM_CONSTANT) <octet string>"
This parameter sets the constant value for the \s-1KDF.\s0
If a value is already set, the contents are replaced.
.SH "NOTES"
.IX Header "NOTES"
A context for \s-1KRB5KDF\s0 can be obtained by calling:
.PP
.Vb 2
\& EVP_KDF *kdf = EVP_KDF_fetch(NULL, "KRB5KDF", NULL);
\& EVP_KDF_CTX *kctx = EVP_KDF_CTX_new(kdf);
.Ve
.PP
The output length of the \s-1KRB5KDF\s0 derivation is specified via the \fIkeylen\fR
parameter to the \fBEVP_KDF_derive\fR\|(3) function, and \s-1MUST\s0 match the key
length for the chosen cipher or an error is returned. Moreover, the
constant's length must not exceed the block size of the cipher.
Since the \s-1KRB5KDF\s0 output length depends on the chosen cipher, calling
\&\fBEVP_KDF_CTX_get_kdf_size\fR\|(3) to obtain the requisite length returns the correct length
only after the cipher is set. Prior to that \fB\s-1EVP_MAX_KEY_LENGTH\s0\fR is returned.
The caller must allocate a buffer of the correct length for the chosen
cipher, and pass that buffer to the \fBEVP_KDF_derive\fR\|(3) function along
with that length.
.SH "EXAMPLES"
.IX Header "EXAMPLES"
This example derives a key using the \s-1AES\-128\-CBC\s0 cipher:
.PP
.Vb 7
\& EVP_KDF *kdf;
\& EVP_KDF_CTX *kctx;
\& unsigned char key[16] = "01234...";
\& unsigned char constant[] = "I\*(Aqm a constant";
\& unsigned char out[16];
\& size_t outlen = sizeof(out);
\& OSSL_PARAM params[4], *p = params;
\&
\& kdf = EVP_KDF_fetch(NULL, "KRB5KDF", NULL);
\& kctx = EVP_KDF_CTX_new(kdf);
\& EVP_KDF_free(kdf);
\&
\& *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_CIPHER,
\& SN_aes_128_cbc,
\& strlen(SN_aes_128_cbc));
\& *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY,
\& key, (size_t)16);
\& *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_CONSTANT,
\& constant, strlen(constant));
\& *p = OSSL_PARAM_construct_end();
\& if (EVP_KDF_derive(kctx, out, outlen, params) <= 0)
\& /* Error */
\&
\& EVP_KDF_CTX_free(kctx);
.Ve
.SH "CONFORMING TO"
.IX Header "CONFORMING TO"
\&\s-1RFC 3961\s0
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\s-1\fBEVP_KDF\s0\fR\|(3),
\&\fBEVP_KDF_CTX_free\fR\|(3),
\&\fBEVP_KDF_CTX_get_kdf_size\fR\|(3),
\&\fBEVP_KDF_derive\fR\|(3),
\&\*(L"\s-1PARAMETERS\*(R"\s0 in \s-1\fBEVP_KDF\s0\fR\|(3)
.SH "HISTORY"
.IX Header "HISTORY"
This functionality was added in OpenSSL 3.0.
.SH "COPYRIGHT"
.IX Header "COPYRIGHT"
Copyright 2016\-2021 The OpenSSL Project Authors. All Rights Reserved.
.PP
Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use
this file except in compliance with the License. You can obtain a copy
in the file \s-1LICENSE\s0 in the source distribution or at
<https://www.openssl.org/source/license.html>.

215
openssl-install/share/man/man7/EVP_KDF-PBKDF1.7ossl
View File

@@ -1,215 +0,0 @@
.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42)
.\"
.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..
.de Vb \" Begin verbatim text
.ft CW
.nf
.ne \\$1
..
.de Ve \" End verbatim text
.ft R
.fi
..
.\" Set up some character translations and predefined strings. \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote. \*(C+ will
.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
.\" nothing in troff, for use with C<>.
.tr \(*W-
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\
. ds -- \(*W-
. ds PI pi
. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
. ds L" ""
. ds R" ""
. ds C` ""
. ds C' ""
'br\}
.el\{\
. ds -- \|\(em\|
. ds PI \(*p
. ds L" ``
. ds R" ''
. ds C`
. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
.ie \n(.g .ds Aq \(aq
.el .ds Aq '
.\"
.\" If the F register is >0, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
.\"
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
.nr rF 0
.if \n(.g .if rF .nr rF 1
.if (\n(rF:(\n(.g==0)) \{\
. if \nF \{\
. de IX
. tm Index:\\$1\t\\n%\t"\\$2"
..
. if !\nF==2 \{\
. nr % 0
. nr F 2
. \}
. \}
.\}
.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
. \" fudge factors for nroff and troff
.if n \{\
. ds #H 0
. ds #V .8m
. ds #F .3m
. ds #[ \f1
. ds #] \fP
.\}
.if t \{\
. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
. ds #V .6m
. ds #F 0
. ds #[ \&
. ds #] \&
.\}
. \" simple accents for nroff and troff
.if n \{\
. ds ' \&
. ds ` \&
. ds ^ \&
. ds , \&
. ds ~ ~
. ds /
.\}
.if t \{\
. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
.\}
. \" troff and (daisy-wheel) nroff accents
.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
.ds ae a\h'-(\w'a'u*4/10)'e
.ds Ae A\h'-(\w'A'u*4/10)'E
. \" corrections for vroff
.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
. \" for low resolution devices (crt and lpr)
.if \n(.H>23 .if \n(.V>19 \
\{\
. ds : e
. ds 8 ss
. ds o a
. ds d- d\h'-1'\(ga
. ds D- D\h'-1'\(hy
. ds th \o'bp'
. ds Th \o'LP'
. ds ae ae
. ds Ae AE
.\}
.rm #[ #] #H #V #F C
.\" ========================================================================
.\"
.IX Title "EVP_KDF-PBKDF1 7ossl"
.TH EVP_KDF-PBKDF1 7ossl "2025-07-01" "3.4.2" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
.nh
.SH "NAME"
EVP_KDF\-PBKDF1 \- The PBKDF1 EVP_KDF implementation
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
Support for computing the \fB\s-1PBKDF1\s0\fR password-based \s-1KDF\s0 through the \fB\s-1EVP_KDF\s0\fR
\&\s-1API.\s0
.PP
The \s-1EVP_KDF\-PBKDF1\s0 algorithm implements the \s-1PBKDF1\s0 password-based key
derivation function, as described in \s-1RFC 8018\s0; it derives a key from a password
using a salt and iteration count.
.SS "Identity"
.IX Subsection "Identity"
\&\*(L"\s-1PBKDF1\*(R"\s0 is the name for this implementation; it
can be used with the \fBEVP_KDF_fetch()\fR function.
.SS "Supported parameters"
.IX Subsection "Supported parameters"
The supported parameters are:
.ie n .IP """pass"" (\fB\s-1OSSL_KDF_PARAM_PASSWORD\s0\fR) <octet string>" 4
.el .IP "``pass'' (\fB\s-1OSSL_KDF_PARAM_PASSWORD\s0\fR) <octet string>" 4
.IX Item "pass (OSSL_KDF_PARAM_PASSWORD) <octet string>"
.PD 0
.ie n .IP """salt"" (\fB\s-1OSSL_KDF_PARAM_SALT\s0\fR) <octet string>" 4
.el .IP "``salt'' (\fB\s-1OSSL_KDF_PARAM_SALT\s0\fR) <octet string>" 4
.IX Item "salt (OSSL_KDF_PARAM_SALT) <octet string>"
.ie n .IP """iter"" (\fB\s-1OSSL_KDF_PARAM_ITER\s0\fR) <unsigned integer>" 4
.el .IP "``iter'' (\fB\s-1OSSL_KDF_PARAM_ITER\s0\fR) <unsigned integer>" 4
.IX Item "iter (OSSL_KDF_PARAM_ITER) <unsigned integer>"
.PD
This parameter has a default value of 0 and should be set.
.ie n .IP """properties"" (\fB\s-1OSSL_KDF_PARAM_PROPERTIES\s0\fR) <\s-1UTF8\s0 string>" 4
.el .IP "``properties'' (\fB\s-1OSSL_KDF_PARAM_PROPERTIES\s0\fR) <\s-1UTF8\s0 string>" 4
.IX Item "properties (OSSL_KDF_PARAM_PROPERTIES) <UTF8 string>"
.PD 0
.ie n .IP """digest"" (\fB\s-1OSSL_KDF_PARAM_DIGEST\s0\fR) <\s-1UTF8\s0 string>" 4
.el .IP "``digest'' (\fB\s-1OSSL_KDF_PARAM_DIGEST\s0\fR) <\s-1UTF8\s0 string>" 4
.IX Item "digest (OSSL_KDF_PARAM_DIGEST) <UTF8 string>"
.PD
These parameters work as described in \*(L"\s-1PARAMETERS\*(R"\s0 in \s-1\fBEVP_KDF\s0\fR\|(3).
.SH "NOTES"
.IX Header "NOTES"
A typical application of this algorithm is to derive keying material for an
encryption algorithm from a password in the \*(L"pass\*(R", a salt in \*(L"salt\*(R",
and an iteration count.
.PP
Increasing the \*(L"iter\*(R" parameter slows down the algorithm which makes it
harder for an attacker to perform a brute force attack using a large number
of candidate passwords.
.PP
No assumption is made regarding the given password; it is simply treated as a
byte sequence.
.PP
The legacy provider needs to be available in order to access this algorithm.
.SH "CONFORMING TO"
.IX Header "CONFORMING TO"
\&\s-1RFC 8018\s0
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\s-1\fBEVP_KDF\s0\fR\|(3),
\&\fBEVP_KDF_CTX_new\fR\|(3),
\&\fBEVP_KDF_CTX_free\fR\|(3),
\&\fBEVP_KDF_CTX_set_params\fR\|(3),
\&\fBEVP_KDF_derive\fR\|(3),
\&\*(L"\s-1PARAMETERS\*(R"\s0 in \s-1\fBEVP_KDF\s0\fR\|(3),
\&\fBOSSL_PROVIDER\-legacy\fR\|(7)
.SH "HISTORY"
.IX Header "HISTORY"
This functionality was added in OpenSSL 3.0.
.SH "COPYRIGHT"
.IX Header "COPYRIGHT"
Copyright 2021 The OpenSSL Project Authors. All Rights Reserved.
.PP
Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use
this file except in compliance with the License. You can obtain a copy
in the file \s-1LICENSE\s0 in the source distribution or at
<https://www.openssl.org/source/license.html>.

247
openssl-install/share/man/man7/EVP_KDF-PBKDF2.7ossl
View File

@@ -1,247 +0,0 @@
.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42)
.\"
.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..
.de Vb \" Begin verbatim text
.ft CW
.nf
.ne \\$1
..
.de Ve \" End verbatim text
.ft R
.fi
..
.\" Set up some character translations and predefined strings. \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote. \*(C+ will
.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
.\" nothing in troff, for use with C<>.
.tr \(*W-
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\
. ds -- \(*W-
. ds PI pi
. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
. ds L" ""
. ds R" ""
. ds C` ""
. ds C' ""
'br\}
.el\{\
. ds -- \|\(em\|
. ds PI \(*p
. ds L" ``
. ds R" ''
. ds C`
. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
.ie \n(.g .ds Aq \(aq
.el .ds Aq '
.\"
.\" If the F register is >0, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
.\"
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
.nr rF 0
.if \n(.g .if rF .nr rF 1
.if (\n(rF:(\n(.g==0)) \{\
. if \nF \{\
. de IX
. tm Index:\\$1\t\\n%\t"\\$2"
..
. if !\nF==2 \{\
. nr % 0
. nr F 2
. \}
. \}
.\}
.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
. \" fudge factors for nroff and troff
.if n \{\
. ds #H 0
. ds #V .8m
. ds #F .3m
. ds #[ \f1
. ds #] \fP
.\}
.if t \{\
. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
. ds #V .6m
. ds #F 0
. ds #[ \&
. ds #] \&
.\}
. \" simple accents for nroff and troff
.if n \{\
. ds ' \&
. ds ` \&
. ds ^ \&
. ds , \&
. ds ~ ~
. ds /
.\}
.if t \{\
. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
.\}
. \" troff and (daisy-wheel) nroff accents
.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
.ds ae a\h'-(\w'a'u*4/10)'e
.ds Ae A\h'-(\w'A'u*4/10)'E
. \" corrections for vroff
.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
. \" for low resolution devices (crt and lpr)
.if \n(.H>23 .if \n(.V>19 \
\{\
. ds : e
. ds 8 ss
. ds o a
. ds d- d\h'-1'\(ga
. ds D- D\h'-1'\(hy
. ds th \o'bp'
. ds Th \o'LP'
. ds ae ae
. ds Ae AE
.\}
.rm #[ #] #H #V #F C
.\" ========================================================================
.\"
.IX Title "EVP_KDF-PBKDF2 7ossl"
.TH EVP_KDF-PBKDF2 7ossl "2025-07-01" "3.4.2" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
.nh
.SH "NAME"
EVP_KDF\-PBKDF2 \- The PBKDF2 EVP_KDF implementation
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
Support for computing the \fB\s-1PBKDF2\s0\fR password-based \s-1KDF\s0 through the \fB\s-1EVP_KDF\s0\fR
\&\s-1API.\s0
.PP
The \s-1EVP_KDF\-PBKDF2\s0 algorithm implements the \s-1PBKDF2\s0 password-based key
derivation function, as described in \s-1SP800\-132\s0; it derives a key from a password
using a salt and iteration count.
.PP
The output is considered to be a cryptographic key.
.SS "Identity"
.IX Subsection "Identity"
\&\*(L"\s-1PBKDF2\*(R"\s0 is the name for this implementation; it
can be used with the \fBEVP_KDF_fetch()\fR function.
.SS "Supported parameters"
.IX Subsection "Supported parameters"
The supported parameters are:
.ie n .IP """pass"" (\fB\s-1OSSL_KDF_PARAM_PASSWORD\s0\fR) <octet string>" 4
.el .IP "``pass'' (\fB\s-1OSSL_KDF_PARAM_PASSWORD\s0\fR) <octet string>" 4
.IX Item "pass (OSSL_KDF_PARAM_PASSWORD) <octet string>"
.PD 0
.ie n .IP """salt"" (\fB\s-1OSSL_KDF_PARAM_SALT\s0\fR) <octet string>" 4
.el .IP "``salt'' (\fB\s-1OSSL_KDF_PARAM_SALT\s0\fR) <octet string>" 4
.IX Item "salt (OSSL_KDF_PARAM_SALT) <octet string>"
.ie n .IP """iter"" (\fB\s-1OSSL_KDF_PARAM_ITER\s0\fR) <unsigned integer>" 4
.el .IP "``iter'' (\fB\s-1OSSL_KDF_PARAM_ITER\s0\fR) <unsigned integer>" 4
.IX Item "iter (OSSL_KDF_PARAM_ITER) <unsigned integer>"
.PD
This parameter has a default value of 2048.
.ie n .IP """properties"" (\fB\s-1OSSL_KDF_PARAM_PROPERTIES\s0\fR) <\s-1UTF8\s0 string>" 4
.el .IP "``properties'' (\fB\s-1OSSL_KDF_PARAM_PROPERTIES\s0\fR) <\s-1UTF8\s0 string>" 4
.IX Item "properties (OSSL_KDF_PARAM_PROPERTIES) <UTF8 string>"
.PD 0
.ie n .IP """digest"" (\fB\s-1OSSL_KDF_PARAM_DIGEST\s0\fR) <\s-1UTF8\s0 string>" 4
.el .IP "``digest'' (\fB\s-1OSSL_KDF_PARAM_DIGEST\s0\fR) <\s-1UTF8\s0 string>" 4
.IX Item "digest (OSSL_KDF_PARAM_DIGEST) <UTF8 string>"
.PD
These parameters work as described in \*(L"\s-1PARAMETERS\*(R"\s0 in \s-1\fBEVP_KDF\s0\fR\|(3).
.ie n .IP """pkcs5"" (\fB\s-1OSSL_KDF_PARAM_PKCS5\s0\fR) <integer>" 4
.el .IP "``pkcs5'' (\fB\s-1OSSL_KDF_PARAM_PKCS5\s0\fR) <integer>" 4
.IX Item "pkcs5 (OSSL_KDF_PARAM_PKCS5) <integer>"
This parameter can be used to enable or disable \s-1SP800\-132\s0 compliance checks.
Setting the mode to 0 enables the compliance checks.
.Sp
The checks performed are:
.RS 4
.IP "\- the iteration count is at least 1000." 4
.IX Item "- the iteration count is at least 1000."
.PD 0
.IP "\- the salt length is at least 128 bits." 4
.IX Item "- the salt length is at least 128 bits."
.IP "\- the derived key length is at least 112 bits." 4
.IX Item "- the derived key length is at least 112 bits."
.RE
.RS 4
.PD
.Sp
The default provider uses a default mode of 1 for backwards compatibility,
and the \s-1FIPS\s0 provider uses a default mode of 0.
This option breaks \s-1FIPS\s0 compliance if it causes the approved \*(L"fips-indicator\*(R"
to return 0.
.RE
.ie n .IP """fips-indicator"" (\fB\s-1OSSL_KDF_PARAM_FIPS_APPROVED_INDICATOR\s0\fR) <integer>" 4
.el .IP "``fips-indicator'' (\fB\s-1OSSL_KDF_PARAM_FIPS_APPROVED_INDICATOR\s0\fR) <integer>" 4
.IX Item "fips-indicator (OSSL_KDF_PARAM_FIPS_APPROVED_INDICATOR) <integer>"
This option is used by the OpenSSL \s-1FIPS\s0 provider.
.Sp
A getter that returns 1 if the operation is \s-1FIPS\s0 approved, or 0 otherwise.
This may be used after calling EVP_KDF_derive. It returns 0 if \*(L"pkcs5\*(R"
is set to 1 and the derived key length, salt length or iteration count test
fails.
.SH "NOTES"
.IX Header "NOTES"
A typical application of this algorithm is to derive keying material for an
encryption algorithm from a password in the \*(L"pass\*(R", a salt in \*(L"salt\*(R",
and an iteration count.
.PP
Increasing the \*(L"iter\*(R" parameter slows down the algorithm which makes it
harder for an attacker to perform a brute force attack using a large number
of candidate passwords.
.PP
No assumption is made regarding the given password; it is simply treated as a
byte sequence.
.SH "CONFORMING TO"
.IX Header "CONFORMING TO"
\&\s-1SP800\-132\s0
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\s-1\fBEVP_KDF\s0\fR\|(3),
\&\fBEVP_KDF_CTX_new\fR\|(3),
\&\fBEVP_KDF_CTX_free\fR\|(3),
\&\fBEVP_KDF_CTX_set_params\fR\|(3),
\&\fBEVP_KDF_derive\fR\|(3),
\&\*(L"\s-1PARAMETERS\*(R"\s0 in \s-1\fBEVP_KDF\s0\fR\|(3)
.SH "HISTORY"
.IX Header "HISTORY"
This functionality was added in OpenSSL 3.0.
.SH "COPYRIGHT"
.IX Header "COPYRIGHT"
Copyright 2018\-2024 The OpenSSL Project Authors. All Rights Reserved.
.PP
Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use
this file except in compliance with the License. You can obtain a copy
in the file \s-1LICENSE\s0 in the source distribution or at
<https://www.openssl.org/source/license.html>.

219
openssl-install/share/man/man7/EVP_KDF-PKCS12KDF.7ossl
View File

@@ -1,219 +0,0 @@
.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42)
.\"
.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..
.de Vb \" Begin verbatim text
.ft CW
.nf
.ne \\$1
..
.de Ve \" End verbatim text
.ft R
.fi
..
.\" Set up some character translations and predefined strings. \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote. \*(C+ will
.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
.\" nothing in troff, for use with C<>.
.tr \(*W-
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\
. ds -- \(*W-
. ds PI pi
. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
. ds L" ""
. ds R" ""
. ds C` ""
. ds C' ""
'br\}
.el\{\
. ds -- \|\(em\|
. ds PI \(*p
. ds L" ``
. ds R" ''
. ds C`
. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
.ie \n(.g .ds Aq \(aq
.el .ds Aq '
.\"
.\" If the F register is >0, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
.\"
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
.nr rF 0
.if \n(.g .if rF .nr rF 1
.if (\n(rF:(\n(.g==0)) \{\
. if \nF \{\
. de IX
. tm Index:\\$1\t\\n%\t"\\$2"
..
. if !\nF==2 \{\
. nr % 0
. nr F 2
. \}
. \}
.\}
.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
. \" fudge factors for nroff and troff
.if n \{\
. ds #H 0
. ds #V .8m
. ds #F .3m
. ds #[ \f1
. ds #] \fP
.\}
.if t \{\
. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
. ds #V .6m
. ds #F 0
. ds #[ \&
. ds #] \&
.\}
. \" simple accents for nroff and troff
.if n \{\
. ds ' \&
. ds ` \&
. ds ^ \&
. ds , \&
. ds ~ ~
. ds /
.\}
.if t \{\
. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
.\}
. \" troff and (daisy-wheel) nroff accents
.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
.ds ae a\h'-(\w'a'u*4/10)'e
.ds Ae A\h'-(\w'A'u*4/10)'E
. \" corrections for vroff
.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
. \" for low resolution devices (crt and lpr)
.if \n(.H>23 .if \n(.V>19 \
\{\
. ds : e
. ds 8 ss
. ds o a
. ds d- d\h'-1'\(ga
. ds D- D\h'-1'\(hy
. ds th \o'bp'
. ds Th \o'LP'
. ds ae ae
. ds Ae AE
.\}
.rm #[ #] #H #V #F C
.\" ========================================================================
.\"
.IX Title "EVP_KDF-PKCS12KDF 7ossl"
.TH EVP_KDF-PKCS12KDF 7ossl "2025-07-01" "3.4.2" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
.nh
.SH "NAME"
EVP_KDF\-PKCS12KDF \- The PKCS#12 EVP_KDF implementation
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
Support for computing the \fBPKCS#12\fR password-based \s-1KDF\s0 through the \fB\s-1EVP_KDF\s0\fR
\&\s-1API.\s0
.PP
The \s-1EVP_KDF\-PKCS12KDF\s0 algorithm implements the PKCS#12 password-based key
derivation function, as described in appendix B of \s-1RFC 7292\s0 (\s-1PKCS\s0 #12:
Personal Information Exchange Syntax); it derives a key from a password
using a salt, iteration count and the intended usage.
.SS "Identity"
.IX Subsection "Identity"
\&\*(L"\s-1PKCS12KDF\*(R"\s0 is the name for this implementation; it
can be used with the \fBEVP_KDF_fetch()\fR function.
.SS "Supported parameters"
.IX Subsection "Supported parameters"
The supported parameters are:
.ie n .IP """pass"" (\fB\s-1OSSL_KDF_PARAM_PASSWORD\s0\fR) <octet string>" 4
.el .IP "``pass'' (\fB\s-1OSSL_KDF_PARAM_PASSWORD\s0\fR) <octet string>" 4
.IX Item "pass (OSSL_KDF_PARAM_PASSWORD) <octet string>"
.PD 0
.ie n .IP """salt"" (\fB\s-1OSSL_KDF_PARAM_SALT\s0\fR) <octet string>" 4
.el .IP "``salt'' (\fB\s-1OSSL_KDF_PARAM_SALT\s0\fR) <octet string>" 4
.IX Item "salt (OSSL_KDF_PARAM_SALT) <octet string>"
.ie n .IP """iter"" (\fB\s-1OSSL_KDF_PARAM_ITER\s0\fR) <unsigned integer>" 4
.el .IP "``iter'' (\fB\s-1OSSL_KDF_PARAM_ITER\s0\fR) <unsigned integer>" 4
.IX Item "iter (OSSL_KDF_PARAM_ITER) <unsigned integer>"
.ie n .IP """properties"" (\fB\s-1OSSL_KDF_PARAM_PROPERTIES\s0\fR) <\s-1UTF8\s0 string>" 4
.el .IP "``properties'' (\fB\s-1OSSL_KDF_PARAM_PROPERTIES\s0\fR) <\s-1UTF8\s0 string>" 4
.IX Item "properties (OSSL_KDF_PARAM_PROPERTIES) <UTF8 string>"
.ie n .IP """digest"" (\fB\s-1OSSL_KDF_PARAM_DIGEST\s0\fR) <\s-1UTF8\s0 string>" 4
.el .IP "``digest'' (\fB\s-1OSSL_KDF_PARAM_DIGEST\s0\fR) <\s-1UTF8\s0 string>" 4
.IX Item "digest (OSSL_KDF_PARAM_DIGEST) <UTF8 string>"
.PD
These parameters work as described in \*(L"\s-1PARAMETERS\*(R"\s0 in \s-1\fBEVP_KDF\s0\fR\|(3).
.ie n .IP """id"" (\fB\s-1OSSL_KDF_PARAM_PKCS12_ID\s0\fR) <integer>" 4
.el .IP "``id'' (\fB\s-1OSSL_KDF_PARAM_PKCS12_ID\s0\fR) <integer>" 4
.IX Item "id (OSSL_KDF_PARAM_PKCS12_ID) <integer>"
This parameter is used to specify the intended usage of the output bits, as per
\&\s-1RFC 7292\s0 section B.3.
.SH "NOTES"
.IX Header "NOTES"
This algorithm is not available in the \s-1FIPS\s0 provider as it is not \s-1FIPS\s0
approvable.
.PP
A typical application of this algorithm is to derive keying material for an
encryption algorithm from a password in the \*(L"pass\*(R", a salt in \*(L"salt\*(R",
and an iteration count.
.PP
Increasing the \*(L"iter\*(R" parameter slows down the algorithm which makes it
harder for an attacker to perform a brute force attack using a large number
of candidate passwords.
.PP
No assumption is made regarding the given password; it is simply treated as a
byte sequence.
.SH "CONFORMING TO"
.IX Header "CONFORMING TO"
\&\s-1RFC7292\s0
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\s-1\fBEVP_KDF\s0\fR\|(3),
\&\fBEVP_KDF_CTX_new\fR\|(3),
\&\fBEVP_KDF_CTX_free\fR\|(3),
\&\fBEVP_KDF_CTX_set_params\fR\|(3),
\&\fBEVP_KDF_derive\fR\|(3),
\&\*(L"\s-1PARAMETERS\*(R"\s0 in \s-1\fBEVP_KDF\s0\fR\|(3),
\&\s-1\fBOSSL_PROVIDER\-FIPS\s0\fR\|(7)
.SH "HISTORY"
.IX Header "HISTORY"
This functionality was added in OpenSSL 3.0.
.SH "COPYRIGHT"
.IX Header "COPYRIGHT"
Copyright 2020\-2023 The OpenSSL Project Authors. All Rights Reserved.
.PP
Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use
this file except in compliance with the License. You can obtain a copy
in the file \s-1LICENSE\s0 in the source distribution or at
<https://www.openssl.org/source/license.html>.

200
openssl-install/share/man/man7/EVP_KDF-PVKKDF.7ossl
View File

@@ -1,200 +0,0 @@
.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42)
.\"
.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..
.de Vb \" Begin verbatim text
.ft CW
.nf
.ne \\$1
..
.de Ve \" End verbatim text
.ft R
.fi
..
.\" Set up some character translations and predefined strings. \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote. \*(C+ will
.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
.\" nothing in troff, for use with C<>.
.tr \(*W-
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\
. ds -- \(*W-
. ds PI pi
. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
. ds L" ""
. ds R" ""
. ds C` ""
. ds C' ""
'br\}
.el\{\
. ds -- \|\(em\|
. ds PI \(*p
. ds L" ``
. ds R" ''
. ds C`
. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
.ie \n(.g .ds Aq \(aq
.el .ds Aq '
.\"
.\" If the F register is >0, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
.\"
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
.nr rF 0
.if \n(.g .if rF .nr rF 1
.if (\n(rF:(\n(.g==0)) \{\
. if \nF \{\
. de IX
. tm Index:\\$1\t\\n%\t"\\$2"
..
. if !\nF==2 \{\
. nr % 0
. nr F 2
. \}
. \}
.\}
.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
. \" fudge factors for nroff and troff
.if n \{\
. ds #H 0
. ds #V .8m
. ds #F .3m
. ds #[ \f1
. ds #] \fP
.\}
.if t \{\
. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
. ds #V .6m
. ds #F 0
. ds #[ \&
. ds #] \&
.\}
. \" simple accents for nroff and troff
.if n \{\
. ds ' \&
. ds ` \&
. ds ^ \&
. ds , \&
. ds ~ ~
. ds /
.\}
.if t \{\
. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
.\}
. \" troff and (daisy-wheel) nroff accents
.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
.ds ae a\h'-(\w'a'u*4/10)'e
.ds Ae A\h'-(\w'A'u*4/10)'E
. \" corrections for vroff
.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
. \" for low resolution devices (crt and lpr)
.if \n(.H>23 .if \n(.V>19 \
\{\
. ds : e
. ds 8 ss
. ds o a
. ds d- d\h'-1'\(ga
. ds D- D\h'-1'\(hy
. ds th \o'bp'
. ds Th \o'LP'
. ds ae ae
. ds Ae AE
.\}
.rm #[ #] #H #V #F C
.\" ========================================================================
.\"
.IX Title "EVP_KDF-PVKKDF 7ossl"
.TH EVP_KDF-PVKKDF 7ossl "2025-07-01" "3.4.2" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
.nh
.SH "NAME"
EVP_KDF\-PVKKDF \- The PVK EVP_KDF implementation
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
Support for computing the \fB\s-1PVK KDF\s0\fR PIN-based \s-1KDF\s0 through the \fB\s-1EVP_KDF\s0\fR
\&\s-1API.\s0
.PP
The \s-1EVP_KDF\-PVKKDF\s0 algorithm implements a \s-1PVK\s0 PIN-based key
derivation function; it derives a key from a password using a salt.
.SS "Identity"
.IX Subsection "Identity"
\&\*(L"\s-1PVKKDF\*(R"\s0 is the name for this implementation; it
can be used with the \fBEVP_KDF_fetch()\fR function.
.SS "Supported parameters"
.IX Subsection "Supported parameters"
The supported parameters are:
.ie n .IP """pass"" (\fB\s-1OSSL_KDF_PARAM_PASSWORD\s0\fR) <octet string>" 4
.el .IP "``pass'' (\fB\s-1OSSL_KDF_PARAM_PASSWORD\s0\fR) <octet string>" 4
.IX Item "pass (OSSL_KDF_PARAM_PASSWORD) <octet string>"
.PD 0
.ie n .IP """salt"" (\fB\s-1OSSL_KDF_PARAM_SALT\s0\fR) <octet string>" 4
.el .IP "``salt'' (\fB\s-1OSSL_KDF_PARAM_SALT\s0\fR) <octet string>" 4
.IX Item "salt (OSSL_KDF_PARAM_SALT) <octet string>"
.ie n .IP """properties"" (\fB\s-1OSSL_KDF_PARAM_PROPERTIES\s0\fR) <\s-1UTF8\s0 string>" 4
.el .IP "``properties'' (\fB\s-1OSSL_KDF_PARAM_PROPERTIES\s0\fR) <\s-1UTF8\s0 string>" 4
.IX Item "properties (OSSL_KDF_PARAM_PROPERTIES) <UTF8 string>"
.ie n .IP """digest"" (\fB\s-1OSSL_KDF_PARAM_DIGEST\s0\fR) <\s-1UTF8\s0 string>" 4
.el .IP "``digest'' (\fB\s-1OSSL_KDF_PARAM_DIGEST\s0\fR) <\s-1UTF8\s0 string>" 4
.IX Item "digest (OSSL_KDF_PARAM_DIGEST) <UTF8 string>"
.PD
These parameters work as described in \*(L"\s-1PARAMETERS\*(R"\s0 in \s-1\fBEVP_KDF\s0\fR\|(3).
.SH "NOTES"
.IX Header "NOTES"
A typical application of this algorithm is to derive keying material for an
encryption algorithm from a password in the \*(L"pass\*(R" and a salt in \*(L"salt\*(R".
.PP
No assumption is made regarding the given password; it is simply treated as a
byte sequence.
.PP
The legacy provider needs to be available in order to access this algorithm.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\s-1\fBEVP_KDF\s0\fR\|(3),
\&\fBEVP_KDF_CTX_new\fR\|(3),
\&\fBEVP_KDF_CTX_free\fR\|(3),
\&\fBEVP_KDF_CTX_set_params\fR\|(3),
\&\fBEVP_KDF_derive\fR\|(3),
\&\*(L"\s-1PARAMETERS\*(R"\s0 in \s-1\fBEVP_KDF\s0\fR\|(3),
\&\fBOSSL_PROVIDER\-legacy\fR\|(7)
.SH "HISTORY"
.IX Header "HISTORY"
This functionality was added in OpenSSL 3.2.
.SH "COPYRIGHT"
.IX Header "COPYRIGHT"
Copyright 2021 The OpenSSL Project Authors. All Rights Reserved.
.PP
Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use
this file except in compliance with the License. You can obtain a copy
in the file \s-1LICENSE\s0 in the source distribution or at
<https://www.openssl.org/source/license.html>.

284
openssl-install/share/man/man7/EVP_KDF-SCRYPT.7ossl
View File

@@ -1,284 +0,0 @@
.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42)
.\"
.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..
.de Vb \" Begin verbatim text
.ft CW
.nf
.ne \\$1
..
.de Ve \" End verbatim text
.ft R
.fi
..
.\" Set up some character translations and predefined strings. \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote. \*(C+ will
.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
.\" nothing in troff, for use with C<>.
.tr \(*W-
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\
. ds -- \(*W-
. ds PI pi
. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
. ds L" ""
. ds R" ""
. ds C` ""
. ds C' ""
'br\}
.el\{\
. ds -- \|\(em\|
. ds PI \(*p
. ds L" ``
. ds R" ''
. ds C`
. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
.ie \n(.g .ds Aq \(aq
.el .ds Aq '
.\"
.\" If the F register is >0, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
.\"
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
.nr rF 0
.if \n(.g .if rF .nr rF 1
.if (\n(rF:(\n(.g==0)) \{\
. if \nF \{\
. de IX
. tm Index:\\$1\t\\n%\t"\\$2"
..
. if !\nF==2 \{\
. nr % 0
. nr F 2
. \}
. \}
.\}
.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
. \" fudge factors for nroff and troff
.if n \{\
. ds #H 0
. ds #V .8m
. ds #F .3m
. ds #[ \f1
. ds #] \fP
.\}
.if t \{\
. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
. ds #V .6m
. ds #F 0
. ds #[ \&
. ds #] \&
.\}
. \" simple accents for nroff and troff
.if n \{\
. ds ' \&
. ds ` \&
. ds ^ \&
. ds , \&
. ds ~ ~
. ds /
.\}
.if t \{\
. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
.\}
. \" troff and (daisy-wheel) nroff accents
.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
.ds ae a\h'-(\w'a'u*4/10)'e
.ds Ae A\h'-(\w'A'u*4/10)'E
. \" corrections for vroff
.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
. \" for low resolution devices (crt and lpr)
.if \n(.H>23 .if \n(.V>19 \
\{\
. ds : e
. ds 8 ss
. ds o a
. ds d- d\h'-1'\(ga
. ds D- D\h'-1'\(hy
. ds th \o'bp'
. ds Th \o'LP'
. ds ae ae
. ds Ae AE
.\}
.rm #[ #] #H #V #F C
.\" ========================================================================
.\"
.IX Title "EVP_KDF-SCRYPT 7ossl"
.TH EVP_KDF-SCRYPT 7ossl "2025-07-01" "3.4.2" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
.nh
.SH "NAME"
EVP_KDF\-SCRYPT \- The scrypt EVP_KDF implementation
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
Support for computing the \fBscrypt\fR password-based \s-1KDF\s0 through the \fB\s-1EVP_KDF\s0\fR
\&\s-1API.\s0
.PP
The \s-1EVP_KDF\-SCRYPT\s0 algorithm implements the scrypt password-based key
derivation function, as described in \s-1RFC 7914.\s0 It is memory-hard in the sense
that it deliberately requires a significant amount of \s-1RAM\s0 for efficient
computation. The intention of this is to render brute forcing of passwords on
systems that lack large amounts of main memory (such as GPUs or ASICs)
computationally infeasible.
.PP
scrypt provides three work factors that can be customized: N, r and p. N, which
has to be a positive power of two, is the general work factor and scales \s-1CPU\s0
time in an approximately linear fashion. r is the block size of the internally
used hash function and p is the parallelization factor. Both r and p need to be
greater than zero. The amount of \s-1RAM\s0 that scrypt requires for its computation
is roughly (128 * N * r * p) bytes.
.PP
In the original paper of Colin Percival (\*(L"Stronger Key Derivation via
Sequential Memory-Hard Functions\*(R", 2009), the suggested values that give a
computation time of less than 5 seconds on a 2.5 GHz Intel Core 2 Duo are N =
2^20 = 1048576, r = 8, p = 1. Consequently, the required amount of memory for
this computation is roughly 1 GiB. On a more recent \s-1CPU\s0 (Intel i7\-5930K at 3.5
GHz), this computation takes about 3 seconds. When N, r or p are not specified,
they default to 1048576, 8, and 1, respectively. The maximum amount of \s-1RAM\s0 that
may be used by scrypt defaults to 1025 MiB.
.SS "Identity"
.IX Subsection "Identity"
\&\*(L"\s-1SCRYPT\*(R"\s0 is the name for this implementation; it
can be used with the \fBEVP_KDF_fetch()\fR function.
.SS "Supported parameters"
.IX Subsection "Supported parameters"
The supported parameters are:
.ie n .IP """pass"" (\fB\s-1OSSL_KDF_PARAM_PASSWORD\s0\fR) <octet string>" 4
.el .IP "``pass'' (\fB\s-1OSSL_KDF_PARAM_PASSWORD\s0\fR) <octet string>" 4
.IX Item "pass (OSSL_KDF_PARAM_PASSWORD) <octet string>"
.PD 0
.ie n .IP """salt"" (\fB\s-1OSSL_KDF_PARAM_SALT\s0\fR) <octet string>" 4
.el .IP "``salt'' (\fB\s-1OSSL_KDF_PARAM_SALT\s0\fR) <octet string>" 4
.IX Item "salt (OSSL_KDF_PARAM_SALT) <octet string>"
.PD
These parameters work as described in \*(L"\s-1PARAMETERS\*(R"\s0 in \s-1\fBEVP_KDF\s0\fR\|(3).
.ie n .IP """n"" (\fB\s-1OSSL_KDF_PARAM_SCRYPT_N\s0\fR) <unsigned integer>" 4
.el .IP "``n'' (\fB\s-1OSSL_KDF_PARAM_SCRYPT_N\s0\fR) <unsigned integer>" 4
.IX Item "n (OSSL_KDF_PARAM_SCRYPT_N) <unsigned integer>"
.PD 0
.ie n .IP """r"" (\fB\s-1OSSL_KDF_PARAM_SCRYPT_R\s0\fR) <unsigned integer>" 4
.el .IP "``r'' (\fB\s-1OSSL_KDF_PARAM_SCRYPT_R\s0\fR) <unsigned integer>" 4
.IX Item "r (OSSL_KDF_PARAM_SCRYPT_R) <unsigned integer>"
.ie n .IP """p"" (\fB\s-1OSSL_KDF_PARAM_SCRYPT_P\s0\fR) <unsigned integer>" 4
.el .IP "``p'' (\fB\s-1OSSL_KDF_PARAM_SCRYPT_P\s0\fR) <unsigned integer>" 4
.IX Item "p (OSSL_KDF_PARAM_SCRYPT_P) <unsigned integer>"
.ie n .IP """maxmem_bytes"" (\fB\s-1OSSL_KDF_PARAM_SCRYPT_MAXMEM\s0\fR) <unsigned integer>" 4
.el .IP "``maxmem_bytes'' (\fB\s-1OSSL_KDF_PARAM_SCRYPT_MAXMEM\s0\fR) <unsigned integer>" 4
.IX Item "maxmem_bytes (OSSL_KDF_PARAM_SCRYPT_MAXMEM) <unsigned integer>"
.PD
These parameters configure the scrypt work factors N, r, maxmem and p.
Both N and maxmem_bytes are parameters of type \fBuint64_t\fR.
Both r and p are parameters of type \fBuint32_t\fR.
.ie n .IP """properties"" (\fB\s-1OSSL_KDF_PARAM_PROPERTIES\s0\fR) <\s-1UTF8\s0 string>" 4
.el .IP "``properties'' (\fB\s-1OSSL_KDF_PARAM_PROPERTIES\s0\fR) <\s-1UTF8\s0 string>" 4
.IX Item "properties (OSSL_KDF_PARAM_PROPERTIES) <UTF8 string>"
This can be used to set the property query string when fetching the
fixed digest internally. \s-1NULL\s0 is used if this value is not set.
.SH "NOTES"
.IX Header "NOTES"
A context for scrypt can be obtained by calling:
.PP
.Vb 2
\& EVP_KDF *kdf = EVP_KDF_fetch(NULL, "SCRYPT", NULL);
\& EVP_KDF_CTX *kctx = EVP_KDF_CTX_new(kdf);
.Ve
.PP
The output length of an scrypt key derivation is specified via the
\&\*(L"keylen\*(R" parameter to the \fBEVP_KDF_derive\fR\|(3) function.
.SH "EXAMPLES"
.IX Header "EXAMPLES"
This example derives a 64\-byte long test vector using scrypt with the password
\&\*(L"password\*(R", salt \*(L"NaCl\*(R" and N = 1024, r = 8, p = 16.
.PP
.Vb 4
\& EVP_KDF *kdf;
\& EVP_KDF_CTX *kctx;
\& unsigned char out[64];
\& OSSL_PARAM params[6], *p = params;
\&
\& kdf = EVP_KDF_fetch(NULL, "SCRYPT", NULL);
\& kctx = EVP_KDF_CTX_new(kdf);
\& EVP_KDF_free(kdf);
\&
\& *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_PASSWORD,
\& "password", (size_t)8);
\& *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT,
\& "NaCl", (size_t)4);
\& *p++ = OSSL_PARAM_construct_uint64(OSSL_KDF_PARAM_SCRYPT_N, (uint64_t)1024);
\& *p++ = OSSL_PARAM_construct_uint32(OSSL_KDF_PARAM_SCRYPT_R, (uint32_t)8);
\& *p++ = OSSL_PARAM_construct_uint32(OSSL_KDF_PARAM_SCRYPT_P, (uint32_t)16);
\& *p = OSSL_PARAM_construct_end();
\& if (EVP_KDF_derive(kctx, out, sizeof(out), params) <= 0) {
\& error("EVP_KDF_derive");
\& }
\&
\& {
\& const unsigned char expected[sizeof(out)] = {
\& 0xfd, 0xba, 0xbe, 0x1c, 0x9d, 0x34, 0x72, 0x00,
\& 0x78, 0x56, 0xe7, 0x19, 0x0d, 0x01, 0xe9, 0xfe,
\& 0x7c, 0x6a, 0xd7, 0xcb, 0xc8, 0x23, 0x78, 0x30,
\& 0xe7, 0x73, 0x76, 0x63, 0x4b, 0x37, 0x31, 0x62,
\& 0x2e, 0xaf, 0x30, 0xd9, 0x2e, 0x22, 0xa3, 0x88,
\& 0x6f, 0xf1, 0x09, 0x27, 0x9d, 0x98, 0x30, 0xda,
\& 0xc7, 0x27, 0xaf, 0xb9, 0x4a, 0x83, 0xee, 0x6d,
\& 0x83, 0x60, 0xcb, 0xdf, 0xa2, 0xcc, 0x06, 0x40
\& };
\&
\& assert(!memcmp(out, expected, sizeof(out)));
\& }
\&
\& EVP_KDF_CTX_free(kctx);
.Ve
.SH "CONFORMING TO"
.IX Header "CONFORMING TO"
\&\s-1RFC 7914\s0
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\s-1\fBEVP_KDF\s0\fR\|(3),
\&\fBEVP_KDF_CTX_new\fR\|(3),
\&\fBEVP_KDF_CTX_free\fR\|(3),
\&\fBEVP_KDF_CTX_set_params\fR\|(3),
\&\fBEVP_KDF_derive\fR\|(3),
\&\*(L"\s-1PARAMETERS\*(R"\s0 in \s-1\fBEVP_KDF\s0\fR\|(3)
.SH "HISTORY"
.IX Header "HISTORY"
This functionality was added in OpenSSL 3.0.
.SH "COPYRIGHT"
.IX Header "COPYRIGHT"
Copyright 2017\-2021 The OpenSSL Project Authors. All Rights Reserved.
.PP
Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use
this file except in compliance with the License. You can obtain a copy
in the file \s-1LICENSE\s0 in the source distribution or at
<https://www.openssl.org/source/license.html>.

343
openssl-install/share/man/man7/EVP_KDF-SS.7ossl
View File

@@ -1,343 +0,0 @@
.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42)
.\"
.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..
.de Vb \" Begin verbatim text
.ft CW
.nf
.ne \\$1
..
.de Ve \" End verbatim text
.ft R
.fi
..
.\" Set up some character translations and predefined strings. \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote. \*(C+ will
.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
.\" nothing in troff, for use with C<>.
.tr \(*W-
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\
. ds -- \(*W-
. ds PI pi
. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
. ds L" ""
. ds R" ""
. ds C` ""
. ds C' ""
'br\}
.el\{\
. ds -- \|\(em\|
. ds PI \(*p
. ds L" ``
. ds R" ''
. ds C`
. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
.ie \n(.g .ds Aq \(aq
.el .ds Aq '
.\"
.\" If the F register is >0, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
.\"
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
.nr rF 0
.if \n(.g .if rF .nr rF 1
.if (\n(rF:(\n(.g==0)) \{\
. if \nF \{\
. de IX
. tm Index:\\$1\t\\n%\t"\\$2"
..
. if !\nF==2 \{\
. nr % 0
. nr F 2
. \}
. \}
.\}
.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
. \" fudge factors for nroff and troff
.if n \{\
. ds #H 0
. ds #V .8m
. ds #F .3m
. ds #[ \f1
. ds #] \fP
.\}
.if t \{\
. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
. ds #V .6m
. ds #F 0
. ds #[ \&
. ds #] \&
.\}
. \" simple accents for nroff and troff
.if n \{\
. ds ' \&
. ds ` \&
. ds ^ \&
. ds , \&
. ds ~ ~
. ds /
.\}
.if t \{\
. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
.\}
. \" troff and (daisy-wheel) nroff accents
.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
.ds ae a\h'-(\w'a'u*4/10)'e
.ds Ae A\h'-(\w'A'u*4/10)'E
. \" corrections for vroff
.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
. \" for low resolution devices (crt and lpr)
.if \n(.H>23 .if \n(.V>19 \
\{\
. ds : e
. ds 8 ss
. ds o a
. ds d- d\h'-1'\(ga
. ds D- D\h'-1'\(hy
. ds th \o'bp'
. ds Th \o'LP'
. ds ae ae
. ds Ae AE
.\}
.rm #[ #] #H #V #F C
.\" ========================================================================
.\"
.IX Title "EVP_KDF-SS 7ossl"
.TH EVP_KDF-SS 7ossl "2025-07-01" "3.4.2" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
.nh
.SH "NAME"
EVP_KDF\-SS \- The Single Step / One Step EVP_KDF implementation
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
The \s-1EVP_KDF\-SS\s0 algorithm implements the Single Step key derivation function (\s-1SSKDF\s0).
\&\s-1SSKDF\s0 derives a key using input such as a shared secret key (that was generated
during the execution of a key establishment scheme) and fixedinfo.
\&\s-1SSKDF\s0 is also informally referred to as 'Concat \s-1KDF\s0'.
.PP
The output is considered to be keying material.
.SS "Auxiliary function"
.IX Subsection "Auxiliary function"
The implementation uses a selectable auxiliary function H, which can be one of:
.IP "\fBH(x) = hash(x, digest=md)\fR" 4
.IX Item "H(x) = hash(x, digest=md)"
.PD 0
.IP "\fBH(x) = HMAC_hash(x, key=salt, digest=md)\fR" 4
.IX Item "H(x) = HMAC_hash(x, key=salt, digest=md)"
.ie n .IP "\fBH(x) = KMACxxx(x, key=salt, custom=""\s-1KDF"",\s0 outlen=mac_size)\fR" 4
.el .IP "\fBH(x) = KMACxxx(x, key=salt, custom=``\s-1KDF'',\s0 outlen=mac_size)\fR" 4
.IX Item "H(x) = KMACxxx(x, key=salt, custom=KDF, outlen=mac_size)"
.PD
.PP
Both the \s-1HMAC\s0 and \s-1KMAC\s0 implementations set the key using the 'salt' value.
The hash and \s-1HMAC\s0 also require the digest to be set.
.SS "Identity"
.IX Subsection "Identity"
\&\*(L"\s-1SSKDF\*(R"\s0 is the name for this implementation; it
can be used with the \fBEVP_KDF_fetch()\fR function.
.SS "Supported parameters"
.IX Subsection "Supported parameters"
The supported parameters are:
.ie n .IP """properties"" (\fB\s-1OSSL_KDF_PARAM_PROPERTIES\s0\fR) <\s-1UTF8\s0 string>" 4
.el .IP "``properties'' (\fB\s-1OSSL_KDF_PARAM_PROPERTIES\s0\fR) <\s-1UTF8\s0 string>" 4
.IX Item "properties (OSSL_KDF_PARAM_PROPERTIES) <UTF8 string>"
.PD 0
.ie n .IP """digest"" (\fB\s-1OSSL_KDF_PARAM_DIGEST\s0\fR) <\s-1UTF8\s0 string>" 4
.el .IP "``digest'' (\fB\s-1OSSL_KDF_PARAM_DIGEST\s0\fR) <\s-1UTF8\s0 string>" 4
.IX Item "digest (OSSL_KDF_PARAM_DIGEST) <UTF8 string>"
.PD
This parameter is ignored for \s-1KMAC.\s0
.ie n .IP """mac"" (\fB\s-1OSSL_KDF_PARAM_MAC\s0\fR) <\s-1UTF8\s0 string>" 4
.el .IP "``mac'' (\fB\s-1OSSL_KDF_PARAM_MAC\s0\fR) <\s-1UTF8\s0 string>" 4
.IX Item "mac (OSSL_KDF_PARAM_MAC) <UTF8 string>"
.PD 0
.ie n .IP """maclen"" (\fB\s-1OSSL_KDF_PARAM_MAC_SIZE\s0\fR) <unsigned integer>" 4
.el .IP "``maclen'' (\fB\s-1OSSL_KDF_PARAM_MAC_SIZE\s0\fR) <unsigned integer>" 4
.IX Item "maclen (OSSL_KDF_PARAM_MAC_SIZE) <unsigned integer>"
.ie n .IP """salt"" (\fB\s-1OSSL_KDF_PARAM_SALT\s0\fR) <octet string>" 4
.el .IP "``salt'' (\fB\s-1OSSL_KDF_PARAM_SALT\s0\fR) <octet string>" 4
.IX Item "salt (OSSL_KDF_PARAM_SALT) <octet string>"
.PD
These parameters work as described in \*(L"\s-1PARAMETERS\*(R"\s0 in \s-1\fBEVP_KDF\s0\fR\|(3).
.ie n .IP """key"" (\fB\s-1OSSL_KDF_PARAM_SECRET\s0\fR) <octet string>" 4
.el .IP "``key'' (\fB\s-1OSSL_KDF_PARAM_SECRET\s0\fR) <octet string>" 4
.IX Item "key (OSSL_KDF_PARAM_SECRET) <octet string>"
This parameter set the shared secret that is used for key derivation.
.ie n .IP """info"" (\fB\s-1OSSL_KDF_PARAM_INFO\s0\fR) <octet string>" 4
.el .IP "``info'' (\fB\s-1OSSL_KDF_PARAM_INFO\s0\fR) <octet string>" 4
.IX Item "info (OSSL_KDF_PARAM_INFO) <octet string>"
This parameter sets an optional value for fixedinfo, also known as otherinfo.
.PP
The OpenSSL \s-1FIPS\s0 provider also supports the following parameters:
.ie n .IP """fips-indicator"" (\fB\s-1OSSL_KDF_PARAM_FIPS_APPROVED_INDICATOR\s0\fR) <integer>" 4
.el .IP "``fips-indicator'' (\fB\s-1OSSL_KDF_PARAM_FIPS_APPROVED_INDICATOR\s0\fR) <integer>" 4
.IX Item "fips-indicator (OSSL_KDF_PARAM_FIPS_APPROVED_INDICATOR) <integer>"
A getter that returns 1 if the operation is \s-1FIPS\s0 approved, or 0 otherwise.
This may be used after calling EVP_KDF_derive. It returns 0 if \*(L"key-check\*(R"
is set to 0 and the check fails.
.ie n .IP """key-check"" (\fB\s-1OSSL_KDF_PARAM_FIPS_KEY_CHECK\s0\fR) <integer>" 4
.el .IP "``key-check'' (\fB\s-1OSSL_KDF_PARAM_FIPS_KEY_CHECK\s0\fR) <integer>" 4
.IX Item "key-check (OSSL_KDF_PARAM_FIPS_KEY_CHECK) <integer>"
The default value of 1 causes an error during \fBEVP_KDF_CTX_set_params()\fR if the
length of used key-derivation key (\fB\s-1OSSL_KDF_PARAM_KEY\s0\fR) is shorter than 112
bits.
Setting this to zero will ignore the error and set the approved
\&\*(L"fips-indicator\*(R" to 0.
This option breaks \s-1FIPS\s0 compliance if it causes the approved \*(L"fips-indicator\*(R"
to return 0.
.SH "NOTES"
.IX Header "NOTES"
A context for \s-1SSKDF\s0 can be obtained by calling:
.PP
.Vb 2
\& EVP_KDF *kdf = EVP_KDF_fetch(NULL, "SSKDF", NULL);
\& EVP_KDF_CTX *kctx = EVP_KDF_CTX_new(kdf);
.Ve
.PP
The output length of an \s-1SSKDF\s0 is specified via the \fIkeylen\fR
parameter to the \fBEVP_KDF_derive\fR\|(3) function.
.SH "EXAMPLES"
.IX Header "EXAMPLES"
This example derives 10 bytes using H(x) = \s-1SHA\-256,\s0 with the secret key \*(L"secret\*(R"
and fixedinfo value \*(L"label\*(R":
.PP
.Vb 4
\& EVP_KDF *kdf;
\& EVP_KDF_CTX *kctx;
\& unsigned char out[10];
\& OSSL_PARAM params[4], *p = params;
\&
\& kdf = EVP_KDF_fetch(NULL, "SSKDF", NULL);
\& kctx = EVP_KDF_CTX_new(kdf);
\& EVP_KDF_free(kdf);
\&
\& *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST,
\& SN_sha256, strlen(SN_sha256));
\& *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY,
\& "secret", (size_t)6);
\& *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_INFO,
\& "label", (size_t)5);
\& *p = OSSL_PARAM_construct_end();
\& if (EVP_KDF_derive(kctx, out, sizeof(out), params) <= 0) {
\& error("EVP_KDF_derive");
\& }
\&
\& EVP_KDF_CTX_free(kctx);
.Ve
.PP
This example derives 10 bytes using H(x) = \s-1HMAC\s0(\s-1SHA\-256\s0), with the secret key \*(L"secret\*(R",
fixedinfo value \*(L"label\*(R" and salt \*(L"salt\*(R":
.PP
.Vb 4
\& EVP_KDF *kdf;
\& EVP_KDF_CTX *kctx;
\& unsigned char out[10];
\& OSSL_PARAM params[6], *p = params;
\&
\& kdf = EVP_KDF_fetch(NULL, "SSKDF", NULL);
\& kctx = EVP_KDF_CTX_new(kdf);
\& EVP_KDF_free(kdf);
\&
\& *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_MAC,
\& SN_hmac, strlen(SN_hmac));
\& *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST,
\& SN_sha256, strlen(SN_sha256));
\& *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SECRET,
\& "secret", (size_t)6);
\& *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_INFO,
\& "label", (size_t)5);
\& *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT,
\& "salt", (size_t)4);
\& *p = OSSL_PARAM_construct_end();
\& if (EVP_KDF_derive(kctx, out, sizeof(out), params) <= 0) {
\& error("EVP_KDF_derive");
\& }
\&
\& EVP_KDF_CTX_free(kctx);
.Ve
.PP
This example derives 10 bytes using H(x) = \s-1KMAC128\s0(x,salt,outlen), with the secret key \*(L"secret\*(R"
fixedinfo value \*(L"label\*(R", salt of \*(L"salt\*(R" and \s-1KMAC\s0 outlen of 20:
.PP
.Vb 4
\& EVP_KDF *kdf;
\& EVP_KDF_CTX *kctx;
\& unsigned char out[10];
\& OSSL_PARAM params[6], *p = params;
\&
\& kdf = EVP_KDF_fetch(NULL, "SSKDF", NULL);
\& kctx = EVP_KDF_CTX_new(kdf);
\& EVP_KDF_free(kdf);
\&
\& *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_MAC,
\& SN_kmac128, strlen(SN_kmac128));
\& *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SECRET,
\& "secret", (size_t)6);
\& *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_INFO,
\& "label", (size_t)5);
\& *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT,
\& "salt", (size_t)4);
\& *p++ = OSSL_PARAM_construct_size_t(OSSL_KDF_PARAM_MAC_SIZE, (size_t)20);
\& *p = OSSL_PARAM_construct_end();
\& if (EVP_KDF_derive(kctx, out, sizeof(out), params) <= 0) {
\& error("EVP_KDF_derive");
\& }
\&
\& EVP_KDF_CTX_free(kctx);
.Ve
.SH "CONFORMING TO"
.IX Header "CONFORMING TO"
\&\s-1NIST\s0 SP800\-56Cr1.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\s-1\fBEVP_KDF\s0\fR\|(3),
\&\fBEVP_KDF_CTX_new\fR\|(3),
\&\fBEVP_KDF_CTX_free\fR\|(3),
\&\fBEVP_KDF_CTX_set_params\fR\|(3),
\&\fBEVP_KDF_CTX_get_kdf_size\fR\|(3),
\&\fBEVP_KDF_derive\fR\|(3),
\&\*(L"\s-1PARAMETERS\*(R"\s0 in \s-1\fBEVP_KDF\s0\fR\|(3)
.SH "HISTORY"
.IX Header "HISTORY"
This functionality was added in OpenSSL 3.0.
.SH "COPYRIGHT"
.IX Header "COPYRIGHT"
Copyright 2019\-2024 The OpenSSL Project Authors. All Rights Reserved. Copyright
(c) 2019, Oracle and/or its affiliates. All rights reserved.
.PP
Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use
this file except in compliance with the License. You can obtain a copy
in the file \s-1LICENSE\s0 in the source distribution or at
<https://www.openssl.org/source/license.html>.

318
openssl-install/share/man/man7/EVP_KDF-SSHKDF.7ossl
View File

@@ -1,318 +0,0 @@
.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42)
.\"
.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..
.de Vb \" Begin verbatim text
.ft CW
.nf
.ne \\$1
..
.de Ve \" End verbatim text
.ft R
.fi
..
.\" Set up some character translations and predefined strings. \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote. \*(C+ will
.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
.\" nothing in troff, for use with C<>.
.tr \(*W-
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\
. ds -- \(*W-
. ds PI pi
. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
. ds L" ""
. ds R" ""
. ds C` ""
. ds C' ""
'br\}
.el\{\
. ds -- \|\(em\|
. ds PI \(*p
. ds L" ``
. ds R" ''
. ds C`
. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
.ie \n(.g .ds Aq \(aq
.el .ds Aq '
.\"
.\" If the F register is >0, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
.\"
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
.nr rF 0
.if \n(.g .if rF .nr rF 1
.if (\n(rF:(\n(.g==0)) \{\
. if \nF \{\
. de IX
. tm Index:\\$1\t\\n%\t"\\$2"
..
. if !\nF==2 \{\
. nr % 0
. nr F 2
. \}
. \}
.\}
.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
. \" fudge factors for nroff and troff
.if n \{\
. ds #H 0
. ds #V .8m
. ds #F .3m
. ds #[ \f1
. ds #] \fP
.\}
.if t \{\
. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
. ds #V .6m
. ds #F 0
. ds #[ \&
. ds #] \&
.\}
. \" simple accents for nroff and troff
.if n \{\
. ds ' \&
. ds ` \&
. ds ^ \&
. ds , \&
. ds ~ ~
. ds /
.\}
.if t \{\
. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
.\}
. \" troff and (daisy-wheel) nroff accents
.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
.ds ae a\h'-(\w'a'u*4/10)'e
.ds Ae A\h'-(\w'A'u*4/10)'E
. \" corrections for vroff
.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
. \" for low resolution devices (crt and lpr)
.if \n(.H>23 .if \n(.V>19 \
\{\
. ds : e
. ds 8 ss
. ds o a
. ds d- d\h'-1'\(ga
. ds D- D\h'-1'\(hy
. ds th \o'bp'
. ds Th \o'LP'
. ds ae ae
. ds Ae AE
.\}
.rm #[ #] #H #V #F C
.\" ========================================================================
.\"
.IX Title "EVP_KDF-SSHKDF 7ossl"
.TH EVP_KDF-SSHKDF 7ossl "2025-07-01" "3.4.2" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
.nh
.SH "NAME"
EVP_KDF\-SSHKDF \- The SSHKDF EVP_KDF implementation
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
Support for computing the \fB\s-1SSHKDF\s0\fR \s-1KDF\s0 through the \fB\s-1EVP_KDF\s0\fR \s-1API.\s0
.PP
The \s-1EVP_KDF\-SSHKDF\s0 algorithm implements the \s-1SSHKDF\s0 key derivation function.
It is defined in \s-1RFC 4253,\s0 section 7.2 and is used by \s-1SSH\s0 to derive IVs,
encryption keys and integrity keys.
Five inputs are required to perform key derivation: The hashing function
(for example \s-1SHA256\s0), the Initial Key, the Exchange Hash, the Session \s-1ID,\s0
and the derivation key type.
.PP
The output is considered to be keying material.
.SS "Identity"
.IX Subsection "Identity"
\&\*(L"\s-1SSHKDF\*(R"\s0 is the name for this implementation; it
can be used with the \fBEVP_KDF_fetch()\fR function.
.SS "Supported parameters"
.IX Subsection "Supported parameters"
The supported parameters are:
.ie n .IP """properties"" (\fB\s-1OSSL_KDF_PARAM_PROPERTIES\s0\fR) <\s-1UTF8\s0 string>" 4
.el .IP "``properties'' (\fB\s-1OSSL_KDF_PARAM_PROPERTIES\s0\fR) <\s-1UTF8\s0 string>" 4
.IX Item "properties (OSSL_KDF_PARAM_PROPERTIES) <UTF8 string>"
.PD 0
.ie n .IP """digest"" (\fB\s-1OSSL_KDF_PARAM_DIGEST\s0\fR) <\s-1UTF8\s0 string>" 4
.el .IP "``digest'' (\fB\s-1OSSL_KDF_PARAM_DIGEST\s0\fR) <\s-1UTF8\s0 string>" 4
.IX Item "digest (OSSL_KDF_PARAM_DIGEST) <UTF8 string>"
.ie n .IP """key"" (\fB\s-1OSSL_KDF_PARAM_KEY\s0\fR) <octet string>" 4
.el .IP "``key'' (\fB\s-1OSSL_KDF_PARAM_KEY\s0\fR) <octet string>" 4
.IX Item "key (OSSL_KDF_PARAM_KEY) <octet string>"
.PD
These parameters work as described in \*(L"\s-1PARAMETERS\*(R"\s0 in \s-1\fBEVP_KDF\s0\fR\|(3).
.ie n .IP """xcghash"" (\fB\s-1OSSL_KDF_PARAM_SSHKDF_XCGHASH\s0\fR) <octet string>" 4
.el .IP "``xcghash'' (\fB\s-1OSSL_KDF_PARAM_SSHKDF_XCGHASH\s0\fR) <octet string>" 4
.IX Item "xcghash (OSSL_KDF_PARAM_SSHKDF_XCGHASH) <octet string>"
.PD 0
.ie n .IP """session_id"" (\fB\s-1OSSL_KDF_PARAM_SSHKDF_SESSION_ID\s0\fR) <octet string>" 4
.el .IP "``session_id'' (\fB\s-1OSSL_KDF_PARAM_SSHKDF_SESSION_ID\s0\fR) <octet string>" 4
.IX Item "session_id (OSSL_KDF_PARAM_SSHKDF_SESSION_ID) <octet string>"
.PD
These parameters set the respective values for the \s-1KDF.\s0
If a value is already set, the contents are replaced.
.ie n .IP """type"" (\fB\s-1OSSL_KDF_PARAM_SSHKDF_TYPE\s0\fR) <\s-1UTF8\s0 string>" 4
.el .IP "``type'' (\fB\s-1OSSL_KDF_PARAM_SSHKDF_TYPE\s0\fR) <\s-1UTF8\s0 string>" 4
.IX Item "type (OSSL_KDF_PARAM_SSHKDF_TYPE) <UTF8 string>"
This parameter sets the type for the \s-1SSHKDF\s0 operation.
There are six supported types:
.RS 4
.IP "\s-1EVP_KDF_SSHKDF_TYPE_INITIAL_IV_CLI_TO_SRV\s0" 4
.IX Item "EVP_KDF_SSHKDF_TYPE_INITIAL_IV_CLI_TO_SRV"
The Initial \s-1IV\s0 from client to server.
A single char of value 65 (\s-1ASCII\s0 char 'A').
.IP "\s-1EVP_KDF_SSHKDF_TYPE_INITIAL_IV_SRV_TO_CLI\s0" 4
.IX Item "EVP_KDF_SSHKDF_TYPE_INITIAL_IV_SRV_TO_CLI"
The Initial \s-1IV\s0 from server to client
A single char of value 66 (\s-1ASCII\s0 char 'B').
.IP "\s-1EVP_KDF_SSHKDF_TYPE_ENCRYPTION_KEY_CLI_TO_SRV\s0" 4
.IX Item "EVP_KDF_SSHKDF_TYPE_ENCRYPTION_KEY_CLI_TO_SRV"
The Encryption Key from client to server
A single char of value 67 (\s-1ASCII\s0 char 'C').
.IP "\s-1EVP_KDF_SSHKDF_TYPE_ENCRYPTION_KEY_SRV_TO_CLI\s0" 4
.IX Item "EVP_KDF_SSHKDF_TYPE_ENCRYPTION_KEY_SRV_TO_CLI"
The Encryption Key from server to client
A single char of value 68 (\s-1ASCII\s0 char 'D').
.IP "\s-1EVP_KDF_SSHKDF_TYPE_INTEGRITY_KEY_CLI_TO_SRV\s0" 4
.IX Item "EVP_KDF_SSHKDF_TYPE_INTEGRITY_KEY_CLI_TO_SRV"
The Integrity Key from client to server
A single char of value 69 (\s-1ASCII\s0 char 'E').
.IP "\s-1EVP_KDF_SSHKDF_TYPE_INTEGRITY_KEY_SRV_TO_CLI\s0" 4
.IX Item "EVP_KDF_SSHKDF_TYPE_INTEGRITY_KEY_SRV_TO_CLI"
The Integrity Key from client to server
A single char of value 70 (\s-1ASCII\s0 char 'F').
.RE
.RS 4
.RE
.PP
The OpenSSL \s-1FIPS\s0 provider also supports the following parameters:
.ie n .IP """fips-indicator"" (\fB\s-1OSSL_KDF_PARAM_FIPS_APPROVED_INDICATOR\s0\fR) <integer>" 4
.el .IP "``fips-indicator'' (\fB\s-1OSSL_KDF_PARAM_FIPS_APPROVED_INDICATOR\s0\fR) <integer>" 4
.IX Item "fips-indicator (OSSL_KDF_PARAM_FIPS_APPROVED_INDICATOR) <integer>"
A getter that returns 1 if the operation is \s-1FIPS\s0 approved, or 0 otherwise.
This may be used after calling EVP_KDF_derive. It returns 0 if any \*(L"***\-check\*(R"
related parameter is set to 0 and the check fails.
.ie n .IP """digest-check"" (\fB\s-1OSSL_KDF_PARAM_FIPS_DIGEST_CHECK\s0\fR) <integer>" 4
.el .IP "``digest-check'' (\fB\s-1OSSL_KDF_PARAM_FIPS_DIGEST_CHECK\s0\fR) <integer>" 4
.IX Item "digest-check (OSSL_KDF_PARAM_FIPS_DIGEST_CHECK) <integer>"
The default value of 1 causes an error during \fBEVP_KDF_CTX_set_params()\fR if
used digest is not approved.
Setting this to zero will ignore the error and set the approved
\&\*(L"fips-indicator\*(R" to 0.
This option breaks \s-1FIPS\s0 compliance if it causes the approved \*(L"fips-indicator\*(R"
to return 0.
.Sp
According to \s-1SP\s0 800\-135r1, the following are approved digest algorithms: \s-1SHA\-1,
SHA2\-224, SHA2\-256, SHA2\-384, SHA2\-512.\s0
.ie n .IP """key-check"" (\fB\s-1OSSL_KDF_PARAM_FIPS_KEY_CHECK\s0\fR) <integer>" 4
.el .IP "``key-check'' (\fB\s-1OSSL_KDF_PARAM_FIPS_KEY_CHECK\s0\fR) <integer>" 4
.IX Item "key-check (OSSL_KDF_PARAM_FIPS_KEY_CHECK) <integer>"
The default value of 1 causes an error during \fBEVP_KDF_CTX_set_params()\fR if the
length of used key-derivation key (\fB\s-1OSSL_KDF_PARAM_KEY\s0\fR) is shorter than 112
bits.
Setting this to zero will ignore the error and set the approved
\&\*(L"fips-indicator\*(R" to 0.
This option breaks \s-1FIPS\s0 compliance if it causes the approved \*(L"fips-indicator\*(R"
to return 0.
.SH "NOTES"
.IX Header "NOTES"
A context for \s-1SSHKDF\s0 can be obtained by calling:
.PP
.Vb 2
\& EVP_KDF *kdf = EVP_KDF_fetch(NULL, "SSHKDF", NULL);
\& EVP_KDF_CTX *kctx = EVP_KDF_CTX_new(kdf);
.Ve
.PP
The output length of the \s-1SSHKDF\s0 derivation is specified via the \fIkeylen\fR
parameter to the \fBEVP_KDF_derive\fR\|(3) function.
Since the \s-1SSHKDF\s0 output length is variable, calling \fBEVP_KDF_CTX_get_kdf_size\fR\|(3)
to obtain the requisite length is not meaningful. The caller must
allocate a buffer of the desired length, and pass that buffer to the
\&\fBEVP_KDF_derive\fR\|(3) function along with the desired length.
.SH "EXAMPLES"
.IX Header "EXAMPLES"
This example derives an 8 byte \s-1IV\s0 using \s-1SHA\-256\s0 with a 1K \*(L"key\*(R" and appropriate
\&\*(L"xcghash\*(R" and \*(L"session_id\*(R" values:
.PP
.Vb 9
\& EVP_KDF *kdf;
\& EVP_KDF_CTX *kctx;
\& char type = EVP_KDF_SSHKDF_TYPE_INITIAL_IV_CLI_TO_SRV;
\& unsigned char key[1024] = "01234...";
\& unsigned char xcghash[32] = "012345...";
\& unsigned char session_id[32] = "012345...";
\& unsigned char out[8];
\& size_t outlen = sizeof(out);
\& OSSL_PARAM params[6], *p = params;
\&
\& kdf = EVP_KDF_fetch(NULL, "SSHKDF", NULL);
\& kctx = EVP_KDF_CTX_new(kdf);
\& EVP_KDF_free(kdf);
\&
\& *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST,
\& SN_sha256, strlen(SN_sha256));
\& *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY,
\& key, (size_t)1024);
\& *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SSHKDF_XCGHASH,
\& xcghash, (size_t)32);
\& *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SSHKDF_SESSION_ID,
\& session_id, (size_t)32);
\& *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_SSHKDF_TYPE,
\& &type, sizeof(type));
\& *p = OSSL_PARAM_construct_end();
\& if (EVP_KDF_derive(kctx, out, outlen, params) <= 0)
\& /* Error */
.Ve
.SH "CONFORMING TO"
.IX Header "CONFORMING TO"
\&\s-1RFC 4253\s0
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\s-1\fBEVP_KDF\s0\fR\|(3),
\&\fBEVP_KDF_CTX_new\fR\|(3),
\&\fBEVP_KDF_CTX_free\fR\|(3),
\&\fBEVP_KDF_CTX_set_params\fR\|(3),
\&\fBEVP_KDF_CTX_get_kdf_size\fR\|(3),
\&\fBEVP_KDF_derive\fR\|(3),
\&\*(L"\s-1PARAMETERS\*(R"\s0 in \s-1\fBEVP_KDF\s0\fR\|(3)
.SH "HISTORY"
.IX Header "HISTORY"
This functionality was added in OpenSSL 3.0.
.SH "COPYRIGHT"
.IX Header "COPYRIGHT"
Copyright 2016\-2024 The OpenSSL Project Authors. All Rights Reserved.
.PP
Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use
this file except in compliance with the License. You can obtain a copy
in the file \s-1LICENSE\s0 in the source distribution or at
<https://www.openssl.org/source/license.html>.

294
openssl-install/share/man/man7/EVP_KDF-TLS13_KDF.7ossl
View File

@@ -1,294 +0,0 @@
.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42)
.\"
.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..
.de Vb \" Begin verbatim text
.ft CW
.nf
.ne \\$1
..
.de Ve \" End verbatim text
.ft R
.fi
..
.\" Set up some character translations and predefined strings. \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote. \*(C+ will
.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
.\" nothing in troff, for use with C<>.
.tr \(*W-
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\
. ds -- \(*W-
. ds PI pi
. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
. ds L" ""
. ds R" ""
. ds C` ""
. ds C' ""
'br\}
.el\{\
. ds -- \|\(em\|
. ds PI \(*p
. ds L" ``
. ds R" ''
. ds C`
. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
.ie \n(.g .ds Aq \(aq
.el .ds Aq '
.\"
.\" If the F register is >0, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
.\"
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
.nr rF 0
.if \n(.g .if rF .nr rF 1
.if (\n(rF:(\n(.g==0)) \{\
. if \nF \{\
. de IX
. tm Index:\\$1\t\\n%\t"\\$2"
..
. if !\nF==2 \{\
. nr % 0
. nr F 2
. \}
. \}
.\}
.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
. \" fudge factors for nroff and troff
.if n \{\
. ds #H 0
. ds #V .8m
. ds #F .3m
. ds #[ \f1
. ds #] \fP
.\}
.if t \{\
. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
. ds #V .6m
. ds #F 0
. ds #[ \&
. ds #] \&
.\}
. \" simple accents for nroff and troff
.if n \{\
. ds ' \&
. ds ` \&
. ds ^ \&
. ds , \&
. ds ~ ~
. ds /
.\}
.if t \{\
. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
.\}
. \" troff and (daisy-wheel) nroff accents
.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
.ds ae a\h'-(\w'a'u*4/10)'e
.ds Ae A\h'-(\w'A'u*4/10)'E
. \" corrections for vroff
.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
. \" for low resolution devices (crt and lpr)
.if \n(.H>23 .if \n(.V>19 \
\{\
. ds : e
. ds 8 ss
. ds o a
. ds d- d\h'-1'\(ga
. ds D- D\h'-1'\(hy
. ds th \o'bp'
. ds Th \o'LP'
. ds ae ae
. ds Ae AE
.\}
.rm #[ #] #H #V #F C
.\" ========================================================================
.\"
.IX Title "EVP_KDF-TLS13_KDF 7ossl"
.TH EVP_KDF-TLS13_KDF 7ossl "2025-07-01" "3.4.2" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
.nh
.SH "NAME"
EVP_KDF\-TLS13_KDF \- The TLS 1.3 EVP_KDF implementation
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
Support for computing the \s-1TLS 1.3\s0 version of the \fB\s-1HKDF\s0\fR \s-1KDF\s0 through
the \fB\s-1EVP_KDF\s0\fR \s-1API.\s0
.PP
The \s-1EVP_KDF\-TLS13_KDF\s0 algorithm implements the \s-1HKDF\s0 key derivation function
as used by \s-1TLS 1.3.\s0
.PP
The output is considered to be keying material.
.SS "Identity"
.IX Subsection "Identity"
\&\*(L"\s-1TLS13\-KDF\*(R"\s0 is the name for this implementation; it
can be used with the \fBEVP_KDF_fetch()\fR function.
.SS "Supported parameters"
.IX Subsection "Supported parameters"
The supported parameters are:
.ie n .IP """properties"" (\fB\s-1OSSL_KDF_PARAM_PROPERTIES\s0\fR) <\s-1UTF8\s0 string>" 4
.el .IP "``properties'' (\fB\s-1OSSL_KDF_PARAM_PROPERTIES\s0\fR) <\s-1UTF8\s0 string>" 4
.IX Item "properties (OSSL_KDF_PARAM_PROPERTIES) <UTF8 string>"
.PD 0
.ie n .IP """digest"" (\fB\s-1OSSL_KDF_PARAM_DIGEST\s0\fR) <\s-1UTF8\s0 string>" 4
.el .IP "``digest'' (\fB\s-1OSSL_KDF_PARAM_DIGEST\s0\fR) <\s-1UTF8\s0 string>" 4
.IX Item "digest (OSSL_KDF_PARAM_DIGEST) <UTF8 string>"
.ie n .IP """key"" (\fB\s-1OSSL_KDF_PARAM_KEY\s0\fR) <octet string>" 4
.el .IP "``key'' (\fB\s-1OSSL_KDF_PARAM_KEY\s0\fR) <octet string>" 4
.IX Item "key (OSSL_KDF_PARAM_KEY) <octet string>"
.ie n .IP """salt"" (\fB\s-1OSSL_KDF_PARAM_SALT\s0\fR) <octet string>" 4
.el .IP "``salt'' (\fB\s-1OSSL_KDF_PARAM_SALT\s0\fR) <octet string>" 4
.IX Item "salt (OSSL_KDF_PARAM_SALT) <octet string>"
.PD
These parameters work as described in \*(L"\s-1PARAMETERS\*(R"\s0 in \s-1\fBEVP_KDF\s0\fR\|(3).
.ie n .IP """prefix"" (\fB\s-1OSSL_KDF_PARAM_PREFIX\s0\fR) <octet string>" 4
.el .IP "``prefix'' (\fB\s-1OSSL_KDF_PARAM_PREFIX\s0\fR) <octet string>" 4
.IX Item "prefix (OSSL_KDF_PARAM_PREFIX) <octet string>"
This parameter sets the label prefix on the specified \s-1TLS 1.3 KDF\s0 context.
For \s-1TLS 1.3\s0 this should be set to the \s-1ASCII\s0 string \*(L"tls13 \*(R" without a
trailing zero byte. Refer to \s-1RFC 8446\s0 section 7.1 \*(L"Key Schedule\*(R" for details.
.ie n .IP """label"" (\fB\s-1OSSL_KDF_PARAM_LABEL\s0\fR) <octet string>" 4
.el .IP "``label'' (\fB\s-1OSSL_KDF_PARAM_LABEL\s0\fR) <octet string>" 4
.IX Item "label (OSSL_KDF_PARAM_LABEL) <octet string>"
This parameter sets the label on the specified \s-1TLS 1.3 KDF\s0 context.
Refer to \s-1RFC 8446\s0 section 7.1 \*(L"Key Schedule\*(R" for details.
.ie n .IP """data"" (\fB\s-1OSSL_KDF_PARAM_DATA\s0\fR) <octet string>" 4
.el .IP "``data'' (\fB\s-1OSSL_KDF_PARAM_DATA\s0\fR) <octet string>" 4
.IX Item "data (OSSL_KDF_PARAM_DATA) <octet string>"
This parameter sets the context data on the specified \s-1TLS 1.3 KDF\s0 context.
Refer to \s-1RFC 8446\s0 section 7.1 \*(L"Key Schedule\*(R" for details.
.ie n .IP """mode"" (\fB\s-1OSSL_KDF_PARAM_MODE\s0\fR) <\s-1UTF8\s0 string> or <integer>" 4
.el .IP "``mode'' (\fB\s-1OSSL_KDF_PARAM_MODE\s0\fR) <\s-1UTF8\s0 string> or <integer>" 4
.IX Item "mode (OSSL_KDF_PARAM_MODE) <UTF8 string> or <integer>"
This parameter sets the mode for the \s-1TLS 1.3 KDF\s0 operation.
There are two modes that are currently defined:
.RS 4
.ie n .IP """\s-1EXTRACT_ONLY""\s0 or \fB\s-1EVP_KDF_HKDF_MODE_EXTRACT_ONLY\s0\fR" 4
.el .IP "``\s-1EXTRACT_ONLY''\s0 or \fB\s-1EVP_KDF_HKDF_MODE_EXTRACT_ONLY\s0\fR" 4
.IX Item "EXTRACT_ONLY or EVP_KDF_HKDF_MODE_EXTRACT_ONLY"
In this mode calling \fBEVP_KDF_derive\fR\|(3) will just perform the extract
operation. The value returned will be the intermediate fixed-length pseudorandom
key K. The \fIkeylen\fR parameter must match the size of K, which can be looked
up by calling \fBEVP_KDF_CTX_get_kdf_size()\fR after setting the mode and digest.
.Sp
The digest, key and salt values must be set before a key is derived otherwise
an error will occur.
.ie n .IP """\s-1EXPAND_ONLY""\s0 or \fB\s-1EVP_KDF_HKDF_MODE_EXPAND_ONLY\s0\fR" 4
.el .IP "``\s-1EXPAND_ONLY''\s0 or \fB\s-1EVP_KDF_HKDF_MODE_EXPAND_ONLY\s0\fR" 4
.IX Item "EXPAND_ONLY or EVP_KDF_HKDF_MODE_EXPAND_ONLY"
In this mode calling \fBEVP_KDF_derive\fR\|(3) will just perform the expand
operation. The input key should be set to the intermediate fixed-length
pseudorandom key K returned from a previous extract operation.
.Sp
The digest, key and info values must be set before a key is derived otherwise
an error will occur.
.RE
.RS 4
.RE
.PP
The OpenSSL \s-1FIPS\s0 provider also supports the following parameters:
.ie n .IP """fips-indicator"" (\fB\s-1OSSL_KDF_PARAM_FIPS_APPROVED_INDICATOR\s0\fR) <integer>" 4
.el .IP "``fips-indicator'' (\fB\s-1OSSL_KDF_PARAM_FIPS_APPROVED_INDICATOR\s0\fR) <integer>" 4
.IX Item "fips-indicator (OSSL_KDF_PARAM_FIPS_APPROVED_INDICATOR) <integer>"
A getter that returns 1 if the operation is \s-1FIPS\s0 approved, or 0 otherwise.
This may be used after calling EVP_KDF_derive. It returns 0 if any \*(L"***\-check\*(R"
related parameter is set to 0 and the check fails.
.ie n .IP """digest-check"" (\fB\s-1OSSL_KDF_PARAM_FIPS_DIGEST_CHECK\s0\fR) <integer>" 4
.el .IP "``digest-check'' (\fB\s-1OSSL_KDF_PARAM_FIPS_DIGEST_CHECK\s0\fR) <integer>" 4
.IX Item "digest-check (OSSL_KDF_PARAM_FIPS_DIGEST_CHECK) <integer>"
The default value of 1 causes an error during \fBEVP_KDF_CTX_set_params()\fR if
used digest is not approved.
Setting this to zero will ignore the error and set the approved
\&\*(L"fips-indicator\*(R" to 0.
This option breaks \s-1FIPS\s0 compliance if it causes the approved \*(L"fips-indicator\*(R"
to return 0.
.Sp
According to \s-1RFC 8446,\s0 the following are approved digest algorithms: \s-1SHA2\-256,
SHA2\-384.\s0
.ie n .IP """key-check"" (\fB\s-1OSSL_KDF_PARAM_FIPS_KEY_CHECK\s0\fR) <integer>" 4
.el .IP "``key-check'' (\fB\s-1OSSL_KDF_PARAM_FIPS_KEY_CHECK\s0\fR) <integer>" 4
.IX Item "key-check (OSSL_KDF_PARAM_FIPS_KEY_CHECK) <integer>"
The default value of 1 causes an error during \fBEVP_KDF_CTX_set_params()\fR if the
length of used key-derivation key (\fB\s-1OSSL_KDF_PARAM_KEY\s0\fR) is shorter than 112
bits.
Setting this to zero will ignore the error and set the approved
\&\*(L"fips-indicator\*(R" to 0.
This option breaks \s-1FIPS\s0 compliance if it causes the approved \*(L"fips-indicator\*(R"
to return 0.
.SH "NOTES"
.IX Header "NOTES"
This \s-1KDF\s0 is intended for use by the \s-1TLS 1.3\s0 implementation in libssl.
It does not support all the options and capabilities that \s-1HKDF\s0 does.
.PP
The \fI\s-1OSSL_PARAM\s0\fR array passed to \fBEVP_KDF_derive\fR\|(3) or
\&\fBEVP_KDF_CTX_set_params\fR\|(3) must specify all of the parameters required.
This \s-1KDF\s0 does not support a piecemeal approach to providing these.
.PP
A context for a \s-1TLS 1.3 KDF\s0 can be obtained by calling:
.PP
.Vb 2
\& EVP_KDF *kdf = EVP_KDF_fetch(NULL, "TLS13\-KDF", NULL);
\& EVP_KDF_CTX *kctx = EVP_KDF_CTX_new(kdf);
.Ve
.PP
The output length of a \s-1TLS 1.3 KDF\s0 expand operation is specified via the
\&\fIkeylen\fR parameter to the \fBEVP_KDF_derive\fR\|(3) function. When using
\&\s-1EVP_KDF_HKDF_MODE_EXTRACT_ONLY\s0 the \fIkeylen\fR parameter must equal the size of
the intermediate fixed-length pseudorandom key otherwise an error will occur.
For that mode, the fixed output size can be looked up by calling
\&\fBEVP_KDF_CTX_get_kdf_size()\fR after setting the mode and digest on the
\&\fB\s-1EVP_KDF_CTX\s0\fR.
.SH "CONFORMING TO"
.IX Header "CONFORMING TO"
\&\s-1RFC 8446\s0
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\s-1\fBEVP_KDF\s0\fR\|(3),
\&\fBEVP_KDF_CTX_new\fR\|(3),
\&\fBEVP_KDF_CTX_free\fR\|(3),
\&\fBEVP_KDF_CTX_get_kdf_size\fR\|(3),
\&\fBEVP_KDF_CTX_set_params\fR\|(3),
\&\fBEVP_KDF_derive\fR\|(3),
\&\*(L"\s-1PARAMETERS\*(R"\s0 in \s-1\fBEVP_KDF\s0\fR\|(3),
\&\s-1\fBEVP_KDF\-HKDF\s0\fR\|(7)
.SH "HISTORY"
.IX Header "HISTORY"
This functionality was added in OpenSSL 3.0.
.SH "COPYRIGHT"
.IX Header "COPYRIGHT"
Copyright 2021\-2024 The OpenSSL Project Authors. All Rights Reserved.
.PP
Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use
this file except in compliance with the License. You can obtain a copy
in the file \s-1LICENSE\s0 in the source distribution or at
<https://www.openssl.org/source/license.html>.

283
openssl-install/share/man/man7/EVP_KDF-TLS1_PRF.7ossl
View File

@@ -1,283 +0,0 @@
.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42)
.\"
.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..
.de Vb \" Begin verbatim text
.ft CW
.nf
.ne \\$1
..
.de Ve \" End verbatim text
.ft R
.fi
..
.\" Set up some character translations and predefined strings. \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote. \*(C+ will
.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
.\" nothing in troff, for use with C<>.
.tr \(*W-
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\
. ds -- \(*W-
. ds PI pi
. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
. ds L" ""
. ds R" ""
. ds C` ""
. ds C' ""
'br\}
.el\{\
. ds -- \|\(em\|
. ds PI \(*p
. ds L" ``
. ds R" ''
. ds C`
. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
.ie \n(.g .ds Aq \(aq
.el .ds Aq '
.\"
.\" If the F register is >0, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
.\"
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
.nr rF 0
.if \n(.g .if rF .nr rF 1
.if (\n(rF:(\n(.g==0)) \{\
. if \nF \{\
. de IX
. tm Index:\\$1\t\\n%\t"\\$2"
..
. if !\nF==2 \{\
. nr % 0
. nr F 2
. \}
. \}
.\}
.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
. \" fudge factors for nroff and troff
.if n \{\
. ds #H 0
. ds #V .8m
. ds #F .3m
. ds #[ \f1
. ds #] \fP
.\}
.if t \{\
. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
. ds #V .6m
. ds #F 0
. ds #[ \&
. ds #] \&
.\}
. \" simple accents for nroff and troff
.if n \{\
. ds ' \&
. ds ` \&
. ds ^ \&
. ds , \&
. ds ~ ~
. ds /
.\}
.if t \{\
. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
.\}
. \" troff and (daisy-wheel) nroff accents
.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
.ds ae a\h'-(\w'a'u*4/10)'e
.ds Ae A\h'-(\w'A'u*4/10)'E
. \" corrections for vroff
.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
. \" for low resolution devices (crt and lpr)
.if \n(.H>23 .if \n(.V>19 \
\{\
. ds : e
. ds 8 ss
. ds o a
. ds d- d\h'-1'\(ga
. ds D- D\h'-1'\(hy
. ds th \o'bp'
. ds Th \o'LP'
. ds ae ae
. ds Ae AE
.\}
.rm #[ #] #H #V #F C
.\" ========================================================================
.\"
.IX Title "EVP_KDF-TLS1_PRF 7ossl"
.TH EVP_KDF-TLS1_PRF 7ossl "2025-07-01" "3.4.2" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
.nh
.SH "NAME"
EVP_KDF\-TLS1_PRF \- The TLS1 PRF EVP_KDF implementation
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
Support for computing the \fB\s-1TLS1\s0\fR \s-1PRF\s0 through the \fB\s-1EVP_KDF\s0\fR \s-1API.\s0
.PP
The \s-1EVP_KDF\-TLS1_PRF\s0 algorithm implements the \s-1PRF\s0 used by \s-1TLS\s0 versions up to
and including \s-1TLS 1.2.\s0
.PP
The output is considered to be keying material.
.SS "Identity"
.IX Subsection "Identity"
\&\*(L"\s-1TLS1\-PRF\*(R"\s0 is the name for this implementation; it
can be used with the \fBEVP_KDF_fetch()\fR function.
.SS "Supported parameters"
.IX Subsection "Supported parameters"
The supported parameters are:
.ie n .IP """properties"" (\fB\s-1OSSL_KDF_PARAM_PROPERTIES\s0\fR) <\s-1UTF8\s0 string>" 4
.el .IP "``properties'' (\fB\s-1OSSL_KDF_PARAM_PROPERTIES\s0\fR) <\s-1UTF8\s0 string>" 4
.IX Item "properties (OSSL_KDF_PARAM_PROPERTIES) <UTF8 string>"
.PD 0
.ie n .IP """digest"" (\fB\s-1OSSL_KDF_PARAM_DIGEST\s0\fR) <\s-1UTF8\s0 string>" 4
.el .IP "``digest'' (\fB\s-1OSSL_KDF_PARAM_DIGEST\s0\fR) <\s-1UTF8\s0 string>" 4
.IX Item "digest (OSSL_KDF_PARAM_DIGEST) <UTF8 string>"
.PD
These parameters work as described in \*(L"\s-1PARAMETERS\*(R"\s0 in \s-1\fBEVP_KDF\s0\fR\|(3).
.Sp
The \fB\s-1OSSL_KDF_PARAM_DIGEST\s0\fR parameter is used to set the message digest
associated with the \s-1TLS PRF.\s0
\&\fBEVP_md5_sha1()\fR is treated as a special case which uses the
\&\s-1PRF\s0 algorithm using both \fB\s-1MD5\s0\fR and \fB\s-1SHA1\s0\fR as used in \s-1TLS 1.0\s0 and 1.1.
.ie n .IP """secret"" (\fB\s-1OSSL_KDF_PARAM_SECRET\s0\fR) <octet string>" 4
.el .IP "``secret'' (\fB\s-1OSSL_KDF_PARAM_SECRET\s0\fR) <octet string>" 4
.IX Item "secret (OSSL_KDF_PARAM_SECRET) <octet string>"
This parameter sets the secret value of the \s-1TLS PRF.\s0
Any existing secret value is replaced.
.ie n .IP """seed"" (\fB\s-1OSSL_KDF_PARAM_SEED\s0\fR) <octet string>" 4
.el .IP "``seed'' (\fB\s-1OSSL_KDF_PARAM_SEED\s0\fR) <octet string>" 4
.IX Item "seed (OSSL_KDF_PARAM_SEED) <octet string>"
This parameter sets the context seed.
The length of the context seed cannot exceed 1024 bytes;
this should be more than enough for any normal use of the \s-1TLS PRF.\s0
.PP
The OpenSSL \s-1FIPS\s0 provider also supports the following parameters:
.ie n .IP """fips-indicator"" (\fB\s-1OSSL_KDF_PARAM_FIPS_APPROVED_INDICATOR\s0\fR) <integer>" 4
.el .IP "``fips-indicator'' (\fB\s-1OSSL_KDF_PARAM_FIPS_APPROVED_INDICATOR\s0\fR) <integer>" 4
.IX Item "fips-indicator (OSSL_KDF_PARAM_FIPS_APPROVED_INDICATOR) <integer>"
A getter that returns 1 if the operation is \s-1FIPS\s0 approved, or 0 otherwise.
This may be used after calling EVP_KDF_derive. It returns 0 if any \*(L"***\-check\*(R"
related parameter is set to 0 and the check fails.
.ie n .IP """ems_check"" (\fB\s-1OSSL_KDF_PARAM_FIPS_EMS_CHECK\s0\fR) <integer>" 4
.el .IP "``ems_check'' (\fB\s-1OSSL_KDF_PARAM_FIPS_EMS_CHECK\s0\fR) <integer>" 4
.IX Item "ems_check (OSSL_KDF_PARAM_FIPS_EMS_CHECK) <integer>"
The default value of 1 causes an error during \fBEVP_KDF_derive()\fR if
\&\*(L"master secret\*(R" is used instead of \*(L"extended master secret\*(R" Setting this to zero
will ignore the error and set the approved \*(L"fips-indicator\*(R" to 0.
This option breaks \s-1FIPS\s0 compliance if it causes the approved \*(L"fips-indicator\*(R"
to return 0.
.ie n .IP """digest-check"" (\fB\s-1OSSL_KDF_PARAM_FIPS_DIGEST_CHECK\s0\fR) <integer>" 4
.el .IP "``digest-check'' (\fB\s-1OSSL_KDF_PARAM_FIPS_DIGEST_CHECK\s0\fR) <integer>" 4
.IX Item "digest-check (OSSL_KDF_PARAM_FIPS_DIGEST_CHECK) <integer>"
The default value of 1 causes an error during \fBEVP_KDF_CTX_set_params()\fR if
used digest is not approved.
Setting this to zero will ignore the error and set the approved
\&\*(L"fips-indicator\*(R" to 0.
This option breaks \s-1FIPS\s0 compliance if it causes the approved \*(L"fips-indicator\*(R"
to return 0.
.Sp
According to \s-1SP\s0 800\-135r1, the following are approved digest algorithms:
\&\s-1SHA2\-256, SHA2\-384, SHA2\-512.\s0
.ie n .IP """key-check"" (\fB\s-1OSSL_KDF_PARAM_FIPS_KEY_CHECK\s0\fR) <integer>" 4
.el .IP "``key-check'' (\fB\s-1OSSL_KDF_PARAM_FIPS_KEY_CHECK\s0\fR) <integer>" 4
.IX Item "key-check (OSSL_KDF_PARAM_FIPS_KEY_CHECK) <integer>"
The default value of 1 causes an error during \fBEVP_KDF_CTX_set_params()\fR if the
length of used key-derivation key (\fB\s-1OSSL_KDF_PARAM_SECRET\s0\fR) is shorter than 112
bits.
Setting this to zero will ignore the error and set the approved
\&\*(L"fips-indicator\*(R" to 0.
This option breaks \s-1FIPS\s0 compliance if it causes the approved \*(L"fips-indicator\*(R"
to return 0.
.SH "NOTES"
.IX Header "NOTES"
A context for the \s-1TLS PRF\s0 can be obtained by calling:
.PP
.Vb 2
\& EVP_KDF *kdf = EVP_KDF_fetch(NULL, "TLS1\-PRF", NULL);
\& EVP_KDF_CTX *kctx = EVP_KDF_CTX_new(kdf);
.Ve
.PP
The digest, secret value and seed must be set before a key is derived otherwise
an error will occur.
.PP
The output length of the \s-1PRF\s0 is specified by the \fIkeylen\fR parameter to the
\&\fBEVP_KDF_derive()\fR function.
.SH "EXAMPLES"
.IX Header "EXAMPLES"
This example derives 10 bytes using \s-1SHA\-256\s0 with the secret key \*(L"secret\*(R"
and seed value \*(L"seed\*(R":
.PP
.Vb 4
\& EVP_KDF *kdf;
\& EVP_KDF_CTX *kctx;
\& unsigned char out[10];
\& OSSL_PARAM params[4], *p = params;
\&
\& kdf = EVP_KDF_fetch(NULL, "TLS1\-PRF", NULL);
\& kctx = EVP_KDF_CTX_new(kdf);
\& EVP_KDF_free(kdf);
\&
\& *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST,
\& SN_sha256, strlen(SN_sha256));
\& *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SECRET,
\& "secret", (size_t)6);
\& *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SEED,
\& "seed", (size_t)4);
\& *p = OSSL_PARAM_construct_end();
\& if (EVP_KDF_derive(kctx, out, sizeof(out), params) <= 0) {
\& error("EVP_KDF_derive");
\& }
\& EVP_KDF_CTX_free(kctx);
.Ve
.SH "CONFORMING TO"
.IX Header "CONFORMING TO"
\&\s-1RFC 2246, RFC 5246\s0 and \s-1NIST SP 800\-135\s0 r1
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\s-1\fBEVP_KDF\s0\fR\|(3),
\&\fBEVP_KDF_CTX_new\fR\|(3),
\&\fBEVP_KDF_CTX_free\fR\|(3),
\&\fBEVP_KDF_CTX_set_params\fR\|(3),
\&\fBEVP_KDF_derive\fR\|(3),
\&\*(L"\s-1PARAMETERS\*(R"\s0 in \s-1\fBEVP_KDF\s0\fR\|(3)
.SH "HISTORY"
.IX Header "HISTORY"
This functionality was added in OpenSSL 3.0.
.SH "COPYRIGHT"
.IX Header "COPYRIGHT"
Copyright 2018\-2024 The OpenSSL Project Authors. All Rights Reserved.
.PP
Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use
this file except in compliance with the License. You can obtain a copy
in the file \s-1LICENSE\s0 in the source distribution or at
<https://www.openssl.org/source/license.html>.

300
openssl-install/share/man/man7/EVP_KDF-X942-ASN1.7ossl
View File

@@ -1,300 +0,0 @@
.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42)
.\"
.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..
.de Vb \" Begin verbatim text
.ft CW
.nf
.ne \\$1
..
.de Ve \" End verbatim text
.ft R
.fi
..
.\" Set up some character translations and predefined strings. \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote. \*(C+ will
.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
.\" nothing in troff, for use with C<>.
.tr \(*W-
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\
. ds -- \(*W-
. ds PI pi
. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
. ds L" ""
. ds R" ""
. ds C` ""
. ds C' ""
'br\}
.el\{\
. ds -- \|\(em\|
. ds PI \(*p
. ds L" ``
. ds R" ''
. ds C`
. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
.ie \n(.g .ds Aq \(aq
.el .ds Aq '
.\"
.\" If the F register is >0, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
.\"
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
.nr rF 0
.if \n(.g .if rF .nr rF 1
.if (\n(rF:(\n(.g==0)) \{\
. if \nF \{\
. de IX
. tm Index:\\$1\t\\n%\t"\\$2"
..
. if !\nF==2 \{\
. nr % 0
. nr F 2
. \}
. \}
.\}
.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
. \" fudge factors for nroff and troff
.if n \{\
. ds #H 0
. ds #V .8m
. ds #F .3m
. ds #[ \f1
. ds #] \fP
.\}
.if t \{\
. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
. ds #V .6m
. ds #F 0
. ds #[ \&
. ds #] \&
.\}
. \" simple accents for nroff and troff
.if n \{\
. ds ' \&
. ds ` \&
. ds ^ \&
. ds , \&
. ds ~ ~
. ds /
.\}
.if t \{\
. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
.\}
. \" troff and (daisy-wheel) nroff accents
.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
.ds ae a\h'-(\w'a'u*4/10)'e
.ds Ae A\h'-(\w'A'u*4/10)'E
. \" corrections for vroff
.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
. \" for low resolution devices (crt and lpr)
.if \n(.H>23 .if \n(.V>19 \
\{\
. ds : e
. ds 8 ss
. ds o a
. ds d- d\h'-1'\(ga
. ds D- D\h'-1'\(hy
. ds th \o'bp'
. ds Th \o'LP'
. ds ae ae
. ds Ae AE
.\}
.rm #[ #] #H #V #F C
.\" ========================================================================
.\"
.IX Title "EVP_KDF-X942-ASN1 7ossl"
.TH EVP_KDF-X942-ASN1 7ossl "2025-07-01" "3.4.2" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
.nh
.SH "NAME"
EVP_KDF\-X942\-ASN1 \- The X9.42\-2003 asn1 EVP_KDF implementation
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
The \s-1EVP_KDF\-X942\-ASN1\s0 algorithm implements the key derivation function
X942KDF\-ASN1. It is used by \s-1DH\s0 KeyAgreement, to derive a key using input such as
a shared secret key and other info. The other info is \s-1DER\s0 encoded data that
contains a 32 bit counter as well as optional fields for \*(L"partyu-info\*(R",
\&\*(L"partyv-info\*(R", \*(L"supp-pubinfo\*(R" and \*(L"supp-privinfo\*(R".
This kdf is used by Cryptographic Message Syntax (\s-1CMS\s0).
.PP
The output is considered to be keying material.
.SS "Identity"
.IX Subsection "Identity"
\&\*(L"X942KDF\-ASN1\*(R" or \*(L"X942KDF\*(R" is the name for this implementation; it
can be used with the \fBEVP_KDF_fetch()\fR function.
.SS "Supported parameters"
.IX Subsection "Supported parameters"
The supported parameters are:
.ie n .IP """properties"" (\fB\s-1OSSL_KDF_PARAM_PROPERTIES\s0\fR) <\s-1UTF8\s0 string>" 4
.el .IP "``properties'' (\fB\s-1OSSL_KDF_PARAM_PROPERTIES\s0\fR) <\s-1UTF8\s0 string>" 4
.IX Item "properties (OSSL_KDF_PARAM_PROPERTIES) <UTF8 string>"
.PD 0
.ie n .IP """digest"" (\fB\s-1OSSL_KDF_PARAM_DIGEST\s0\fR) <\s-1UTF8\s0 string>" 4
.el .IP "``digest'' (\fB\s-1OSSL_KDF_PARAM_DIGEST\s0\fR) <\s-1UTF8\s0 string>" 4
.IX Item "digest (OSSL_KDF_PARAM_DIGEST) <UTF8 string>"
.PD
These parameters work as described in \*(L"\s-1PARAMETERS\*(R"\s0 in \s-1\fBEVP_KDF\s0\fR\|(3).
.ie n .IP """secret"" (\fB\s-1OSSL_KDF_PARAM_SECRET\s0\fR) <octet string>" 4
.el .IP "``secret'' (\fB\s-1OSSL_KDF_PARAM_SECRET\s0\fR) <octet string>" 4
.IX Item "secret (OSSL_KDF_PARAM_SECRET) <octet string>"
The shared secret used for key derivation. This parameter sets the secret.
.ie n .IP """acvp-info"" (\fB\s-1OSSL_KDF_PARAM_X942_ACVPINFO\s0\fR) <octet string>" 4
.el .IP "``acvp-info'' (\fB\s-1OSSL_KDF_PARAM_X942_ACVPINFO\s0\fR) <octet string>" 4
.IX Item "acvp-info (OSSL_KDF_PARAM_X942_ACVPINFO) <octet string>"
This value should not be used in production and should only be used for \s-1ACVP\s0
testing. It is an optional octet string containing a combined \s-1DER\s0 encoded blob
of any of the optional fields related to \*(L"partyu-info\*(R", \*(L"partyv-info\*(R",
\&\*(L"supp-pubinfo\*(R" and \*(L"supp-privinfo\*(R". If it is specified then none of these other
fields should be used.
.ie n .IP """partyu-info"" (\fB\s-1OSSL_KDF_PARAM_X942_PARTYUINFO\s0\fR) <octet string>" 4
.el .IP "``partyu-info'' (\fB\s-1OSSL_KDF_PARAM_X942_PARTYUINFO\s0\fR) <octet string>" 4
.IX Item "partyu-info (OSSL_KDF_PARAM_X942_PARTYUINFO) <octet string>"
An optional octet string containing public info contributed by the initiator.
.ie n .IP """ukm"" (\fB\s-1OSSL_KDF_PARAM_UKM\s0\fR) <octet string>" 4
.el .IP "``ukm'' (\fB\s-1OSSL_KDF_PARAM_UKM\s0\fR) <octet string>" 4
.IX Item "ukm (OSSL_KDF_PARAM_UKM) <octet string>"
An alias for \*(L"partyu-info\*(R".
In \s-1CMS\s0 this is the user keying material.
.ie n .IP """partyv-info"" (\fB\s-1OSSL_KDF_PARAM_X942_PARTYVINFO\s0\fR) <octet string>" 4
.el .IP "``partyv-info'' (\fB\s-1OSSL_KDF_PARAM_X942_PARTYVINFO\s0\fR) <octet string>" 4
.IX Item "partyv-info (OSSL_KDF_PARAM_X942_PARTYVINFO) <octet string>"
An optional octet string containing public info contributed by the responder.
.ie n .IP """supp-pubinfo"" (\fB\s-1OSSL_KDF_PARAM_X942_SUPP_PUBINFO\s0\fR) <octet string>" 4
.el .IP "``supp-pubinfo'' (\fB\s-1OSSL_KDF_PARAM_X942_SUPP_PUBINFO\s0\fR) <octet string>" 4
.IX Item "supp-pubinfo (OSSL_KDF_PARAM_X942_SUPP_PUBINFO) <octet string>"
An optional octet string containing some additional, mutually-known public
information. Setting this value also sets \*(L"use-keybits\*(R" to 0.
.ie n .IP """use-keybits"" (\fB\s-1OSSL_KDF_PARAM_X942_USE_KEYBITS\s0\fR) <integer>" 4
.el .IP "``use-keybits'' (\fB\s-1OSSL_KDF_PARAM_X942_USE_KEYBITS\s0\fR) <integer>" 4
.IX Item "use-keybits (OSSL_KDF_PARAM_X942_USE_KEYBITS) <integer>"
The default value of 1 will use the \s-1KEK\s0 key length (in bits) as the
\&\*(L"supp-pubinfo\*(R". A value of 0 disables setting the \*(L"supp-pubinfo\*(R".
.ie n .IP """supp-privinfo"" (\fB\s-1OSSL_KDF_PARAM_X942_SUPP_PRIVINFO\s0\fR) <octet string>" 4
.el .IP "``supp-privinfo'' (\fB\s-1OSSL_KDF_PARAM_X942_SUPP_PRIVINFO\s0\fR) <octet string>" 4
.IX Item "supp-privinfo (OSSL_KDF_PARAM_X942_SUPP_PRIVINFO) <octet string>"
An optional octet string containing some additional, mutually-known private
information.
.ie n .IP """cekalg"" (\fB\s-1OSSL_KDF_PARAM_CEK_ALG\s0\fR) <\s-1UTF8\s0 string>" 4
.el .IP "``cekalg'' (\fB\s-1OSSL_KDF_PARAM_CEK_ALG\s0\fR) <\s-1UTF8\s0 string>" 4
.IX Item "cekalg (OSSL_KDF_PARAM_CEK_ALG) <UTF8 string>"
This parameter sets the \s-1CEK\s0 wrapping algorithm name.
Valid values are \*(L"\s-1AES\-128\-WRAP\*(R", \*(L"AES\-192\-WRAP\*(R", \*(L"AES\-256\-WRAP\*(R"\s0 and \*(L"\s-1DES3\-WRAP\*(R".\s0
.PP
The OpenSSL \s-1FIPS\s0 provider also supports the following parameters:
.ie n .IP """fips-indicator"" (\fB\s-1OSSL_KDF_PARAM_FIPS_APPROVED_INDICATOR\s0\fR) <integer>" 4
.el .IP "``fips-indicator'' (\fB\s-1OSSL_KDF_PARAM_FIPS_APPROVED_INDICATOR\s0\fR) <integer>" 4
.IX Item "fips-indicator (OSSL_KDF_PARAM_FIPS_APPROVED_INDICATOR) <integer>"
A getter that returns 1 if the operation is \s-1FIPS\s0 approved, or 0 otherwise.
This may be used after calling EVP_KDF_derive. It returns 0 if \*(L"key-check\*(R"
parameter is set to 0 and the check fails.
.ie n .IP """key-check"" (\fB\s-1OSSL_KDF_PARAM_FIPS_KEY_CHECK\s0\fR) <integer>" 4
.el .IP "``key-check'' (\fB\s-1OSSL_KDF_PARAM_FIPS_KEY_CHECK\s0\fR) <integer>" 4
.IX Item "key-check (OSSL_KDF_PARAM_FIPS_KEY_CHECK) <integer>"
The default value of 1 causes an error during \fBEVP_KDF_CTX_set_params()\fR if the
length of used key-derivation key (\fB\s-1OSSL_KDF_PARAM_KEY\s0\fR) is shorter than 112
bits.
Setting this to zero will ignore the error and set the approved
\&\*(L"fips-indicator\*(R" to 0.
This option breaks \s-1FIPS\s0 compliance if it causes the approved \*(L"fips-indicator\*(R"
to return 0.
.SH "NOTES"
.IX Header "NOTES"
A context for X942KDF can be obtained by calling:
.PP
.Vb 2
\& EVP_KDF *kdf = EVP_KDF_fetch(NULL, "X942KDF", NULL);
\& EVP_KDF_CTX *kctx = EVP_KDF_CTX_new(kdf);
.Ve
.PP
The output length of an X942KDF is specified via the \fIkeylen\fR
parameter to the \fBEVP_KDF_derive\fR\|(3) function.
.SH "EXAMPLES"
.IX Header "EXAMPLES"
This example derives 24 bytes, with the secret key \*(L"secret\*(R" and random user
keying material:
.PP
.Vb 5
\& EVP_KDF_CTX *kctx;
\& EVP_KDF_CTX *kctx;
\& unsigned char out[192/8];
\& unsignred char ukm[64];
\& OSSL_PARAM params[5], *p = params;
\&
\& if (RAND_bytes(ukm, sizeof(ukm)) <= 0)
\& error("RAND_bytes");
\&
\& kdf = EVP_KDF_fetch(NULL, "X942KDF", NULL);
\& if (kctx == NULL)
\& error("EVP_KDF_fetch");
\& kctx = EVP_KDF_CTX_new(kdf);
\& EVP_KDF_free(kdf);
\& if (kctx == NULL)
\& error("EVP_KDF_CTX_new");
\&
\& *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST, "SHA256", 0);
\& *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SECRET,
\& "secret", (size_t)6);
\& *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_UKM, ukm, sizeof(ukm));
\& *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_CEK_ALG, "AES\-256\-WRAP, 0);
\& *p = OSSL_PARAM_construct_end();
\& if (EVP_KDF_derive(kctx, out, sizeof(out), params) <= 0)
\& error("EVP_KDF_derive");
\&
\& EVP_KDF_CTX_free(kctx);
.Ve
.SH "CONFORMING TO"
.IX Header "CONFORMING TO"
\&\s-1ANS1 X9.42\-2003
RFC 2631\s0
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\s-1\fBEVP_KDF\s0\fR\|(3),
\&\fBEVP_KDF_CTX_new\fR\|(3),
\&\fBEVP_KDF_CTX_free\fR\|(3),
\&\fBEVP_KDF_CTX_set_params\fR\|(3),
\&\fBEVP_KDF_CTX_get_kdf_size\fR\|(3),
\&\fBEVP_KDF_derive\fR\|(3),
\&\*(L"\s-1PARAMETERS\*(R"\s0 in \s-1\fBEVP_KDF\s0\fR\|(3)
.SH "HISTORY"
.IX Header "HISTORY"
This functionality was added in OpenSSL 3.0.
.SH "COPYRIGHT"
.IX Header "COPYRIGHT"
Copyright 2019\-2024 The OpenSSL Project Authors. All Rights Reserved.
.PP
Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use
this file except in compliance with the License. You can obtain a copy
in the file \s-1LICENSE\s0 in the source distribution or at
<https://www.openssl.org/source/license.html>.

166
openssl-install/share/man/man7/EVP_KDF-X942-CONCAT.7ossl
View File

@@ -1,166 +0,0 @@
.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42)
.\"
.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..
.de Vb \" Begin verbatim text
.ft CW
.nf
.ne \\$1
..
.de Ve \" End verbatim text
.ft R
.fi
..
.\" Set up some character translations and predefined strings. \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote. \*(C+ will
.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
.\" nothing in troff, for use with C<>.
.tr \(*W-
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\
. ds -- \(*W-
. ds PI pi
. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
. ds L" ""
. ds R" ""
. ds C` ""
. ds C' ""
'br\}
.el\{\
. ds -- \|\(em\|
. ds PI \(*p
. ds L" ``
. ds R" ''
. ds C`
. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
.ie \n(.g .ds Aq \(aq
.el .ds Aq '
.\"
.\" If the F register is >0, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
.\"
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
.nr rF 0
.if \n(.g .if rF .nr rF 1
.if (\n(rF:(\n(.g==0)) \{\
. if \nF \{\
. de IX
. tm Index:\\$1\t\\n%\t"\\$2"
..
. if !\nF==2 \{\
. nr % 0
. nr F 2
. \}
. \}
.\}
.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
. \" fudge factors for nroff and troff
.if n \{\
. ds #H 0
. ds #V .8m
. ds #F .3m
. ds #[ \f1
. ds #] \fP
.\}
.if t \{\
. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
. ds #V .6m
. ds #F 0
. ds #[ \&
. ds #] \&
.\}
. \" simple accents for nroff and troff
.if n \{\
. ds ' \&
. ds ` \&
. ds ^ \&
. ds , \&
. ds ~ ~
. ds /
.\}
.if t \{\
. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
.\}
. \" troff and (daisy-wheel) nroff accents
.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
.ds ae a\h'-(\w'a'u*4/10)'e
.ds Ae A\h'-(\w'A'u*4/10)'E
. \" corrections for vroff
.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
. \" for low resolution devices (crt and lpr)
.if \n(.H>23 .if \n(.V>19 \
\{\
. ds : e
. ds 8 ss
. ds o a
. ds d- d\h'-1'\(ga
. ds D- D\h'-1'\(hy
. ds th \o'bp'
. ds Th \o'LP'
. ds ae ae
. ds Ae AE
.\}
.rm #[ #] #H #V #F C
.\" ========================================================================
.\"
.IX Title "EVP_KDF-X942-CONCAT 7ossl"
.TH EVP_KDF-X942-CONCAT 7ossl "2025-07-01" "3.4.2" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
.nh
.SH "NAME"
EVP_KDF\-X942\-CONCAT \- The X942 Concat EVP_KDF implementation
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
The \s-1EVP_KDF\-X942\-CONCAT\s0 algorithm is identical to \s-1EVP_KDF\-X963.\s0 It is
used for key agreement to derive a key using input such as a shared secret key
and shared info.
.SS "Identity"
.IX Subsection "Identity"
\&\*(L"X942KDF_CONCAT\*(R" is the name for this implementation; it
can be used with the \fBEVP_KDF_fetch()\fR function.
.PP
This is an alias for \*(L"X963KDF\*(R".
.PP
See \s-1\fBEVP_KDF\-X963\s0\fR\|(7) for a list of supported parameters and examples.
.SH "HISTORY"
.IX Header "HISTORY"
This functionality was added in OpenSSL 3.0.
.SH "COPYRIGHT"
.IX Header "COPYRIGHT"
Copyright 2020\-2021 The OpenSSL Project Authors. All Rights Reserved.
.PP
Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use
this file except in compliance with the License. You can obtain a copy
in the file \s-1LICENSE\s0 in the source distribution or at
<https://www.openssl.org/source/license.html>.

270
openssl-install/share/man/man7/EVP_KDF-X963.7ossl
View File

@@ -1,270 +0,0 @@
.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42)
.\"
.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..
.de Vb \" Begin verbatim text
.ft CW
.nf
.ne \\$1
..
.de Ve \" End verbatim text
.ft R
.fi
..
.\" Set up some character translations and predefined strings. \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote. \*(C+ will
.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
.\" nothing in troff, for use with C<>.
.tr \(*W-
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\
. ds -- \(*W-
. ds PI pi
. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
. ds L" ""
. ds R" ""
. ds C` ""
. ds C' ""
'br\}
.el\{\
. ds -- \|\(em\|
. ds PI \(*p
. ds L" ``
. ds R" ''
. ds C`
. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
.ie \n(.g .ds Aq \(aq
.el .ds Aq '
.\"
.\" If the F register is >0, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
.\"
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
.nr rF 0
.if \n(.g .if rF .nr rF 1
.if (\n(rF:(\n(.g==0)) \{\
. if \nF \{\
. de IX
. tm Index:\\$1\t\\n%\t"\\$2"
..
. if !\nF==2 \{\
. nr % 0
. nr F 2
. \}
. \}
.\}
.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
. \" fudge factors for nroff and troff
.if n \{\
. ds #H 0
. ds #V .8m
. ds #F .3m
. ds #[ \f1
. ds #] \fP
.\}
.if t \{\
. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
. ds #V .6m
. ds #F 0
. ds #[ \&
. ds #] \&
.\}
. \" simple accents for nroff and troff
.if n \{\
. ds ' \&
. ds ` \&
. ds ^ \&
. ds , \&
. ds ~ ~
. ds /
.\}
.if t \{\
. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
.\}
. \" troff and (daisy-wheel) nroff accents
.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
.ds ae a\h'-(\w'a'u*4/10)'e
.ds Ae A\h'-(\w'A'u*4/10)'E
. \" corrections for vroff
.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
. \" for low resolution devices (crt and lpr)
.if \n(.H>23 .if \n(.V>19 \
\{\
. ds : e
. ds 8 ss
. ds o a
. ds d- d\h'-1'\(ga
. ds D- D\h'-1'\(hy
. ds th \o'bp'
. ds Th \o'LP'
. ds ae ae
. ds Ae AE
.\}
.rm #[ #] #H #V #F C
.\" ========================================================================
.\"
.IX Title "EVP_KDF-X963 7ossl"
.TH EVP_KDF-X963 7ossl "2025-07-01" "3.4.2" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
.nh
.SH "NAME"
EVP_KDF\-X963 \- The X9.63\-2001 EVP_KDF implementation
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
The \s-1EVP_KDF\-X963\s0 algorithm implements the key derivation function (X963KDF).
X963KDF is used by Cryptographic Message Syntax (\s-1CMS\s0) for \s-1EC\s0 KeyAgreement, to
derive a key using input such as a shared secret key and shared info.
.PP
The output is considered to be keying material.
.SS "Identity"
.IX Subsection "Identity"
\&\*(L"X963KDF\*(R" is the name for this implementation; it
can be used with the \fBEVP_KDF_fetch()\fR function.
.SS "Supported parameters"
.IX Subsection "Supported parameters"
The supported parameters are:
.ie n .IP """properties"" (\fB\s-1OSSL_KDF_PARAM_PROPERTIES\s0\fR) <\s-1UTF8\s0 string>" 4
.el .IP "``properties'' (\fB\s-1OSSL_KDF_PARAM_PROPERTIES\s0\fR) <\s-1UTF8\s0 string>" 4
.IX Item "properties (OSSL_KDF_PARAM_PROPERTIES) <UTF8 string>"
.PD 0
.ie n .IP """digest"" (\fB\s-1OSSL_KDF_PARAM_DIGEST\s0\fR) <\s-1UTF8\s0 string>" 4
.el .IP "``digest'' (\fB\s-1OSSL_KDF_PARAM_DIGEST\s0\fR) <\s-1UTF8\s0 string>" 4
.IX Item "digest (OSSL_KDF_PARAM_DIGEST) <UTF8 string>"
.PD
These parameters work as described in \*(L"\s-1PARAMETERS\*(R"\s0 in \s-1\fBEVP_KDF\s0\fR\|(3).
.ie n .IP """key"" (\fB\s-1OSSL_KDF_PARAM_KEY\s0\fR) <octet string>" 4
.el .IP "``key'' (\fB\s-1OSSL_KDF_PARAM_KEY\s0\fR) <octet string>" 4
.IX Item "key (OSSL_KDF_PARAM_KEY) <octet string>"
The shared secret used for key derivation.
This parameter sets the secret.
.ie n .IP """info"" (\fB\s-1OSSL_KDF_PARAM_INFO\s0\fR) <octet string>" 4
.el .IP "``info'' (\fB\s-1OSSL_KDF_PARAM_INFO\s0\fR) <octet string>" 4
.IX Item "info (OSSL_KDF_PARAM_INFO) <octet string>"
This parameter specifies an optional value for shared info.
.PP
The OpenSSL \s-1FIPS\s0 provider also supports the following parameters:
.ie n .IP """fips-indicator"" (\fB\s-1OSSL_KDF_PARAM_FIPS_APPROVED_INDICATOR\s0\fR) <integer>" 4
.el .IP "``fips-indicator'' (\fB\s-1OSSL_KDF_PARAM_FIPS_APPROVED_INDICATOR\s0\fR) <integer>" 4
.IX Item "fips-indicator (OSSL_KDF_PARAM_FIPS_APPROVED_INDICATOR) <integer>"
A getter that returns 1 if the operation is \s-1FIPS\s0 approved, or 0 otherwise.
This may be used after calling EVP_KDF_derive. It returns 0 if any \*(L"***\-check\*(R"
related parameter is set to 0 and the check fails.
.ie n .IP """digest-check"" (\fB\s-1OSSL_KDF_PARAM_FIPS_DIGEST_CHECK\s0\fR) <int>" 4
.el .IP "``digest-check'' (\fB\s-1OSSL_KDF_PARAM_FIPS_DIGEST_CHECK\s0\fR) <int>" 4
.IX Item "digest-check (OSSL_KDF_PARAM_FIPS_DIGEST_CHECK) <int>"
The default value of 1 causes an error during \fBEVP_KDF_CTX_set_params()\fR if
used digest is not approved.
Setting this to zero will ignore the error and set the approved
\&\*(L"fips-indicator\*(R" to 0.
This option breaks \s-1FIPS\s0 compliance if it causes the approved \*(L"fips-indicator\*(R"
to return 0.
.Sp
According to \s-1ANSI X9.63\-2001,\s0 the following are approved digest algorithms:
\&\s-1SHA2\-224, SHA2\-256, SHA2\-384, SHA2\-512, SHA2\-512/224, SHA2\-512/256, SHA3\-224,
SHA3\-256, SHA3\-384, SHA3\-512.\s0
.ie n .IP """key-check"" (\fB\s-1OSSL_KDF_PARAM_FIPS_KEY_CHECK\s0\fR) <integer>" 4
.el .IP "``key-check'' (\fB\s-1OSSL_KDF_PARAM_FIPS_KEY_CHECK\s0\fR) <integer>" 4
.IX Item "key-check (OSSL_KDF_PARAM_FIPS_KEY_CHECK) <integer>"
The default value of 1 causes an error during \fBEVP_KDF_CTX_set_params()\fR if the
length of used key-derivation key (\fB\s-1OSSL_KDF_PARAM_KEY\s0\fR) is shorter than 112
bits.
Setting this to zero will ignore the error and set the approved
\&\*(L"fips-indicator\*(R" to 0.
This option breaks \s-1FIPS\s0 compliance if it causes the approved \*(L"fips-indicator\*(R"
to return 0.
.SH "NOTES"
.IX Header "NOTES"
X963KDF is very similar to the \s-1SSKDF\s0 that uses a digest as the auxiliary function,
X963KDF appends the counter to the secret, whereas \s-1SSKDF\s0 prepends the counter.
.PP
A context for X963KDF can be obtained by calling:
.PP
.Vb 2
\& EVP_KDF *kdf = EVP_KDF_fetch(NULL, "X963KDF", NULL);
\& EVP_KDF_CTX *kctx = EVP_KDF_CTX_new(kdf);
.Ve
.PP
The output length of an X963KDF is specified via the \fIkeylen\fR
parameter to the \fBEVP_KDF_derive\fR\|(3) function.
.SH "EXAMPLES"
.IX Header "EXAMPLES"
This example derives 10 bytes, with the secret key \*(L"secret\*(R" and sharedinfo
value \*(L"label\*(R":
.PP
.Vb 4
\& EVP_KDF *kdf;
\& EVP_KDF_CTX *kctx;
\& unsigned char out[10];
\& OSSL_PARAM params[4], *p = params;
\&
\& kdf = EVP_KDF_fetch(NULL, "X963KDF", NULL);
\& kctx = EVP_KDF_CTX_new(kdf);
\& EVP_KDF_free(kdf);
\&
\& *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST,
\& SN_sha256, strlen(SN_sha256));
\& *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SECRET,
\& "secret", (size_t)6);
\& *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_INFO,
\& "label", (size_t)5);
\& *p = OSSL_PARAM_construct_end();
\& if (EVP_KDF_derive(kctx, out, sizeof(out), params) <= 0) {
\& error("EVP_KDF_derive");
\& }
\&
\& EVP_KDF_CTX_free(kctx);
.Ve
.SH "CONFORMING TO"
.IX Header "CONFORMING TO"
\&\*(L"\s-1SEC 1:\s0 Elliptic Curve Cryptography\*(R"
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\s-1\fBEVP_KDF\s0\fR\|(3),
\&\fBEVP_KDF_CTX_new\fR\|(3),
\&\fBEVP_KDF_CTX_free\fR\|(3),
\&\fBEVP_KDF_CTX_set_params\fR\|(3),
\&\fBEVP_KDF_CTX_get_kdf_size\fR\|(3),
\&\fBEVP_KDF_derive\fR\|(3),
\&\*(L"\s-1PARAMETERS\*(R"\s0 in \s-1\fBEVP_KDF\s0\fR\|(3)
.SH "HISTORY"
.IX Header "HISTORY"
This functionality was added in OpenSSL 3.0.
.SH "COPYRIGHT"
.IX Header "COPYRIGHT"
Copyright 2019\-2024 The OpenSSL Project Authors. All Rights Reserved.
.PP
Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use
this file except in compliance with the License. You can obtain a copy
in the file \s-1LICENSE\s0 in the source distribution or at
<https://www.openssl.org/source/license.html>.

205
openssl-install/share/man/man7/EVP_KEM-EC.7ossl
View File

@@ -1,205 +0,0 @@
.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42)
.\"
.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..
.de Vb \" Begin verbatim text
.ft CW
.nf
.ne \\$1
..
.de Ve \" End verbatim text
.ft R
.fi
..
.\" Set up some character translations and predefined strings. \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote. \*(C+ will
.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
.\" nothing in troff, for use with C<>.
.tr \(*W-
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\
. ds -- \(*W-
. ds PI pi
. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
. ds L" ""
. ds R" ""
. ds C` ""
. ds C' ""
'br\}
.el\{\
. ds -- \|\(em\|
. ds PI \(*p
. ds L" ``
. ds R" ''
. ds C`
. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
.ie \n(.g .ds Aq \(aq
.el .ds Aq '
.\"
.\" If the F register is >0, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
.\"
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
.nr rF 0
.if \n(.g .if rF .nr rF 1
.if (\n(rF:(\n(.g==0)) \{\
. if \nF \{\
. de IX
. tm Index:\\$1\t\\n%\t"\\$2"
..
. if !\nF==2 \{\
. nr % 0
. nr F 2
. \}
. \}
.\}
.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
. \" fudge factors for nroff and troff
.if n \{\
. ds #H 0
. ds #V .8m
. ds #F .3m
. ds #[ \f1
. ds #] \fP
.\}
.if t \{\
. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
. ds #V .6m
. ds #F 0
. ds #[ \&
. ds #] \&
.\}
. \" simple accents for nroff and troff
.if n \{\
. ds ' \&
. ds ` \&
. ds ^ \&
. ds , \&
. ds ~ ~
. ds /
.\}
.if t \{\
. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
.\}
. \" troff and (daisy-wheel) nroff accents
.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
.ds ae a\h'-(\w'a'u*4/10)'e
.ds Ae A\h'-(\w'A'u*4/10)'E
. \" corrections for vroff
.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
. \" for low resolution devices (crt and lpr)
.if \n(.H>23 .if \n(.V>19 \
\{\
. ds : e
. ds 8 ss
. ds o a
. ds d- d\h'-1'\(ga
. ds D- D\h'-1'\(hy
. ds th \o'bp'
. ds Th \o'LP'
. ds ae ae
. ds Ae AE
.\}
.rm #[ #] #H #V #F C
.\" ========================================================================
.\"
.IX Title "EVP_KEM-EC 7ossl"
.TH EVP_KEM-EC 7ossl "2025-07-01" "3.4.2" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
.nh
.SH "NAME"
EVP_KEM\-EC
\&\- EVP_KEM EC keytype and algorithm support
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
The \fB\s-1EC\s0\fR keytype and its parameters are described in \s-1\fBEVP_PKEY\-EC\s0\fR\|(7).
See \fBEVP_PKEY_encapsulate\fR\|(3) and \fBEVP_PKEY_decapsulate\fR\|(3) for more info.
.SS "\s-1EC KEM\s0 parameters"
.IX Subsection "EC KEM parameters"
.ie n .IP """operation"" (\fB\s-1OSSL_KEM_PARAM_OPERATION\s0\fR)<\s-1UTF8\s0 string>" 4
.el .IP "``operation'' (\fB\s-1OSSL_KEM_PARAM_OPERATION\s0\fR)<\s-1UTF8\s0 string>" 4
.IX Item "operation (OSSL_KEM_PARAM_OPERATION)<UTF8 string>"
The OpenSSL \s-1EC\s0 Key Encapsulation Mechanisms only supports the
following operation:
.RS 4
.ie n .IP """\s-1DHKEM""\s0 (\fB\s-1OSSL_KEM_PARAM_OPERATION_DHKEM\s0\fR)" 4
.el .IP "``\s-1DHKEM''\s0 (\fB\s-1OSSL_KEM_PARAM_OPERATION_DHKEM\s0\fR)" 4
.IX Item "DHKEM (OSSL_KEM_PARAM_OPERATION_DHKEM)"
The encapsulate function generates an ephemeral keypair. It produces keymaterial
by doing an \s-1ECDH\s0 key exchange using the ephemeral private key and a supplied
recipient public key. A \s-1HKDF\s0 operation using the keymaterial and a kem context
then produces a shared secret. The shared secret and the ephemeral public key
are returned.
The decapsulate function uses the recipient private key and the
ephemeral public key to produce the same keymaterial, which can then be used to
produce the same shared secret.
See <https://www.rfc\-editor.org/rfc/rfc9180.html#name\-dh\-based\-kem\-dhkem>
.RE
.RS 4
.Sp
This can be set using either \fBEVP_PKEY_CTX_set_kem_op()\fR or
\&\fBEVP_PKEY_CTX_set_params()\fR.
.RE
.ie n .IP """ikme"" (\fB\s-1OSSL_KEM_PARAM_IKME\s0\fR) <octet string>" 4
.el .IP "``ikme'' (\fB\s-1OSSL_KEM_PARAM_IKME\s0\fR) <octet string>" 4
.IX Item "ikme (OSSL_KEM_PARAM_IKME) <octet string>"
Used to specify the key material used for generation of the ephemeral key.
This value should not be reused for other purposes.
It can only be used for the curves \*(L"P\-256\*(R", \*(L"P\-384\*(R" and \*(L"P\-521\*(R" and should
have a length of at least the size of the encoded private key
(i.e. 32, 48 and 66 for the listed curves).
If this value is not set, then a random ikm is used.
.SH "CONFORMING TO"
.IX Header "CONFORMING TO"
.IP "\s-1RFC9180\s0" 4
.IX Item "RFC9180"
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\fBEVP_PKEY_CTX_set_kem_op\fR\|(3),
\&\fBEVP_PKEY_encapsulate\fR\|(3),
\&\fBEVP_PKEY_decapsulate\fR\|(3)
\&\s-1\fBEVP_KEYMGMT\s0\fR\|(3),
\&\s-1\fBEVP_PKEY\s0\fR\|(3),
\&\fBprovider\-keymgmt\fR\|(7)
.SH "HISTORY"
.IX Header "HISTORY"
This functionality was added in OpenSSL 3.2.
.SH "COPYRIGHT"
.IX Header "COPYRIGHT"
Copyright 2022 The OpenSSL Project Authors. All Rights Reserved.
.PP
Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use
this file except in compliance with the License. You can obtain a copy
in the file \s-1LICENSE\s0 in the source distribution or at
<https://www.openssl.org/source/license.html>.

200
openssl-install/share/man/man7/EVP_KEM-RSA.7ossl
View File

@@ -1,200 +0,0 @@
.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42)
.\"
.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..
.de Vb \" Begin verbatim text
.ft CW
.nf
.ne \\$1
..
.de Ve \" End verbatim text
.ft R
.fi
..
.\" Set up some character translations and predefined strings. \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote. \*(C+ will
.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
.\" nothing in troff, for use with C<>.
.tr \(*W-
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\
. ds -- \(*W-
. ds PI pi
. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
. ds L" ""
. ds R" ""
. ds C` ""
. ds C' ""
'br\}
.el\{\
. ds -- \|\(em\|
. ds PI \(*p
. ds L" ``
. ds R" ''
. ds C`
. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
.ie \n(.g .ds Aq \(aq
.el .ds Aq '
.\"
.\" If the F register is >0, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
.\"
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
.nr rF 0
.if \n(.g .if rF .nr rF 1
.if (\n(rF:(\n(.g==0)) \{\
. if \nF \{\
. de IX
. tm Index:\\$1\t\\n%\t"\\$2"
..
. if !\nF==2 \{\
. nr % 0
. nr F 2
. \}
. \}
.\}
.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
. \" fudge factors for nroff and troff
.if n \{\
. ds #H 0
. ds #V .8m
. ds #F .3m
. ds #[ \f1
. ds #] \fP
.\}
.if t \{\
. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
. ds #V .6m
. ds #F 0
. ds #[ \&
. ds #] \&
.\}
. \" simple accents for nroff and troff
.if n \{\
. ds ' \&
. ds ` \&
. ds ^ \&
. ds , \&
. ds ~ ~
. ds /
.\}
.if t \{\
. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
.\}
. \" troff and (daisy-wheel) nroff accents
.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
.ds ae a\h'-(\w'a'u*4/10)'e
.ds Ae A\h'-(\w'A'u*4/10)'E
. \" corrections for vroff
.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
. \" for low resolution devices (crt and lpr)
.if \n(.H>23 .if \n(.V>19 \
\{\
. ds : e
. ds 8 ss
. ds o a
. ds d- d\h'-1'\(ga
. ds D- D\h'-1'\(hy
. ds th \o'bp'
. ds Th \o'LP'
. ds ae ae
. ds Ae AE
.\}
.rm #[ #] #H #V #F C
.\" ========================================================================
.\"
.IX Title "EVP_KEM-RSA 7ossl"
.TH EVP_KEM-RSA 7ossl "2025-07-01" "3.4.2" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
.nh
.SH "NAME"
EVP_KEM\-RSA
\&\- EVP_KEM RSA keytype and algorithm support
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
The \fB\s-1RSA\s0\fR keytype and its parameters are described in \s-1\fBEVP_PKEY\-RSA\s0\fR\|(7).
See \fBEVP_PKEY_encapsulate\fR\|(3) and \fBEVP_PKEY_decapsulate\fR\|(3) for more info.
.SS "\s-1RSA KEM\s0 parameters"
.IX Subsection "RSA KEM parameters"
.ie n .IP """operation"" (\fB\s-1OSSL_KEM_PARAM_OPERATION\s0\fR) <\s-1UTF8\s0 string>" 4
.el .IP "``operation'' (\fB\s-1OSSL_KEM_PARAM_OPERATION\s0\fR) <\s-1UTF8\s0 string>" 4
.IX Item "operation (OSSL_KEM_PARAM_OPERATION) <UTF8 string>"
The OpenSSL \s-1RSA\s0 Key Encapsulation Mechanism only currently supports the
following operation
.RS 4
.ie n .IP """\s-1RSASVE""\s0" 4
.el .IP "``\s-1RSASVE''\s0" 4
.IX Item "RSASVE"
The encapsulate function simply generates a secret using random bytes and then
encrypts the secret using the \s-1RSA\s0 public key (with no padding).
The decapsulate function recovers the secret using the \s-1RSA\s0 private key.
.RE
.RS 4
.Sp
This can be set using \fBEVP_PKEY_CTX_set_kem_op()\fR.
.RE
.ie n .IP """fips-indicator"" (\fB\s-1OSSL_KEM_PARAM_FIPS_APPROVED_INDICATOR\s0\fR) <integer>" 4
.el .IP "``fips-indicator'' (\fB\s-1OSSL_KEM_PARAM_FIPS_APPROVED_INDICATOR\s0\fR) <integer>" 4
.IX Item "fips-indicator (OSSL_KEM_PARAM_FIPS_APPROVED_INDICATOR) <integer>"
.PD 0
.ie n .IP """key-check"" (\fB\s-1OSSL_KEM_PARAM_FIPS_KEY_CHECK\s0\fR) <integer>" 4
.el .IP "``key-check'' (\fB\s-1OSSL_KEM_PARAM_FIPS_KEY_CHECK\s0\fR) <integer>" 4
.IX Item "key-check (OSSL_KEM_PARAM_FIPS_KEY_CHECK) <integer>"
.PD
These parameters are described in \fBprovider\-kem\fR\|(7).
.SH "CONFORMING TO"
.IX Header "CONFORMING TO"
.IP "SP800\-56Br2" 4
.IX Item "SP800-56Br2"
Section 7.2.1.2 \s-1RSASVE\s0 Generate Operation (\s-1RSASVE.GENERATE\s0).
Section 7.2.1.3 \s-1RSASVE\s0 Recovery Operation (\s-1RSASVE.RECOVER\s0).
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\fBEVP_PKEY_CTX_set_kem_op\fR\|(3),
\&\fBEVP_PKEY_encapsulate\fR\|(3),
\&\fBEVP_PKEY_decapsulate\fR\|(3)
\&\s-1\fBEVP_KEYMGMT\s0\fR\|(3),
\&\s-1\fBEVP_PKEY\s0\fR\|(3),
\&\fBprovider\-keymgmt\fR\|(7)
.SH "HISTORY"
.IX Header "HISTORY"
This functionality was added in OpenSSL 3.0.
.SH "COPYRIGHT"
.IX Header "COPYRIGHT"
Copyright 2020\-2024 The OpenSSL Project Authors. All Rights Reserved.
.PP
Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use
this file except in compliance with the License. You can obtain a copy
in the file \s-1LICENSE\s0 in the source distribution or at
<https://www.openssl.org/source/license.html>.

204
openssl-install/share/man/man7/EVP_KEM-X25519.7ossl
View File

@@ -1,204 +0,0 @@
.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42)
.\"
.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..
.de Vb \" Begin verbatim text
.ft CW
.nf
.ne \\$1
..
.de Ve \" End verbatim text
.ft R
.fi
..
.\" Set up some character translations and predefined strings. \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote. \*(C+ will
.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
.\" nothing in troff, for use with C<>.
.tr \(*W-
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\
. ds -- \(*W-
. ds PI pi
. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
. ds L" ""
. ds R" ""
. ds C` ""
. ds C' ""
'br\}
.el\{\
. ds -- \|\(em\|
. ds PI \(*p
. ds L" ``
. ds R" ''
. ds C`
. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
.ie \n(.g .ds Aq \(aq
.el .ds Aq '
.\"
.\" If the F register is >0, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
.\"
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
.nr rF 0
.if \n(.g .if rF .nr rF 1
.if (\n(rF:(\n(.g==0)) \{\
. if \nF \{\
. de IX
. tm Index:\\$1\t\\n%\t"\\$2"
..
. if !\nF==2 \{\
. nr % 0
. nr F 2
. \}
. \}
.\}
.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
. \" fudge factors for nroff and troff
.if n \{\
. ds #H 0
. ds #V .8m
. ds #F .3m
. ds #[ \f1
. ds #] \fP
.\}
.if t \{\
. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
. ds #V .6m
. ds #F 0
. ds #[ \&
. ds #] \&
.\}
. \" simple accents for nroff and troff
.if n \{\
. ds ' \&
. ds ` \&
. ds ^ \&
. ds , \&
. ds ~ ~
. ds /
.\}
.if t \{\
. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
.\}
. \" troff and (daisy-wheel) nroff accents
.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
.ds ae a\h'-(\w'a'u*4/10)'e
.ds Ae A\h'-(\w'A'u*4/10)'E
. \" corrections for vroff
.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
. \" for low resolution devices (crt and lpr)
.if \n(.H>23 .if \n(.V>19 \
\{\
. ds : e
. ds 8 ss
. ds o a
. ds d- d\h'-1'\(ga
. ds D- D\h'-1'\(hy
. ds th \o'bp'
. ds Th \o'LP'
. ds ae ae
. ds Ae AE
.\}
.rm #[ #] #H #V #F C
.\" ========================================================================
.\"
.IX Title "EVP_KEM-X25519 7ossl"
.TH EVP_KEM-X25519 7ossl "2025-07-01" "3.4.2" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
.nh
.SH "NAME"
EVP_KEM\-X25519, EVP_KEM\-X448
\&\- EVP_KEM X25519 and EVP_KEM X448 keytype and algorithm support
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
The \fBX25519\fR and <X448> keytype and its parameters are described in
\&\s-1\fBEVP_PKEY\-X25519\s0\fR\|(7).
See \fBEVP_PKEY_encapsulate\fR\|(3) and \fBEVP_PKEY_decapsulate\fR\|(3) for more info.
.SS "X25519 and X448 \s-1KEM\s0 parameters"
.IX Subsection "X25519 and X448 KEM parameters"
.ie n .IP """operation"" (\fB\s-1OSSL_KEM_PARAM_OPERATION\s0\fR)<\s-1UTF8\s0 string>" 4
.el .IP "``operation'' (\fB\s-1OSSL_KEM_PARAM_OPERATION\s0\fR)<\s-1UTF8\s0 string>" 4
.IX Item "operation (OSSL_KEM_PARAM_OPERATION)<UTF8 string>"
The OpenSSL X25519 and X448 Key Encapsulation Mechanisms only support the
following operation:
.RS 4
.ie n .IP """\s-1DHKEM""\s0 (\fB\s-1OSSL_KEM_PARAM_OPERATION_DHKEM\s0\fR)" 4
.el .IP "``\s-1DHKEM''\s0 (\fB\s-1OSSL_KEM_PARAM_OPERATION_DHKEM\s0\fR)" 4
.IX Item "DHKEM (OSSL_KEM_PARAM_OPERATION_DHKEM)"
The encapsulate function generates an ephemeral keypair. It produces keymaterial
by doing an X25519 or X448 key exchange using the ephemeral private key and a
supplied recipient public key. A \s-1HKDF\s0 operation using the keymaterial and a kem
context then produces a shared secret. The shared secret and the ephemeral
public key are returned.
The decapsulate function uses the recipient private key and the
ephemeral public key to produce the same keymaterial, which can then be used to
produce the same shared secret.
See <https://www.rfc\-editor.org/rfc/rfc9180.html#name\-dh\-based\-kem\-dhkem>
.RE
.RS 4
.Sp
This can be set using either \fBEVP_PKEY_CTX_set_kem_op()\fR or
\&\fBEVP_PKEY_CTX_set_params()\fR.
.RE
.ie n .IP """ikme"" (\fB\s-1OSSL_KEM_PARAM_IKME\s0\fR) <octet string>" 4
.el .IP "``ikme'' (\fB\s-1OSSL_KEM_PARAM_IKME\s0\fR) <octet string>" 4
.IX Item "ikme (OSSL_KEM_PARAM_IKME) <octet string>"
Used to specify the key material used for generation of the ephemeral key.
This value should not be reused for other purposes.
It should have a length of at least 32 for X25519, and 56 for X448.
If this value is not set, then a random ikm is used.
.SH "CONFORMING TO"
.IX Header "CONFORMING TO"
.IP "\s-1RFC9180\s0" 4
.IX Item "RFC9180"
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\fBEVP_PKEY_CTX_set_kem_op\fR\|(3),
\&\fBEVP_PKEY_encapsulate\fR\|(3),
\&\fBEVP_PKEY_decapsulate\fR\|(3)
\&\s-1\fBEVP_KEYMGMT\s0\fR\|(3),
\&\s-1\fBEVP_PKEY\s0\fR\|(3),
\&\fBprovider\-keymgmt\fR\|(7)
.SH "HISTORY"
.IX Header "HISTORY"
This functionality was added in OpenSSL 3.2.
.SH "COPYRIGHT"
.IX Header "COPYRIGHT"
Copyright 2022 The OpenSSL Project Authors. All Rights Reserved.
.PP
Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use
this file except in compliance with the License. You can obtain a copy
in the file \s-1LICENSE\s0 in the source distribution or at
<https://www.openssl.org/source/license.html>.

1
openssl-install/share/man/man7/EVP_KEM-X448.7ossl
View File

@@ -1 +0,0 @@
EVP_KEM-X25519.7ossl

277
openssl-install/share/man/man7/EVP_KEYEXCH-DH.7ossl
View File

@@ -1,277 +0,0 @@
.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42)
.\"
.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..
.de Vb \" Begin verbatim text
.ft CW
.nf
.ne \\$1
..
.de Ve \" End verbatim text
.ft R
.fi
..
.\" Set up some character translations and predefined strings. \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote. \*(C+ will
.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
.\" nothing in troff, for use with C<>.
.tr \(*W-
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\
. ds -- \(*W-
. ds PI pi
. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
. ds L" ""
. ds R" ""
. ds C` ""
. ds C' ""
'br\}
.el\{\
. ds -- \|\(em\|
. ds PI \(*p
. ds L" ``
. ds R" ''
. ds C`
. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
.ie \n(.g .ds Aq \(aq
.el .ds Aq '
.\"
.\" If the F register is >0, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
.\"
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
.nr rF 0
.if \n(.g .if rF .nr rF 1
.if (\n(rF:(\n(.g==0)) \{\
. if \nF \{\
. de IX
. tm Index:\\$1\t\\n%\t"\\$2"
..
. if !\nF==2 \{\
. nr % 0
. nr F 2
. \}
. \}
.\}
.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
. \" fudge factors for nroff and troff
.if n \{\
. ds #H 0
. ds #V .8m
. ds #F .3m
. ds #[ \f1
. ds #] \fP
.\}
.if t \{\
. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
. ds #V .6m
. ds #F 0
. ds #[ \&
. ds #] \&
.\}
. \" simple accents for nroff and troff
.if n \{\
. ds ' \&
. ds ` \&
. ds ^ \&
. ds , \&
. ds ~ ~
. ds /
.\}
.if t \{\
. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
.\}
. \" troff and (daisy-wheel) nroff accents
.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
.ds ae a\h'-(\w'a'u*4/10)'e
.ds Ae A\h'-(\w'A'u*4/10)'E
. \" corrections for vroff
.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
. \" for low resolution devices (crt and lpr)
.if \n(.H>23 .if \n(.V>19 \
\{\
. ds : e
. ds 8 ss
. ds o a
. ds d- d\h'-1'\(ga
. ds D- D\h'-1'\(hy
. ds th \o'bp'
. ds Th \o'LP'
. ds ae ae
. ds Ae AE
.\}
.rm #[ #] #H #V #F C
.\" ========================================================================
.\"
.IX Title "EVP_KEYEXCH-DH 7ossl"
.TH EVP_KEYEXCH-DH 7ossl "2025-07-01" "3.4.2" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
.nh
.SH "NAME"
EVP_KEYEXCH\-DH
\&\- DH Key Exchange algorithm support
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
Key exchange support for the \fB\s-1DH\s0\fR and \fB\s-1DHX\s0\fR key types.
.PP
Please note that although both key types support the same key exchange
operations, they cannot be used together in a single key exchange. It
is not possible to use a private key of the \fB\s-1DH\s0\fR type in key exchange
with the public key of \fB\s-1DHX\s0\fR type and vice versa.
.SS "\s-1DH\s0 and \s-1DHX\s0 key exchange parameters"
.IX Subsection "DH and DHX key exchange parameters"
.ie n .IP """pad"" (\fB\s-1OSSL_EXCHANGE_PARAM_PAD\s0\fR) <unsigned integer>" 4
.el .IP "``pad'' (\fB\s-1OSSL_EXCHANGE_PARAM_PAD\s0\fR) <unsigned integer>" 4
.IX Item "pad (OSSL_EXCHANGE_PARAM_PAD) <unsigned integer>"
Sets the padding mode for the associated key exchange ctx.
Setting a value of 1 will turn padding on.
Setting a value of 0 will turn padding off.
If padding is off then the derived shared secret may be smaller than the
largest possible secret size.
If padding is on then the derived shared secret will have its first bytes
filled with zeros where necessary to make the shared secret the same size as
the largest possible secret size.
The padding mode parameter is ignored (and padding implicitly enabled) when
the \s-1KDF\s0 type is set to \*(L"X942KDF\-ASN1\*(R" (\fB\s-1OSSL_KDF_NAME_X942KDF_ASN1\s0\fR).
.ie n .IP """kdf-type"" (\fB\s-1OSSL_EXCHANGE_PARAM_KDF_TYPE\s0\fR) <\s-1UTF8\s0 string>" 4
.el .IP "``kdf-type'' (\fB\s-1OSSL_EXCHANGE_PARAM_KDF_TYPE\s0\fR) <\s-1UTF8\s0 string>" 4
.IX Item "kdf-type (OSSL_EXCHANGE_PARAM_KDF_TYPE) <UTF8 string>"
.PD 0
.ie n .IP """kdf-digest"" (\fB\s-1OSSL_EXCHANGE_PARAM_KDF_DIGEST\s0\fR) <\s-1UTF8\s0 string>" 4
.el .IP "``kdf-digest'' (\fB\s-1OSSL_EXCHANGE_PARAM_KDF_DIGEST\s0\fR) <\s-1UTF8\s0 string>" 4
.IX Item "kdf-digest (OSSL_EXCHANGE_PARAM_KDF_DIGEST) <UTF8 string>"
.ie n .IP """kdf-digest-props"" (\fB\s-1OSSL_EXCHANGE_PARAM_KDF_DIGEST_PROPS\s0\fR) <\s-1UTF8\s0 string>" 4
.el .IP "``kdf-digest-props'' (\fB\s-1OSSL_EXCHANGE_PARAM_KDF_DIGEST_PROPS\s0\fR) <\s-1UTF8\s0 string>" 4
.IX Item "kdf-digest-props (OSSL_EXCHANGE_PARAM_KDF_DIGEST_PROPS) <UTF8 string>"
.ie n .IP """kdf-outlen"" (\fB\s-1OSSL_EXCHANGE_PARAM_KDF_OUTLEN\s0\fR) <unsigned integer>" 4
.el .IP "``kdf-outlen'' (\fB\s-1OSSL_EXCHANGE_PARAM_KDF_OUTLEN\s0\fR) <unsigned integer>" 4
.IX Item "kdf-outlen (OSSL_EXCHANGE_PARAM_KDF_OUTLEN) <unsigned integer>"
.ie n .IP """kdf-ukm"" (\fB\s-1OSSL_EXCHANGE_PARAM_KDF_UKM\s0\fR) <octet string>" 4
.el .IP "``kdf-ukm'' (\fB\s-1OSSL_EXCHANGE_PARAM_KDF_UKM\s0\fR) <octet string>" 4
.IX Item "kdf-ukm (OSSL_EXCHANGE_PARAM_KDF_UKM) <octet string>"
.ie n .IP """fips-indicator"" (\fB\s-1OSSL_EXCHANGE_PARAM_FIPS_APPROVED_INDICATOR\s0\fR) <integer>" 4
.el .IP "``fips-indicator'' (\fB\s-1OSSL_EXCHANGE_PARAM_FIPS_APPROVED_INDICATOR\s0\fR) <integer>" 4
.IX Item "fips-indicator (OSSL_EXCHANGE_PARAM_FIPS_APPROVED_INDICATOR) <integer>"
.ie n .IP """key-check"" (\fB\s-1OSSL_EXCHANGE_PARAM_FIPS_KEY_CHECK\s0\fR) <integer>" 4
.el .IP "``key-check'' (\fB\s-1OSSL_EXCHANGE_PARAM_FIPS_KEY_CHECK\s0\fR) <integer>" 4
.IX Item "key-check (OSSL_EXCHANGE_PARAM_FIPS_KEY_CHECK) <integer>"
.ie n .IP """digest-check"" (\fB\s-1OSSL_EXCHANGE_PARAM_FIPS_DIGEST_CHECK\s0\fR) <integer>" 4
.el .IP "``digest-check'' (\fB\s-1OSSL_EXCHANGE_PARAM_FIPS_DIGEST_CHECK\s0\fR) <integer>" 4
.IX Item "digest-check (OSSL_EXCHANGE_PARAM_FIPS_DIGEST_CHECK) <integer>"
.PD
See \*(L"Common Key Exchange parameters\*(R" in \fBprovider\-keyexch\fR\|(7).
.ie n .IP """cekalg"" (\fB\s-1OSSL_KDF_PARAM_CEK_ALG\s0\fR) <octet string ptr>" 4
.el .IP "``cekalg'' (\fB\s-1OSSL_KDF_PARAM_CEK_ALG\s0\fR) <octet string ptr>" 4
.IX Item "cekalg (OSSL_KDF_PARAM_CEK_ALG) <octet string ptr>"
See \*(L"\s-1KDF\s0 Parameters\*(R" in \fBprovider\-kdf\fR\|(7).
.SH "EXAMPLES"
.IX Header "EXAMPLES"
The examples assume a host and peer both generate keys using the same
named group (or domain parameters). See \*(L"Examples\*(R" in \s-1\fBEVP_PKEY\-DH\s0\fR\|(7).
Both the host and peer transfer their public key to each other.
.PP
To convert the peer's generated key pair to a public key in \s-1DER\s0 format in order
to transfer to the host:
.PP
.Vb 3
\& EVP_PKEY *peer_key; /* It is assumed this contains the peers generated key */
\& unsigned char *peer_pub_der = NULL;
\& int peer_pub_der_len;
\&
\& peer_pub_der_len = i2d_PUBKEY(peer_key, &peer_pub_der);
\& ...
\& OPENSSL_free(peer_pub_der);
.Ve
.PP
To convert the received peer's public key from \s-1DER\s0 format on the host:
.PP
.Vb 4
\& const unsigned char *pd = peer_pub_der;
\& EVP_PKEY *peer_pub_key = d2i_PUBKEY(NULL, &pd, peer_pub_der_len);
\& ...
\& EVP_PKEY_free(peer_pub_key);
.Ve
.PP
To derive a shared secret on the host using the host's key and the peer's public
key:
.PP
.Vb 8
\& /* It is assumed that the host_key and peer_pub_key are set up */
\& void derive_secret(EVP_KEY *host_key, EVP_PKEY *peer_pub_key)
\& {
\& unsigned int pad = 1;
\& OSSL_PARAM params[2];
\& unsigned char *secret = NULL;
\& size_t secret_len = 0;
\& EVP_PKEY_CTX *dctx = EVP_PKEY_CTX_new_from_pkey(NULL, host_key, NULL);
\&
\& EVP_PKEY_derive_init(dctx);
\&
\& /* Optionally set the padding */
\& params[0] = OSSL_PARAM_construct_uint(OSSL_EXCHANGE_PARAM_PAD, &pad);
\& params[1] = OSSL_PARAM_construct_end();
\& EVP_PKEY_CTX_set_params(dctx, params);
\&
\& EVP_PKEY_derive_set_peer(dctx, peer_pub_key);
\&
\& /* Get the size by passing NULL as the buffer */
\& EVP_PKEY_derive(dctx, NULL, &secret_len);
\& secret = OPENSSL_zalloc(secret_len);
\&
\& EVP_PKEY_derive(dctx, secret, &secret_len);
\& ...
\& OPENSSL_clear_free(secret, secret_len);
\& EVP_PKEY_CTX_free(dctx);
\& }
.Ve
.PP
Very similar code can be used by the peer to derive the same shared secret
using the host's public key and the peer's generated key pair.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\s-1\fBEVP_PKEY\-DH\s0\fR\|(7),
\&\s-1\fBEVP_PKEY\-FFC\s0\fR\|(7),
\&\s-1\fBEVP_PKEY\s0\fR\|(3),
\&\fBprovider\-keyexch\fR\|(7),
\&\fBprovider\-keymgmt\fR\|(7),
\&\fBOSSL_PROVIDER\-default\fR\|(7),
\&\s-1\fBOSSL_PROVIDER\-FIPS\s0\fR\|(7),
.SH "COPYRIGHT"
.IX Header "COPYRIGHT"
Copyright 2020\-2024 The OpenSSL Project Authors. All Rights Reserved.
.PP
Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use
this file except in compliance with the License. You can obtain a copy
in the file \s-1LICENSE\s0 in the source distribution or at
<https://www.openssl.org/source/license.html>.

269
openssl-install/share/man/man7/EVP_KEYEXCH-ECDH.7ossl
View File

@@ -1,269 +0,0 @@
.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42)
.\"
.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..
.de Vb \" Begin verbatim text
.ft CW
.nf
.ne \\$1
..
.de Ve \" End verbatim text
.ft R
.fi
..
.\" Set up some character translations and predefined strings. \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote. \*(C+ will
.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
.\" nothing in troff, for use with C<>.
.tr \(*W-
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\
. ds -- \(*W-
. ds PI pi
. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
. ds L" ""
. ds R" ""
. ds C` ""
. ds C' ""
'br\}
.el\{\
. ds -- \|\(em\|
. ds PI \(*p
. ds L" ``
. ds R" ''
. ds C`
. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
.ie \n(.g .ds Aq \(aq
.el .ds Aq '
.\"
.\" If the F register is >0, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
.\"
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
.nr rF 0
.if \n(.g .if rF .nr rF 1
.if (\n(rF:(\n(.g==0)) \{\
. if \nF \{\
. de IX
. tm Index:\\$1\t\\n%\t"\\$2"
..
. if !\nF==2 \{\
. nr % 0
. nr F 2
. \}
. \}
.\}
.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
. \" fudge factors for nroff and troff
.if n \{\
. ds #H 0
. ds #V .8m
. ds #F .3m
. ds #[ \f1
. ds #] \fP
.\}
.if t \{\
. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
. ds #V .6m
. ds #F 0
. ds #[ \&
. ds #] \&
.\}
. \" simple accents for nroff and troff
.if n \{\
. ds ' \&
. ds ` \&
. ds ^ \&
. ds , \&
. ds ~ ~
. ds /
.\}
.if t \{\
. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
.\}
. \" troff and (daisy-wheel) nroff accents
.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
.ds ae a\h'-(\w'a'u*4/10)'e
.ds Ae A\h'-(\w'A'u*4/10)'E
. \" corrections for vroff
.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
. \" for low resolution devices (crt and lpr)
.if \n(.H>23 .if \n(.V>19 \
\{\
. ds : e
. ds 8 ss
. ds o a
. ds d- d\h'-1'\(ga
. ds D- D\h'-1'\(hy
. ds th \o'bp'
. ds Th \o'LP'
. ds ae ae
. ds Ae AE
.\}
.rm #[ #] #H #V #F C
.\" ========================================================================
.\"
.IX Title "EVP_KEYEXCH-ECDH 7ossl"
.TH EVP_KEYEXCH-ECDH 7ossl "2025-07-01" "3.4.2" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
.nh
.SH "NAME"
EVP_KEYEXCH\-ECDH \- ECDH Key Exchange algorithm support
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
Key exchange support for the \fB\s-1ECDH\s0\fR key type.
.SS "\s-1ECDH\s0 Key Exchange parameters"
.IX Subsection "ECDH Key Exchange parameters"
.ie n .IP """ecdh-cofactor-mode"" (\fB\s-1OSSL_EXCHANGE_PARAM_EC_ECDH_COFACTOR_MODE\s0\fR) <integer>" 4
.el .IP "``ecdh-cofactor-mode'' (\fB\s-1OSSL_EXCHANGE_PARAM_EC_ECDH_COFACTOR_MODE\s0\fR) <integer>" 4
.IX Item "ecdh-cofactor-mode (OSSL_EXCHANGE_PARAM_EC_ECDH_COFACTOR_MODE) <integer>"
Sets or gets the \s-1ECDH\s0 mode of operation for the associated key exchange ctx.
.Sp
In the context of an Elliptic Curve Diffie-Hellman key exchange, this parameter
can be used to select between the plain Diffie-Hellman (\s-1DH\s0) or Cofactor
Diffie-Hellman (\s-1CDH\s0) variants of the key exchange algorithm.
.Sp
When setting, the value should be 1, 0 or \-1, respectively forcing cofactor mode
on, off, or resetting it to the default for the private key associated with the
given key exchange ctx.
.Sp
When getting, the value should be either 1 or 0, respectively signaling if the
cofactor mode is on or off.
.Sp
See also \fBprovider\-keymgmt\fR\|(7) for the related
\&\fB\s-1OSSL_PKEY_PARAM_USE_COFACTOR_ECDH\s0\fR parameter that can be set on a
per-key basis.
.ie n .IP """kdf-type"" (\fB\s-1OSSL_EXCHANGE_PARAM_KDF_TYPE\s0\fR) <\s-1UTF8\s0 string>" 4
.el .IP "``kdf-type'' (\fB\s-1OSSL_EXCHANGE_PARAM_KDF_TYPE\s0\fR) <\s-1UTF8\s0 string>" 4
.IX Item "kdf-type (OSSL_EXCHANGE_PARAM_KDF_TYPE) <UTF8 string>"
.PD 0
.ie n .IP """kdf-digest"" (\fB\s-1OSSL_EXCHANGE_PARAM_KDF_DIGEST\s0\fR) <\s-1UTF8\s0 string>" 4
.el .IP "``kdf-digest'' (\fB\s-1OSSL_EXCHANGE_PARAM_KDF_DIGEST\s0\fR) <\s-1UTF8\s0 string>" 4
.IX Item "kdf-digest (OSSL_EXCHANGE_PARAM_KDF_DIGEST) <UTF8 string>"
.ie n .IP """kdf-digest-props"" (\fB\s-1OSSL_EXCHANGE_PARAM_KDF_DIGEST_PROPS\s0\fR) <\s-1UTF8\s0 string>" 4
.el .IP "``kdf-digest-props'' (\fB\s-1OSSL_EXCHANGE_PARAM_KDF_DIGEST_PROPS\s0\fR) <\s-1UTF8\s0 string>" 4
.IX Item "kdf-digest-props (OSSL_EXCHANGE_PARAM_KDF_DIGEST_PROPS) <UTF8 string>"
.ie n .IP """kdf-outlen"" (\fB\s-1OSSL_EXCHANGE_PARAM_KDF_OUTLEN\s0\fR) <unsigned integer>" 4
.el .IP "``kdf-outlen'' (\fB\s-1OSSL_EXCHANGE_PARAM_KDF_OUTLEN\s0\fR) <unsigned integer>" 4
.IX Item "kdf-outlen (OSSL_EXCHANGE_PARAM_KDF_OUTLEN) <unsigned integer>"
.ie n .IP """kdf-ukm"" (\fB\s-1OSSL_EXCHANGE_PARAM_KDF_UKM\s0\fR) <octet string>" 4
.el .IP "``kdf-ukm'' (\fB\s-1OSSL_EXCHANGE_PARAM_KDF_UKM\s0\fR) <octet string>" 4
.IX Item "kdf-ukm (OSSL_EXCHANGE_PARAM_KDF_UKM) <octet string>"
.PD
.PP
The OpenSSL \s-1FIPS\s0 provider also supports the following parameters:
.ie n .IP """fips-indicator"" (\fB\s-1OSSL_EXCHANGE_PARAM_FIPS_APPROVED_INDICATOR\s0\fR) <integer>" 4
.el .IP "``fips-indicator'' (\fB\s-1OSSL_EXCHANGE_PARAM_FIPS_APPROVED_INDICATOR\s0\fR) <integer>" 4
.IX Item "fips-indicator (OSSL_EXCHANGE_PARAM_FIPS_APPROVED_INDICATOR) <integer>"
.PD 0
.ie n .IP """key-check"" (\fB\s-1OSSL_EXCHANGE_PARAM_FIPS_KEY_CHECK\s0\fR) <integer>" 4
.el .IP "``key-check'' (\fB\s-1OSSL_EXCHANGE_PARAM_FIPS_KEY_CHECK\s0\fR) <integer>" 4
.IX Item "key-check (OSSL_EXCHANGE_PARAM_FIPS_KEY_CHECK) <integer>"
.ie n .IP """digest-check"" (\fB\s-1OSSL_EXCHANGE_PARAM_FIPS_DIGEST_CHECK\s0\fR) <integer>" 4
.el .IP "``digest-check'' (\fB\s-1OSSL_EXCHANGE_PARAM_FIPS_DIGEST_CHECK\s0\fR) <integer>" 4
.IX Item "digest-check (OSSL_EXCHANGE_PARAM_FIPS_DIGEST_CHECK) <integer>"
.PD
See \*(L"Common Key Exchange parameters\*(R" in \fBprovider\-keyexch\fR\|(7).
.ie n .IP """ecdh-cofactor-check"" (\fB\s-1OSSL_EXCHANGE_PARAM_FIPS_ECDH_COFACTOR_CHECK\s0\fR) <integer>" 4
.el .IP "``ecdh-cofactor-check'' (\fB\s-1OSSL_EXCHANGE_PARAM_FIPS_ECDH_COFACTOR_CHECK\s0\fR) <integer>" 4
.IX Item "ecdh-cofactor-check (OSSL_EXCHANGE_PARAM_FIPS_ECDH_COFACTOR_CHECK) <integer>"
If required this parameter should before \fBOSSL_FUNC_keyexch_derive()\fR.
The default value of 1 causes an error during the OSSL_FUNC_keyexch_derive if
the \s-1EC\s0 curve has a cofactor that is not 1, and the cofactor is not used.
Setting this to 0 will ignore the error and set the approved
\&\*(L"fips-indicator\*(R" to 0.
This option breaks \s-1FIPS\s0 compliance if it causes the approved \*(L"fips-indicator\*(R"
to return 0.
.SH "EXAMPLES"
.IX Header "EXAMPLES"
Examples of key agreement can be found in demos/keyexch.
.PP
Keys for the host and peer must be generated as shown in
\&\*(L"Examples\*(R" in \s-1\fBEVP_PKEY\-EC\s0\fR\|(7) using the same curve name.
.PP
The code to generate a shared secret for the normal case is identical to
\&\*(L"Examples\*(R" in \s-1\fBEVP_KEYEXCH\-DH\s0\fR\|(7).
.PP
To derive a shared secret on the host using the host's key and the peer's public
key but also using X963KDF with a user key material:
.PP
.Vb 10
\& /* It is assumed that the host_key, peer_pub_key and ukm are set up */
\& void derive_secret(EVP_PKEY *host_key, EVP_PKEY *peer_key,
\& unsigned char *ukm, size_t ukm_len)
\& {
\& unsigned char secret[64];
\& size_t out_len = sizeof(secret);
\& size_t secret_len = out_len;
\& unsigned int pad = 1;
\& OSSL_PARAM params[6];
\& EVP_PKEY_CTX *dctx = EVP_PKEY_CTX_new_from_pkey(NULL, host_key, NULL);
\&
\& EVP_PKEY_derive_init(dctx);
\&
\& params[0] = OSSL_PARAM_construct_uint(OSSL_EXCHANGE_PARAM_PAD, &pad);
\& params[1] = OSSL_PARAM_construct_utf8_string(OSSL_EXCHANGE_PARAM_KDF_TYPE,
\& "X963KDF", 0);
\& params[2] = OSSL_PARAM_construct_utf8_string(OSSL_EXCHANGE_PARAM_KDF_DIGEST,
\& "SHA1", 0);
\& params[3] = OSSL_PARAM_construct_size_t(OSSL_EXCHANGE_PARAM_KDF_OUTLEN,
\& &out_len);
\& params[4] = OSSL_PARAM_construct_octet_string(OSSL_EXCHANGE_PARAM_KDF_UKM,
\& ukm, ukm_len);
\& params[5] = OSSL_PARAM_construct_end();
\& EVP_PKEY_CTX_set_params(dctx, params);
\&
\& EVP_PKEY_derive_set_peer(dctx, peer_pub_key);
\& EVP_PKEY_derive(dctx, secret, &secret_len);
\& ...
\& OPENSSL_clear_free(secret, secret_len);
\& EVP_PKEY_CTX_free(dctx);
\& }
.Ve
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\s-1\fBEVP_PKEY\-EC\s0\fR\|(7)
\&\s-1\fBEVP_PKEY\s0\fR\|(3),
\&\fBprovider\-keyexch\fR\|(7),
\&\fBprovider\-keymgmt\fR\|(7),
\&\fBOSSL_PROVIDER\-default\fR\|(7),
\&\s-1\fBOSSL_PROVIDER\-FIPS\s0\fR\|(7),
.SH "COPYRIGHT"
.IX Header "COPYRIGHT"
Copyright 2020\-2024 The OpenSSL Project Authors. All Rights Reserved.
.PP
Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use
this file except in compliance with the License. You can obtain a copy
in the file \s-1LICENSE\s0 in the source distribution or at
<https://www.openssl.org/source/license.html>.

185
openssl-install/share/man/man7/EVP_KEYEXCH-X25519.7ossl
View File

@@ -1,185 +0,0 @@
.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42)
.\"
.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..
.de Vb \" Begin verbatim text
.ft CW
.nf
.ne \\$1
..
.de Ve \" End verbatim text
.ft R
.fi
..
.\" Set up some character translations and predefined strings. \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote. \*(C+ will
.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
.\" nothing in troff, for use with C<>.
.tr \(*W-
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\
. ds -- \(*W-
. ds PI pi
. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
. ds L" ""
. ds R" ""
. ds C` ""
. ds C' ""
'br\}
.el\{\
. ds -- \|\(em\|
. ds PI \(*p
. ds L" ``
. ds R" ''
. ds C`
. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
.ie \n(.g .ds Aq \(aq
.el .ds Aq '
.\"
.\" If the F register is >0, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
.\"
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
.nr rF 0
.if \n(.g .if rF .nr rF 1
.if (\n(rF:(\n(.g==0)) \{\
. if \nF \{\
. de IX
. tm Index:\\$1\t\\n%\t"\\$2"
..
. if !\nF==2 \{\
. nr % 0
. nr F 2
. \}
. \}
.\}
.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
. \" fudge factors for nroff and troff
.if n \{\
. ds #H 0
. ds #V .8m
. ds #F .3m
. ds #[ \f1
. ds #] \fP
.\}
.if t \{\
. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
. ds #V .6m
. ds #F 0
. ds #[ \&
. ds #] \&
.\}
. \" simple accents for nroff and troff
.if n \{\
. ds ' \&
. ds ` \&
. ds ^ \&
. ds , \&
. ds ~ ~
. ds /
.\}
.if t \{\
. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
.\}
. \" troff and (daisy-wheel) nroff accents
.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
.ds ae a\h'-(\w'a'u*4/10)'e
.ds Ae A\h'-(\w'A'u*4/10)'E
. \" corrections for vroff
.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
. \" for low resolution devices (crt and lpr)
.if \n(.H>23 .if \n(.V>19 \
\{\
. ds : e
. ds 8 ss
. ds o a
. ds d- d\h'-1'\(ga
. ds D- D\h'-1'\(hy
. ds th \o'bp'
. ds Th \o'LP'
. ds ae ae
. ds Ae AE
.\}
.rm #[ #] #H #V #F C
.\" ========================================================================
.\"
.IX Title "EVP_KEYEXCH-X25519 7ossl"
.TH EVP_KEYEXCH-X25519 7ossl "2025-07-01" "3.4.2" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
.nh
.SH "NAME"
EVP_KEYEXCH\-X25519,
EVP_KEYEXCH\-X448
\&\- X25519 and X448 Key Exchange algorithm support
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
Key exchange support for the \fBX25519\fR and \fBX448\fR key types.
.SS "Key exchange parameters"
.IX Subsection "Key exchange parameters"
.ie n .IP """pad"" (\fB\s-1OSSL_EXCHANGE_PARAM_PAD\s0\fR) <unsigned integer>" 4
.el .IP "``pad'' (\fB\s-1OSSL_EXCHANGE_PARAM_PAD\s0\fR) <unsigned integer>" 4
.IX Item "pad (OSSL_EXCHANGE_PARAM_PAD) <unsigned integer>"
.PD 0
.ie n .IP """fips-indicator"" (\fB\s-1OSSL_EXCHANGE_PARAM_FIPS_APPROVED_INDICATOR\s0\fR) <integer>" 4
.el .IP "``fips-indicator'' (\fB\s-1OSSL_EXCHANGE_PARAM_FIPS_APPROVED_INDICATOR\s0\fR) <integer>" 4
.IX Item "fips-indicator (OSSL_EXCHANGE_PARAM_FIPS_APPROVED_INDICATOR) <integer>"
.PD
\&\fBX25519\fR and \fBX448\fR are not \s-1FIPS\s0 approved in \s-1FIPS 140\-3.\s0
So this getter will return 0.
.Sp
See \*(L"Common Key Exchange parameters\*(R" in \fBprovider\-keyexch\fR\|(7).
.SH "EXAMPLES"
.IX Header "EXAMPLES"
Keys for the host and peer can be generated as shown in
\&\*(L"Examples\*(R" in \s-1\fBEVP_PKEY\-X25519\s0\fR\|(7).
.PP
The code to generate a shared secret is identical to
\&\*(L"Examples\*(R" in \s-1\fBEVP_KEYEXCH\-DH\s0\fR\|(7).
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\s-1\fBEVP_PKEY\-FFC\s0\fR\|(7),
\&\s-1\fBEVP_PKEY\-DH\s0\fR\|(7)
\&\s-1\fBEVP_PKEY\s0\fR\|(3),
\&\fBprovider\-keyexch\fR\|(7),
\&\fBprovider\-keymgmt\fR\|(7),
\&\fBOSSL_PROVIDER\-default\fR\|(7),
\&\s-1\fBOSSL_PROVIDER\-FIPS\s0\fR\|(7),
.SH "COPYRIGHT"
.IX Header "COPYRIGHT"
Copyright 2020\-2024 The OpenSSL Project Authors. All Rights Reserved.
.PP
Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use
this file except in compliance with the License. You can obtain a copy
in the file \s-1LICENSE\s0 in the source distribution or at
<https://www.openssl.org/source/license.html>.

1
openssl-install/share/man/man7/EVP_KEYEXCH-X448.7ossl
View File

@@ -1 +0,0 @@
EVP_KEYEXCH-X25519.7ossl

1
openssl-install/share/man/man7/EVP_KEYMGMT-CMAC.7ossl
View File

@@ -1 +0,0 @@
EVP_PKEY-HMAC.7ossl

1
openssl-install/share/man/man7/EVP_KEYMGMT-DH.7ossl
View File

@@ -1 +0,0 @@
EVP_PKEY-DH.7ossl

1
openssl-install/share/man/man7/EVP_KEYMGMT-DHX.7ossl
View File

@@ -1 +0,0 @@
EVP_PKEY-DH.7ossl

1
openssl-install/share/man/man7/EVP_KEYMGMT-DSA.7ossl
View File

@@ -1 +0,0 @@
EVP_PKEY-DSA.7ossl

1
openssl-install/share/man/man7/EVP_KEYMGMT-EC.7ossl
View File

@@ -1 +0,0 @@
EVP_PKEY-EC.7ossl

1
openssl-install/share/man/man7/EVP_KEYMGMT-ED25519.7ossl
View File

@@ -1 +0,0 @@
EVP_PKEY-X25519.7ossl

1
openssl-install/share/man/man7/EVP_KEYMGMT-ED448.7ossl
View File

@@ -1 +0,0 @@
EVP_PKEY-X25519.7ossl

1
openssl-install/share/man/man7/EVP_KEYMGMT-HMAC.7ossl
View File

@@ -1 +0,0 @@
EVP_PKEY-HMAC.7ossl

1
openssl-install/share/man/man7/EVP_KEYMGMT-Poly1305.7ossl
View File

@@ -1 +0,0 @@
EVP_PKEY-HMAC.7ossl

1
openssl-install/share/man/man7/EVP_KEYMGMT-RSA.7ossl
View File

@@ -1 +0,0 @@
EVP_PKEY-RSA.7ossl

1
openssl-install/share/man/man7/EVP_KEYMGMT-SM2.7ossl
View File

@@ -1 +0,0 @@
EVP_PKEY-SM2.7ossl

1
openssl-install/share/man/man7/EVP_KEYMGMT-Siphash.7ossl
View File

@@ -1 +0,0 @@
EVP_PKEY-HMAC.7ossl

1
openssl-install/share/man/man7/EVP_KEYMGMT-X25519.7ossl
View File

@@ -1 +0,0 @@
EVP_PKEY-X25519.7ossl

1
openssl-install/share/man/man7/EVP_KEYMGMT-X448.7ossl
View File

@@ -1 +0,0 @@
EVP_PKEY-X25519.7ossl

216
openssl-install/share/man/man7/EVP_MAC-BLAKE2.7ossl
View File

@@ -1,216 +0,0 @@
.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42)
.\"
.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..
.de Vb \" Begin verbatim text
.ft CW
.nf
.ne \\$1
..
.de Ve \" End verbatim text
.ft R
.fi
..
.\" Set up some character translations and predefined strings. \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote. \*(C+ will
.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
.\" nothing in troff, for use with C<>.
.tr \(*W-
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\
. ds -- \(*W-
. ds PI pi
. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
. ds L" ""
. ds R" ""
. ds C` ""
. ds C' ""
'br\}
.el\{\
. ds -- \|\(em\|
. ds PI \(*p
. ds L" ``
. ds R" ''
. ds C`
. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
.ie \n(.g .ds Aq \(aq
.el .ds Aq '
.\"
.\" If the F register is >0, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
.\"
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
.nr rF 0
.if \n(.g .if rF .nr rF 1
.if (\n(rF:(\n(.g==0)) \{\
. if \nF \{\
. de IX
. tm Index:\\$1\t\\n%\t"\\$2"
..
. if !\nF==2 \{\
. nr % 0
. nr F 2
. \}
. \}
.\}
.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
. \" fudge factors for nroff and troff
.if n \{\
. ds #H 0
. ds #V .8m
. ds #F .3m
. ds #[ \f1
. ds #] \fP
.\}
.if t \{\
. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
. ds #V .6m
. ds #F 0
. ds #[ \&
. ds #] \&
.\}
. \" simple accents for nroff and troff
.if n \{\
. ds ' \&
. ds ` \&
. ds ^ \&
. ds , \&
. ds ~ ~
. ds /
.\}
.if t \{\
. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
.\}
. \" troff and (daisy-wheel) nroff accents
.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
.ds ae a\h'-(\w'a'u*4/10)'e
.ds Ae A\h'-(\w'A'u*4/10)'E
. \" corrections for vroff
.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
. \" for low resolution devices (crt and lpr)
.if \n(.H>23 .if \n(.V>19 \
\{\
. ds : e
. ds 8 ss
. ds o a
. ds d- d\h'-1'\(ga
. ds D- D\h'-1'\(hy
. ds th \o'bp'
. ds Th \o'LP'
. ds ae ae
. ds Ae AE
.\}
.rm #[ #] #H #V #F C
.\" ========================================================================
.\"
.IX Title "EVP_MAC-BLAKE2 7ossl"
.TH EVP_MAC-BLAKE2 7ossl "2025-07-01" "3.4.2" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
.nh
.SH "NAME"
EVP_MAC\-BLAKE2, EVP_MAC\-BLAKE2BMAC, EVP_MAC\-BLAKE2SMAC
\&\- The BLAKE2 EVP_MAC implementations
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
Support for computing \s-1BLAKE2\s0 MACs through the \fB\s-1EVP_MAC\s0\fR \s-1API.\s0
.SS "Identity"
.IX Subsection "Identity"
These implementations are identified with one of these names and
properties, to be used with \fBEVP_MAC_fetch()\fR:
.ie n .IP """\s-1BLAKE2BMAC"",\s0 ""provider=default""" 4
.el .IP "``\s-1BLAKE2BMAC'',\s0 ``provider=default''" 4
.IX Item "BLAKE2BMAC, provider=default"
.PD 0
.ie n .IP """\s-1BLAKE2SMAC"",\s0 ""provider=default""" 4
.el .IP "``\s-1BLAKE2SMAC'',\s0 ``provider=default''" 4
.IX Item "BLAKE2SMAC, provider=default"
.PD
.SS "Supported parameters"
.IX Subsection "Supported parameters"
The general description of these parameters can be found in
\&\*(L"\s-1PARAMETERS\*(R"\s0 in \s-1\fBEVP_MAC\s0\fR\|(3).
.PP
All these parameters (except for \*(L"block-size\*(R") can be set with
\&\fBEVP_MAC_CTX_set_params()\fR.
Furthermore, the \*(L"size\*(R" parameter can be retrieved with
\&\fBEVP_MAC_CTX_get_params()\fR, or with \fBEVP_MAC_CTX_get_mac_size()\fR.
The length of the \*(L"size\*(R" parameter should not exceed that of a \fBsize_t\fR.
Likewise, the \*(L"block-size\*(R" parameter can be retrieved with
\&\fBEVP_MAC_CTX_get_params()\fR, or with \fBEVP_MAC_CTX_get_block_size()\fR.
.ie n .IP """key"" (\fB\s-1OSSL_MAC_PARAM_KEY\s0\fR) <octet string>" 4
.el .IP "``key'' (\fB\s-1OSSL_MAC_PARAM_KEY\s0\fR) <octet string>" 4
.IX Item "key (OSSL_MAC_PARAM_KEY) <octet string>"
Sets the \s-1MAC\s0 key.
It may be at most 64 bytes for \s-1BLAKE2BMAC\s0 or 32 for \s-1BLAKE2SMAC\s0 and at
least 1 byte in both cases.
Setting this parameter is identical to passing a \fIkey\fR to \fBEVP_MAC_init\fR\|(3).
.ie n .IP """custom"" (\fB\s-1OSSL_MAC_PARAM_CUSTOM\s0\fR) <octet string>" 4
.el .IP "``custom'' (\fB\s-1OSSL_MAC_PARAM_CUSTOM\s0\fR) <octet string>" 4
.IX Item "custom (OSSL_MAC_PARAM_CUSTOM) <octet string>"
Sets the customization/personalization string.
It is an optional value of at most 16 bytes for \s-1BLAKE2BMAC\s0 or 8 for
\&\s-1BLAKE2SMAC,\s0 and is empty by default.
.ie n .IP """salt"" (\fB\s-1OSSL_MAC_PARAM_SALT\s0\fR) <octet string>" 4
.el .IP "``salt'' (\fB\s-1OSSL_MAC_PARAM_SALT\s0\fR) <octet string>" 4
.IX Item "salt (OSSL_MAC_PARAM_SALT) <octet string>"
Sets the salt.
It is an optional value of at most 16 bytes for \s-1BLAKE2BMAC\s0 or 8 for
\&\s-1BLAKE2SMAC,\s0 and is empty by default.
.ie n .IP """size"" (\fB\s-1OSSL_MAC_PARAM_SIZE\s0\fR) <unsigned integer>" 4
.el .IP "``size'' (\fB\s-1OSSL_MAC_PARAM_SIZE\s0\fR) <unsigned integer>" 4
.IX Item "size (OSSL_MAC_PARAM_SIZE) <unsigned integer>"
Sets the \s-1MAC\s0 size.
It can be any number between 1 and 32 for \s-1EVP_MAC_BLAKE2S\s0 or between 1
and 64 for \s-1EVP_MAC_BLAKE2B.\s0
It is 32 and 64 respectively by default.
.ie n .IP """block-size"" (\fB\s-1OSSL_MAC_PARAM_BLOCK_SIZE\s0\fR) <unsigned integer>" 4
.el .IP "``block-size'' (\fB\s-1OSSL_MAC_PARAM_BLOCK_SIZE\s0\fR) <unsigned integer>" 4
.IX Item "block-size (OSSL_MAC_PARAM_BLOCK_SIZE) <unsigned integer>"
Gets the \s-1MAC\s0 block size.
It is 64 for \s-1EVP_MAC_BLAKE2S\s0 and 128 for \s-1EVP_MAC_BLAKE2B.\s0
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\fBEVP_MAC_CTX_get_params\fR\|(3), \fBEVP_MAC_CTX_set_params\fR\|(3),
\&\*(L"\s-1PARAMETERS\*(R"\s0 in \s-1\fBEVP_MAC\s0\fR\|(3), \s-1\fBOSSL_PARAM\s0\fR\|(3)
.SH "HISTORY"
.IX Header "HISTORY"
The macros and functions described here were added to OpenSSL 3.0.
.SH "COPYRIGHT"
.IX Header "COPYRIGHT"
Copyright 2018\-2021 The OpenSSL Project Authors. All Rights Reserved.
.PP
Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use
this file except in compliance with the License. You can obtain a copy
in the file \s-1LICENSE\s0 in the source distribution or at
<https://www.openssl.org/source/license.html>.

1
openssl-install/share/man/man7/EVP_MAC-BLAKE2BMAC.7ossl
View File

@@ -1 +0,0 @@
EVP_MAC-BLAKE2.7ossl

1
openssl-install/share/man/man7/EVP_MAC-BLAKE2SMAC.7ossl
View File

@@ -1 +0,0 @@
EVP_MAC-BLAKE2.7ossl

222
openssl-install/share/man/man7/EVP_MAC-CMAC.7ossl
View File

@@ -1,222 +0,0 @@
.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42)
.\"
.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..
.de Vb \" Begin verbatim text
.ft CW
.nf
.ne \\$1
..
.de Ve \" End verbatim text
.ft R
.fi
..
.\" Set up some character translations and predefined strings. \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote. \*(C+ will
.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
.\" nothing in troff, for use with C<>.
.tr \(*W-
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\
. ds -- \(*W-
. ds PI pi
. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
. ds L" ""
. ds R" ""
. ds C` ""
. ds C' ""
'br\}
.el\{\
. ds -- \|\(em\|
. ds PI \(*p
. ds L" ``
. ds R" ''
. ds C`
. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
.ie \n(.g .ds Aq \(aq
.el .ds Aq '
.\"
.\" If the F register is >0, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
.\"
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
.nr rF 0
.if \n(.g .if rF .nr rF 1
.if (\n(rF:(\n(.g==0)) \{\
. if \nF \{\
. de IX
. tm Index:\\$1\t\\n%\t"\\$2"
..
. if !\nF==2 \{\
. nr % 0
. nr F 2
. \}
. \}
.\}
.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
. \" fudge factors for nroff and troff
.if n \{\
. ds #H 0
. ds #V .8m
. ds #F .3m
. ds #[ \f1
. ds #] \fP
.\}
.if t \{\
. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
. ds #V .6m
. ds #F 0
. ds #[ \&
. ds #] \&
.\}
. \" simple accents for nroff and troff
.if n \{\
. ds ' \&
. ds ` \&
. ds ^ \&
. ds , \&
. ds ~ ~
. ds /
.\}
.if t \{\
. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
.\}
. \" troff and (daisy-wheel) nroff accents
.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
.ds ae a\h'-(\w'a'u*4/10)'e
.ds Ae A\h'-(\w'A'u*4/10)'E
. \" corrections for vroff
.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
. \" for low resolution devices (crt and lpr)
.if \n(.H>23 .if \n(.V>19 \
\{\
. ds : e
. ds 8 ss
. ds o a
. ds d- d\h'-1'\(ga
. ds D- D\h'-1'\(hy
. ds th \o'bp'
. ds Th \o'LP'
. ds ae ae
. ds Ae AE
.\}
.rm #[ #] #H #V #F C
.\" ========================================================================
.\"
.IX Title "EVP_MAC-CMAC 7ossl"
.TH EVP_MAC-CMAC 7ossl "2025-07-01" "3.4.2" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
.nh
.SH "NAME"
EVP_MAC\-CMAC \- The CMAC EVP_MAC implementation
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
Support for computing \s-1CMAC\s0 MACs through the \fB\s-1EVP_MAC\s0\fR \s-1API.\s0
.PP
This implementation uses \s-1EVP_CIPHER\s0 functions to get access to the underlying
cipher.
.SS "Identity"
.IX Subsection "Identity"
This implementation is identified with this name and properties, to be
used with \fBEVP_MAC_fetch()\fR:
.ie n .IP """\s-1CMAC"",\s0 ""provider=default"" or ""provider=fips""" 4
.el .IP "``\s-1CMAC'',\s0 ``provider=default'' or ``provider=fips''" 4
.IX Item "CMAC, provider=default or provider=fips"
.SS "Supported parameters"
.IX Subsection "Supported parameters"
The general description of these parameters can be found in
\&\*(L"\s-1PARAMETERS\*(R"\s0 in \s-1\fBEVP_MAC\s0\fR\|(3).
.PP
The following parameter can be set with \fBEVP_MAC_CTX_set_params()\fR:
.ie n .IP """key"" (\fB\s-1OSSL_MAC_PARAM_KEY\s0\fR) <octet string>" 4
.el .IP "``key'' (\fB\s-1OSSL_MAC_PARAM_KEY\s0\fR) <octet string>" 4
.IX Item "key (OSSL_MAC_PARAM_KEY) <octet string>"
Sets the \s-1MAC\s0 key.
Setting this parameter is identical to passing a \fIkey\fR to \fBEVP_MAC_init\fR\|(3).
.ie n .IP """cipher"" (\fB\s-1OSSL_MAC_PARAM_CIPHER\s0\fR) <\s-1UTF8\s0 string>" 4
.el .IP "``cipher'' (\fB\s-1OSSL_MAC_PARAM_CIPHER\s0\fR) <\s-1UTF8\s0 string>" 4
.IX Item "cipher (OSSL_MAC_PARAM_CIPHER) <UTF8 string>"
Sets the name of the underlying cipher to be used. The mode of the cipher
must be \s-1CBC.\s0
.ie n .IP """properties"" (\fB\s-1OSSL_MAC_PARAM_PROPERTIES\s0\fR) <\s-1UTF8\s0 string>" 4
.el .IP "``properties'' (\fB\s-1OSSL_MAC_PARAM_PROPERTIES\s0\fR) <\s-1UTF8\s0 string>" 4
.IX Item "properties (OSSL_MAC_PARAM_PROPERTIES) <UTF8 string>"
Sets the properties to be queried when trying to fetch the underlying cipher.
This must be given together with the cipher naming parameter to be considered
valid.
.ie n .IP """encrypt-check"" (\fB\s-1OSSL_CIPHER_PARAM_FIPS_ENCRYPT_CHECK\s0\fR) <integer>" 4
.el .IP "``encrypt-check'' (\fB\s-1OSSL_CIPHER_PARAM_FIPS_ENCRYPT_CHECK\s0\fR) <integer>" 4
.IX Item "encrypt-check (OSSL_CIPHER_PARAM_FIPS_ENCRYPT_CHECK) <integer>"
This option is used by the OpenSSL \s-1FIPS\s0 provider.
If required this parameter should be set before \fBEVP_MAC_init()\fR
.Sp
The default value of 1 causes an error when a unapproved Triple-DES encryption
operation is triggered.
Setting this to 0 will ignore the error and set the approved
\&\*(L"fips-indicator\*(R" to 0.
This option breaks \s-1FIPS\s0 compliance if it causes the approved \*(L"fips-indicator\*(R"
to return 0.
.PP
The following parameters can be retrieved with
\&\fBEVP_MAC_CTX_get_params()\fR:
.ie n .IP """size"" (\fB\s-1OSSL_MAC_PARAM_SIZE\s0\fR) <unsigned integer>" 4
.el .IP "``size'' (\fB\s-1OSSL_MAC_PARAM_SIZE\s0\fR) <unsigned integer>" 4
.IX Item "size (OSSL_MAC_PARAM_SIZE) <unsigned integer>"
The \*(L"size\*(R" parameter can also be retrieved with with \fBEVP_MAC_CTX_get_mac_size()\fR.
The length of the \*(L"size\*(R" parameter is equal to that of an \fBunsigned int\fR.
.ie n .IP """block-size"" (\fB\s-1OSSL_MAC_PARAM_BLOCK_SIZE\s0\fR) <unsigned integer>" 4
.el .IP "``block-size'' (\fB\s-1OSSL_MAC_PARAM_BLOCK_SIZE\s0\fR) <unsigned integer>" 4
.IX Item "block-size (OSSL_MAC_PARAM_BLOCK_SIZE) <unsigned integer>"
Gets the \s-1MAC\s0 block size. The \*(L"block-size\*(R" parameter can also be retrieved with
\&\fBEVP_MAC_CTX_get_block_size()\fR.
.ie n .IP """fips-indicator"" (\fB\s-1OSSL_CIPHER_PARAM_FIPS_APPROVED_INDICATOR\s0\fR) <integer>" 4
.el .IP "``fips-indicator'' (\fB\s-1OSSL_CIPHER_PARAM_FIPS_APPROVED_INDICATOR\s0\fR) <integer>" 4
.IX Item "fips-indicator (OSSL_CIPHER_PARAM_FIPS_APPROVED_INDICATOR) <integer>"
This option is used by the OpenSSL \s-1FIPS\s0 provider.
.Sp
A getter that returns 1 if the operation is \s-1FIPS\s0 approved, or 0 otherwise.
This may be used after calling \fBEVP_MAC_final()\fR.
It may return 0 if the \*(L"encrypt-check\*(R" option is set to 0.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\fBEVP_MAC_CTX_get_params\fR\|(3), \fBEVP_MAC_CTX_set_params\fR\|(3),
\&\*(L"\s-1PARAMETERS\*(R"\s0 in \s-1\fBEVP_MAC\s0\fR\|(3), \s-1\fBOSSL_PARAM\s0\fR\|(3)
.SH "COPYRIGHT"
.IX Header "COPYRIGHT"
Copyright 2018\-2024 The OpenSSL Project Authors. All Rights Reserved.
.PP
Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use
this file except in compliance with the License. You can obtain a copy
in the file \s-1LICENSE\s0 in the source distribution or at
<https://www.openssl.org/source/license.html>.

202
openssl-install/share/man/man7/EVP_MAC-GMAC.7ossl
View File

@@ -1,202 +0,0 @@
.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42)
.\"
.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..
.de Vb \" Begin verbatim text
.ft CW
.nf
.ne \\$1
..
.de Ve \" End verbatim text
.ft R
.fi
..
.\" Set up some character translations and predefined strings. \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote. \*(C+ will
.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
.\" nothing in troff, for use with C<>.
.tr \(*W-
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\
. ds -- \(*W-
. ds PI pi
. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
. ds L" ""
. ds R" ""
. ds C` ""
. ds C' ""
'br\}
.el\{\
. ds -- \|\(em\|
. ds PI \(*p
. ds L" ``
. ds R" ''
. ds C`
. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
.ie \n(.g .ds Aq \(aq
.el .ds Aq '
.\"
.\" If the F register is >0, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
.\"
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
.nr rF 0
.if \n(.g .if rF .nr rF 1
.if (\n(rF:(\n(.g==0)) \{\
. if \nF \{\
. de IX
. tm Index:\\$1\t\\n%\t"\\$2"
..
. if !\nF==2 \{\
. nr % 0
. nr F 2
. \}
. \}
.\}
.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
. \" fudge factors for nroff and troff
.if n \{\
. ds #H 0
. ds #V .8m
. ds #F .3m
. ds #[ \f1
. ds #] \fP
.\}
.if t \{\
. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
. ds #V .6m
. ds #F 0
. ds #[ \&
. ds #] \&
.\}
. \" simple accents for nroff and troff
.if n \{\
. ds ' \&
. ds ` \&
. ds ^ \&
. ds , \&
. ds ~ ~
. ds /
.\}
.if t \{\
. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
.\}
. \" troff and (daisy-wheel) nroff accents
.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
.ds ae a\h'-(\w'a'u*4/10)'e
.ds Ae A\h'-(\w'A'u*4/10)'E
. \" corrections for vroff
.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
. \" for low resolution devices (crt and lpr)
.if \n(.H>23 .if \n(.V>19 \
\{\
. ds : e
. ds 8 ss
. ds o a
. ds d- d\h'-1'\(ga
. ds D- D\h'-1'\(hy
. ds th \o'bp'
. ds Th \o'LP'
. ds ae ae
. ds Ae AE
.\}
.rm #[ #] #H #V #F C
.\" ========================================================================
.\"
.IX Title "EVP_MAC-GMAC 7ossl"
.TH EVP_MAC-GMAC 7ossl "2025-07-01" "3.4.2" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
.nh
.SH "NAME"
EVP_MAC\-GMAC \- The GMAC EVP_MAC implementation
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
Support for computing \s-1GMAC\s0 MACs through the \fB\s-1EVP_MAC\s0\fR \s-1API.\s0
.PP
This implementation uses \s-1EVP_CIPHER\s0 functions to get access to the underlying
cipher.
.SS "Identity"
.IX Subsection "Identity"
This implementation is identified with this name and properties, to be
used with \fBEVP_MAC_fetch()\fR:
.ie n .IP """\s-1GMAC"",\s0 ""provider=default"" or ""provider=fips""" 4
.el .IP "``\s-1GMAC'',\s0 ``provider=default'' or ``provider=fips''" 4
.IX Item "GMAC, provider=default or provider=fips"
.SS "Supported parameters"
.IX Subsection "Supported parameters"
The general description of these parameters can be found in
\&\*(L"\s-1PARAMETERS\*(R"\s0 in \s-1\fBEVP_MAC\s0\fR\|(3).
.PP
The following parameter can be set with \fBEVP_MAC_CTX_set_params()\fR:
.ie n .IP """key"" (\fB\s-1OSSL_MAC_PARAM_KEY\s0\fR) <octet string>" 4
.el .IP "``key'' (\fB\s-1OSSL_MAC_PARAM_KEY\s0\fR) <octet string>" 4
.IX Item "key (OSSL_MAC_PARAM_KEY) <octet string>"
Sets the \s-1MAC\s0 key.
Setting this parameter is identical to passing a \fIkey\fR to \fBEVP_MAC_init\fR\|(3).
.ie n .IP """iv"" (\fB\s-1OSSL_MAC_PARAM_IV\s0\fR) <octet string>" 4
.el .IP "``iv'' (\fB\s-1OSSL_MAC_PARAM_IV\s0\fR) <octet string>" 4
.IX Item "iv (OSSL_MAC_PARAM_IV) <octet string>"
Sets the \s-1IV\s0 of the underlying cipher, when applicable.
.ie n .IP """cipher"" (\fB\s-1OSSL_MAC_PARAM_CIPHER\s0\fR) <\s-1UTF8\s0 string>" 4
.el .IP "``cipher'' (\fB\s-1OSSL_MAC_PARAM_CIPHER\s0\fR) <\s-1UTF8\s0 string>" 4
.IX Item "cipher (OSSL_MAC_PARAM_CIPHER) <UTF8 string>"
Sets the name of the underlying cipher to be used.
.ie n .IP """properties"" (\fB\s-1OSSL_MAC_PARAM_PROPERTIES\s0\fR) <\s-1UTF8\s0 string>" 4
.el .IP "``properties'' (\fB\s-1OSSL_MAC_PARAM_PROPERTIES\s0\fR) <\s-1UTF8\s0 string>" 4
.IX Item "properties (OSSL_MAC_PARAM_PROPERTIES) <UTF8 string>"
Sets the properties to be queried when trying to fetch the underlying cipher.
This must be given together with the cipher naming parameter to be considered
valid.
.PP
The following parameters can be retrieved with
\&\fBEVP_MAC_CTX_get_params()\fR:
.ie n .IP """size"" (\fB\s-1OSSL_MAC_PARAM_SIZE\s0\fR) <unsigned integer>" 4
.el .IP "``size'' (\fB\s-1OSSL_MAC_PARAM_SIZE\s0\fR) <unsigned integer>" 4
.IX Item "size (OSSL_MAC_PARAM_SIZE) <unsigned integer>"
Gets the \s-1MAC\s0 size.
.PP
The \*(L"size\*(R" parameter can also be retrieved with \fBEVP_MAC_CTX_get_mac_size()\fR.
The length of the \*(L"size\*(R" parameter is equal to that of an \fBunsigned int\fR.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\fBEVP_MAC_CTX_get_params\fR\|(3), \fBEVP_MAC_CTX_set_params\fR\|(3),
\&\*(L"\s-1PARAMETERS\*(R"\s0 in \s-1\fBEVP_MAC\s0\fR\|(3), \s-1\fBOSSL_PARAM\s0\fR\|(3)
.SH "COPYRIGHT"
.IX Header "COPYRIGHT"
Copyright 2018\-2021 The OpenSSL Project Authors. All Rights Reserved.
.PP
Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use
this file except in compliance with the License. You can obtain a copy
in the file \s-1LICENSE\s0 in the source distribution or at
<https://www.openssl.org/source/license.html>.

228
openssl-install/share/man/man7/EVP_MAC-HMAC.7ossl
View File

@@ -1,228 +0,0 @@
.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42)
.\"
.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..
.de Vb \" Begin verbatim text
.ft CW
.nf
.ne \\$1
..
.de Ve \" End verbatim text
.ft R
.fi
..
.\" Set up some character translations and predefined strings. \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote. \*(C+ will
.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
.\" nothing in troff, for use with C<>.
.tr \(*W-
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\
. ds -- \(*W-
. ds PI pi
. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
. ds L" ""
. ds R" ""
. ds C` ""
. ds C' ""
'br\}
.el\{\
. ds -- \|\(em\|
. ds PI \(*p
. ds L" ``
. ds R" ''
. ds C`
. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
.ie \n(.g .ds Aq \(aq
.el .ds Aq '
.\"
.\" If the F register is >0, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
.\"
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
.nr rF 0
.if \n(.g .if rF .nr rF 1
.if (\n(rF:(\n(.g==0)) \{\
. if \nF \{\
. de IX
. tm Index:\\$1\t\\n%\t"\\$2"
..
. if !\nF==2 \{\
. nr % 0
. nr F 2
. \}
. \}
.\}
.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
. \" fudge factors for nroff and troff
.if n \{\
. ds #H 0
. ds #V .8m
. ds #F .3m
. ds #[ \f1
. ds #] \fP
.\}
.if t \{\
. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
. ds #V .6m
. ds #F 0
. ds #[ \&
. ds #] \&
.\}
. \" simple accents for nroff and troff
.if n \{\
. ds ' \&
. ds ` \&
. ds ^ \&
. ds , \&
. ds ~ ~
. ds /
.\}
.if t \{\
. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
.\}
. \" troff and (daisy-wheel) nroff accents
.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
.ds ae a\h'-(\w'a'u*4/10)'e
.ds Ae A\h'-(\w'A'u*4/10)'E
. \" corrections for vroff
.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
. \" for low resolution devices (crt and lpr)
.if \n(.H>23 .if \n(.V>19 \
\{\
. ds : e
. ds 8 ss
. ds o a
. ds d- d\h'-1'\(ga
. ds D- D\h'-1'\(hy
. ds th \o'bp'
. ds Th \o'LP'
. ds ae ae
. ds Ae AE
.\}
.rm #[ #] #H #V #F C
.\" ========================================================================
.\"
.IX Title "EVP_MAC-HMAC 7ossl"
.TH EVP_MAC-HMAC 7ossl "2025-07-01" "3.4.2" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
.nh
.SH "NAME"
EVP_MAC\-HMAC \- The HMAC EVP_MAC implementation
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
Support for computing \s-1HMAC\s0 MACs through the \fB\s-1EVP_MAC\s0\fR \s-1API.\s0
.PP
This implementation uses \s-1EVP_MD\s0 functions to get access to the underlying
digest.
.SS "Identity"
.IX Subsection "Identity"
This implementation is identified with this name and properties, to be
used with \fBEVP_MAC_fetch()\fR:
.ie n .IP """\s-1HMAC"",\s0 ""provider=default"" or ""provider=fips""" 4
.el .IP "``\s-1HMAC'',\s0 ``provider=default'' or ``provider=fips''" 4
.IX Item "HMAC, provider=default or provider=fips"
.SS "Supported parameters"
.IX Subsection "Supported parameters"
The general description of these parameters can be found in
\&\*(L"\s-1PARAMETERS\*(R"\s0 in \s-1\fBEVP_MAC\s0\fR\|(3).
.PP
The following parameters can be set with \fBEVP_MAC_CTX_set_params()\fR:
.ie n .IP """key"" (\fB\s-1OSSL_MAC_PARAM_KEY\s0\fR) <octet string>" 4
.el .IP "``key'' (\fB\s-1OSSL_MAC_PARAM_KEY\s0\fR) <octet string>" 4
.IX Item "key (OSSL_MAC_PARAM_KEY) <octet string>"
Sets the \s-1MAC\s0 key.
Setting this parameter is identical to passing a \fIkey\fR to \fBEVP_MAC_init\fR\|(3).
.ie n .IP """digest"" (\fB\s-1OSSL_MAC_PARAM_DIGEST\s0\fR) <\s-1UTF8\s0 string>" 4
.el .IP "``digest'' (\fB\s-1OSSL_MAC_PARAM_DIGEST\s0\fR) <\s-1UTF8\s0 string>" 4
.IX Item "digest (OSSL_MAC_PARAM_DIGEST) <UTF8 string>"
Sets the name of the underlying digest to be used.
.ie n .IP """properties"" (\fB\s-1OSSL_MAC_PARAM_PROPERTIES\s0\fR) <\s-1UTF8\s0 string>" 4
.el .IP "``properties'' (\fB\s-1OSSL_MAC_PARAM_PROPERTIES\s0\fR) <\s-1UTF8\s0 string>" 4
.IX Item "properties (OSSL_MAC_PARAM_PROPERTIES) <UTF8 string>"
Sets the properties to be queried when trying to fetch the underlying digest.
This must be given together with the digest naming parameter (\*(L"digest\*(R", or
\&\fB\s-1OSSL_MAC_PARAM_DIGEST\s0\fR) to be considered valid.
.ie n .IP """digest-noinit"" (\fB\s-1OSSL_MAC_PARAM_DIGEST_NOINIT\s0\fR) <integer>" 4
.el .IP "``digest-noinit'' (\fB\s-1OSSL_MAC_PARAM_DIGEST_NOINIT\s0\fR) <integer>" 4
.IX Item "digest-noinit (OSSL_MAC_PARAM_DIGEST_NOINIT) <integer>"
A flag to set the \s-1MAC\s0 digest to not initialise the implementation
specific data.
The value 0 or 1 is expected.
This option is deprecated and will be removed in a future release.
It may be set but is currently ignored
.ie n .IP """digest-oneshot"" (\fB\s-1OSSL_MAC_PARAM_DIGEST_ONESHOT\s0\fR) <integer>" 4
.el .IP "``digest-oneshot'' (\fB\s-1OSSL_MAC_PARAM_DIGEST_ONESHOT\s0\fR) <integer>" 4
.IX Item "digest-oneshot (OSSL_MAC_PARAM_DIGEST_ONESHOT) <integer>"
A flag to set the \s-1MAC\s0 digest to be a one-shot operation.
The value 0 or 1 is expected.
This option is deprecated and will be removed in a future release.
It may be set but is currently ignored.
.ie n .IP """tls-data-size"" (\fB\s-1OSSL_MAC_PARAM_TLS_DATA_SIZE\s0\fR) <unsigned integer>" 4
.el .IP "``tls-data-size'' (\fB\s-1OSSL_MAC_PARAM_TLS_DATA_SIZE\s0\fR) <unsigned integer>" 4
.IX Item "tls-data-size (OSSL_MAC_PARAM_TLS_DATA_SIZE) <unsigned integer>"
.PD 0
.ie n .IP """key-check"" (\fB\s-1OSSL_MAC_PARAM_FIPS_KEY_CHECK\s0\fR) <integer>" 4
.el .IP "``key-check'' (\fB\s-1OSSL_MAC_PARAM_FIPS_KEY_CHECK\s0\fR) <integer>" 4
.IX Item "key-check (OSSL_MAC_PARAM_FIPS_KEY_CHECK) <integer>"
.PD
See \*(L"Mac Parameters\*(R" in \fBprovider\-mac\fR\|(7).
.PP
The following parameters can be retrieved with \fBEVP_MAC_CTX_get_params()\fR:
.ie n .IP """size"" (\fB\s-1OSSL_MAC_PARAM_SIZE\s0\fR) <unsigned integer>" 4
.el .IP "``size'' (\fB\s-1OSSL_MAC_PARAM_SIZE\s0\fR) <unsigned integer>" 4
.IX Item "size (OSSL_MAC_PARAM_SIZE) <unsigned integer>"
The \*(L"size\*(R" parameter can also be retrieved with \fBEVP_MAC_CTX_get_mac_size()\fR.
The length of the \*(L"size\*(R" parameter is equal to that of an \fBunsigned int\fR.
.ie n .IP """block-size"" (\fB\s-1OSSL_MAC_PARAM_BLOCK_SIZE\s0\fR) <unsigned integer>" 4
.el .IP "``block-size'' (\fB\s-1OSSL_MAC_PARAM_BLOCK_SIZE\s0\fR) <unsigned integer>" 4
.IX Item "block-size (OSSL_MAC_PARAM_BLOCK_SIZE) <unsigned integer>"
Gets the \s-1MAC\s0 block size. The \*(L"block-size\*(R" parameter can also be retrieved with
\&\fBEVP_MAC_CTX_get_block_size()\fR.
.ie n .IP """fips-indicator"" (\fB\s-1OSSL_KDF_PARAM_FIPS_APPROVED_INDICATOR\s0\fR) <integer>" 4
.el .IP "``fips-indicator'' (\fB\s-1OSSL_KDF_PARAM_FIPS_APPROVED_INDICATOR\s0\fR) <integer>" 4
.IX Item "fips-indicator (OSSL_KDF_PARAM_FIPS_APPROVED_INDICATOR) <integer>"
See \*(L"Mac Parameters\*(R" in \fBprovider\-mac\fR\|(7).
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\fBEVP_MAC_CTX_get_params\fR\|(3), \fBEVP_MAC_CTX_set_params\fR\|(3),
\&\*(L"\s-1PARAMETERS\*(R"\s0 in \s-1\fBEVP_MAC\s0\fR\|(3), \s-1\fBOSSL_PARAM\s0\fR\|(3), \s-1\fBHMAC\s0\fR\|(3)
.SH "COPYRIGHT"
.IX Header "COPYRIGHT"
Copyright 2018\-2024 The OpenSSL Project Authors. All Rights Reserved.
.PP
Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use
this file except in compliance with the License. You can obtain a copy
in the file \s-1LICENSE\s0 in the source distribution or at
<https://www.openssl.org/source/license.html>.

296
openssl-install/share/man/man7/EVP_MAC-KMAC.7ossl
View File

@@ -1,296 +0,0 @@
.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42)
.\"
.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..
.de Vb \" Begin verbatim text
.ft CW
.nf
.ne \\$1
..
.de Ve \" End verbatim text
.ft R
.fi
..
.\" Set up some character translations and predefined strings. \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote. \*(C+ will
.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
.\" nothing in troff, for use with C<>.
.tr \(*W-
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\
. ds -- \(*W-
. ds PI pi
. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
. ds L" ""
. ds R" ""
. ds C` ""
. ds C' ""
'br\}
.el\{\
. ds -- \|\(em\|
. ds PI \(*p
. ds L" ``
. ds R" ''
. ds C`
. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
.ie \n(.g .ds Aq \(aq
.el .ds Aq '
.\"
.\" If the F register is >0, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
.\"
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
.nr rF 0
.if \n(.g .if rF .nr rF 1
.if (\n(rF:(\n(.g==0)) \{\
. if \nF \{\
. de IX
. tm Index:\\$1\t\\n%\t"\\$2"
..
. if !\nF==2 \{\
. nr % 0
. nr F 2
. \}
. \}
.\}
.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
. \" fudge factors for nroff and troff
.if n \{\
. ds #H 0
. ds #V .8m
. ds #F .3m
. ds #[ \f1
. ds #] \fP
.\}
.if t \{\
. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
. ds #V .6m
. ds #F 0
. ds #[ \&
. ds #] \&
.\}
. \" simple accents for nroff and troff
.if n \{\
. ds ' \&
. ds ` \&
. ds ^ \&
. ds , \&
. ds ~ ~
. ds /
.\}
.if t \{\
. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
.\}
. \" troff and (daisy-wheel) nroff accents
.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
.ds ae a\h'-(\w'a'u*4/10)'e
.ds Ae A\h'-(\w'A'u*4/10)'E
. \" corrections for vroff
.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
. \" for low resolution devices (crt and lpr)
.if \n(.H>23 .if \n(.V>19 \
\{\
. ds : e
. ds 8 ss
. ds o a
. ds d- d\h'-1'\(ga
. ds D- D\h'-1'\(hy
. ds th \o'bp'
. ds Th \o'LP'
. ds ae ae
. ds Ae AE
.\}
.rm #[ #] #H #V #F C
.\" ========================================================================
.\"
.IX Title "EVP_MAC-KMAC 7ossl"
.TH EVP_MAC-KMAC 7ossl "2025-07-01" "3.4.2" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
.nh
.SH "NAME"
EVP_MAC\-KMAC, EVP_MAC\-KMAC128, EVP_MAC\-KMAC256
\&\- The KMAC EVP_MAC implementations
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
Support for computing \s-1KMAC\s0 MACs through the \fB\s-1EVP_MAC\s0\fR \s-1API.\s0
.SS "Identity"
.IX Subsection "Identity"
These implementations are identified with one of these names and
properties, to be used with \fBEVP_MAC_fetch()\fR:
.ie n .IP """\s-1KMAC\-128"",\s0 ""provider=default"" or ""provider=fips""" 4
.el .IP "``\s-1KMAC\-128'',\s0 ``provider=default'' or ``provider=fips''" 4
.IX Item "KMAC-128, provider=default or provider=fips"
.PD 0
.ie n .IP """\s-1KMAC\-256"",\s0 ""provider=default"" or ""provider=fips""" 4
.el .IP "``\s-1KMAC\-256'',\s0 ``provider=default'' or ``provider=fips''" 4
.IX Item "KMAC-256, provider=default or provider=fips"
.PD
.SS "Supported parameters"
.IX Subsection "Supported parameters"
The general description of these parameters can be found in
\&\*(L"\s-1PARAMETERS\*(R"\s0 in \s-1\fBEVP_MAC\s0\fR\|(3).
.PP
All these parameters (except for \*(L"block-size\*(R") can be set with
\&\fBEVP_MAC_CTX_set_params()\fR.
Furthermore, the \*(L"size\*(R" parameter can be retrieved with
\&\fBEVP_MAC_CTX_get_params()\fR, or with \fBEVP_MAC_CTX_get_mac_size()\fR.
The length of the \*(L"size\*(R" parameter should not exceed that of a \fBsize_t\fR.
Likewise, the \*(L"block-size\*(R" parameter can be retrieved with
\&\fBEVP_MAC_CTX_get_params()\fR, or with \fBEVP_MAC_CTX_get_block_size()\fR.
.ie n .IP """key"" (\fB\s-1OSSL_MAC_PARAM_KEY\s0\fR) <octet string>" 4
.el .IP "``key'' (\fB\s-1OSSL_MAC_PARAM_KEY\s0\fR) <octet string>" 4
.IX Item "key (OSSL_MAC_PARAM_KEY) <octet string>"
Sets the \s-1MAC\s0 key.
Setting this parameter is identical to passing a \fIkey\fR to \fBEVP_MAC_init\fR\|(3).
The length of the key (in bytes) must be in the range 4...512.
.ie n .IP """custom"" (\fB\s-1OSSL_MAC_PARAM_CUSTOM\s0\fR) <octet string>" 4
.el .IP "``custom'' (\fB\s-1OSSL_MAC_PARAM_CUSTOM\s0\fR) <octet string>" 4
.IX Item "custom (OSSL_MAC_PARAM_CUSTOM) <octet string>"
Sets the customization string.
It is an optional value with a length of at most 512 bytes, and is
empty by default.
.ie n .IP """size"" (\fB\s-1OSSL_MAC_PARAM_SIZE\s0\fR) <unsigned integer>" 4
.el .IP "``size'' (\fB\s-1OSSL_MAC_PARAM_SIZE\s0\fR) <unsigned integer>" 4
.IX Item "size (OSSL_MAC_PARAM_SIZE) <unsigned integer>"
Sets the \s-1MAC\s0 size.
By default, it is 32 for \f(CW\*(C`KMAC\-128\*(C'\fR and 64 for \f(CW\*(C`KMAC\-256\*(C'\fR.
.ie n .IP """block-size"" (\fB\s-1OSSL_MAC_PARAM_BLOCK_SIZE\s0\fR) <unsigned integer>" 4
.el .IP "``block-size'' (\fB\s-1OSSL_MAC_PARAM_BLOCK_SIZE\s0\fR) <unsigned integer>" 4
.IX Item "block-size (OSSL_MAC_PARAM_BLOCK_SIZE) <unsigned integer>"
Gets the \s-1MAC\s0 block size.
It is 168 for \f(CW\*(C`KMAC\-128\*(C'\fR and 136 for \f(CW\*(C`KMAC\-256\*(C'\fR.
.ie n .IP """xof"" (\fB\s-1OSSL_MAC_PARAM_XOF\s0\fR) <integer>" 4
.el .IP "``xof'' (\fB\s-1OSSL_MAC_PARAM_XOF\s0\fR) <integer>" 4
.IX Item "xof (OSSL_MAC_PARAM_XOF) <integer>"
The \*(L"xof\*(R" parameter value is expected to be 1 or 0. Use 1 to enable \s-1XOF\s0 mode.
The default value is 0.
.ie n .IP """fips-indicator"" (\fB\s-1OSSL_MAC_PARAM_FIPS_APPROVED_INDICATOR\s0\fR) <int>" 4
.el .IP "``fips-indicator'' (\fB\s-1OSSL_MAC_PARAM_FIPS_APPROVED_INDICATOR\s0\fR) <int>" 4
.IX Item "fips-indicator (OSSL_MAC_PARAM_FIPS_APPROVED_INDICATOR) <int>"
This settable parameter is described in \fBprovider\-mac\fR\|(7).
.ie n .IP """no-short-mac"" (\fB\s-1OSSL_MAC_PARAM_FIPS_NO_SHORT_MAC\s0\fR) <integer>" 4
.el .IP "``no-short-mac'' (\fB\s-1OSSL_MAC_PARAM_FIPS_NO_SHORT_MAC\s0\fR) <integer>" 4
.IX Item "no-short-mac (OSSL_MAC_PARAM_FIPS_NO_SHORT_MAC) <integer>"
This settable parameter is described in \fBprovider\-mac\fR\|(7). It is used by
the OpenSSL \s-1FIPS\s0 provider and the minimum length output for \s-1KMAC\s0
is defined by \s-1NIST\s0's \s-1SP 800\-185 8.4.2.\s0
.ie n .IP """key-check"" (\fB\s-1OSSL_MAC_PARAM_FIPS_KEY_CHECK\s0\fR) <integer>" 4
.el .IP "``key-check'' (\fB\s-1OSSL_MAC_PARAM_FIPS_KEY_CHECK\s0\fR) <integer>" 4
.IX Item "key-check (OSSL_MAC_PARAM_FIPS_KEY_CHECK) <integer>"
This settable parameter is described in \fBprovider\-mac\fR\|(7).
.PP
The \*(L"custom\*(R" and \*(L"no-short-mac\*(R" parameters must be set as part of or before
the \fBEVP_MAC_init()\fR call.
The \*(L"xof\*(R" and \*(L"size\*(R" parameters can be set at any time before \fBEVP_MAC_final()\fR.
The \*(L"key\*(R" parameter is set as part of the \fBEVP_MAC_init()\fR call, but can be
set before it instead.
.SH "EXAMPLES"
.IX Header "EXAMPLES"
.Vb 2
\& #include <openssl/evp.h>
\& #include <openssl/params.h>
\&
\& static int do_kmac(const unsigned char *in, size_t in_len,
\& const unsigned char *key, size_t key_len,
\& const unsigned char *custom, size_t custom_len,
\& int xof_enabled, unsigned char *out, int out_len)
\& {
\& EVP_MAC_CTX *ctx = NULL;
\& EVP_MAC *mac = NULL;
\& OSSL_PARAM params[4], *p;
\& int ret = 0;
\& size_t l = 0;
\&
\& mac = EVP_MAC_fetch(NULL, "KMAC\-128", NULL);
\& if (mac == NULL)
\& goto err;
\& ctx = EVP_MAC_CTX_new(mac);
\& /* The mac can be freed after it is used by EVP_MAC_CTX_new */
\& EVP_MAC_free(mac);
\& if (ctx == NULL)
\& goto err;
\&
\& /*
\& * Setup parameters required before calling EVP_MAC_init()
\& * The parameters OSSL_MAC_PARAM_XOF and OSSL_MAC_PARAM_SIZE may also be
\& * used at this point.
\& */
\& p = params;
\& *p++ = OSSL_PARAM_construct_octet_string(OSSL_MAC_PARAM_KEY,
\& (void *)key, key_len);
\& if (custom != NULL && custom_len != 0)
\& *p++ = OSSL_PARAM_construct_octet_string(OSSL_MAC_PARAM_CUSTOM,
\& (void *)custom, custom_len);
\& *p = OSSL_PARAM_construct_end();
\& if (!EVP_MAC_CTX_set_params(ctx, params))
\& goto err;
\&
\& if (!EVP_MAC_init(ctx))
\& goto err;
\&
\& /*
\& * Note: the following optional parameters can be set any time
\& * before EVP_MAC_final().
\& */
\& p = params;
\& *p++ = OSSL_PARAM_construct_int(OSSL_MAC_PARAM_XOF, &xof_enabled);
\& *p++ = OSSL_PARAM_construct_int(OSSL_MAC_PARAM_SIZE, &out_len);
\& *p = OSSL_PARAM_construct_end();
\& if (!EVP_MAC_CTX_set_params(ctx, params))
\& goto err;
\&
\& /* The update may be called multiple times here for streamed input */
\& if (!EVP_MAC_update(ctx, in, in_len))
\& goto err;
\& if (!EVP_MAC_final(ctx, out, &l, out_len))
\& goto err;
\& ret = 1;
\& err:
\& EVP_MAC_CTX_free(ctx);
\& return ret;
\& }
.Ve
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\fBEVP_MAC_CTX_get_params\fR\|(3), \fBEVP_MAC_CTX_set_params\fR\|(3),
\&\*(L"\s-1PARAMETERS\*(R"\s0 in \s-1\fBEVP_MAC\s0\fR\|(3), \s-1\fBOSSL_PARAM\s0\fR\|(3),
\&\s-1SP 800\-185 8.4.2\s0 <https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-185.pdf>
.SH "COPYRIGHT"
.IX Header "COPYRIGHT"
Copyright 2018\-2024 The OpenSSL Project Authors. All Rights Reserved.
.PP
Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use
this file except in compliance with the License. You can obtain a copy
in the file \s-1LICENSE\s0 in the source distribution or at
<https://www.openssl.org/source/license.html>.

1
openssl-install/share/man/man7/EVP_MAC-KMAC128.7ossl
View File

@@ -1 +0,0 @@
EVP_MAC-KMAC.7ossl

1
openssl-install/share/man/man7/EVP_MAC-KMAC256.7ossl
View File

@@ -1 +0,0 @@
EVP_MAC-KMAC.7ossl

191
openssl-install/share/man/man7/EVP_MAC-Poly1305.7ossl
View File

@@ -1,191 +0,0 @@
.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42)
.\"
.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..
.de Vb \" Begin verbatim text
.ft CW
.nf
.ne \\$1
..
.de Ve \" End verbatim text
.ft R
.fi
..
.\" Set up some character translations and predefined strings. \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote. \*(C+ will
.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
.\" nothing in troff, for use with C<>.
.tr \(*W-
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\
. ds -- \(*W-
. ds PI pi
. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
. ds L" ""
. ds R" ""
. ds C` ""
. ds C' ""
'br\}
.el\{\
. ds -- \|\(em\|
. ds PI \(*p
. ds L" ``
. ds R" ''
. ds C`
. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
.ie \n(.g .ds Aq \(aq
.el .ds Aq '
.\"
.\" If the F register is >0, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
.\"
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
.nr rF 0
.if \n(.g .if rF .nr rF 1
.if (\n(rF:(\n(.g==0)) \{\
. if \nF \{\
. de IX
. tm Index:\\$1\t\\n%\t"\\$2"
..
. if !\nF==2 \{\
. nr % 0
. nr F 2
. \}
. \}
.\}
.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
. \" fudge factors for nroff and troff
.if n \{\
. ds #H 0
. ds #V .8m
. ds #F .3m
. ds #[ \f1
. ds #] \fP
.\}
.if t \{\
. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
. ds #V .6m
. ds #F 0
. ds #[ \&
. ds #] \&
.\}
. \" simple accents for nroff and troff
.if n \{\
. ds ' \&
. ds ` \&
. ds ^ \&
. ds , \&
. ds ~ ~
. ds /
.\}
.if t \{\
. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
.\}
. \" troff and (daisy-wheel) nroff accents
.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
.ds ae a\h'-(\w'a'u*4/10)'e
.ds Ae A\h'-(\w'A'u*4/10)'E
. \" corrections for vroff
.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
. \" for low resolution devices (crt and lpr)
.if \n(.H>23 .if \n(.V>19 \
\{\
. ds : e
. ds 8 ss
. ds o a
. ds d- d\h'-1'\(ga
. ds D- D\h'-1'\(hy
. ds th \o'bp'
. ds Th \o'LP'
. ds ae ae
. ds Ae AE
.\}
.rm #[ #] #H #V #F C
.\" ========================================================================
.\"
.IX Title "EVP_MAC-POLY1305 7ossl"
.TH EVP_MAC-POLY1305 7ossl "2025-07-01" "3.4.2" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
.nh
.SH "NAME"
EVP_MAC\-Poly1305 \- The Poly1305 EVP_MAC implementation
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
Support for computing Poly1305 MACs through the \fB\s-1EVP_MAC\s0\fR \s-1API.\s0
.SS "Identity"
.IX Subsection "Identity"
This implementation is identified with this name and properties, to be
used with \fBEVP_MAC_fetch()\fR:
.ie n .IP """\s-1POLY1305"",\s0 ""provider=default""" 4
.el .IP "``\s-1POLY1305'',\s0 ``provider=default''" 4
.IX Item "POLY1305, provider=default"
.SS "Supported parameters"
.IX Subsection "Supported parameters"
The general description of these parameters can be found in
\&\*(L"\s-1PARAMETERS\*(R"\s0 in \s-1\fBEVP_MAC\s0\fR\|(3).
.PP
The following parameter can be set with \fBEVP_MAC_CTX_set_params()\fR:
.ie n .IP """key"" (\fB\s-1OSSL_MAC_PARAM_KEY\s0\fR) <octet string>" 4
.el .IP "``key'' (\fB\s-1OSSL_MAC_PARAM_KEY\s0\fR) <octet string>" 4
.IX Item "key (OSSL_MAC_PARAM_KEY) <octet string>"
Sets the \s-1MAC\s0 key.
Setting this parameter is identical to passing a \fIkey\fR to \fBEVP_MAC_init\fR\|(3).
.PP
The following parameters can be retrieved with
\&\fBEVP_MAC_CTX_get_params()\fR:
.ie n .IP """size"" (\fB\s-1OSSL_MAC_PARAM_SIZE\s0\fR) <unsigned integer>" 4
.el .IP "``size'' (\fB\s-1OSSL_MAC_PARAM_SIZE\s0\fR) <unsigned integer>" 4
.IX Item "size (OSSL_MAC_PARAM_SIZE) <unsigned integer>"
Gets the \s-1MAC\s0 size.
.PP
The \*(L"size\*(R" parameter can also be retrieved with with \fBEVP_MAC_CTX_get_mac_size()\fR.
The length of the \*(L"size\*(R" parameter should not exceed that of an \fBunsigned int\fR.
.SH "NOTES"
.IX Header "NOTES"
The OpenSSL implementation of the Poly 1305 \s-1MAC\s0 corresponds to \s-1RFC 7539.\s0
.PP
It is critical to never reuse the key. The security implication noted in
\&\s-1RFC 8439\s0 applies equally to the OpenSSL implementation.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\fBEVP_MAC_CTX_get_params\fR\|(3), \fBEVP_MAC_CTX_set_params\fR\|(3),
\&\*(L"\s-1PARAMETERS\*(R"\s0 in \s-1\fBEVP_MAC\s0\fR\|(3), \s-1\fBOSSL_PARAM\s0\fR\|(3)
.SH "COPYRIGHT"
.IX Header "COPYRIGHT"
Copyright 2018\-2021 The OpenSSL Project Authors. All Rights Reserved.
.PP
Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use
this file except in compliance with the License. You can obtain a copy
in the file \s-1LICENSE\s0 in the source distribution or at
<https://www.openssl.org/source/license.html>.

190
openssl-install/share/man/man7/EVP_MAC-Siphash.7ossl
View File

@@ -1,190 +0,0 @@
.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42)
.\"
.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..
.de Vb \" Begin verbatim text
.ft CW
.nf
.ne \\$1
..
.de Ve \" End verbatim text
.ft R
.fi
..
.\" Set up some character translations and predefined strings. \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote. \*(C+ will
.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
.\" nothing in troff, for use with C<>.
.tr \(*W-
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\
. ds -- \(*W-
. ds PI pi
. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
. ds L" ""
. ds R" ""
. ds C` ""
. ds C' ""
'br\}
.el\{\
. ds -- \|\(em\|
. ds PI \(*p
. ds L" ``
. ds R" ''
. ds C`
. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
.ie \n(.g .ds Aq \(aq
.el .ds Aq '
.\"
.\" If the F register is >0, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
.\"
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
.nr rF 0
.if \n(.g .if rF .nr rF 1
.if (\n(rF:(\n(.g==0)) \{\
. if \nF \{\
. de IX
. tm Index:\\$1\t\\n%\t"\\$2"
..
. if !\nF==2 \{\
. nr % 0
. nr F 2
. \}
. \}
.\}
.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
. \" fudge factors for nroff and troff
.if n \{\
. ds #H 0
. ds #V .8m
. ds #F .3m
. ds #[ \f1
. ds #] \fP
.\}
.if t \{\
. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
. ds #V .6m
. ds #F 0
. ds #[ \&
. ds #] \&
.\}
. \" simple accents for nroff and troff
.if n \{\
. ds ' \&
. ds ` \&
. ds ^ \&
. ds , \&
. ds ~ ~
. ds /
.\}
.if t \{\
. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
.\}
. \" troff and (daisy-wheel) nroff accents
.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
.ds ae a\h'-(\w'a'u*4/10)'e
.ds Ae A\h'-(\w'A'u*4/10)'E
. \" corrections for vroff
.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
. \" for low resolution devices (crt and lpr)
.if \n(.H>23 .if \n(.V>19 \
\{\
. ds : e
. ds 8 ss
. ds o a
. ds d- d\h'-1'\(ga
. ds D- D\h'-1'\(hy
. ds th \o'bp'
. ds Th \o'LP'
. ds ae ae
. ds Ae AE
.\}
.rm #[ #] #H #V #F C
.\" ========================================================================
.\"
.IX Title "EVP_MAC-SIPHASH 7ossl"
.TH EVP_MAC-SIPHASH 7ossl "2025-07-01" "3.4.2" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
.nh
.SH "NAME"
EVP_MAC\-Siphash \- The Siphash EVP_MAC implementation
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
Support for computing Siphash MACs through the \fB\s-1EVP_MAC\s0\fR \s-1API.\s0
.SS "Identity"
.IX Subsection "Identity"
This implementation is identified with this name and properties, to be
used with \fBEVP_MAC_fetch()\fR:
.ie n .IP """\s-1SIPHASH"",\s0 ""provider=default""" 4
.el .IP "``\s-1SIPHASH'',\s0 ``provider=default''" 4
.IX Item "SIPHASH, provider=default"
.SS "Supported parameters"
.IX Subsection "Supported parameters"
The general description of these parameters can be found in
\&\*(L"\s-1PARAMETERS\*(R"\s0 in \s-1\fBEVP_MAC\s0\fR\|(3).
.PP
All these parameters can be set with \fBEVP_MAC_CTX_set_params()\fR.
Furthermore, the \*(L"size\*(R" parameter can be retrieved with
\&\fBEVP_MAC_CTX_get_params()\fR, or with \fBEVP_MAC_CTX_get_mac_size()\fR.
The length of the \*(L"size\*(R" parameter should not exceed that of a \fBsize_t\fR.
.ie n .IP """key"" (\fB\s-1OSSL_MAC_PARAM_KEY\s0\fR) <octet string>" 4
.el .IP "``key'' (\fB\s-1OSSL_MAC_PARAM_KEY\s0\fR) <octet string>" 4
.IX Item "key (OSSL_MAC_PARAM_KEY) <octet string>"
Sets the \s-1MAC\s0 key.
Setting this parameter is identical to passing a \fIkey\fR to \fBEVP_MAC_init\fR\|(3).
.ie n .IP """size"" (\fB\s-1OSSL_MAC_PARAM_SIZE\s0\fR) <unsigned integer>" 4
.el .IP "``size'' (\fB\s-1OSSL_MAC_PARAM_SIZE\s0\fR) <unsigned integer>" 4
.IX Item "size (OSSL_MAC_PARAM_SIZE) <unsigned integer>"
Sets the \s-1MAC\s0 size.
.ie n .IP """c\-rounds"" (\fB\s-1OSSL_MAC_PARAM_C_ROUNDS\s0\fR) <unsigned integer>" 4
.el .IP "``c\-rounds'' (\fB\s-1OSSL_MAC_PARAM_C_ROUNDS\s0\fR) <unsigned integer>" 4
.IX Item "c-rounds (OSSL_MAC_PARAM_C_ROUNDS) <unsigned integer>"
Specifies the number of rounds per message block. By default this is \fI2\fR.
.ie n .IP """d\-rounds"" (\fB\s-1OSSL_MAC_PARAM_D_ROUNDS\s0\fR) <unsigned integer>" 4
.el .IP "``d\-rounds'' (\fB\s-1OSSL_MAC_PARAM_D_ROUNDS\s0\fR) <unsigned integer>" 4
.IX Item "d-rounds (OSSL_MAC_PARAM_D_ROUNDS) <unsigned integer>"
Specifies the number of finalisation rounds. By default this is \fI4\fR.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\fBEVP_MAC_CTX_get_params\fR\|(3), \fBEVP_MAC_CTX_set_params\fR\|(3),
\&\*(L"\s-1PARAMETERS\*(R"\s0 in \s-1\fBEVP_MAC\s0\fR\|(3), \s-1\fBOSSL_PARAM\s0\fR\|(3)
.SH "COPYRIGHT"
.IX Header "COPYRIGHT"
Copyright 2018\-2021 The OpenSSL Project Authors. All Rights Reserved.
.PP
Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use
this file except in compliance with the License. You can obtain a copy
in the file \s-1LICENSE\s0 in the source distribution or at
<https://www.openssl.org/source/license.html>.

198
openssl-install/share/man/man7/EVP_MD-BLAKE2.7ossl
View File

@@ -1,198 +0,0 @@
.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42)
.\"
.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..
.de Vb \" Begin verbatim text
.ft CW
.nf
.ne \\$1
..
.de Ve \" End verbatim text
.ft R
.fi
..
.\" Set up some character translations and predefined strings. \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote. \*(C+ will
.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
.\" nothing in troff, for use with C<>.
.tr \(*W-
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\
. ds -- \(*W-
. ds PI pi
. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
. ds L" ""
. ds R" ""
. ds C` ""
. ds C' ""
'br\}
.el\{\
. ds -- \|\(em\|
. ds PI \(*p
. ds L" ``
. ds R" ''
. ds C`
. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
.ie \n(.g .ds Aq \(aq
.el .ds Aq '
.\"
.\" If the F register is >0, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
.\"
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
.nr rF 0
.if \n(.g .if rF .nr rF 1
.if (\n(rF:(\n(.g==0)) \{\
. if \nF \{\
. de IX
. tm Index:\\$1\t\\n%\t"\\$2"
..
. if !\nF==2 \{\
. nr % 0
. nr F 2
. \}
. \}
.\}
.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
. \" fudge factors for nroff and troff
.if n \{\
. ds #H 0
. ds #V .8m
. ds #F .3m
. ds #[ \f1
. ds #] \fP
.\}
.if t \{\
. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
. ds #V .6m
. ds #F 0
. ds #[ \&
. ds #] \&
.\}
. \" simple accents for nroff and troff
.if n \{\
. ds ' \&
. ds ` \&
. ds ^ \&
. ds , \&
. ds ~ ~
. ds /
.\}
.if t \{\
. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
.\}
. \" troff and (daisy-wheel) nroff accents
.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
.ds ae a\h'-(\w'a'u*4/10)'e
.ds Ae A\h'-(\w'A'u*4/10)'E
. \" corrections for vroff
.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
. \" for low resolution devices (crt and lpr)
.if \n(.H>23 .if \n(.V>19 \
\{\
. ds : e
. ds 8 ss
. ds o a
. ds d- d\h'-1'\(ga
. ds D- D\h'-1'\(hy
. ds th \o'bp'
. ds Th \o'LP'
. ds ae ae
. ds Ae AE
.\}
.rm #[ #] #H #V #F C
.\" ========================================================================
.\"
.IX Title "EVP_MD-BLAKE2 7ossl"
.TH EVP_MD-BLAKE2 7ossl "2025-07-01" "3.4.2" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
.nh
.SH "NAME"
EVP_MD\-BLAKE2 \- The BLAKE2 EVP_MD implementation
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
Support for computing \s-1BLAKE2\s0 digests through the \fB\s-1EVP_MD\s0\fR \s-1API.\s0
.SS "Identities"
.IX Subsection "Identities"
This implementation is only available with the default provider, and
includes the following varieties:
.IP "\s-1BLAKE2S\-256\s0" 4
.IX Item "BLAKE2S-256"
Known names are \*(L"\s-1BLAKE2S\-256\*(R"\s0 and \*(L"BLAKE2s256\*(R".
.IP "\s-1BLAKE2B\-512\s0" 4
.IX Item "BLAKE2B-512"
Known names are \*(L"\s-1BLAKE2B\-512\*(R"\s0 and \*(L"BLAKE2b512\*(R".
.SS "Settable Parameters"
.IX Subsection "Settable Parameters"
\&\*(L"\s-1BLAKE2B\-512\*(R"\s0 supports the following \fBEVP_MD_CTX_set_params()\fR key
described in \*(L"\s-1PARAMETERS\*(R"\s0 in \fBEVP_DigestInit\fR\|(3).
.ie n .IP """size"" (\fB\s-1OSSL_DIGEST_PARAM_SIZE\s0\fR) <unsigned integer>" 4
.el .IP "``size'' (\fB\s-1OSSL_DIGEST_PARAM_SIZE\s0\fR) <unsigned integer>" 4
.IX Item "size (OSSL_DIGEST_PARAM_SIZE) <unsigned integer>"
.SS "Gettable Parameters"
.IX Subsection "Gettable Parameters"
This implementation supports the common gettable parameters described
in \fBEVP_MD\-common\fR\|(7).
.SS "Settable Context Parameters"
.IX Subsection "Settable Context Parameters"
The implementation supports the following \s-1\fBOSSL_PARAM\s0\fR\|(3) entries which
are settable for an \fB\s-1EVP_MD_CTX\s0\fR with \fBEVP_DigestInit_ex2\fR\|(3) or
\&\fBEVP_MD_CTX_set_params\fR\|(3):
.ie n .IP """size"" (\fB\s-1OSSL_DIGEST_PARAM_SIZE\s0\fR) <unsigned integer>" 4
.el .IP "``size'' (\fB\s-1OSSL_DIGEST_PARAM_SIZE\s0\fR) <unsigned integer>" 4
.IX Item "size (OSSL_DIGEST_PARAM_SIZE) <unsigned integer>"
Sets a different digest length for the \fBEVP_DigestFinal\fR\|(3) output.
The value of the \*(L"size\*(R" parameter must not exceed the default digest length
of the respective \s-1BLAKE2\s0 algorithm variants, 64 for \s-1BLAKE2B\-512\s0 and
32 for \s-1BLAKE2S\-256.\s0 The parameter must be set with the
\&\fBEVP_DigestInit_ex2\fR\|(3) call to have an immediate effect. When set with
\&\fBEVP_MD_CTX_set_params\fR\|(3) it will have an effect only if the \fB\s-1EVP_MD_CTX\s0\fR
context is reinitialized.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\fBprovider\-digest\fR\|(7), \fBOSSL_PROVIDER\-default\fR\|(7)
.SH "HISTORY"
.IX Header "HISTORY"
This functionality was added in OpenSSL 3.0.
.PP
The variable size support was added in OpenSSL 3.2 for \s-1BLAKE2B\-512\s0 and
in OpenSSL 3.3 for \s-1BLAKE2S\-256.\s0
.SH "COPYRIGHT"
.IX Header "COPYRIGHT"
Copyright 2020\-2024 The OpenSSL Project Authors. All Rights Reserved.
.PP
Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use
this file except in compliance with the License. You can obtain a copy
in the file \s-1LICENSE\s0 in the source distribution or at
<https://www.openssl.org/source/license.html>.

1
openssl-install/share/man/man7/EVP_MD-KECCAK-KMAC.7ossl
View File

@@ -1 +0,0 @@
EVP_MD-SHAKE.7ossl

178
openssl-install/share/man/man7/EVP_MD-KECCAK.7ossl
View File

@@ -1,178 +0,0 @@
.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42)
.\"
.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..
.de Vb \" Begin verbatim text
.ft CW
.nf
.ne \\$1
..
.de Ve \" End verbatim text
.ft R
.fi
..
.\" Set up some character translations and predefined strings. \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote. \*(C+ will
.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
.\" nothing in troff, for use with C<>.
.tr \(*W-
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\
. ds -- \(*W-
. ds PI pi
. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
. ds L" ""
. ds R" ""
. ds C` ""
. ds C' ""
'br\}
.el\{\
. ds -- \|\(em\|
. ds PI \(*p
. ds L" ``
. ds R" ''
. ds C`
. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
.ie \n(.g .ds Aq \(aq
.el .ds Aq '
.\"
.\" If the F register is >0, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
.\"
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
.nr rF 0
.if \n(.g .if rF .nr rF 1
.if (\n(rF:(\n(.g==0)) \{\
. if \nF \{\
. de IX
. tm Index:\\$1\t\\n%\t"\\$2"
..
. if !\nF==2 \{\
. nr % 0
. nr F 2
. \}
. \}
.\}
.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
. \" fudge factors for nroff and troff
.if n \{\
. ds #H 0
. ds #V .8m
. ds #F .3m
. ds #[ \f1
. ds #] \fP
.\}
.if t \{\
. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
. ds #V .6m
. ds #F 0
. ds #[ \&
. ds #] \&
.\}
. \" simple accents for nroff and troff
.if n \{\
. ds ' \&
. ds ` \&
. ds ^ \&
. ds , \&
. ds ~ ~
. ds /
.\}
.if t \{\
. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
.\}
. \" troff and (daisy-wheel) nroff accents
.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
.ds ae a\h'-(\w'a'u*4/10)'e
.ds Ae A\h'-(\w'A'u*4/10)'E
. \" corrections for vroff
.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
. \" for low resolution devices (crt and lpr)
.if \n(.H>23 .if \n(.V>19 \
\{\
. ds : e
. ds 8 ss
. ds o a
. ds d- d\h'-1'\(ga
. ds D- D\h'-1'\(hy
. ds th \o'bp'
. ds Th \o'LP'
. ds ae ae
. ds Ae AE
.\}
.rm #[ #] #H #V #F C
.\" ========================================================================
.\"
.IX Title "EVP_MD-KECCAK 7ossl"
.TH EVP_MD-KECCAK 7ossl "2025-07-01" "3.4.2" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
.nh
.SH "NAME"
EVP_MD\-KECCAK \- The KECCAK EVP_MD implementations
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
Support for computing \s-1KECCAK\s0 digests through the \fB\s-1EVP_MD\s0\fR \s-1API.\s0
.SS "Identities"
.IX Subsection "Identities"
This implementation is available in the default provider and
includes the following varieties:
.ie n .IP """\s-1KECCAK\-224""\s0" 4
.el .IP "``\s-1KECCAK\-224''\s0" 4
.IX Item "KECCAK-224"
.PD 0
.ie n .IP """\s-1KECCAK\-256""\s0" 4
.el .IP "``\s-1KECCAK\-256''\s0" 4
.IX Item "KECCAK-256"
.ie n .IP """\s-1KECCAK\-384""\s0" 4
.el .IP "``\s-1KECCAK\-384''\s0" 4
.IX Item "KECCAK-384"
.ie n .IP """\s-1KECCAK\-512""\s0" 4
.el .IP "``\s-1KECCAK\-512''\s0" 4
.IX Item "KECCAK-512"
.PD
.SS "Gettable Parameters"
.IX Subsection "Gettable Parameters"
This implementation supports the common gettable parameters described
in \fBEVP_MD\-common\fR\|(7).
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\fBprovider\-digest\fR\|(7), \fBOSSL_PROVIDER\-default\fR\|(7)
.SH "COPYRIGHT"
.IX Header "COPYRIGHT"
Copyright 2021 The OpenSSL Project Authors. All Rights Reserved.
.PP
Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use
this file except in compliance with the License. You can obtain a copy
in the file \s-1LICENSE\s0 in the source distribution or at
<https://www.openssl.org/source/license.html>.

164
openssl-install/share/man/man7/EVP_MD-MD2.7ossl
View File

@@ -1,164 +0,0 @@
.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42)
.\"
.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..
.de Vb \" Begin verbatim text
.ft CW
.nf
.ne \\$1
..
.de Ve \" End verbatim text
.ft R
.fi
..
.\" Set up some character translations and predefined strings. \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote. \*(C+ will
.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
.\" nothing in troff, for use with C<>.
.tr \(*W-
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\
. ds -- \(*W-
. ds PI pi
. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
. ds L" ""
. ds R" ""
. ds C` ""
. ds C' ""
'br\}
.el\{\
. ds -- \|\(em\|
. ds PI \(*p
. ds L" ``
. ds R" ''
. ds C`
. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
.ie \n(.g .ds Aq \(aq
.el .ds Aq '
.\"
.\" If the F register is >0, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
.\"
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
.nr rF 0
.if \n(.g .if rF .nr rF 1
.if (\n(rF:(\n(.g==0)) \{\
. if \nF \{\
. de IX
. tm Index:\\$1\t\\n%\t"\\$2"
..
. if !\nF==2 \{\
. nr % 0
. nr F 2
. \}
. \}
.\}
.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
. \" fudge factors for nroff and troff
.if n \{\
. ds #H 0
. ds #V .8m
. ds #F .3m
. ds #[ \f1
. ds #] \fP
.\}
.if t \{\
. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
. ds #V .6m
. ds #F 0
. ds #[ \&
. ds #] \&
.\}
. \" simple accents for nroff and troff
.if n \{\
. ds ' \&
. ds ` \&
. ds ^ \&
. ds , \&
. ds ~ ~
. ds /
.\}
.if t \{\
. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
.\}
. \" troff and (daisy-wheel) nroff accents
.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
.ds ae a\h'-(\w'a'u*4/10)'e
.ds Ae A\h'-(\w'A'u*4/10)'E
. \" corrections for vroff
.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
. \" for low resolution devices (crt and lpr)
.if \n(.H>23 .if \n(.V>19 \
\{\
. ds : e
. ds 8 ss
. ds o a
. ds d- d\h'-1'\(ga
. ds D- D\h'-1'\(hy
. ds th \o'bp'
. ds Th \o'LP'
. ds ae ae
. ds Ae AE
.\}
.rm #[ #] #H #V #F C
.\" ========================================================================
.\"
.IX Title "EVP_MD-MD2 7ossl"
.TH EVP_MD-MD2 7ossl "2025-07-01" "3.4.2" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
.nh
.SH "NAME"
EVP_MD\-MD2 \- The MD2 EVP_MD implementation
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
Support for computing \s-1MD2\s0 digests through the \fB\s-1EVP_MD\s0\fR \s-1API.\s0
.SS "Identity"
.IX Subsection "Identity"
This implementation is only available with the legacy provider, and is
identified with the name \*(L"\s-1MD2\*(R".\s0
.SS "Gettable Parameters"
.IX Subsection "Gettable Parameters"
This implementation supports the common gettable parameters described
in \fBEVP_MD\-common\fR\|(7).
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\fBprovider\-digest\fR\|(7), \fBOSSL_PROVIDER\-default\fR\|(7)
.SH "COPYRIGHT"
.IX Header "COPYRIGHT"
Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
.PP
Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use
this file except in compliance with the License. You can obtain a copy
in the file \s-1LICENSE\s0 in the source distribution or at
<https://www.openssl.org/source/license.html>.

164
openssl-install/share/man/man7/EVP_MD-MD4.7ossl
View File

@@ -1,164 +0,0 @@
.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42)
.\"
.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..
.de Vb \" Begin verbatim text
.ft CW
.nf
.ne \\$1
..
.de Ve \" End verbatim text
.ft R
.fi
..
.\" Set up some character translations and predefined strings. \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote. \*(C+ will
.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
.\" nothing in troff, for use with C<>.
.tr \(*W-
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\
. ds -- \(*W-
. ds PI pi
. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
. ds L" ""
. ds R" ""
. ds C` ""
. ds C' ""
'br\}
.el\{\
. ds -- \|\(em\|
. ds PI \(*p
. ds L" ``
. ds R" ''
. ds C`
. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
.ie \n(.g .ds Aq \(aq
.el .ds Aq '
.\"
.\" If the F register is >0, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
.\"
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
.nr rF 0
.if \n(.g .if rF .nr rF 1
.if (\n(rF:(\n(.g==0)) \{\
. if \nF \{\
. de IX
. tm Index:\\$1\t\\n%\t"\\$2"
..
. if !\nF==2 \{\
. nr % 0
. nr F 2
. \}
. \}
.\}
.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
. \" fudge factors for nroff and troff
.if n \{\
. ds #H 0
. ds #V .8m
. ds #F .3m
. ds #[ \f1
. ds #] \fP
.\}
.if t \{\
. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
. ds #V .6m
. ds #F 0
. ds #[ \&
. ds #] \&
.\}
. \" simple accents for nroff and troff
.if n \{\
. ds ' \&
. ds ` \&
. ds ^ \&
. ds , \&
. ds ~ ~
. ds /
.\}
.if t \{\
. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
.\}
. \" troff and (daisy-wheel) nroff accents
.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
.ds ae a\h'-(\w'a'u*4/10)'e
.ds Ae A\h'-(\w'A'u*4/10)'E
. \" corrections for vroff
.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
. \" for low resolution devices (crt and lpr)
.if \n(.H>23 .if \n(.V>19 \
\{\
. ds : e
. ds 8 ss
. ds o a
. ds d- d\h'-1'\(ga
. ds D- D\h'-1'\(hy
. ds th \o'bp'
. ds Th \o'LP'
. ds ae ae
. ds Ae AE
.\}
.rm #[ #] #H #V #F C
.\" ========================================================================
.\"
.IX Title "EVP_MD-MD4 7ossl"
.TH EVP_MD-MD4 7ossl "2025-07-01" "3.4.2" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
.nh
.SH "NAME"
EVP_MD\-MD4 \- The MD4 EVP_MD implementation
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
Support for computing \s-1MD4\s0 digests through the \fB\s-1EVP_MD\s0\fR \s-1API.\s0
.SS "Identity"
.IX Subsection "Identity"
This implementation is only available with the legacy provider, and is
identified with the name \*(L"\s-1MD4\*(R".\s0
.SS "Gettable Parameters"
.IX Subsection "Gettable Parameters"
This implementation supports the common gettable parameters described
in \fBEVP_MD\-common\fR\|(7).
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\fBprovider\-digest\fR\|(7), \fBOSSL_PROVIDER\-default\fR\|(7)
.SH "COPYRIGHT"
.IX Header "COPYRIGHT"
Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
.PP
Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use
this file except in compliance with the License. You can obtain a copy
in the file \s-1LICENSE\s0 in the source distribution or at
<https://www.openssl.org/source/license.html>.

181
openssl-install/share/man/man7/EVP_MD-MD5-SHA1.7ossl
View File

@@ -1,181 +0,0 @@
.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42)
.\"
.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..
.de Vb \" Begin verbatim text
.ft CW
.nf
.ne \\$1
..
.de Ve \" End verbatim text
.ft R
.fi
..
.\" Set up some character translations and predefined strings. \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote. \*(C+ will
.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
.\" nothing in troff, for use with C<>.
.tr \(*W-
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\
. ds -- \(*W-
. ds PI pi
. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
. ds L" ""
. ds R" ""
. ds C` ""
. ds C' ""
'br\}
.el\{\
. ds -- \|\(em\|
. ds PI \(*p
. ds L" ``
. ds R" ''
. ds C`
. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
.ie \n(.g .ds Aq \(aq
.el .ds Aq '
.\"
.\" If the F register is >0, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
.\"
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
.nr rF 0
.if \n(.g .if rF .nr rF 1
.if (\n(rF:(\n(.g==0)) \{\
. if \nF \{\
. de IX
. tm Index:\\$1\t\\n%\t"\\$2"
..
. if !\nF==2 \{\
. nr % 0
. nr F 2
. \}
. \}
.\}
.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
. \" fudge factors for nroff and troff
.if n \{\
. ds #H 0
. ds #V .8m
. ds #F .3m
. ds #[ \f1
. ds #] \fP
.\}
.if t \{\
. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
. ds #V .6m
. ds #F 0
. ds #[ \&
. ds #] \&
.\}
. \" simple accents for nroff and troff
.if n \{\
. ds ' \&
. ds ` \&
. ds ^ \&
. ds , \&
. ds ~ ~
. ds /
.\}
.if t \{\
. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
.\}
. \" troff and (daisy-wheel) nroff accents
.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
.ds ae a\h'-(\w'a'u*4/10)'e
.ds Ae A\h'-(\w'A'u*4/10)'E
. \" corrections for vroff
.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
. \" for low resolution devices (crt and lpr)
.if \n(.H>23 .if \n(.V>19 \
\{\
. ds : e
. ds 8 ss
. ds o a
. ds d- d\h'-1'\(ga
. ds D- D\h'-1'\(hy
. ds th \o'bp'
. ds Th \o'LP'
. ds ae ae
. ds Ae AE
.\}
.rm #[ #] #H #V #F C
.\" ========================================================================
.\"
.IX Title "EVP_MD-MD5-SHA1 7ossl"
.TH EVP_MD-MD5-SHA1 7ossl "2025-07-01" "3.4.2" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
.nh
.SH "NAME"
EVP_MD\-MD5\-SHA1 \- The MD5\-SHA1 EVP_MD implementation
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
Support for computing \s-1MD5\-SHA1\s0 digests through the \fB\s-1EVP_MD\s0\fR \s-1API.\s0
.PP
\&\s-1MD5\-SHA1\s0 is a rather special digest that's used with SSLv3.
.SS "Identity"
.IX Subsection "Identity"
This implementation is only available with the default provider, and is
identified with the name \*(L"\s-1MD5\-SHA1\*(R".\s0
.SS "Gettable Parameters"
.IX Subsection "Gettable Parameters"
This implementation supports the common gettable parameters described
in \fBEVP_MD\-common\fR\|(7).
.SS "Settable Context Parameters"
.IX Subsection "Settable Context Parameters"
This implementation supports the following \s-1\fBOSSL_PARAM\s0\fR\|(3) entries,
settable for an \fB\s-1EVP_MD_CTX\s0\fR with \fBEVP_MD_CTX_set_params\fR\|(3):
.ie n .IP """ssl3\-ms"" (\fB\s-1OSSL_DIGEST_PARAM_SSL3_MS\s0\fR) <octet string>" 4
.el .IP "``ssl3\-ms'' (\fB\s-1OSSL_DIGEST_PARAM_SSL3_MS\s0\fR) <octet string>" 4
.IX Item "ssl3-ms (OSSL_DIGEST_PARAM_SSL3_MS) <octet string>"
This parameter is set by libssl in order to calculate a signature hash for an
SSLv3 CertificateVerify message as per \s-1RFC6101.\s0
It is only set after all handshake messages have already been digested via
\&\fBOP_digest_update()\fR calls.
The parameter provides the master secret value to be added to the digest.
The digest implementation should calculate the complete digest as per \s-1RFC6101\s0
section 5.6.8.
The next call after setting this parameter should be \fBOP_digest_final()\fR.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\fBEVP_MD_CTX_set_params\fR\|(3), \fBprovider\-digest\fR\|(7), \fBOSSL_PROVIDER\-default\fR\|(7)
.SH "COPYRIGHT"
.IX Header "COPYRIGHT"
Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
.PP
Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use
this file except in compliance with the License. You can obtain a copy
in the file \s-1LICENSE\s0 in the source distribution or at
<https://www.openssl.org/source/license.html>.

164
openssl-install/share/man/man7/EVP_MD-MD5.7ossl
View File

@@ -1,164 +0,0 @@
.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42)
.\"
.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..
.de Vb \" Begin verbatim text
.ft CW
.nf
.ne \\$1
..
.de Ve \" End verbatim text
.ft R
.fi
..
.\" Set up some character translations and predefined strings. \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote. \*(C+ will
.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
.\" nothing in troff, for use with C<>.
.tr \(*W-
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\
. ds -- \(*W-
. ds PI pi
. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
. ds L" ""
. ds R" ""
. ds C` ""
. ds C' ""
'br\}
.el\{\
. ds -- \|\(em\|
. ds PI \(*p
. ds L" ``
. ds R" ''
. ds C`
. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
.ie \n(.g .ds Aq \(aq
.el .ds Aq '
.\"
.\" If the F register is >0, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
.\"
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
.nr rF 0
.if \n(.g .if rF .nr rF 1
.if (\n(rF:(\n(.g==0)) \{\
. if \nF \{\
. de IX
. tm Index:\\$1\t\\n%\t"\\$2"
..
. if !\nF==2 \{\
. nr % 0
. nr F 2
. \}
. \}
.\}
.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
. \" fudge factors for nroff and troff
.if n \{\
. ds #H 0
. ds #V .8m
. ds #F .3m
. ds #[ \f1
. ds #] \fP
.\}
.if t \{\
. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
. ds #V .6m
. ds #F 0
. ds #[ \&
. ds #] \&
.\}
. \" simple accents for nroff and troff
.if n \{\
. ds ' \&
. ds ` \&
. ds ^ \&
. ds , \&
. ds ~ ~
. ds /
.\}
.if t \{\
. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
.\}
. \" troff and (daisy-wheel) nroff accents
.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
.ds ae a\h'-(\w'a'u*4/10)'e
.ds Ae A\h'-(\w'A'u*4/10)'E
. \" corrections for vroff
.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
. \" for low resolution devices (crt and lpr)
.if \n(.H>23 .if \n(.V>19 \
\{\
. ds : e
. ds 8 ss
. ds o a
. ds d- d\h'-1'\(ga
. ds D- D\h'-1'\(hy
. ds th \o'bp'
. ds Th \o'LP'
. ds ae ae
. ds Ae AE
.\}
.rm #[ #] #H #V #F C
.\" ========================================================================
.\"
.IX Title "EVP_MD-MD5 7ossl"
.TH EVP_MD-MD5 7ossl "2025-07-01" "3.4.2" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
.nh
.SH "NAME"
EVP_MD\-MD5 \- The MD5 EVP_MD implementation
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
Support for computing \s-1MD5\s0 digests through the \fB\s-1EVP_MD\s0\fR \s-1API.\s0
.SS "Identity"
.IX Subsection "Identity"
This implementation is only available with the default provider, and is
identified with the name \*(L"\s-1MD5\*(R".\s0
.SS "Gettable Parameters"
.IX Subsection "Gettable Parameters"
This implementation supports the common gettable parameters described
in \fBEVP_MD\-common\fR\|(7).
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\fBprovider\-digest\fR\|(7), \fBOSSL_PROVIDER\-default\fR\|(7)
.SH "COPYRIGHT"
.IX Header "COPYRIGHT"
Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
.PP
Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use
this file except in compliance with the License. You can obtain a copy
in the file \s-1LICENSE\s0 in the source distribution or at
<https://www.openssl.org/source/license.html>.

175
openssl-install/share/man/man7/EVP_MD-MDC2.7ossl
View File

@@ -1,175 +0,0 @@
.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42)
.\"
.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..
.de Vb \" Begin verbatim text
.ft CW
.nf
.ne \\$1
..
.de Ve \" End verbatim text
.ft R
.fi
..
.\" Set up some character translations and predefined strings. \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote. \*(C+ will
.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
.\" nothing in troff, for use with C<>.
.tr \(*W-
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\
. ds -- \(*W-
. ds PI pi
. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
. ds L" ""
. ds R" ""
. ds C` ""
. ds C' ""
'br\}
.el\{\
. ds -- \|\(em\|
. ds PI \(*p
. ds L" ``
. ds R" ''
. ds C`
. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
.ie \n(.g .ds Aq \(aq
.el .ds Aq '
.\"
.\" If the F register is >0, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
.\"
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
.nr rF 0
.if \n(.g .if rF .nr rF 1
.if (\n(rF:(\n(.g==0)) \{\
. if \nF \{\
. de IX
. tm Index:\\$1\t\\n%\t"\\$2"
..
. if !\nF==2 \{\
. nr % 0
. nr F 2
. \}
. \}
.\}
.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
. \" fudge factors for nroff and troff
.if n \{\
. ds #H 0
. ds #V .8m
. ds #F .3m
. ds #[ \f1
. ds #] \fP
.\}
.if t \{\
. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
. ds #V .6m
. ds #F 0
. ds #[ \&
. ds #] \&
.\}
. \" simple accents for nroff and troff
.if n \{\
. ds ' \&
. ds ` \&
. ds ^ \&
. ds , \&
. ds ~ ~
. ds /
.\}
.if t \{\
. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
.\}
. \" troff and (daisy-wheel) nroff accents
.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
.ds ae a\h'-(\w'a'u*4/10)'e
.ds Ae A\h'-(\w'A'u*4/10)'E
. \" corrections for vroff
.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
. \" for low resolution devices (crt and lpr)
.if \n(.H>23 .if \n(.V>19 \
\{\
. ds : e
. ds 8 ss
. ds o a
. ds d- d\h'-1'\(ga
. ds D- D\h'-1'\(hy
. ds th \o'bp'
. ds Th \o'LP'
. ds ae ae
. ds Ae AE
.\}
.rm #[ #] #H #V #F C
.\" ========================================================================
.\"
.IX Title "EVP_MD-MDC2 7ossl"
.TH EVP_MD-MDC2 7ossl "2025-07-01" "3.4.2" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
.nh
.SH "NAME"
EVP_MD\-MDC2 \- The MDC2 EVP_MD implementation
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
Support for computing \s-1MDC2\s0 digests through the \fB\s-1EVP_MD\s0\fR \s-1API.\s0
.SS "Identity"
.IX Subsection "Identity"
This implementation is only available with the legacy provider, and is
identified with the name \*(L"\s-1MDC2\*(R".\s0
.SS "Gettable Parameters"
.IX Subsection "Gettable Parameters"
This implementation supports the common gettable parameters described
in \fBEVP_MD\-common\fR\|(7).
.SS "Settable Context Parameters"
.IX Subsection "Settable Context Parameters"
This implementation supports the following \s-1\fBOSSL_PARAM\s0\fR\|(3) entries,
settable for an \fB\s-1EVP_MD_CTX\s0\fR with \fBEVP_MD_CTX_set_params\fR\|(3):
.ie n .IP """pad-type"" (\fB\s-1OSSL_DIGEST_PARAM_PAD_TYPE\s0\fR) <unsigned integer>" 4
.el .IP "``pad-type'' (\fB\s-1OSSL_DIGEST_PARAM_PAD_TYPE\s0\fR) <unsigned integer>" 4
.IX Item "pad-type (OSSL_DIGEST_PARAM_PAD_TYPE) <unsigned integer>"
Sets the padding type to be used.
Normally the final \s-1MDC2\s0 block is padded with zeros.
If the pad type is set to 2 then the final block is padded with 0x80 followed by
zeros.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\fBEVP_MD_CTX_set_params\fR\|(3), \fBprovider\-digest\fR\|(7), \fBOSSL_PROVIDER\-legacy\fR\|(7)
.SH "COPYRIGHT"
.IX Header "COPYRIGHT"
Copyright 2020\-2021 The OpenSSL Project Authors. All Rights Reserved.
.PP
Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use
this file except in compliance with the License. You can obtain a copy
in the file \s-1LICENSE\s0 in the source distribution or at
<https://www.openssl.org/source/license.html>.

169
openssl-install/share/man/man7/EVP_MD-NULL.7ossl
View File

@@ -1,169 +0,0 @@
.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42)
.\"
.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..
.de Vb \" Begin verbatim text
.ft CW
.nf
.ne \\$1
..
.de Ve \" End verbatim text
.ft R
.fi
..
.\" Set up some character translations and predefined strings. \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote. \*(C+ will
.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
.\" nothing in troff, for use with C<>.
.tr \(*W-
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\
. ds -- \(*W-
. ds PI pi
. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
. ds L" ""
. ds R" ""
. ds C` ""
. ds C' ""
'br\}
.el\{\
. ds -- \|\(em\|
. ds PI \(*p
. ds L" ``
. ds R" ''
. ds C`
. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
.ie \n(.g .ds Aq \(aq
.el .ds Aq '
.\"
.\" If the F register is >0, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
.\"
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
.nr rF 0
.if \n(.g .if rF .nr rF 1
.if (\n(rF:(\n(.g==0)) \{\
. if \nF \{\
. de IX
. tm Index:\\$1\t\\n%\t"\\$2"
..
. if !\nF==2 \{\
. nr % 0
. nr F 2
. \}
. \}
.\}
.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
. \" fudge factors for nroff and troff
.if n \{\
. ds #H 0
. ds #V .8m
. ds #F .3m
. ds #[ \f1
. ds #] \fP
.\}
.if t \{\
. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
. ds #V .6m
. ds #F 0
. ds #[ \&
. ds #] \&
.\}
. \" simple accents for nroff and troff
.if n \{\
. ds ' \&
. ds ` \&
. ds ^ \&
. ds , \&
. ds ~ ~
. ds /
.\}
.if t \{\
. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
.\}
. \" troff and (daisy-wheel) nroff accents
.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
.ds ae a\h'-(\w'a'u*4/10)'e
.ds Ae A\h'-(\w'A'u*4/10)'E
. \" corrections for vroff
.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
. \" for low resolution devices (crt and lpr)
.if \n(.H>23 .if \n(.V>19 \
\{\
. ds : e
. ds 8 ss
. ds o a
. ds d- d\h'-1'\(ga
. ds D- D\h'-1'\(hy
. ds th \o'bp'
. ds Th \o'LP'
. ds ae ae
. ds Ae AE
.\}
.rm #[ #] #H #V #F C
.\" ========================================================================
.\"
.IX Title "EVP_MD-NULL 7ossl"
.TH EVP_MD-NULL 7ossl "2025-07-01" "3.4.2" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
.nh
.SH "NAME"
EVP_MD\-NULL \- The NULL EVP_MD implementation
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
Support for a \s-1NULL\s0 digest through the \fB\s-1EVP_MD\s0\fR \s-1API.\s0
This algorithm does nothing and returns 1 for its init,
update and final methods.
.SS "Algorithm Name"
.IX Subsection "Algorithm Name"
The following algorithm is available in the default provider:
.ie n .IP """\s-1NULL""\s0" 4
.el .IP "``\s-1NULL''\s0" 4
.IX Item "NULL"
.SS "Gettable Parameters"
.IX Subsection "Gettable Parameters"
This implementation supports the common gettable parameters described
in \fBEVP_MD\-common\fR\|(7).
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\fBEVP_MD_CTX_set_params\fR\|(3), \fBprovider\-digest\fR\|(7),
\&\fBOSSL_PROVIDER\-default\fR\|(7)
.SH "COPYRIGHT"
.IX Header "COPYRIGHT"
Copyright 2023 The OpenSSL Project Authors. All Rights Reserved.
.PP
Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use
this file except in compliance with the License. You can obtain a copy
in the file \s-1LICENSE\s0 in the source distribution or at
<https://www.openssl.org/source/license.html>.

168
openssl-install/share/man/man7/EVP_MD-RIPEMD160.7ossl
View File

@@ -1,168 +0,0 @@
.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42)
.\"
.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..
.de Vb \" Begin verbatim text
.ft CW
.nf
.ne \\$1
..
.de Ve \" End verbatim text
.ft R
.fi
..
.\" Set up some character translations and predefined strings. \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote. \*(C+ will
.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
.\" nothing in troff, for use with C<>.
.tr \(*W-
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\
. ds -- \(*W-
. ds PI pi
. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
. ds L" ""
. ds R" ""
. ds C` ""
. ds C' ""
'br\}
.el\{\
. ds -- \|\(em\|
. ds PI \(*p
. ds L" ``
. ds R" ''
. ds C`
. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
.ie \n(.g .ds Aq \(aq
.el .ds Aq '
.\"
.\" If the F register is >0, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
.\"
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
.nr rF 0
.if \n(.g .if rF .nr rF 1
.if (\n(rF:(\n(.g==0)) \{\
. if \nF \{\
. de IX
. tm Index:\\$1\t\\n%\t"\\$2"
..
. if !\nF==2 \{\
. nr % 0
. nr F 2
. \}
. \}
.\}
.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
. \" fudge factors for nroff and troff
.if n \{\
. ds #H 0
. ds #V .8m
. ds #F .3m
. ds #[ \f1
. ds #] \fP
.\}
.if t \{\
. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
. ds #V .6m
. ds #F 0
. ds #[ \&
. ds #] \&
.\}
. \" simple accents for nroff and troff
.if n \{\
. ds ' \&
. ds ` \&
. ds ^ \&
. ds , \&
. ds ~ ~
. ds /
.\}
.if t \{\
. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
.\}
. \" troff and (daisy-wheel) nroff accents
.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
.ds ae a\h'-(\w'a'u*4/10)'e
.ds Ae A\h'-(\w'A'u*4/10)'E
. \" corrections for vroff
.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
. \" for low resolution devices (crt and lpr)
.if \n(.H>23 .if \n(.V>19 \
\{\
. ds : e
. ds 8 ss
. ds o a
. ds d- d\h'-1'\(ga
. ds D- D\h'-1'\(hy
. ds th \o'bp'
. ds Th \o'LP'
. ds ae ae
. ds Ae AE
.\}
.rm #[ #] #H #V #F C
.\" ========================================================================
.\"
.IX Title "EVP_MD-RIPEMD160 7ossl"
.TH EVP_MD-RIPEMD160 7ossl "2025-07-01" "3.4.2" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
.nh
.SH "NAME"
EVP_MD\-RIPEMD160 \- The RIPEMD160 EVP_MD implementation
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
Support for computing \s-1RIPEMD160\s0 digests through the \fB\s-1EVP_MD\s0\fR \s-1API.\s0
.SS "Identities"
.IX Subsection "Identities"
This implementation is available in both the default and legacy providers, and is
identified with any of the names \*(L"\s-1RIPEMD\-160\*(R", \*(L"RIPEMD160\*(R", \*(L"RIPEMD\*(R"\s0 and
\&\*(L"\s-1RMD160\*(R".\s0
.SS "Gettable Parameters"
.IX Subsection "Gettable Parameters"
This implementation supports the common gettable parameters described
in \fBEVP_MD\-common\fR\|(7).
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\fBprovider\-digest\fR\|(7), \fBOSSL_PROVIDER\-default\fR\|(7)
.SH "HISTORY"
.IX Header "HISTORY"
This digest was added to the default provider in OpenSSL 3.0.7.
.SH "COPYRIGHT"
.IX Header "COPYRIGHT"
Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
.PP
Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use
this file except in compliance with the License. You can obtain a copy
in the file \s-1LICENSE\s0 in the source distribution or at
<https://www.openssl.org/source/license.html>.

180
openssl-install/share/man/man7/EVP_MD-SHA1.7ossl
View File

@@ -1,180 +0,0 @@
.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42)
.\"
.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..
.de Vb \" Begin verbatim text
.ft CW
.nf
.ne \\$1
..
.de Ve \" End verbatim text
.ft R
.fi
..
.\" Set up some character translations and predefined strings. \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote. \*(C+ will
.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
.\" nothing in troff, for use with C<>.
.tr \(*W-
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\
. ds -- \(*W-
. ds PI pi
. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
. ds L" ""
. ds R" ""
. ds C` ""
. ds C' ""
'br\}
.el\{\
. ds -- \|\(em\|
. ds PI \(*p
. ds L" ``
. ds R" ''
. ds C`
. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
.ie \n(.g .ds Aq \(aq
.el .ds Aq '
.\"
.\" If the F register is >0, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
.\"
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
.nr rF 0
.if \n(.g .if rF .nr rF 1
.if (\n(rF:(\n(.g==0)) \{\
. if \nF \{\
. de IX
. tm Index:\\$1\t\\n%\t"\\$2"
..
. if !\nF==2 \{\
. nr % 0
. nr F 2
. \}
. \}
.\}
.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
. \" fudge factors for nroff and troff
.if n \{\
. ds #H 0
. ds #V .8m
. ds #F .3m
. ds #[ \f1
. ds #] \fP
.\}
.if t \{\
. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
. ds #V .6m
. ds #F 0
. ds #[ \&
. ds #] \&
.\}
. \" simple accents for nroff and troff
.if n \{\
. ds ' \&
. ds ` \&
. ds ^ \&
. ds , \&
. ds ~ ~
. ds /
.\}
.if t \{\
. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
.\}
. \" troff and (daisy-wheel) nroff accents
.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
.ds ae a\h'-(\w'a'u*4/10)'e
.ds Ae A\h'-(\w'A'u*4/10)'E
. \" corrections for vroff
.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
. \" for low resolution devices (crt and lpr)
.if \n(.H>23 .if \n(.V>19 \
\{\
. ds : e
. ds 8 ss
. ds o a
. ds d- d\h'-1'\(ga
. ds D- D\h'-1'\(hy
. ds th \o'bp'
. ds Th \o'LP'
. ds ae ae
. ds Ae AE
.\}
.rm #[ #] #H #V #F C
.\" ========================================================================
.\"
.IX Title "EVP_MD-SHA1 7ossl"
.TH EVP_MD-SHA1 7ossl "2025-07-01" "3.4.2" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
.nh
.SH "NAME"
EVP_MD\-SHA1 \- The SHA1 EVP_MD implementation
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
Support for computing \s-1SHA1\s0 digests through the \fB\s-1EVP_MD\s0\fR \s-1API.\s0
.SS "Identities"
.IX Subsection "Identities"
This implementation is available with the \s-1FIPS\s0 provider as well as the
default provider, and is identified with the names \*(L"\s-1SHA1\*(R"\s0 and \*(L"\s-1SHA\-1\*(R".\s0
.SS "Gettable Parameters"
.IX Subsection "Gettable Parameters"
This implementation supports the common gettable parameters described
in \fBEVP_MD\-common\fR\|(7).
.SS "Settable Context Parameters"
.IX Subsection "Settable Context Parameters"
This implementation supports the following \s-1\fBOSSL_PARAM\s0\fR\|(3) entries,
settable for an \fB\s-1EVP_MD_CTX\s0\fR with \fBEVP_MD_CTX_set_params\fR\|(3):
.ie n .IP """ssl3\-ms"" (\fB\s-1OSSL_DIGEST_PARAM_SSL3_MS\s0\fR) <octet string>" 4
.el .IP "``ssl3\-ms'' (\fB\s-1OSSL_DIGEST_PARAM_SSL3_MS\s0\fR) <octet string>" 4
.IX Item "ssl3-ms (OSSL_DIGEST_PARAM_SSL3_MS) <octet string>"
This parameter is set by libssl in order to calculate a signature hash for an
SSLv3 CertificateVerify message as per \s-1RFC6101.\s0
It is only set after all handshake messages have already been digested via
\&\fBOP_digest_update()\fR calls.
The parameter provides the master secret value to be added to the digest.
The digest implementation should calculate the complete digest as per \s-1RFC6101\s0
section 5.6.8.
The next call after setting this parameter should be \fBOP_digest_final()\fR.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\fBEVP_MD_CTX_set_params\fR\|(3), \fBprovider\-digest\fR\|(7),
\&\s-1\fBOSSL_PROVIDER\-FIPS\s0\fR\|(7), \fBOSSL_PROVIDER\-default\fR\|(7)
.SH "COPYRIGHT"
.IX Header "COPYRIGHT"
Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
.PP
Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use
this file except in compliance with the License. You can obtain a copy
in the file \s-1LICENSE\s0 in the source distribution or at
<https://www.openssl.org/source/license.html>.

196
openssl-install/share/man/man7/EVP_MD-SHA2.7ossl
View File

@@ -1,196 +0,0 @@
.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42)
.\"
.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..
.de Vb \" Begin verbatim text
.ft CW
.nf
.ne \\$1
..
.de Ve \" End verbatim text
.ft R
.fi
..
.\" Set up some character translations and predefined strings. \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote. \*(C+ will
.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
.\" nothing in troff, for use with C<>.
.tr \(*W-
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\
. ds -- \(*W-
. ds PI pi
. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
. ds L" ""
. ds R" ""
. ds C` ""
. ds C' ""
'br\}
.el\{\
. ds -- \|\(em\|
. ds PI \(*p
. ds L" ``
. ds R" ''
. ds C`
. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
.ie \n(.g .ds Aq \(aq
.el .ds Aq '
.\"
.\" If the F register is >0, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
.\"
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
.nr rF 0
.if \n(.g .if rF .nr rF 1
.if (\n(rF:(\n(.g==0)) \{\
. if \nF \{\
. de IX
. tm Index:\\$1\t\\n%\t"\\$2"
..
. if !\nF==2 \{\
. nr % 0
. nr F 2
. \}
. \}
.\}
.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
. \" fudge factors for nroff and troff
.if n \{\
. ds #H 0
. ds #V .8m
. ds #F .3m
. ds #[ \f1
. ds #] \fP
.\}
.if t \{\
. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
. ds #V .6m
. ds #F 0
. ds #[ \&
. ds #] \&
.\}
. \" simple accents for nroff and troff
.if n \{\
. ds ' \&
. ds ` \&
. ds ^ \&
. ds , \&
. ds ~ ~
. ds /
.\}
.if t \{\
. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
.\}
. \" troff and (daisy-wheel) nroff accents
.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
.ds ae a\h'-(\w'a'u*4/10)'e
.ds Ae A\h'-(\w'A'u*4/10)'E
. \" corrections for vroff
.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
. \" for low resolution devices (crt and lpr)
.if \n(.H>23 .if \n(.V>19 \
\{\
. ds : e
. ds 8 ss
. ds o a
. ds d- d\h'-1'\(ga
. ds D- D\h'-1'\(hy
. ds th \o'bp'
. ds Th \o'LP'
. ds ae ae
. ds Ae AE
.\}
.rm #[ #] #H #V #F C
.\" ========================================================================
.\"
.IX Title "EVP_MD-SHA2 7ossl"
.TH EVP_MD-SHA2 7ossl "2025-07-01" "3.4.2" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
.nh
.SH "NAME"
EVP_MD\-SHA2 \- The SHA2 EVP_MD implementation
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
Support for computing \s-1SHA2\s0 digests through the \fB\s-1EVP_MD\s0\fR \s-1API.\s0
.SS "Identities"
.IX Subsection "Identities"
This implementation includes the following varieties:
.IP "\(bu" 4
Available with the \s-1FIPS\s0 provider as well as the default provider:
.RS 4
.IP "\s-1SHA2\-224\s0" 4
.IX Item "SHA2-224"
Known names are \*(L"\s-1SHA2\-224\*(R", \*(L"SHA\-224\*(R"\s0 and \*(L"\s-1SHA224\*(R".\s0
.IP "\s-1SHA2\-256\s0" 4
.IX Item "SHA2-256"
Known names are \*(L"\s-1SHA2\-256\*(R", \*(L"SHA\-256\*(R"\s0 and \*(L"\s-1SHA256\*(R".\s0
.IP "\s-1SHA2\-384\s0" 4
.IX Item "SHA2-384"
Known names are \*(L"\s-1SHA2\-384\*(R", \*(L"SHA\-384\*(R"\s0 and \*(L"\s-1SHA384\*(R".\s0
.IP "\s-1SHA2\-512\s0" 4
.IX Item "SHA2-512"
Known names are \*(L"\s-1SHA2\-512\*(R", \*(L"SHA\-512\*(R"\s0 and \*(L"\s-1SHA512\*(R".\s0
.RE
.RS 4
.RE
.IP "\(bu" 4
Available with the default provider:
.RS 4
.IP "\s-1SHA2\-256/192\s0" 4
.IX Item "SHA2-256/192"
Known names are \*(L"\s-1SHA2\-256/192\*(R", \*(L"SHA\-256/192\*(R"\s0 and \*(L"\s-1SHA256\-192\*(R".\s0
.IP "\s-1SHA2\-512/224\s0" 4
.IX Item "SHA2-512/224"
Known names are \*(L"\s-1SHA2\-512/224\*(R", \*(L"SHA\-512/224\*(R"\s0 and \*(L"\s-1SHA512\-224\*(R".\s0
.IP "\s-1SHA2\-512/256\s0" 4
.IX Item "SHA2-512/256"
Known names are \*(L"\s-1SHA2\-512/256\*(R", \*(L"SHA\-512/256\*(R"\s0 and \*(L"\s-1SHA512\-256\*(R".\s0
.RE
.RS 4
.RE
.SS "Gettable Parameters"
.IX Subsection "Gettable Parameters"
This implementation supports the common gettable parameters described
in \fBEVP_MD\-common\fR\|(7).
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\fBprovider\-digest\fR\|(7), \s-1\fBOSSL_PROVIDER\-FIPS\s0\fR\|(7), \fBOSSL_PROVIDER\-default\fR\|(7)
.SH "COPYRIGHT"
.IX Header "COPYRIGHT"
Copyright 2020\-2023 The OpenSSL Project Authors. All Rights Reserved.
.PP
Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use
this file except in compliance with the License. You can obtain a copy
in the file \s-1LICENSE\s0 in the source distribution or at
<https://www.openssl.org/source/license.html>.

178
openssl-install/share/man/man7/EVP_MD-SHA3.7ossl
View File

@@ -1,178 +0,0 @@
.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42)
.\"
.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..
.de Vb \" Begin verbatim text
.ft CW
.nf
.ne \\$1
..
.de Ve \" End verbatim text
.ft R
.fi
..
.\" Set up some character translations and predefined strings. \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote. \*(C+ will
.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
.\" nothing in troff, for use with C<>.
.tr \(*W-
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\
. ds -- \(*W-
. ds PI pi
. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
. ds L" ""
. ds R" ""
. ds C` ""
. ds C' ""
'br\}
.el\{\
. ds -- \|\(em\|
. ds PI \(*p
. ds L" ``
. ds R" ''
. ds C`
. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
.ie \n(.g .ds Aq \(aq
.el .ds Aq '
.\"
.\" If the F register is >0, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
.\"
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
.nr rF 0
.if \n(.g .if rF .nr rF 1
.if (\n(rF:(\n(.g==0)) \{\
. if \nF \{\
. de IX
. tm Index:\\$1\t\\n%\t"\\$2"
..
. if !\nF==2 \{\
. nr % 0
. nr F 2
. \}
. \}
.\}
.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
. \" fudge factors for nroff and troff
.if n \{\
. ds #H 0
. ds #V .8m
. ds #F .3m
. ds #[ \f1
. ds #] \fP
.\}
.if t \{\
. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
. ds #V .6m
. ds #F 0
. ds #[ \&
. ds #] \&
.\}
. \" simple accents for nroff and troff
.if n \{\
. ds ' \&
. ds ` \&
. ds ^ \&
. ds , \&
. ds ~ ~
. ds /
.\}
.if t \{\
. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
.\}
. \" troff and (daisy-wheel) nroff accents
.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
.ds ae a\h'-(\w'a'u*4/10)'e
.ds Ae A\h'-(\w'A'u*4/10)'E
. \" corrections for vroff
.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
. \" for low resolution devices (crt and lpr)
.if \n(.H>23 .if \n(.V>19 \
\{\
. ds : e
. ds 8 ss
. ds o a
. ds d- d\h'-1'\(ga
. ds D- D\h'-1'\(hy
. ds th \o'bp'
. ds Th \o'LP'
. ds ae ae
. ds Ae AE
.\}
.rm #[ #] #H #V #F C
.\" ========================================================================
.\"
.IX Title "EVP_MD-SHA3 7ossl"
.TH EVP_MD-SHA3 7ossl "2025-07-01" "3.4.2" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
.nh
.SH "NAME"
EVP_MD\-SHA3 \- The SHA3 EVP_MD implementations
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
Support for computing \s-1SHA3\s0 digests through the \fB\s-1EVP_MD\s0\fR \s-1API.\s0
.SS "Identities"
.IX Subsection "Identities"
This implementation is available with the \s-1FIPS\s0 provider as well as the
default provider, and includes the following varieties:
.ie n .IP """\s-1SHA3\-224""\s0" 4
.el .IP "``\s-1SHA3\-224''\s0" 4
.IX Item "SHA3-224"
.PD 0
.ie n .IP """\s-1SHA3\-256""\s0" 4
.el .IP "``\s-1SHA3\-256''\s0" 4
.IX Item "SHA3-256"
.ie n .IP """\s-1SHA3\-384""\s0" 4
.el .IP "``\s-1SHA3\-384''\s0" 4
.IX Item "SHA3-384"
.ie n .IP """\s-1SHA3\-512""\s0" 4
.el .IP "``\s-1SHA3\-512''\s0" 4
.IX Item "SHA3-512"
.PD
.SS "Gettable Parameters"
.IX Subsection "Gettable Parameters"
This implementation supports the common gettable parameters described
in \fBEVP_MD\-common\fR\|(7).
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\fBprovider\-digest\fR\|(7), \s-1\fBOSSL_PROVIDER\-FIPS\s0\fR\|(7), \fBOSSL_PROVIDER\-default\fR\|(7)
.SH "COPYRIGHT"
.IX Header "COPYRIGHT"
Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
.PP
Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use
this file except in compliance with the License. You can obtain a copy
in the file \s-1LICENSE\s0 in the source distribution or at
<https://www.openssl.org/source/license.html>.

217
openssl-install/share/man/man7/EVP_MD-SHAKE.7ossl
View File

@@ -1,217 +0,0 @@
.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42)
.\"
.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..
.de Vb \" Begin verbatim text
.ft CW
.nf
.ne \\$1
..
.de Ve \" End verbatim text
.ft R
.fi
..
.\" Set up some character translations and predefined strings. \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote. \*(C+ will
.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
.\" nothing in troff, for use with C<>.
.tr \(*W-
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\
. ds -- \(*W-
. ds PI pi
. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
. ds L" ""
. ds R" ""
. ds C` ""
. ds C' ""
'br\}
.el\{\
. ds -- \|\(em\|
. ds PI \(*p
. ds L" ``
. ds R" ''
. ds C`
. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
.ie \n(.g .ds Aq \(aq
.el .ds Aq '
.\"
.\" If the F register is >0, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
.\"
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
.nr rF 0
.if \n(.g .if rF .nr rF 1
.if (\n(rF:(\n(.g==0)) \{\
. if \nF \{\
. de IX
. tm Index:\\$1\t\\n%\t"\\$2"
..
. if !\nF==2 \{\
. nr % 0
. nr F 2
. \}
. \}
.\}
.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
. \" fudge factors for nroff and troff
.if n \{\
. ds #H 0
. ds #V .8m
. ds #F .3m
. ds #[ \f1
. ds #] \fP
.\}
.if t \{\
. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
. ds #V .6m
. ds #F 0
. ds #[ \&
. ds #] \&
.\}
. \" simple accents for nroff and troff
.if n \{\
. ds ' \&
. ds ` \&
. ds ^ \&
. ds , \&
. ds ~ ~
. ds /
.\}
.if t \{\
. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
.\}
. \" troff and (daisy-wheel) nroff accents
.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
.ds ae a\h'-(\w'a'u*4/10)'e
.ds Ae A\h'-(\w'A'u*4/10)'E
. \" corrections for vroff
.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
. \" for low resolution devices (crt and lpr)
.if \n(.H>23 .if \n(.V>19 \
\{\
. ds : e
. ds 8 ss
. ds o a
. ds d- d\h'-1'\(ga
. ds D- D\h'-1'\(hy
. ds th \o'bp'
. ds Th \o'LP'
. ds ae ae
. ds Ae AE
.\}
.rm #[ #] #H #V #F C
.\" ========================================================================
.\"
.IX Title "EVP_MD-SHAKE 7ossl"
.TH EVP_MD-SHAKE 7ossl "2025-07-01" "3.4.2" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
.nh
.SH "NAME"
EVP_MD\-SHAKE, EVP_MD\-KECCAK\-KMAC
\&\- The SHAKE / KECCAK family EVP_MD implementations
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
Support for computing \s-1SHAKE\s0 or KECCAK-KMAC digests through the
\&\fB\s-1EVP_MD\s0\fR \s-1API.\s0
.PP
KECCAK-KMAC is an Extendable Output Function (\s-1XOF\s0), with a definition
similar to \s-1SHAKE,\s0 used by the \s-1KMAC EVP_MAC\s0 implementation (see
\&\s-1\fBEVP_MAC\-KMAC\s0\fR\|(7)).
.SS "Identities"
.IX Subsection "Identities"
This implementation is available in the \s-1FIPS\s0 provider as well as the default
provider, and includes the following varieties:
.IP "\s-1KECCAK\-KMAC\-128\s0" 4
.IX Item "KECCAK-KMAC-128"
Known names are \*(L"\s-1KECCAK\-KMAC\-128\*(R"\s0 and \*(L"\s-1KECCAK\-KMAC128\*(R".\s0 This is used
by \s-1\fBEVP_MAC\-KMAC128\s0\fR\|(7). Using the notation from \s-1NIST FIPS 202\s0
(Section 6.2), we have \s-1KECCAK\-KMAC\-128\s0(M,\ d) = KECCAK[256](M\ ||\ 00,\ d)
(see the description of \s-1KMAC128\s0 in Appendix A of \s-1NIST SP 800\-185\s0).
.IP "\s-1KECCAK\-KMAC\-256\s0" 4
.IX Item "KECCAK-KMAC-256"
Known names are \*(L"\s-1KECCAK\-KMAC\-256\*(R"\s0 and \*(L"\s-1KECCAK\-KMAC256\*(R".\s0 This is used
by \s-1\fBEVP_MAC\-KMAC256\s0\fR\|(7). Using the notation from \s-1NIST FIPS 202\s0
(Section 6.2), we have \s-1KECCAK\-KMAC\-256\s0(M,\ d) = KECCAK[512](M\ ||\ 00,\ d)
(see the description of \s-1KMAC256\s0 in Appendix A of \s-1NIST SP 800\-185\s0).
.IP "\s-1SHAKE\-128\s0" 4
.IX Item "SHAKE-128"
Known names are \*(L"\s-1SHAKE\-128\*(R"\s0 and \*(L"\s-1SHAKE128\*(R".\s0
.IP "\s-1SHAKE\-256\s0" 4
.IX Item "SHAKE-256"
Known names are \*(L"\s-1SHAKE\-256\*(R"\s0 and \*(L"\s-1SHAKE256\*(R".\s0
.SS "Parameters"
.IX Subsection "Parameters"
This implementation supports the following \s-1\fBOSSL_PARAM\s0\fR\|(3) entries:
.ie n .IP """xoflen"" (\fB\s-1OSSL_DIGEST_PARAM_XOFLEN\s0\fR) <unsigned integer>" 4
.el .IP "``xoflen'' (\fB\s-1OSSL_DIGEST_PARAM_XOFLEN\s0\fR) <unsigned integer>" 4
.IX Item "xoflen (OSSL_DIGEST_PARAM_XOFLEN) <unsigned integer>"
Sets or Gets the digest length for extendable output functions.
The length of the \*(L"xoflen\*(R" parameter should not exceed that of a \fBsize_t\fR.
.Sp
The \s-1SHAKE\-128\s0 and \s-1SHAKE\-256\s0 implementations do not have any default digest
length.
.Sp
This parameter must be set before calling either \fBEVP_DigestFinal_ex()\fR or
\&\fBEVP_DigestFinal()\fR, since these functions were not designed to handle variable
length output. It is recommended to either use \fBEVP_DigestSqueeze()\fR or
\&\fBEVP_DigestFinalXOF()\fR instead.
.ie n .IP """size"" (\fB\s-1OSSL_DIGEST_PARAM_SIZE\s0\fR) <unsigned integer>" 4
.el .IP "``size'' (\fB\s-1OSSL_DIGEST_PARAM_SIZE\s0\fR) <unsigned integer>" 4
.IX Item "size (OSSL_DIGEST_PARAM_SIZE) <unsigned integer>"
An alias of \*(L"xoflen\*(R".
.PP
See \*(L"\s-1PARAMETERS\*(R"\s0 in \fBEVP_DigestInit\fR\|(3) for further information related to parameters
.SH "NOTES"
.IX Header "NOTES"
For \s-1SHAKE\-128,\s0 to ensure the maximum security strength of 128 bits, the output
length passed to \fBEVP_DigestFinalXOF()\fR should be at least 32.
.PP
For \s-1SHAKE\-256,\s0 to ensure the maximum security strength of 256 bits, the output
length passed to \fBEVP_DigestFinalXOF()\fR should be at least 64.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\fBEVP_MD_CTX_set_params\fR\|(3), \fBprovider\-digest\fR\|(7), \fBOSSL_PROVIDER\-default\fR\|(7)
.SH "HISTORY"
.IX Header "HISTORY"
Since OpenSSL 3.4 the \s-1SHAKE\-128\s0 and \s-1SHAKE\-256\s0 implementations have no default
digest length.
.SH "COPYRIGHT"
.IX Header "COPYRIGHT"
Copyright 2020\-2024 The OpenSSL Project Authors. All Rights Reserved.
.PP
Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use
this file except in compliance with the License. You can obtain a copy
in the file \s-1LICENSE\s0 in the source distribution or at
<https://www.openssl.org/source/license.html>.

164
openssl-install/share/man/man7/EVP_MD-SM3.7ossl
View File

@@ -1,164 +0,0 @@
.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42)
.\"
.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..
.de Vb \" Begin verbatim text
.ft CW
.nf
.ne \\$1
..
.de Ve \" End verbatim text
.ft R
.fi
..
.\" Set up some character translations and predefined strings. \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote. \*(C+ will
.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
.\" nothing in troff, for use with C<>.
.tr \(*W-
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\
. ds -- \(*W-
. ds PI pi
. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
. ds L" ""
. ds R" ""
. ds C` ""
. ds C' ""
'br\}
.el\{\
. ds -- \|\(em\|
. ds PI \(*p
. ds L" ``
. ds R" ''
. ds C`
. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
.ie \n(.g .ds Aq \(aq
.el .ds Aq '
.\"
.\" If the F register is >0, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
.\"
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
.nr rF 0
.if \n(.g .if rF .nr rF 1
.if (\n(rF:(\n(.g==0)) \{\
. if \nF \{\
. de IX
. tm Index:\\$1\t\\n%\t"\\$2"
..
. if !\nF==2 \{\
. nr % 0
. nr F 2
. \}
. \}
.\}
.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
. \" fudge factors for nroff and troff
.if n \{\
. ds #H 0
. ds #V .8m
. ds #F .3m
. ds #[ \f1
. ds #] \fP
.\}
.if t \{\
. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
. ds #V .6m
. ds #F 0
. ds #[ \&
. ds #] \&
.\}
. \" simple accents for nroff and troff
.if n \{\
. ds ' \&
. ds ` \&
. ds ^ \&
. ds , \&
. ds ~ ~
. ds /
.\}
.if t \{\
. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
.\}
. \" troff and (daisy-wheel) nroff accents
.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
.ds ae a\h'-(\w'a'u*4/10)'e
.ds Ae A\h'-(\w'A'u*4/10)'E
. \" corrections for vroff
.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
. \" for low resolution devices (crt and lpr)
.if \n(.H>23 .if \n(.V>19 \
\{\
. ds : e
. ds 8 ss
. ds o a
. ds d- d\h'-1'\(ga
. ds D- D\h'-1'\(hy
. ds th \o'bp'
. ds Th \o'LP'
. ds ae ae
. ds Ae AE
.\}
.rm #[ #] #H #V #F C
.\" ========================================================================
.\"
.IX Title "EVP_MD-SM3 7ossl"
.TH EVP_MD-SM3 7ossl "2025-07-01" "3.4.2" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
.nh
.SH "NAME"
EVP_MD\-SM3 \- The SM3 EVP_MD implementations
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
Support for computing \s-1SM3\s0 digests through the \fB\s-1EVP_MD\s0\fR \s-1API.\s0
.SS "Identity"
.IX Subsection "Identity"
This implementation is only available with the default provider, and is
identified with the name \*(L"\s-1SM3\*(R".\s0
.SS "Gettable Parameters"
.IX Subsection "Gettable Parameters"
This implementation supports the common gettable parameters described
in \fBEVP_MD\-common\fR\|(7).
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\fBprovider\-digest\fR\|(7), \fBOSSL_PROVIDER\-default\fR\|(7)
.SH "COPYRIGHT"
.IX Header "COPYRIGHT"
Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
.PP
Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use
this file except in compliance with the License. You can obtain a copy
in the file \s-1LICENSE\s0 in the source distribution or at
<https://www.openssl.org/source/license.html>.

164
openssl-install/share/man/man7/EVP_MD-WHIRLPOOL.7ossl
View File

@@ -1,164 +0,0 @@
.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42)
.\"
.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..
.de Vb \" Begin verbatim text
.ft CW
.nf
.ne \\$1
..
.de Ve \" End verbatim text
.ft R
.fi
..
.\" Set up some character translations and predefined strings. \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote. \*(C+ will
.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
.\" nothing in troff, for use with C<>.
.tr \(*W-
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\
. ds -- \(*W-
. ds PI pi
. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
. ds L" ""
. ds R" ""
. ds C` ""
. ds C' ""
'br\}
.el\{\
. ds -- \|\(em\|
. ds PI \(*p
. ds L" ``
. ds R" ''
. ds C`
. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
.ie \n(.g .ds Aq \(aq
.el .ds Aq '
.\"
.\" If the F register is >0, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
.\"
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
.nr rF 0
.if \n(.g .if rF .nr rF 1
.if (\n(rF:(\n(.g==0)) \{\
. if \nF \{\
. de IX
. tm Index:\\$1\t\\n%\t"\\$2"
..
. if !\nF==2 \{\
. nr % 0
. nr F 2
. \}
. \}
.\}
.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
. \" fudge factors for nroff and troff
.if n \{\
. ds #H 0
. ds #V .8m
. ds #F .3m
. ds #[ \f1
. ds #] \fP
.\}
.if t \{\
. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
. ds #V .6m
. ds #F 0
. ds #[ \&
. ds #] \&
.\}
. \" simple accents for nroff and troff
.if n \{\
. ds ' \&
. ds ` \&
. ds ^ \&
. ds , \&
. ds ~ ~
. ds /
.\}
.if t \{\
. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
.\}
. \" troff and (daisy-wheel) nroff accents
.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
.ds ae a\h'-(\w'a'u*4/10)'e
.ds Ae A\h'-(\w'A'u*4/10)'E
. \" corrections for vroff
.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
. \" for low resolution devices (crt and lpr)
.if \n(.H>23 .if \n(.V>19 \
\{\
. ds : e
. ds 8 ss
. ds o a
. ds d- d\h'-1'\(ga
. ds D- D\h'-1'\(hy
. ds th \o'bp'
. ds Th \o'LP'
. ds ae ae
. ds Ae AE
.\}
.rm #[ #] #H #V #F C
.\" ========================================================================
.\"
.IX Title "EVP_MD-WHIRLPOOL 7ossl"
.TH EVP_MD-WHIRLPOOL 7ossl "2025-07-01" "3.4.2" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
.nh
.SH "NAME"
EVP_MD\-WHIRLPOOL \- The WHIRLPOOL EVP_MD implementation
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
Support for computing \s-1WHIRLPOOL\s0 digests through the \fB\s-1EVP_MD\s0\fR \s-1API.\s0
.SS "Identity"
.IX Subsection "Identity"
This implementation is only available with the legacy provider, and is
identified with the name \*(L"\s-1WHIRLPOOL\*(R".\s0
.SS "Gettable Parameters"
.IX Subsection "Gettable Parameters"
This implementation supports the common gettable parameters described
in \fBEVP_MD\-common\fR\|(7).
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\fBprovider\-digest\fR\|(7), \fBOSSL_PROVIDER\-default\fR\|(7)
.SH "COPYRIGHT"
.IX Header "COPYRIGHT"
Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
.PP
Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use
this file except in compliance with the License. You can obtain a copy
in the file \s-1LICENSE\s0 in the source distribution or at
<https://www.openssl.org/source/license.html>.

183
openssl-install/share/man/man7/EVP_MD-common.7ossl
View File

@@ -1,183 +0,0 @@
.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42)
.\"
.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..
.de Vb \" Begin verbatim text
.ft CW
.nf
.ne \\$1
..
.de Ve \" End verbatim text
.ft R
.fi
..
.\" Set up some character translations and predefined strings. \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote. \*(C+ will
.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
.\" nothing in troff, for use with C<>.
.tr \(*W-
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\
. ds -- \(*W-
. ds PI pi
. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
. ds L" ""
. ds R" ""
. ds C` ""
. ds C' ""
'br\}
.el\{\
. ds -- \|\(em\|
. ds PI \(*p
. ds L" ``
. ds R" ''
. ds C`
. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
.ie \n(.g .ds Aq \(aq
.el .ds Aq '
.\"
.\" If the F register is >0, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
.\"
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
.nr rF 0
.if \n(.g .if rF .nr rF 1
.if (\n(rF:(\n(.g==0)) \{\
. if \nF \{\
. de IX
. tm Index:\\$1\t\\n%\t"\\$2"
..
. if !\nF==2 \{\
. nr % 0
. nr F 2
. \}
. \}
.\}
.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
. \" fudge factors for nroff and troff
.if n \{\
. ds #H 0
. ds #V .8m
. ds #F .3m
. ds #[ \f1
. ds #] \fP
.\}
.if t \{\
. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
. ds #V .6m
. ds #F 0
. ds #[ \&
. ds #] \&
.\}
. \" simple accents for nroff and troff
.if n \{\
. ds ' \&
. ds ` \&
. ds ^ \&
. ds , \&
. ds ~ ~
. ds /
.\}
.if t \{\
. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
.\}
. \" troff and (daisy-wheel) nroff accents
.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
.ds ae a\h'-(\w'a'u*4/10)'e
.ds Ae A\h'-(\w'A'u*4/10)'E
. \" corrections for vroff
.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
. \" for low resolution devices (crt and lpr)
.if \n(.H>23 .if \n(.V>19 \
\{\
. ds : e
. ds 8 ss
. ds o a
. ds d- d\h'-1'\(ga
. ds D- D\h'-1'\(hy
. ds th \o'bp'
. ds Th \o'LP'
. ds ae ae
. ds Ae AE
.\}
.rm #[ #] #H #V #F C
.\" ========================================================================
.\"
.IX Title "EVP_MD-COMMON 7ossl"
.TH EVP_MD-COMMON 7ossl "2025-07-01" "3.4.2" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
.nh
.SH "NAME"
EVP_MD\-common \- The OpenSSL EVP_MD implementations, common things
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
All the OpenSSL \s-1EVP_MD\s0 implementations understand the following
\&\s-1\fBOSSL_PARAM\s0\fR\|(3) entries that are
gettable with \fBEVP_MD_get_params\fR\|(3), as well as these:
.ie n .IP """blocksize"" (\fB\s-1OSSL_DIGEST_PARAM_BLOCK_SIZE\s0\fR) <unsigned integer>" 4
.el .IP "``blocksize'' (\fB\s-1OSSL_DIGEST_PARAM_BLOCK_SIZE\s0\fR) <unsigned integer>" 4
.IX Item "blocksize (OSSL_DIGEST_PARAM_BLOCK_SIZE) <unsigned integer>"
The digest block size.
The length of the \*(L"blocksize\*(R" parameter should not exceed that of a
\&\fBsize_t\fR.
.Sp
This value can also be retrieved with \fBEVP_MD_get_block_size\fR\|(3).
.ie n .IP """size"" (\fB\s-1OSSL_DIGEST_PARAM_SIZE\s0\fR) <unsigned integer>" 4
.el .IP "``size'' (\fB\s-1OSSL_DIGEST_PARAM_SIZE\s0\fR) <unsigned integer>" 4
.IX Item "size (OSSL_DIGEST_PARAM_SIZE) <unsigned integer>"
The digest output size.
The length of the \*(L"size\*(R" parameter should not exceed that of a \fBsize_t\fR.
.Sp
This value can also be retrieved with \fBEVP_MD_get_size\fR\|(3).
.ie n .IP """flags"" (\fB\s-1OSSL_DIGEST_PARAM_FLAGS\s0\fR) <unsigned integer>" 4
.el .IP "``flags'' (\fB\s-1OSSL_DIGEST_PARAM_FLAGS\s0\fR) <unsigned integer>" 4
.IX Item "flags (OSSL_DIGEST_PARAM_FLAGS) <unsigned integer>"
Diverse flags that describe exceptional behaviour for the digest.
These flags are described in \*(L"\s-1DESCRIPTION\*(R"\s0 in \fBEVP_MD_meth_set_flags\fR\|(3).
.Sp
The length of the \*(L"flags\*(R" parameter should equal that of an
\&\fBunsigned long int\fR.
.Sp
This value can also be retrieved with \fBEVP_MD_get_flags\fR\|(3).
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\*(L"\s-1PARAMETERS\*(R"\s0 in \fBEVP_DigestInit\fR\|(3), \fBEVP_MD_get_params\fR\|(3), \fBprovider\-digest\fR\|(7)
.SH "COPYRIGHT"
.IX Header "COPYRIGHT"
Copyright 2020\-2024 The OpenSSL Project Authors. All Rights Reserved.
.PP
Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use
this file except in compliance with the License. You can obtain a copy
in the file \s-1LICENSE\s0 in the source distribution or at
<https://www.openssl.org/source/license.html>.

1
openssl-install/share/man/man7/EVP_PKEY-CMAC.7ossl
View File

@@ -1 +0,0 @@
EVP_PKEY-HMAC.7ossl

459
openssl-install/share/man/man7/EVP_PKEY-DH.7ossl
View File

@@ -1,459 +0,0 @@
.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42)
.\"
.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..
.de Vb \" Begin verbatim text
.ft CW
.nf
.ne \\$1
..
.de Ve \" End verbatim text
.ft R
.fi
..
.\" Set up some character translations and predefined strings. \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote. \*(C+ will
.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
.\" nothing in troff, for use with C<>.
.tr \(*W-
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\
. ds -- \(*W-
. ds PI pi
. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
. ds L" ""
. ds R" ""
. ds C` ""
. ds C' ""
'br\}
.el\{\
. ds -- \|\(em\|
. ds PI \(*p
. ds L" ``
. ds R" ''
. ds C`
. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
.ie \n(.g .ds Aq \(aq
.el .ds Aq '
.\"
.\" If the F register is >0, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
.\"
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
.nr rF 0
.if \n(.g .if rF .nr rF 1
.if (\n(rF:(\n(.g==0)) \{\
. if \nF \{\
. de IX
. tm Index:\\$1\t\\n%\t"\\$2"
..
. if !\nF==2 \{\
. nr % 0
. nr F 2
. \}
. \}
.\}
.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
. \" fudge factors for nroff and troff
.if n \{\
. ds #H 0
. ds #V .8m
. ds #F .3m
. ds #[ \f1
. ds #] \fP
.\}
.if t \{\
. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
. ds #V .6m
. ds #F 0
. ds #[ \&
. ds #] \&
.\}
. \" simple accents for nroff and troff
.if n \{\
. ds ' \&
. ds ` \&
. ds ^ \&
. ds , \&
. ds ~ ~
. ds /
.\}
.if t \{\
. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
.\}
. \" troff and (daisy-wheel) nroff accents
.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
.ds ae a\h'-(\w'a'u*4/10)'e
.ds Ae A\h'-(\w'A'u*4/10)'E
. \" corrections for vroff
.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
. \" for low resolution devices (crt and lpr)
.if \n(.H>23 .if \n(.V>19 \
\{\
. ds : e
. ds 8 ss
. ds o a
. ds d- d\h'-1'\(ga
. ds D- D\h'-1'\(hy
. ds th \o'bp'
. ds Th \o'LP'
. ds ae ae
. ds Ae AE
.\}
.rm #[ #] #H #V #F C
.\" ========================================================================
.\"
.IX Title "EVP_PKEY-DH 7ossl"
.TH EVP_PKEY-DH 7ossl "2025-07-01" "3.4.2" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
.nh
.SH "NAME"
EVP_PKEY\-DH, EVP_PKEY\-DHX, EVP_KEYMGMT\-DH, EVP_KEYMGMT\-DHX
\&\- EVP_PKEY DH and DHX keytype and algorithm support
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
For finite field Diffie-Hellman key agreement, two classes of domain
parameters can be used: \*(L"safe\*(R" domain parameters that are associated with
approved named safe-prime groups, and a class of \*(L"FIPS186\-type\*(R" domain
parameters. FIPS186\-type domain parameters should only be used for backward
compatibility with existing applications that cannot be upgraded to use the
approved safe-prime groups.
.PP
See \s-1\fBEVP_PKEY\-FFC\s0\fR\|(7) for more information about \s-1FFC\s0 keys.
.PP
The \fB\s-1DH\s0\fR key type uses PKCS#3 format which saves \fIp\fR and \fIg\fR, but not the
\&\fIq\fR value.
The \fB\s-1DHX\s0\fR key type uses X9.42 format which saves the value of \fIq\fR and this
must be used for \s-1FIPS186\-4.\s0 If key validation is required, users should be aware
of the nuances associated with \s-1FIPS186\-4\s0 style parameters as discussed in
\&\*(L"\s-1DH\s0 and \s-1DHX\s0 key validation\*(R".
.SS "\s-1DH\s0 and \s-1DHX\s0 domain parameters"
.IX Subsection "DH and DHX domain parameters"
In addition to the common \s-1FFC\s0 parameters that all \s-1FFC\s0 keytypes should support
(see \*(L"\s-1FFC\s0 parameters\*(R" in \s-1\fBEVP_PKEY\-FFC\s0\fR\|(7)) the \fB\s-1DHX\s0\fR and \fB\s-1DH\s0\fR keytype
implementations support the following:
.ie n .IP """group"" (\fB\s-1OSSL_PKEY_PARAM_GROUP_NAME\s0\fR) <\s-1UTF8\s0 string>" 4
.el .IP "``group'' (\fB\s-1OSSL_PKEY_PARAM_GROUP_NAME\s0\fR) <\s-1UTF8\s0 string>" 4
.IX Item "group (OSSL_PKEY_PARAM_GROUP_NAME) <UTF8 string>"
Sets or gets a string that associates a \fB\s-1DH\s0\fR or \fB\s-1DHX\s0\fR named safe prime group
with known values for \fIp\fR, \fIq\fR and \fIg\fR.
.Sp
The following values can be used by the OpenSSL's default and \s-1FIPS\s0 providers:
\&\*(L"ffdhe2048\*(R", \*(L"ffdhe3072\*(R", \*(L"ffdhe4096\*(R", \*(L"ffdhe6144\*(R", \*(L"ffdhe8192\*(R",
\&\*(L"modp_2048\*(R", \*(L"modp_3072\*(R", \*(L"modp_4096\*(R", \*(L"modp_6144\*(R", \*(L"modp_8192\*(R".
.Sp
The following additional values can also be used by OpenSSL's default provider:
\&\*(L"modp_1536\*(R", \*(L"dh_1024_160\*(R", \*(L"dh_2048_224\*(R", \*(L"dh_2048_256\*(R".
.Sp
\&\s-1DH/DHX\s0 named groups can be easily validated since the parameters are well known.
For protocols that only transfer \fIp\fR and \fIg\fR the value of \fIq\fR can also be
retrieved.
.SS "\s-1DH\s0 and \s-1DHX\s0 additional parameters"
.IX Subsection "DH and DHX additional parameters"
.ie n .IP """encoded-pub-key"" (\fB\s-1OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY\s0\fR) <octet string>" 4
.el .IP "``encoded-pub-key'' (\fB\s-1OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY\s0\fR) <octet string>" 4
.IX Item "encoded-pub-key (OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY) <octet string>"
Used for getting and setting the encoding of the \s-1DH\s0 public key used in a key
exchange message for the \s-1TLS\s0 protocol.
See \fBEVP_PKEY_set1_encoded_public_key()\fR and \fBEVP_PKEY_get1_encoded_public_key()\fR.
.SS "\s-1DH\s0 additional domain parameters"
.IX Subsection "DH additional domain parameters"
.ie n .IP """safeprime-generator"" (\fB\s-1OSSL_PKEY_PARAM_DH_GENERATOR\s0\fR) <integer>" 4
.el .IP "``safeprime-generator'' (\fB\s-1OSSL_PKEY_PARAM_DH_GENERATOR\s0\fR) <integer>" 4
.IX Item "safeprime-generator (OSSL_PKEY_PARAM_DH_GENERATOR) <integer>"
Used for \s-1DH\s0 generation of safe primes using the old safe prime generator code.
The default value is 2.
It is recommended to use a named safe prime group instead, if domain parameter
validation is required.
.Sp
Randomly generated safe primes are not allowed by \s-1FIPS,\s0 so setting this value
for the OpenSSL \s-1FIPS\s0 provider will instead choose a named safe prime group
based on the size of \fIp\fR.
.SS "\s-1DH\s0 and \s-1DHX\s0 domain parameter / key generation parameters"
.IX Subsection "DH and DHX domain parameter / key generation parameters"
In addition to the common \s-1FFC\s0 key generation parameters that all \s-1FFC\s0 key types
should support (see \*(L"\s-1FFC\s0 key generation parameters\*(R" in \s-1\fBEVP_PKEY\-FFC\s0\fR\|(7)) the
\&\fB\s-1DH\s0\fR and \fB\s-1DHX\s0\fR keytype implementation supports the following:
.ie n .IP """type"" (\fB\s-1OSSL_PKEY_PARAM_FFC_TYPE\s0\fR) <\s-1UTF8\s0 string>" 4
.el .IP "``type'' (\fB\s-1OSSL_PKEY_PARAM_FFC_TYPE\s0\fR) <\s-1UTF8\s0 string>" 4
.IX Item "type (OSSL_PKEY_PARAM_FFC_TYPE) <UTF8 string>"
Sets the type of parameter generation. For \fB\s-1DH\s0\fR valid values are:
.RS 4
.ie n .IP """fips186_4""" 4
.el .IP "``fips186_4''" 4
.IX Item "fips186_4"
.PD 0
.ie n .IP """default""" 4
.el .IP "``default''" 4
.IX Item "default"
.ie n .IP """fips186_2""" 4
.el .IP "``fips186_2''" 4
.IX Item "fips186_2"
.PD
These are described in \*(L"\s-1FFC\s0 key generation parameters\*(R" in \s-1\fBEVP_PKEY\-FFC\s0\fR\|(7)
.ie n .IP """group""" 4
.el .IP "``group''" 4
.IX Item "group"
This specifies that a named safe prime name will be chosen using the \*(L"pbits\*(R"
type.
.ie n .IP """generator""" 4
.el .IP "``generator''" 4
.IX Item "generator"
A safe prime generator. See the \*(L"safeprime-generator\*(R" type above.
This is only valid for \fB\s-1DH\s0\fR keys.
.RE
.RS 4
.RE
.ie n .IP """pbits"" (\fB\s-1OSSL_PKEY_PARAM_FFC_PBITS\s0\fR) <unsigned integer>" 4
.el .IP "``pbits'' (\fB\s-1OSSL_PKEY_PARAM_FFC_PBITS\s0\fR) <unsigned integer>" 4
.IX Item "pbits (OSSL_PKEY_PARAM_FFC_PBITS) <unsigned integer>"
Sets the size (in bits) of the prime 'p'.
.Sp
For \*(L"fips186_4\*(R" this must be 2048.
For \*(L"fips186_2\*(R" this must be 1024.
For \*(L"group\*(R" this can be any one of 2048, 3072, 4096, 6144 or 8192.
.ie n .IP """priv_len"" (\fB\s-1OSSL_PKEY_PARAM_DH_PRIV_LEN\s0\fR) <integer>" 4
.el .IP "``priv_len'' (\fB\s-1OSSL_PKEY_PARAM_DH_PRIV_LEN\s0\fR) <integer>" 4
.IX Item "priv_len (OSSL_PKEY_PARAM_DH_PRIV_LEN) <integer>"
An optional value to set the maximum length of the generated private key.
The default value used if this is not set is the maximum value of
BN_num_bits(\fIq\fR)). The minimum value that this can be set to is 2 * s.
Where s is the security strength of the key which has values of
112, 128, 152, 176 and 200 for key sizes of 2048, 3072, 4096, 6144 and 8192.
.SS "\s-1DH\s0 and \s-1DHX\s0 key validation"
.IX Subsection "DH and DHX key validation"
For keys that are not a named group the \s-1FIPS186\-4\s0 standard specifies that the
values used for \s-1FFC\s0 parameter generation are also required for parameter
validation. This means that optional \s-1FFC\s0 domain parameter values for
\&\fIseed\fR, \fIpcounter\fR and \fIgindex\fR or \fIhindex\fR may need to be stored for
validation purposes.
For \fB\s-1DHX\s0\fR the \fIseed\fR and \fIpcounter\fR can be stored in \s-1ASN1\s0 data
(but the \fIgindex\fR or \fIhindex\fR cannot be stored). It is recommended to use a
\&\fB\s-1DH\s0\fR parameters with named safe prime group instead.
.PP
With the OpenSSL \s-1FIPS\s0 provider, \fBEVP_PKEY_param_check\fR\|(3) and
\&\fBEVP_PKEY_param_check_quick\fR\|(3) behave in the following way: the parameters
are tested if they are either an approved safe prime group \s-1OR\s0 that the \s-1FFC\s0
parameters conform to \s-1FIPS186\-4\s0 as defined in SP800\-56Ar3 \fIAssurances of
Domain-Parameter Validity\fR.
.PP
The OpenSSL default provider uses simpler checks that allows there to be no \fIq\fR
value for backwards compatibility, however the \fBEVP_PKEY_param_check\fR\|(3) will
test the \fIp\fR value for being a prime (and a safe prime if \fIq\fR is missing)
which can take significant time. The \fBEVP_PKEY_param_check_quick\fR\|(3) avoids
the prime tests.
.PP
\&\fBEVP_PKEY_public_check\fR\|(3) conforms to SP800\-56Ar3
\&\fI\s-1FFC\s0 Full Public-Key Validation\fR.
.PP
\&\fBEVP_PKEY_public_check_quick\fR\|(3) conforms to SP800\-56Ar3
\&\fI\s-1FFC\s0 Partial Public-Key Validation\fR when the key is an approved named safe
prime group, otherwise it is the same as \fBEVP_PKEY_public_check\fR\|(3).
.PP
\&\fBEVP_PKEY_private_check\fR\|(3) tests that the private key is in the correct range
according to SP800\-56Ar3. The OpenSSL \s-1FIPS\s0 provider requires the value of \fIq\fR
to be set (note that this is implicitly set for named safe prime groups).
For backwards compatibility the OpenSSL default provider only requires \fIp\fR to
be set.
.PP
\&\fBEVP_PKEY_pairwise_check\fR\|(3) conforms to SP800\-56Ar3
\&\fIOwner Assurance of Pair-wise Consistency\fR.
.SH "EXAMPLES"
.IX Header "EXAMPLES"
An \fB\s-1EVP_PKEY\s0\fR context can be obtained by calling:
.PP
.Vb 1
\& EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_from_name(NULL, "DH", NULL);
.Ve
.PP
A \fB\s-1DH\s0\fR key can be generated with a named safe prime group by calling:
.PP
.Vb 4
\& int priv_len = 2 * 112;
\& OSSL_PARAM params[3];
\& EVP_PKEY *pkey = NULL;
\& EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_from_name(NULL, "DH", NULL);
\&
\& params[0] = OSSL_PARAM_construct_utf8_string("group", "ffdhe2048", 0);
\& /* "priv_len" is optional */
\& params[1] = OSSL_PARAM_construct_int("priv_len", &priv_len);
\& params[2] = OSSL_PARAM_construct_end();
\&
\& EVP_PKEY_keygen_init(pctx);
\& EVP_PKEY_CTX_set_params(pctx, params);
\& EVP_PKEY_generate(pctx, &pkey);
\& ...
\& EVP_PKEY_free(pkey);
\& EVP_PKEY_CTX_free(pctx);
.Ve
.PP
\&\fB\s-1DHX\s0\fR domain parameters can be generated according to \fB\s-1FIPS186\-4\s0\fR by calling:
.PP
.Vb 6
\& int gindex = 2;
\& unsigned int pbits = 2048;
\& unsigned int qbits = 256;
\& OSSL_PARAM params[6];
\& EVP_PKEY *param_key = NULL;
\& EVP_PKEY_CTX *pctx = NULL;
\&
\& pctx = EVP_PKEY_CTX_new_from_name(NULL, "DHX", NULL);
\& EVP_PKEY_paramgen_init(pctx);
\&
\& params[0] = OSSL_PARAM_construct_uint("pbits", &pbits);
\& params[1] = OSSL_PARAM_construct_uint("qbits", &qbits);
\& params[2] = OSSL_PARAM_construct_int("gindex", &gindex);
\& params[3] = OSSL_PARAM_construct_utf8_string("type", "fips186_4", 0);
\& params[4] = OSSL_PARAM_construct_utf8_string("digest", "SHA256", 0);
\& params[5] = OSSL_PARAM_construct_end();
\& EVP_PKEY_CTX_set_params(pctx, params);
\&
\& EVP_PKEY_generate(pctx, &param_key);
\&
\& EVP_PKEY_print_params(bio_out, param_key, 0, NULL);
\& ...
\& EVP_PKEY_free(param_key);
\& EVP_PKEY_CTX_free(pctx);
.Ve
.PP
A \fB\s-1DH\s0\fR key can be generated using domain parameters by calling:
.PP
.Vb 2
\& EVP_PKEY *key = NULL;
\& EVP_PKEY_CTX *gctx = EVP_PKEY_CTX_new_from_pkey(NULL, param_key, NULL);
\&
\& EVP_PKEY_keygen_init(gctx);
\& EVP_PKEY_generate(gctx, &key);
\& EVP_PKEY_print_private(bio_out, key, 0, NULL);
\& ...
\& EVP_PKEY_free(key);
\& EVP_PKEY_CTX_free(gctx);
.Ve
.PP
To validate \fB\s-1FIPS186\-4\s0\fR \fB\s-1DHX\s0\fR domain parameters decoded from \fB\s-1PEM\s0\fR or
\&\fB\s-1DER\s0\fR data, additional values used during generation may be required to
be set into the key.
.PP
\&\fBEVP_PKEY_todata()\fR, \fBOSSL_PARAM_merge()\fR, and \fBEVP_PKEY_fromdata()\fR are useful
to add these parameters to the original key or domain parameters before
the actual validation. In production code the return values should be checked.
.PP
.Vb 11
\& EVP_PKEY *received_domp = ...; /* parameters received and decoded */
\& unsigned char *seed = ...; /* and additional parameters received */
\& size_t seedlen = ...; /* by other means, required */
\& int gindex = ...; /* for the validation */
\& int pcounter = ...;
\& int hindex = ...;
\& OSSL_PARAM extra_params[4];
\& OSSL_PARAM *domain_params = NULL;
\& OSSL_PARAM *merged_params = NULL;
\& EVP_PKEY_CTX *ctx = NULL, *validate_ctx = NULL;
\& EVP_PKEY *complete_domp = NULL;
\&
\& EVP_PKEY_todata(received_domp, OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS,
\& &domain_params);
\& extra_params[0] = OSSL_PARAM_construct_octet_string("seed", seed, seedlen);
\& /*
\& * NOTE: For unverifiable g use "hindex" instead of "gindex"
\& * extra_params[1] = OSSL_PARAM_construct_int("hindex", &hindex);
\& */
\& extra_params[1] = OSSL_PARAM_construct_int("gindex", &gindex);
\& extra_params[2] = OSSL_PARAM_construct_int("pcounter", &pcounter);
\& extra_params[3] = OSSL_PARAM_construct_end();
\& merged_params = OSSL_PARAM_merge(domain_params, extra_params);
\&
\& ctx = EVP_PKEY_CTX_new_from_name(NULL, "DHX", NULL);
\& EVP_PKEY_fromdata_init(ctx);
\& EVP_PKEY_fromdata(ctx, &complete_domp, OSSL_KEYMGMT_SELECT_ALL,
\& merged_params);
\&
\& validate_ctx = EVP_PKEY_CTX_new_from_pkey(NULL, complete_domp, NULL);
\& if (EVP_PKEY_param_check(validate_ctx) > 0)
\& /* validation_passed(); */
\& else
\& /* validation_failed(); */
\&
\& OSSL_PARAM_free(domain_params);
\& OSSL_PARAM_free(merged_params);
\& EVP_PKEY_CTX_free(ctx);
\& EVP_PKEY_CTX_free(validate_ctx);
\& EVP_PKEY_free(complete_domp);
.Ve
.SH "CONFORMING TO"
.IX Header "CONFORMING TO"
.IP "\s-1RFC 7919\s0 (\s-1TLS\s0 ffdhe named safe prime groups)" 4
.IX Item "RFC 7919 (TLS ffdhe named safe prime groups)"
.PD 0
.IP "\s-1RFC 3526\s0 (\s-1IKE\s0 modp named safe prime groups)" 4
.IX Item "RFC 3526 (IKE modp named safe prime groups)"
.ie n .IP "\s-1RFC 5114\s0 (Additional \s-1DH\s0 named groups for dh_1024_160"", ""dh_2048_224"" and ""dh_2048_256"")." 4
.el .IP "\s-1RFC 5114\s0 (Additional \s-1DH\s0 named groups for dh_1024_160``, ''dh_2048_224`` and ''dh_2048_256"")." 4
.IX Item "RFC 5114 (Additional DH named groups for dh_1024_160, dh_2048_224 and dh_2048_256"")."
.PD
.PP
The following sections of SP800\-56Ar3:
.IP "5.5.1.1 \s-1FFC\s0 Domain Parameter Selection/Generation" 4
.IX Item "5.5.1.1 FFC Domain Parameter Selection/Generation"
.PD 0
.IP "Appendix D: \s-1FFC\s0 Safe-prime Groups" 4
.IX Item "Appendix D: FFC Safe-prime Groups"
.PD
.PP
The following sections of \s-1FIPS186\-4:\s0
.IP "A.1.1.2 Generation of Probable Primes p and q Using an Approved Hash Function." 4
.IX Item "A.1.1.2 Generation of Probable Primes p and q Using an Approved Hash Function."
.PD 0
.IP "A.2.3 Generation of canonical generator g." 4
.IX Item "A.2.3 Generation of canonical generator g."
.IP "A.2.1 Unverifiable Generation of the Generator g." 4
.IX Item "A.2.1 Unverifiable Generation of the Generator g."
.PD
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\s-1\fBEVP_PKEY\-FFC\s0\fR\|(7),
\&\s-1\fBEVP_KEYEXCH\-DH\s0\fR\|(7)
\&\s-1\fBEVP_PKEY\s0\fR\|(3),
\&\fBprovider\-keymgmt\fR\|(7),
\&\s-1\fBEVP_KEYMGMT\s0\fR\|(3),
\&\fBOSSL_PROVIDER\-default\fR\|(7),
\&\s-1\fBOSSL_PROVIDER\-FIPS\s0\fR\|(7)
.SH "COPYRIGHT"
.IX Header "COPYRIGHT"
Copyright 2020\-2024 The OpenSSL Project Authors. All Rights Reserved.
.PP
Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use
this file except in compliance with the License. You can obtain a copy
in the file \s-1LICENSE\s0 in the source distribution or at
<https://www.openssl.org/source/license.html>.

1
openssl-install/share/man/man7/EVP_PKEY-DHX.7ossl
View File

@@ -1 +0,0 @@
EVP_PKEY-DH.7ossl

271
openssl-install/share/man/man7/EVP_PKEY-DSA.7ossl
View File

@@ -1,271 +0,0 @@
.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42)
.\"
.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..
.de Vb \" Begin verbatim text
.ft CW
.nf
.ne \\$1
..
.de Ve \" End verbatim text
.ft R
.fi
..
.\" Set up some character translations and predefined strings. \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote. \*(C+ will
.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
.\" nothing in troff, for use with C<>.
.tr \(*W-
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\
. ds -- \(*W-
. ds PI pi
. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
. ds L" ""
. ds R" ""
. ds C` ""
. ds C' ""
'br\}
.el\{\
. ds -- \|\(em\|
. ds PI \(*p
. ds L" ``
. ds R" ''
. ds C`
. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
.ie \n(.g .ds Aq \(aq
.el .ds Aq '
.\"
.\" If the F register is >0, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
.\"
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
.nr rF 0
.if \n(.g .if rF .nr rF 1
.if (\n(rF:(\n(.g==0)) \{\
. if \nF \{\
. de IX
. tm Index:\\$1\t\\n%\t"\\$2"
..
. if !\nF==2 \{\
. nr % 0
. nr F 2
. \}
. \}
.\}
.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
. \" fudge factors for nroff and troff
.if n \{\
. ds #H 0
. ds #V .8m
. ds #F .3m
. ds #[ \f1
. ds #] \fP
.\}
.if t \{\
. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
. ds #V .6m
. ds #F 0
. ds #[ \&
. ds #] \&
.\}
. \" simple accents for nroff and troff
.if n \{\
. ds ' \&
. ds ` \&
. ds ^ \&
. ds , \&
. ds ~ ~
. ds /
.\}
.if t \{\
. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
.\}
. \" troff and (daisy-wheel) nroff accents
.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
.ds ae a\h'-(\w'a'u*4/10)'e
.ds Ae A\h'-(\w'A'u*4/10)'E
. \" corrections for vroff
.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
. \" for low resolution devices (crt and lpr)
.if \n(.H>23 .if \n(.V>19 \
\{\
. ds : e
. ds 8 ss
. ds o a
. ds d- d\h'-1'\(ga
. ds D- D\h'-1'\(hy
. ds th \o'bp'
. ds Th \o'LP'
. ds ae ae
. ds Ae AE
.\}
.rm #[ #] #H #V #F C
.\" ========================================================================
.\"
.IX Title "EVP_PKEY-DSA 7ossl"
.TH EVP_PKEY-DSA 7ossl "2025-07-01" "3.4.2" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
.nh
.SH "NAME"
EVP_PKEY\-DSA, EVP_KEYMGMT\-DSA \- EVP_PKEY DSA keytype and algorithm support
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
For \fB\s-1DSA\s0\fR the \s-1FIPS 186\-4\s0 standard specifies that the values used for \s-1FFC\s0
parameter generation are also required for parameter validation.
This means that optional \s-1FFC\s0 domain parameter values for \fIseed\fR, \fIpcounter\fR
and \fIgindex\fR may need to be stored for validation purposes. For \fB\s-1DSA\s0\fR these
fields are not stored in the \s-1ASN1\s0 data so they need to be stored externally if
validation is required.
.PP
As part of \s-1FIPS 140\-3 DSA\s0 is not longer \s-1FIPS\s0 approved for key generation and
signature validation, but is still allowed for signature verification.
.SS "\s-1DSA\s0 parameters"
.IX Subsection "DSA parameters"
The \fB\s-1DSA\s0\fR key type supports the \s-1FFC\s0 parameters (see
\&\*(L"\s-1FFC\s0 parameters\*(R" in \s-1\fBEVP_PKEY\-FFC\s0\fR\|(7)).
.PP
It also supports the following parameters:
.ie n .IP """sign-check"" (\fB\s-1OSSL_PKEY_PARAM_FIPS_SIGN_CHECK\s0\fR) <integer" 4
.el .IP "``sign-check'' (\fB\s-1OSSL_PKEY_PARAM_FIPS_SIGN_CHECK\s0\fR) <integer" 4
.IX Item "sign-check (OSSL_PKEY_PARAM_FIPS_SIGN_CHECK) <integer"
.PD 0
.ie n .IP """fips-indicator"" (\fB\s-1OSSL_PKEY_PARAM_FIPS_APPROVED_INDICATOR\s0\fR) <integer>" 4
.el .IP "``fips-indicator'' (\fB\s-1OSSL_PKEY_PARAM_FIPS_APPROVED_INDICATOR\s0\fR) <integer>" 4
.IX Item "fips-indicator (OSSL_PKEY_PARAM_FIPS_APPROVED_INDICATOR) <integer>"
.PD
See \*(L"Common Information Parameters\*(R" in \fBprovider\-keymgmt\fR\|(7) for more information.
.SS "\s-1DSA\s0 key generation parameters"
.IX Subsection "DSA key generation parameters"
The \fB\s-1DSA\s0\fR key type supports the \s-1FFC\s0 key generation parameters (see
\&\*(L"\s-1FFC\s0 key generation parameters\*(R" in \s-1\fBEVP_PKEY\-FFC\s0\fR\|(7)
.PP
The following restrictions apply to the \*(L"pbits\*(R" field:
.PP
For \*(L"fips186_4\*(R" this must be either 2048 or 3072.
For \*(L"fips186_2\*(R" this must be 1024.
For \*(L"group\*(R" this can be any one of 2048, 3072, 4096, 6144 or 8192.
.SS "\s-1DSA\s0 key validation"
.IX Subsection "DSA key validation"
For \s-1DSA\s0 keys, \fBEVP_PKEY_param_check\fR\|(3) behaves in the following way:
The OpenSSL \s-1FIPS\s0 provider conforms to the rules within the \s-1FIPS186\-4\s0
standard for \s-1FFC\s0 parameter validation. For backwards compatibility the OpenSSL
default provider uses a much simpler check (see below) for parameter validation,
unless the seed parameter is set.
.PP
For \s-1DSA\s0 keys, \fBEVP_PKEY_param_check_quick\fR\|(3) behaves in the following way:
A simple check of L and N and partial g is performed. The default provider
also supports validation of legacy \*(L"fips186_2\*(R" keys.
.PP
For \s-1DSA\s0 keys, \fBEVP_PKEY_public_check\fR\|(3), \fBEVP_PKEY_private_check\fR\|(3) and
\&\fBEVP_PKEY_pairwise_check\fR\|(3) the OpenSSL default and \s-1FIPS\s0 providers conform to
the rules within SP800\-56Ar3 for public, private and pairwise tests respectively.
.SH "EXAMPLES"
.IX Header "EXAMPLES"
An \fB\s-1EVP_PKEY\s0\fR context can be obtained by calling:
.PP
.Vb 1
\& EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_from_name(NULL, "DSA", NULL);
.Ve
.PP
The \fB\s-1DSA\s0\fR domain parameters can be generated by calling:
.PP
.Vb 6
\& unsigned int pbits = 2048;
\& unsigned int qbits = 256;
\& int gindex = 1;
\& OSSL_PARAM params[5];
\& EVP_PKEY *param_key = NULL;
\& EVP_PKEY_CTX *pctx = NULL;
\&
\& pctx = EVP_PKEY_CTX_new_from_name(NULL, "DSA", NULL);
\& EVP_PKEY_paramgen_init(pctx);
\&
\& params[0] = OSSL_PARAM_construct_uint("pbits", &pbits);
\& params[1] = OSSL_PARAM_construct_uint("qbits", &qbits);
\& params[2] = OSSL_PARAM_construct_int("gindex", &gindex);
\& params[3] = OSSL_PARAM_construct_utf8_string("digest", "SHA384", 0);
\& params[4] = OSSL_PARAM_construct_end();
\& EVP_PKEY_CTX_set_params(pctx, params);
\&
\& EVP_PKEY_generate(pctx, &param_key);
\& EVP_PKEY_CTX_free(pctx);
\&
\& EVP_PKEY_print_params(bio_out, param_key, 0, NULL);
.Ve
.PP
A \fB\s-1DSA\s0\fR key can be generated using domain parameters by calling:
.PP
.Vb 2
\& EVP_PKEY *key = NULL;
\& EVP_PKEY_CTX *gctx = NULL;
\&
\& gctx = EVP_PKEY_CTX_new_from_pkey(NULL, param_key, NULL);
\& EVP_PKEY_keygen_init(gctx);
\& EVP_PKEY_generate(gctx, &key);
\& EVP_PKEY_CTX_free(gctx);
\& EVP_PKEY_print_private(bio_out, key, 0, NULL);
.Ve
.SH "CONFORMING TO"
.IX Header "CONFORMING TO"
The following sections of \s-1FIPS186\-4:\s0
.IP "A.1.1.2 Generation of Probable Primes p and q Using an Approved Hash Function." 4
.IX Item "A.1.1.2 Generation of Probable Primes p and q Using an Approved Hash Function."
.PD 0
.IP "A.2.3 Generation of canonical generator g." 4
.IX Item "A.2.3 Generation of canonical generator g."
.IP "A.2.1 Unverifiable Generation of the Generator g." 4
.IX Item "A.2.1 Unverifiable Generation of the Generator g."
.PD
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\s-1\fBEVP_PKEY\-FFC\s0\fR\|(7),
\&\s-1\fBEVP_SIGNATURE\-DSA\s0\fR\|(7)
\&\s-1\fBEVP_PKEY\s0\fR\|(3),
\&\fBprovider\-keymgmt\fR\|(7),
\&\s-1\fBEVP_KEYMGMT\s0\fR\|(3),
\&\fBOSSL_PROVIDER\-default\fR\|(7),
\&\s-1\fBOSSL_PROVIDER\-FIPS\s0\fR\|(7)
.SH "HISTORY"
.IX Header "HISTORY"
\&\s-1DSA\s0 Key generation and signature generation are no longer \s-1FIPS\s0 approved in
OpenSSL 3.4. See \*(L"\s-1FIPS\s0 indicators\*(R" in \fBfips_module\fR\|(7) for more information.
.SH "COPYRIGHT"
.IX Header "COPYRIGHT"
Copyright 2020\-2024 The OpenSSL Project Authors. All Rights Reserved.
.PP
Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use
this file except in compliance with the License. You can obtain a copy
in the file \s-1LICENSE\s0 in the source distribution or at
<https://www.openssl.org/source/license.html>.

447
openssl-install/share/man/man7/EVP_PKEY-EC.7ossl
View File

@@ -1,447 +0,0 @@
.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42)
.\"
.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..
.de Vb \" Begin verbatim text
.ft CW
.nf
.ne \\$1
..
.de Ve \" End verbatim text
.ft R
.fi
..
.\" Set up some character translations and predefined strings. \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote. \*(C+ will
.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
.\" nothing in troff, for use with C<>.
.tr \(*W-
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\
. ds -- \(*W-
. ds PI pi
. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
. ds L" ""
. ds R" ""
. ds C` ""
. ds C' ""
'br\}
.el\{\
. ds -- \|\(em\|
. ds PI \(*p
. ds L" ``
. ds R" ''
. ds C`
. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
.ie \n(.g .ds Aq \(aq
.el .ds Aq '
.\"
.\" If the F register is >0, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
.\"
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
.nr rF 0
.if \n(.g .if rF .nr rF 1
.if (\n(rF:(\n(.g==0)) \{\
. if \nF \{\
. de IX
. tm Index:\\$1\t\\n%\t"\\$2"
..
. if !\nF==2 \{\
. nr % 0
. nr F 2
. \}
. \}
.\}
.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
. \" fudge factors for nroff and troff
.if n \{\
. ds #H 0
. ds #V .8m
. ds #F .3m
. ds #[ \f1
. ds #] \fP
.\}
.if t \{\
. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
. ds #V .6m
. ds #F 0
. ds #[ \&
. ds #] \&
.\}
. \" simple accents for nroff and troff
.if n \{\
. ds ' \&
. ds ` \&
. ds ^ \&
. ds , \&
. ds ~ ~
. ds /
.\}
.if t \{\
. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
.\}
. \" troff and (daisy-wheel) nroff accents
.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
.ds ae a\h'-(\w'a'u*4/10)'e
.ds Ae A\h'-(\w'A'u*4/10)'E
. \" corrections for vroff
.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
. \" for low resolution devices (crt and lpr)
.if \n(.H>23 .if \n(.V>19 \
\{\
. ds : e
. ds 8 ss
. ds o a
. ds d- d\h'-1'\(ga
. ds D- D\h'-1'\(hy
. ds th \o'bp'
. ds Th \o'LP'
. ds ae ae
. ds Ae AE
.\}
.rm #[ #] #H #V #F C
.\" ========================================================================
.\"
.IX Title "EVP_PKEY-EC 7ossl"
.TH EVP_PKEY-EC 7ossl "2025-07-01" "3.4.2" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
.nh
.SH "NAME"
EVP_PKEY\-EC,
EVP_KEYMGMT\-EC
\&\- EVP_PKEY EC keytype and algorithm support
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
The \fB\s-1EC\s0\fR keytype is implemented in OpenSSL's default provider.
.SS "Common \s-1EC\s0 parameters"
.IX Subsection "Common EC parameters"
The normal way of specifying domain parameters for an \s-1EC\s0 curve is via the
curve name \*(L"group\*(R". For curves with no curve name, explicit parameters can be
used that specify \*(L"field-type\*(R", \*(L"p\*(R", \*(L"a\*(R", \*(L"b\*(R", \*(L"generator\*(R" and \*(L"order\*(R".
Explicit parameters are supported for backwards compatibility reasons, but they
are not compliant with multiple standards (including \s-1RFC5915\s0) which only allow
named curves.
.PP
The following Key generation/Gettable/Import/Export types are available for the
built-in \s-1EC\s0 algorithm:
.ie n .IP """group"" (\fB\s-1OSSL_PKEY_PARAM_GROUP_NAME\s0\fR) <\s-1UTF8\s0 string>" 4
.el .IP "``group'' (\fB\s-1OSSL_PKEY_PARAM_GROUP_NAME\s0\fR) <\s-1UTF8\s0 string>" 4
.IX Item "group (OSSL_PKEY_PARAM_GROUP_NAME) <UTF8 string>"
The curve name.
.ie n .IP """field-type"" (\fB\s-1OSSL_PKEY_PARAM_EC_FIELD_TYPE\s0\fR) <\s-1UTF8\s0 string>" 4
.el .IP "``field-type'' (\fB\s-1OSSL_PKEY_PARAM_EC_FIELD_TYPE\s0\fR) <\s-1UTF8\s0 string>" 4
.IX Item "field-type (OSSL_PKEY_PARAM_EC_FIELD_TYPE) <UTF8 string>"
The value should be either \*(L"prime-field\*(R" or \*(L"characteristic-two-field\*(R",
which correspond to prime field Fp and binary field F2^m.
.ie n .IP """p"" (\fB\s-1OSSL_PKEY_PARAM_EC_P\s0\fR) <unsigned integer>" 4
.el .IP "``p'' (\fB\s-1OSSL_PKEY_PARAM_EC_P\s0\fR) <unsigned integer>" 4
.IX Item "p (OSSL_PKEY_PARAM_EC_P) <unsigned integer>"
For a curve over Fp \fIp\fR is the prime for the field. For a curve over F2^m \fIp\fR
represents the irreducible polynomial \- each bit represents a term in the
polynomial. Therefore, there will either be three or five bits set dependent on
whether the polynomial is a trinomial or a pentanomial.
.ie n .IP """a"" (\fB\s-1OSSL_PKEY_PARAM_EC_A\s0\fR) <unsigned integer>" 4
.el .IP "``a'' (\fB\s-1OSSL_PKEY_PARAM_EC_A\s0\fR) <unsigned integer>" 4
.IX Item "a (OSSL_PKEY_PARAM_EC_A) <unsigned integer>"
.PD 0
.ie n .IP """b"" (\fB\s-1OSSL_PKEY_PARAM_EC_B\s0\fR) <unsigned integer>" 4
.el .IP "``b'' (\fB\s-1OSSL_PKEY_PARAM_EC_B\s0\fR) <unsigned integer>" 4
.IX Item "b (OSSL_PKEY_PARAM_EC_B) <unsigned integer>"
.ie n .IP """seed"" (\fB\s-1OSSL_PKEY_PARAM_EC_SEED\s0\fR) <octet string>" 4
.el .IP "``seed'' (\fB\s-1OSSL_PKEY_PARAM_EC_SEED\s0\fR) <octet string>" 4
.IX Item "seed (OSSL_PKEY_PARAM_EC_SEED) <octet string>"
.PD
\&\fIa\fR and \fIb\fR represents the coefficients of the curve
For Fp: y^2 mod p = x^3 +ax + b mod p \s-1OR\s0
For F2^m: y^2 + xy = x^3 + ax^2 + b
.Sp
\&\fIseed\fR is an optional value that is for information purposes only.
It represents the random number seed used to generate the coefficient \fIb\fR from a
random number.
.ie n .IP """generator"" (\fB\s-1OSSL_PKEY_PARAM_EC_GENERATOR\s0\fR) <octet string>" 4
.el .IP "``generator'' (\fB\s-1OSSL_PKEY_PARAM_EC_GENERATOR\s0\fR) <octet string>" 4
.IX Item "generator (OSSL_PKEY_PARAM_EC_GENERATOR) <octet string>"
.PD 0
.ie n .IP """order"" (\fB\s-1OSSL_PKEY_PARAM_EC_ORDER\s0\fR) <unsigned integer>" 4
.el .IP "``order'' (\fB\s-1OSSL_PKEY_PARAM_EC_ORDER\s0\fR) <unsigned integer>" 4
.IX Item "order (OSSL_PKEY_PARAM_EC_ORDER) <unsigned integer>"
.ie n .IP """cofactor"" (\fB\s-1OSSL_PKEY_PARAM_EC_COFACTOR\s0\fR) <unsigned integer>" 4
.el .IP "``cofactor'' (\fB\s-1OSSL_PKEY_PARAM_EC_COFACTOR\s0\fR) <unsigned integer>" 4
.IX Item "cofactor (OSSL_PKEY_PARAM_EC_COFACTOR) <unsigned integer>"
.PD
The \fIgenerator\fR is a well defined point on the curve chosen for cryptographic
operations. The encoding conforms with Sec. 2.3.3 of the \s-1SECG SEC 1\s0 (\*(L"Elliptic Curve
Cryptography\*(R") standard. See \fBEC_POINT_oct2point()\fR.
Integers used for point multiplications will be between 0 and
\&\fIorder\fR \- 1.
\&\fIcofactor\fR is an optional value.
\&\fIorder\fR multiplied by the \fIcofactor\fR gives the number of points on the curve.
.ie n .IP """decoded-from-explicit"" (\fB\s-1OSSL_PKEY_PARAM_EC_DECODED_FROM_EXPLICIT_PARAMS\s0\fR) <integer>" 4
.el .IP "``decoded-from-explicit'' (\fB\s-1OSSL_PKEY_PARAM_EC_DECODED_FROM_EXPLICIT_PARAMS\s0\fR) <integer>" 4
.IX Item "decoded-from-explicit (OSSL_PKEY_PARAM_EC_DECODED_FROM_EXPLICIT_PARAMS) <integer>"
Gets a flag indicating whether the key or parameters were decoded from explicit
curve parameters. Set to 1 if so or 0 if a named curve was used.
.ie n .IP """use-cofactor-flag"" (\fB\s-1OSSL_PKEY_PARAM_USE_COFACTOR_ECDH\s0\fR) <integer>" 4
.el .IP "``use-cofactor-flag'' (\fB\s-1OSSL_PKEY_PARAM_USE_COFACTOR_ECDH\s0\fR) <integer>" 4
.IX Item "use-cofactor-flag (OSSL_PKEY_PARAM_USE_COFACTOR_ECDH) <integer>"
Enable Cofactor \s-1DH\s0 (\s-1ECC CDH\s0) if this value is 1, otherwise it uses normal \s-1EC DH\s0
if the value is zero. The cofactor variant multiplies the shared secret by the
\&\s-1EC\s0 curve's cofactor (note for some curves the cofactor is 1).
.Sp
See also \s-1\fBEVP_KEYEXCH\-ECDH\s0\fR\|(7) for the related
\&\fB\s-1OSSL_EXCHANGE_PARAM_EC_ECDH_COFACTOR_MODE\s0\fR parameter that can be set on a
per-operation basis.
.ie n .IP """encoding"" (\fB\s-1OSSL_PKEY_PARAM_EC_ENCODING\s0\fR) <\s-1UTF8\s0 string>" 4
.el .IP "``encoding'' (\fB\s-1OSSL_PKEY_PARAM_EC_ENCODING\s0\fR) <\s-1UTF8\s0 string>" 4
.IX Item "encoding (OSSL_PKEY_PARAM_EC_ENCODING) <UTF8 string>"
Set the format used for serializing the \s-1EC\s0 group parameters.
Valid values are \*(L"explicit\*(R" or \*(L"named_curve\*(R". The default value is \*(L"named_curve\*(R".
.ie n .IP """point-format"" (\fB\s-1OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT\s0\fR) <\s-1UTF8\s0 string>" 4
.el .IP "``point-format'' (\fB\s-1OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT\s0\fR) <\s-1UTF8\s0 string>" 4
.IX Item "point-format (OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT) <UTF8 string>"
Sets or gets the point_conversion_form for the \fIkey\fR. For a description of
point_conversion_forms please see \fBEC_POINT_new\fR\|(3). Valid values are
\&\*(L"uncompressed\*(R" or \*(L"compressed\*(R". The default value is \*(L"uncompressed\*(R".
.ie n .IP """group-check"" (\fB\s-1OSSL_PKEY_PARAM_EC_GROUP_CHECK_TYPE\s0\fR) <\s-1UTF8\s0 string>" 4
.el .IP "``group-check'' (\fB\s-1OSSL_PKEY_PARAM_EC_GROUP_CHECK_TYPE\s0\fR) <\s-1UTF8\s0 string>" 4
.IX Item "group-check (OSSL_PKEY_PARAM_EC_GROUP_CHECK_TYPE) <UTF8 string>"
Sets or Gets the type of group check done when \fBEVP_PKEY_param_check()\fR is called.
Valid values are \*(L"default\*(R", \*(L"named\*(R" and \*(L"named-nist\*(R".
The \*(L"named\*(R" type checks that the domain parameters match the inbuilt curve parameters,
\&\*(L"named-nist\*(R" is similar but also checks that the named curve is a nist curve.
The \*(L"default\*(R" type does domain parameter validation for the OpenSSL default provider,
but is equivalent to \*(L"named-nist\*(R" for the OpenSSL \s-1FIPS\s0 provider.
.ie n .IP """include-public"" (\fB\s-1OSSL_PKEY_PARAM_EC_INCLUDE_PUBLIC\s0\fR) <integer>" 4
.el .IP "``include-public'' (\fB\s-1OSSL_PKEY_PARAM_EC_INCLUDE_PUBLIC\s0\fR) <integer>" 4
.IX Item "include-public (OSSL_PKEY_PARAM_EC_INCLUDE_PUBLIC) <integer>"
Setting this value to 0 indicates that the public key should not be included when
encoding the private key. The default value of 1 will include the public key.
.ie n .IP """pub"" (\fB\s-1OSSL_PKEY_PARAM_PUB_KEY\s0\fR) <octet string>" 4
.el .IP "``pub'' (\fB\s-1OSSL_PKEY_PARAM_PUB_KEY\s0\fR) <octet string>" 4
.IX Item "pub (OSSL_PKEY_PARAM_PUB_KEY) <octet string>"
The public key value in encoded \s-1EC\s0 point format conforming to Sec. 2.3.3 and
2.3.4 of the \s-1SECG SEC 1\s0 (\*(L"Elliptic Curve Cryptography\*(R") standard.
This parameter is used when importing or exporting the public key value with the
\&\fBEVP_PKEY_fromdata()\fR and \fBEVP_PKEY_todata()\fR functions.
.Sp
Note, in particular, that the choice of point compression format used for
encoding the exported value via \fBEVP_PKEY_todata()\fR depends on the underlying
provider implementation.
Before OpenSSL 3.0.8, the implementation of providers included with OpenSSL always
opted for an encoding in compressed format, unconditionally.
Since OpenSSL 3.0.8, the implementation has been changed to honor the
\&\fB\s-1OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT\s0\fR parameter, if set, or to default
to uncompressed format.
.ie n .IP """priv"" (\fB\s-1OSSL_PKEY_PARAM_PRIV_KEY\s0\fR) <unsigned integer>" 4
.el .IP "``priv'' (\fB\s-1OSSL_PKEY_PARAM_PRIV_KEY\s0\fR) <unsigned integer>" 4
.IX Item "priv (OSSL_PKEY_PARAM_PRIV_KEY) <unsigned integer>"
The private key value.
.ie n .IP """encoded-pub-key"" (\fB\s-1OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY\s0\fR) <octet string>" 4
.el .IP "``encoded-pub-key'' (\fB\s-1OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY\s0\fR) <octet string>" 4
.IX Item "encoded-pub-key (OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY) <octet string>"
Used for getting and setting the encoding of an \s-1EC\s0 public key. The public key
is expected to be a point conforming to Sec. 2.3.4 of the \s-1SECG SEC 1\s0 (\*(L"Elliptic
Curve Cryptography\*(R") standard.
.ie n .IP """qx"" (\fB\s-1OSSL_PKEY_PARAM_EC_PUB_X\s0\fR) <unsigned integer>" 4
.el .IP "``qx'' (\fB\s-1OSSL_PKEY_PARAM_EC_PUB_X\s0\fR) <unsigned integer>" 4
.IX Item "qx (OSSL_PKEY_PARAM_EC_PUB_X) <unsigned integer>"
Used for getting the \s-1EC\s0 public key X component.
.ie n .IP """qy"" (\fB\s-1OSSL_PKEY_PARAM_EC_PUB_Y\s0\fR) <unsigned integer>" 4
.el .IP "``qy'' (\fB\s-1OSSL_PKEY_PARAM_EC_PUB_Y\s0\fR) <unsigned integer>" 4
.IX Item "qy (OSSL_PKEY_PARAM_EC_PUB_Y) <unsigned integer>"
Used for getting the \s-1EC\s0 public key Y component.
.ie n .IP """default-digest"" (\fB\s-1OSSL_PKEY_PARAM_DEFAULT_DIGEST\s0\fR) <\s-1UTF8\s0 string>" 4
.el .IP "``default-digest'' (\fB\s-1OSSL_PKEY_PARAM_DEFAULT_DIGEST\s0\fR) <\s-1UTF8\s0 string>" 4
.IX Item "default-digest (OSSL_PKEY_PARAM_DEFAULT_DIGEST) <UTF8 string>"
Getter that returns the default digest name.
(Currently returns \*(L"\s-1SHA256\*(R"\s0 as of OpenSSL 3.0).
.ie n .IP """dhkem-ikm"" (\fB\s-1OSSL_PKEY_PARAM_DHKEM_IKM\s0\fR) <octet string>" 4
.el .IP "``dhkem-ikm'' (\fB\s-1OSSL_PKEY_PARAM_DHKEM_IKM\s0\fR) <octet string>" 4
.IX Item "dhkem-ikm (OSSL_PKEY_PARAM_DHKEM_IKM) <octet string>"
\&\s-1DHKEM\s0 requires the generation of a keypair using an input key material (seed).
Use this to specify the key material used for generation of the private key.
This value should not be reused for other purposes. It can only be used
for the curves \*(L"P\-256\*(R", \*(L"P\-384\*(R" and \*(L"P\-521\*(R" and should have a length of at least
the size of the encoded private key (i.e. 32, 48 and 66 for the listed curves).
.PP
The following Gettable types are also available for the built-in \s-1EC\s0 algorithm:
.ie n .IP """basis-type"" (\fB\s-1OSSL_PKEY_PARAM_EC_CHAR2_TYPE\s0\fR) <\s-1UTF8\s0 string>" 4
.el .IP "``basis-type'' (\fB\s-1OSSL_PKEY_PARAM_EC_CHAR2_TYPE\s0\fR) <\s-1UTF8\s0 string>" 4
.IX Item "basis-type (OSSL_PKEY_PARAM_EC_CHAR2_TYPE) <UTF8 string>"
Supports the values \*(L"tpBasis\*(R" for a trinomial or \*(L"ppBasis\*(R" for a pentanomial.
This field is only used for a binary field F2^m.
.ie n .IP """m"" (\fB\s-1OSSL_PKEY_PARAM_EC_CHAR2_M\s0\fR) <integer>" 4
.el .IP "``m'' (\fB\s-1OSSL_PKEY_PARAM_EC_CHAR2_M\s0\fR) <integer>" 4
.IX Item "m (OSSL_PKEY_PARAM_EC_CHAR2_M) <integer>"
.PD 0
.ie n .IP """tp"" (\fB\s-1OSSL_PKEY_PARAM_EC_CHAR2_TP_BASIS\s0\fR) <integer>" 4
.el .IP "``tp'' (\fB\s-1OSSL_PKEY_PARAM_EC_CHAR2_TP_BASIS\s0\fR) <integer>" 4
.IX Item "tp (OSSL_PKEY_PARAM_EC_CHAR2_TP_BASIS) <integer>"
.ie n .IP """k1"" (\fB\s-1OSSL_PKEY_PARAM_EC_CHAR2_PP_K1\s0\fR) <integer>" 4
.el .IP "``k1'' (\fB\s-1OSSL_PKEY_PARAM_EC_CHAR2_PP_K1\s0\fR) <integer>" 4
.IX Item "k1 (OSSL_PKEY_PARAM_EC_CHAR2_PP_K1) <integer>"
.ie n .IP """k2"" (\fB\s-1OSSL_PKEY_PARAM_EC_CHAR2_PP_K2\s0\fR) <integer>" 4
.el .IP "``k2'' (\fB\s-1OSSL_PKEY_PARAM_EC_CHAR2_PP_K2\s0\fR) <integer>" 4
.IX Item "k2 (OSSL_PKEY_PARAM_EC_CHAR2_PP_K2) <integer>"
.ie n .IP """k3"" (\fB\s-1OSSL_PKEY_PARAM_EC_CHAR2_PP_K3\s0\fR) <integer>" 4
.el .IP "``k3'' (\fB\s-1OSSL_PKEY_PARAM_EC_CHAR2_PP_K3\s0\fR) <integer>" 4
.IX Item "k3 (OSSL_PKEY_PARAM_EC_CHAR2_PP_K3) <integer>"
.PD
These fields are only used for a binary field F2^m.
\&\fIm\fR is the degree of the binary field.
.Sp
\&\fItp\fR is the middle bit of a trinomial so its value must be in the
range m > tp > 0.
.Sp
\&\fIk1\fR, \fIk2\fR and \fIk3\fR are used to get the middle bits of a pentanomial such
that m > k3 > k2 > k1 > 0
.PP
The following key generation settable parameter is also available for the
OpenSSL \s-1FIPS\s0 provider's \s-1EC\s0 algorithm:
.ie n .IP """key-check"" (\fB\s-1OSSL_PKEY_PARAM_FIPS_KEY_CHECK\s0\fR) <integer>" 4
.el .IP "``key-check'' (\fB\s-1OSSL_PKEY_PARAM_FIPS_KEY_CHECK\s0\fR) <integer>" 4
.IX Item "key-check (OSSL_PKEY_PARAM_FIPS_KEY_CHECK) <integer>"
See \*(L"Common Information Parameters\*(R" in \fBprovider\-keymgmt\fR\|(7) for further information.
.PP
The following key generation Gettable parameter is available for the OpenSSL
\&\s-1FIPS\s0 provider's \s-1EC\s0 algorithm:
.ie n .IP """fips-indicator"" (\fB\s-1OSSL_PKEY_PARAM_FIPS_APPROVED_INDICATOR\s0\fR) <integer>" 4
.el .IP "``fips-indicator'' (\fB\s-1OSSL_PKEY_PARAM_FIPS_APPROVED_INDICATOR\s0\fR) <integer>" 4
.IX Item "fips-indicator (OSSL_PKEY_PARAM_FIPS_APPROVED_INDICATOR) <integer>"
See \*(L"Common Information Parameters\*(R" in \fBprovider\-keymgmt\fR\|(7) for further information.
.SS "\s-1EC\s0 key validation"
.IX Subsection "EC key validation"
For \s-1EC\s0 keys, \fBEVP_PKEY_param_check\fR\|(3) behaves in the following way:
For the OpenSSL default provider it uses either
\&\fBEC_GROUP_check\fR\|(3) or \fBEC_GROUP_check_named_curve\fR\|(3) depending on the flag
\&\s-1EC_FLAG_CHECK_NAMED_GROUP.\s0
The OpenSSL \s-1FIPS\s0 provider uses \fBEC_GROUP_check_named_curve\fR\|(3) in order to
conform to SP800\-56Ar3 \fIAssurances of Domain-Parameter Validity\fR.
.PP
For \s-1EC\s0 keys, \fBEVP_PKEY_param_check_quick\fR\|(3) is equivalent to
\&\fBEVP_PKEY_param_check\fR\|(3).
.PP
For \s-1EC\s0 keys, \fBEVP_PKEY_public_check\fR\|(3) and \fBEVP_PKEY_public_check_quick\fR\|(3)
conform to SP800\-56Ar3 \fI\s-1ECC\s0 Full Public-Key Validation\fR and
\&\fI\s-1ECC\s0 Partial Public-Key Validation\fR respectively.
.PP
For \s-1EC\s0 Keys, \fBEVP_PKEY_private_check\fR\|(3) and \fBEVP_PKEY_pairwise_check\fR\|(3)
conform to SP800\-56Ar3 \fIPrivate key validity\fR and
\&\fIOwner Assurance of Pair-wise Consistency\fR respectively.
.SH "EXAMPLES"
.IX Header "EXAMPLES"
An \fB\s-1EVP_PKEY\s0\fR context can be obtained by calling:
.PP
.Vb 2
\& EVP_PKEY_CTX *pctx =
\& EVP_PKEY_CTX_new_from_name(NULL, "EC", NULL);
.Ve
.PP
An \fB\s-1EVP_PKEY\s0\fR \s-1ECDSA\s0 or \s-1ECDH\s0 key can be generated with a \*(L"P\-256\*(R" named group by
calling:
.PP
.Vb 1
\& pkey = EVP_EC_gen("P\-256");
.Ve
.PP
or like this:
.PP
.Vb 4
\& EVP_PKEY *key = NULL;
\& OSSL_PARAM params[2];
\& EVP_PKEY_CTX *gctx =
\& EVP_PKEY_CTX_new_from_name(NULL, "EC", NULL);
\&
\& EVP_PKEY_keygen_init(gctx);
\&
\& params[0] = OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_GROUP_NAME,
\& "P\-256", 0);
\& params[1] = OSSL_PARAM_construct_end();
\& EVP_PKEY_CTX_set_params(gctx, params);
\&
\& EVP_PKEY_generate(gctx, &key);
\&
\& EVP_PKEY_print_private(bio_out, key, 0, NULL);
\& ...
\& EVP_PKEY_free(key);
\& EVP_PKEY_CTX_free(gctx);
.Ve
.PP
An \fB\s-1EVP_PKEY\s0\fR \s-1EC CDH\s0 (Cofactor Diffie-Hellman) key can be generated with a
\&\*(L"K\-571\*(R" named group by calling:
.PP
.Vb 5
\& int use_cdh = 1;
\& EVP_PKEY *key = NULL;
\& OSSL_PARAM params[3];
\& EVP_PKEY_CTX *gctx =
\& EVP_PKEY_CTX_new_from_name(NULL, "EC", NULL);
\&
\& EVP_PKEY_keygen_init(gctx);
\&
\& params[0] = OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_GROUP_NAME,
\& "K\-571", 0);
\& /*
\& * This curve has a cofactor that is not 1 \- so setting CDH mode changes
\& * the behaviour. For many curves the cofactor is 1 \- so setting this has
\& * no effect.
\& */
\& params[1] = OSSL_PARAM_construct_int(OSSL_PKEY_PARAM_USE_COFACTOR_ECDH,
\& &use_cdh);
\& params[2] = OSSL_PARAM_construct_end();
\& EVP_PKEY_CTX_set_params(gctx, params);
\&
\& EVP_PKEY_generate(gctx, &key);
\& EVP_PKEY_print_private(bio_out, key, 0, NULL);
\& ...
\& EVP_PKEY_free(key);
\& EVP_PKEY_CTX_free(gctx);
.Ve
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\fBEVP_EC_gen\fR\|(3),
\&\s-1\fBEVP_KEYMGMT\s0\fR\|(3),
\&\s-1\fBEVP_PKEY\s0\fR\|(3),
\&\fBprovider\-keymgmt\fR\|(7),
\&\s-1\fBEVP_SIGNATURE\-ECDSA\s0\fR\|(7),
\&\s-1\fBEVP_KEYEXCH\-ECDH\s0\fR\|(7)
.SH "COPYRIGHT"
.IX Header "COPYRIGHT"
Copyright 2020\-2024 The OpenSSL Project Authors. All Rights Reserved.
.PP
Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use
this file except in compliance with the License. You can obtain a copy
in the file \s-1LICENSE\s0 in the source distribution or at
<https://www.openssl.org/source/license.html>.

1
openssl-install/share/man/man7/EVP_PKEY-ED25519.7ossl
View File

@@ -1 +0,0 @@
EVP_PKEY-X25519.7ossl

1
openssl-install/share/man/man7/EVP_PKEY-ED448.7ossl
View File

@@ -1 +0,0 @@
EVP_PKEY-X25519.7ossl

346
openssl-install/share/man/man7/EVP_PKEY-FFC.7ossl
View File

@@ -1,346 +0,0 @@
.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42)
.\"
.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..
.de Vb \" Begin verbatim text
.ft CW
.nf
.ne \\$1
..
.de Ve \" End verbatim text
.ft R
.fi
..
.\" Set up some character translations and predefined strings. \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote. \*(C+ will
.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
.\" nothing in troff, for use with C<>.
.tr \(*W-
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\
. ds -- \(*W-
. ds PI pi
. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
. ds L" ""
. ds R" ""
. ds C` ""
. ds C' ""
'br\}
.el\{\
. ds -- \|\(em\|
. ds PI \(*p
. ds L" ``
. ds R" ''
. ds C`
. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
.ie \n(.g .ds Aq \(aq
.el .ds Aq '
.\"
.\" If the F register is >0, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
.\"
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
.nr rF 0
.if \n(.g .if rF .nr rF 1
.if (\n(rF:(\n(.g==0)) \{\
. if \nF \{\
. de IX
. tm Index:\\$1\t\\n%\t"\\$2"
..
. if !\nF==2 \{\
. nr % 0
. nr F 2
. \}
. \}
.\}
.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
. \" fudge factors for nroff and troff
.if n \{\
. ds #H 0
. ds #V .8m
. ds #F .3m
. ds #[ \f1
. ds #] \fP
.\}
.if t \{\
. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
. ds #V .6m
. ds #F 0
. ds #[ \&
. ds #] \&
.\}
. \" simple accents for nroff and troff
.if n \{\
. ds ' \&
. ds ` \&
. ds ^ \&
. ds , \&
. ds ~ ~
. ds /
.\}
.if t \{\
. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
.\}
. \" troff and (daisy-wheel) nroff accents
.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
.ds ae a\h'-(\w'a'u*4/10)'e
.ds Ae A\h'-(\w'A'u*4/10)'E
. \" corrections for vroff
.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
. \" for low resolution devices (crt and lpr)
.if \n(.H>23 .if \n(.V>19 \
\{\
. ds : e
. ds 8 ss
. ds o a
. ds d- d\h'-1'\(ga
. ds D- D\h'-1'\(hy
. ds th \o'bp'
. ds Th \o'LP'
. ds ae ae
. ds Ae AE
.\}
.rm #[ #] #H #V #F C
.\" ========================================================================
.\"
.IX Title "EVP_PKEY-FFC 7ossl"
.TH EVP_PKEY-FFC 7ossl "2025-07-01" "3.4.2" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
.nh
.SH "NAME"
EVP_PKEY\-FFC \- EVP_PKEY DSA and DH/DHX shared FFC parameters.
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
Finite field cryptography (\s-1FFC\s0) is a method of implementing discrete logarithm
cryptography using finite field mathematics. \s-1DSA\s0 is an example of \s-1FFC\s0 and
Diffie-Hellman key establishment algorithms specified in \s-1SP800\-56A\s0 can also be
implemented as \s-1FFC.\s0
.PP
The \fB\s-1DSA\s0\fR, \fB\s-1DH\s0\fR and \fB\s-1DHX\s0\fR keytypes are implemented in OpenSSL's default and
\&\s-1FIPS\s0 providers.
The implementations support the basic \s-1DSA, DH\s0 and \s-1DHX\s0 keys, containing the public
and private keys \fIpub\fR and \fIpriv\fR as well as the three main domain parameters
\&\fIp\fR, \fIq\fR and \fIg\fR.
.PP
For \fB\s-1DSA\s0\fR (and \fB\s-1DH\s0\fR that is not a named group) the \s-1FIPS186\-4\s0 standard
specifies that the values used for \s-1FFC\s0 parameter generation are also required
for parameter validation.
This means that optional \s-1FFC\s0 domain parameter values for \fIseed\fR, \fIpcounter\fR
and \fIgindex\fR may need to be stored for validation purposes.
For \fB\s-1DH\s0\fR the \fIseed\fR and \fIpcounter\fR can be stored in \s-1ASN1\s0 data
(but the \fIgindex\fR is not). For \fB\s-1DSA\s0\fR however, these fields are not stored in
the \s-1ASN1\s0 data so they need to be stored externally if validation is required.
.PP
The \fB\s-1DH\s0\fR key type uses PKCS#3 format which saves p and g, but not the 'q' value.
The \fB\s-1DHX\s0\fR key type uses X9.42 format which saves the value of 'q' and this
must be used for \s-1FIPS186\-4.\s0
.SS "\s-1FFC\s0 parameters"
.IX Subsection "FFC parameters"
In addition to the common parameters that all keytypes should support (see
\&\*(L"Common parameters\*(R" in \fBprovider\-keymgmt\fR\|(7)), the \fB\s-1DSA\s0\fR, \fB\s-1DH\s0\fR and \fB\s-1DHX\s0\fR keytype
implementations support the following.
.ie n .IP """pub"" (\fB\s-1OSSL_PKEY_PARAM_PUB_KEY\s0\fR) <unsigned integer>" 4
.el .IP "``pub'' (\fB\s-1OSSL_PKEY_PARAM_PUB_KEY\s0\fR) <unsigned integer>" 4
.IX Item "pub (OSSL_PKEY_PARAM_PUB_KEY) <unsigned integer>"
The public key value.
.ie n .IP """priv"" (\fB\s-1OSSL_PKEY_PARAM_PRIV_KEY\s0\fR) <unsigned integer>" 4
.el .IP "``priv'' (\fB\s-1OSSL_PKEY_PARAM_PRIV_KEY\s0\fR) <unsigned integer>" 4
.IX Item "priv (OSSL_PKEY_PARAM_PRIV_KEY) <unsigned integer>"
The private key value.
.SS "\s-1FFC DSA, DH\s0 and \s-1DHX\s0 domain parameters"
.IX Subsection "FFC DSA, DH and DHX domain parameters"
.ie n .IP """p"" (\fB\s-1OSSL_PKEY_PARAM_FFC_P\s0\fR) <unsigned integer>" 4
.el .IP "``p'' (\fB\s-1OSSL_PKEY_PARAM_FFC_P\s0\fR) <unsigned integer>" 4
.IX Item "p (OSSL_PKEY_PARAM_FFC_P) <unsigned integer>"
A \s-1DSA\s0 or Diffie-Hellman prime \*(L"p\*(R" value.
.ie n .IP """g"" (\fB\s-1OSSL_PKEY_PARAM_FFC_G\s0\fR) <unsigned integer>" 4
.el .IP "``g'' (\fB\s-1OSSL_PKEY_PARAM_FFC_G\s0\fR) <unsigned integer>" 4
.IX Item "g (OSSL_PKEY_PARAM_FFC_G) <unsigned integer>"
A \s-1DSA\s0 or Diffie-Hellman generator \*(L"g\*(R" value.
.SS "\s-1FFC DSA\s0 and \s-1DHX\s0 domain parameters"
.IX Subsection "FFC DSA and DHX domain parameters"
.ie n .IP """q"" (\fB\s-1OSSL_PKEY_PARAM_FFC_Q\s0\fR) <unsigned integer>" 4
.el .IP "``q'' (\fB\s-1OSSL_PKEY_PARAM_FFC_Q\s0\fR) <unsigned integer>" 4
.IX Item "q (OSSL_PKEY_PARAM_FFC_Q) <unsigned integer>"
A \s-1DSA\s0 or Diffie-Hellman prime \*(L"q\*(R" value.
.ie n .IP """seed"" (\fB\s-1OSSL_PKEY_PARAM_FFC_SEED\s0\fR) <octet string>" 4
.el .IP "``seed'' (\fB\s-1OSSL_PKEY_PARAM_FFC_SEED\s0\fR) <octet string>" 4
.IX Item "seed (OSSL_PKEY_PARAM_FFC_SEED) <octet string>"
An optional domain parameter \fIseed\fR value used during generation and validation
of \fIp\fR, \fIq\fR and canonical \fIg\fR.
For validation this needs to set the \fIseed\fR that was produced during generation.
.ie n .IP """gindex"" (\fB\s-1OSSL_PKEY_PARAM_FFC_GINDEX\s0\fR) <integer>" 4
.el .IP "``gindex'' (\fB\s-1OSSL_PKEY_PARAM_FFC_GINDEX\s0\fR) <integer>" 4
.IX Item "gindex (OSSL_PKEY_PARAM_FFC_GINDEX) <integer>"
Sets the index to use for canonical generation and verification of the generator
\&\fIg\fR.
Set this to a positive value from 0..FF to use this mode. This \fIgindex\fR can
then be reused during key validation to verify the value of \fIg\fR. If this value
is not set or is \-1 then unverifiable generation of the generator \fIg\fR will be
used.
.ie n .IP """pcounter"" (\fB\s-1OSSL_PKEY_PARAM_FFC_PCOUNTER\s0\fR) <integer>" 4
.el .IP "``pcounter'' (\fB\s-1OSSL_PKEY_PARAM_FFC_PCOUNTER\s0\fR) <integer>" 4
.IX Item "pcounter (OSSL_PKEY_PARAM_FFC_PCOUNTER) <integer>"
An optional domain parameter \fIcounter\fR value that is output during generation
of \fIp\fR. This value must be saved if domain parameter validation is required.
.ie n .IP """hindex"" (\fB\s-1OSSL_PKEY_PARAM_FFC_H\s0\fR) <integer>" 4
.el .IP "``hindex'' (\fB\s-1OSSL_PKEY_PARAM_FFC_H\s0\fR) <integer>" 4
.IX Item "hindex (OSSL_PKEY_PARAM_FFC_H) <integer>"
For unverifiable generation of the generator \fIg\fR this value is output during
generation of \fIg\fR. Its value is the first integer larger than one that
satisfies g = h^j mod p (where g != 1 and \*(L"j\*(R" is the cofactor).
.ie n .IP """j"" (\fB\s-1OSSL_PKEY_PARAM_FFC_COFACTOR\s0\fR) <unsigned integer>" 4
.el .IP "``j'' (\fB\s-1OSSL_PKEY_PARAM_FFC_COFACTOR\s0\fR) <unsigned integer>" 4
.IX Item "j (OSSL_PKEY_PARAM_FFC_COFACTOR) <unsigned integer>"
An optional informational cofactor parameter that should equal to (p \- 1) / q.
.ie n .IP """validate-pq"" (\fB\s-1OSSL_PKEY_PARAM_FFC_VALIDATE_PQ\s0\fR) <unsigned integer>" 4
.el .IP "``validate-pq'' (\fB\s-1OSSL_PKEY_PARAM_FFC_VALIDATE_PQ\s0\fR) <unsigned integer>" 4
.IX Item "validate-pq (OSSL_PKEY_PARAM_FFC_VALIDATE_PQ) <unsigned integer>"
.PD 0
.ie n .IP """validate-g"" (\fB\s-1OSSL_PKEY_PARAM_FFC_VALIDATE_G\s0\fR) <unsigned integer>" 4
.el .IP "``validate-g'' (\fB\s-1OSSL_PKEY_PARAM_FFC_VALIDATE_G\s0\fR) <unsigned integer>" 4
.IX Item "validate-g (OSSL_PKEY_PARAM_FFC_VALIDATE_G) <unsigned integer>"
.PD
These boolean values are used during \s-1FIPS186\-4\s0 or \s-1FIPS186\-2\s0 key validation checks
(See \fBEVP_PKEY_param_check\fR\|(3)) to select validation options. By default
\&\fIvalidate-pq\fR and \fIvalidate-g\fR are both set to 1 to check that p,q and g are
valid. Either of these may be set to 0 to skip a test, which is mainly useful
for testing purposes.
.ie n .IP """validate-legacy"" (\fB\s-1OSSL_PKEY_PARAM_FFC_VALIDATE_LEGACY\s0\fR) <unsigned integer>" 4
.el .IP "``validate-legacy'' (\fB\s-1OSSL_PKEY_PARAM_FFC_VALIDATE_LEGACY\s0\fR) <unsigned integer>" 4
.IX Item "validate-legacy (OSSL_PKEY_PARAM_FFC_VALIDATE_LEGACY) <unsigned integer>"
This boolean value is used during key validation checks
(See \fBEVP_PKEY_param_check\fR\|(3)) to select the validation type. The default
value of 0 selects \s-1FIPS186\-4\s0 validation. Setting this value to 1 selects
\&\s-1FIPS186\-2\s0 validation.
.SS "\s-1FFC\s0 key generation parameters"
.IX Subsection "FFC key generation parameters"
The following key generation types are available for \s-1DSA\s0 and \s-1DHX\s0 algorithms:
.ie n .IP """type"" (\fB\s-1OSSL_PKEY_PARAM_FFC_TYPE\s0\fR) <\s-1UTF8\s0 string>" 4
.el .IP "``type'' (\fB\s-1OSSL_PKEY_PARAM_FFC_TYPE\s0\fR) <\s-1UTF8\s0 string>" 4
.IX Item "type (OSSL_PKEY_PARAM_FFC_TYPE) <UTF8 string>"
Sets the type of parameter generation. The shared valid values are:
.RS 4
.ie n .IP """fips186_4""" 4
.el .IP "``fips186_4''" 4
.IX Item "fips186_4"
The current standard.
.ie n .IP """fips186_2""" 4
.el .IP "``fips186_2''" 4
.IX Item "fips186_2"
The old standard that should only be used for legacy purposes.
.ie n .IP """default""" 4
.el .IP "``default''" 4
.IX Item "default"
This can choose one of \*(L"fips186_4\*(R" or \*(L"fips186_2\*(R" depending on other
parameters set for parameter generation.
.RE
.RS 4
.RE
.ie n .IP """pbits"" (\fB\s-1OSSL_PKEY_PARAM_FFC_PBITS\s0\fR) <unsigned integer>" 4
.el .IP "``pbits'' (\fB\s-1OSSL_PKEY_PARAM_FFC_PBITS\s0\fR) <unsigned integer>" 4
.IX Item "pbits (OSSL_PKEY_PARAM_FFC_PBITS) <unsigned integer>"
Sets the size (in bits) of the prime 'p'.
.ie n .IP """qbits"" (\fB\s-1OSSL_PKEY_PARAM_FFC_QBITS\s0\fR) <unsigned integer>" 4
.el .IP "``qbits'' (\fB\s-1OSSL_PKEY_PARAM_FFC_QBITS\s0\fR) <unsigned integer>" 4
.IX Item "qbits (OSSL_PKEY_PARAM_FFC_QBITS) <unsigned integer>"
Sets the size (in bits) of the prime 'q'.
.Sp
For \*(L"fips186_4\*(R" this can be either 224 or 256.
For \*(L"fips186_2\*(R" this has a size of 160.
.ie n .IP """digest"" (\fB\s-1OSSL_PKEY_PARAM_FFC_DIGEST\s0\fR) <\s-1UTF8\s0 string>" 4
.el .IP "``digest'' (\fB\s-1OSSL_PKEY_PARAM_FFC_DIGEST\s0\fR) <\s-1UTF8\s0 string>" 4
.IX Item "digest (OSSL_PKEY_PARAM_FFC_DIGEST) <UTF8 string>"
Sets the Digest algorithm to be used as part of the Key Generation Function
associated with the given Key Generation \fIctx\fR.
This must also be set for key validation.
.ie n .IP """properties"" (\fB\s-1OSSL_PKEY_PARAM_FFC_DIGEST_PROPS\s0\fR) <\s-1UTF8\s0 string>" 4
.el .IP "``properties'' (\fB\s-1OSSL_PKEY_PARAM_FFC_DIGEST_PROPS\s0\fR) <\s-1UTF8\s0 string>" 4
.IX Item "properties (OSSL_PKEY_PARAM_FFC_DIGEST_PROPS) <UTF8 string>"
Sets properties to be used upon look up of the implementation for the selected
Digest algorithm for the Key Generation Function associated with the given key
generation \fIctx\fR. This may also be set for key validation.
.ie n .IP """seed"" (\fB\s-1OSSL_PKEY_PARAM_FFC_SEED\s0\fR) <octet string>" 4
.el .IP "``seed'' (\fB\s-1OSSL_PKEY_PARAM_FFC_SEED\s0\fR) <octet string>" 4
.IX Item "seed (OSSL_PKEY_PARAM_FFC_SEED) <octet string>"
For \*(L"fips186_4\*(R" or \*(L"fips186_2\*(R" generation this sets the \fIseed\fR data to use
instead of generating a random seed internally. This should be used for
testing purposes only. This will either produce fixed values for the generated
parameters \s-1OR\s0 it will fail if the seed did not generate valid primes.
.ie n .IP """gindex"" (\fB\s-1OSSL_PKEY_PARAM_FFC_GINDEX\s0\fR) <integer>" 4
.el .IP "``gindex'' (\fB\s-1OSSL_PKEY_PARAM_FFC_GINDEX\s0\fR) <integer>" 4
.IX Item "gindex (OSSL_PKEY_PARAM_FFC_GINDEX) <integer>"
.PD 0
.ie n .IP """pcounter"" (\fB\s-1OSSL_PKEY_PARAM_FFC_PCOUNTER\s0\fR) <integer>" 4
.el .IP "``pcounter'' (\fB\s-1OSSL_PKEY_PARAM_FFC_PCOUNTER\s0\fR) <integer>" 4
.IX Item "pcounter (OSSL_PKEY_PARAM_FFC_PCOUNTER) <integer>"
.ie n .IP """hindex"" (\fB\s-1OSSL_PKEY_PARAM_FFC_H\s0\fR) <integer>" 4
.el .IP "``hindex'' (\fB\s-1OSSL_PKEY_PARAM_FFC_H\s0\fR) <integer>" 4
.IX Item "hindex (OSSL_PKEY_PARAM_FFC_H) <integer>"
.PD
These types are described above.
.SH "CONFORMING TO"
.IX Header "CONFORMING TO"
The following sections of SP800\-56Ar3:
.IP "5.5.1.1 \s-1FFC\s0 Domain Parameter Selection/Generation" 4
.IX Item "5.5.1.1 FFC Domain Parameter Selection/Generation"
.PP
The following sections of \s-1FIPS186\-4:\s0
.IP "A.1.1.2 Generation of Probable Primes p and q Using an Approved Hash Function." 4
.IX Item "A.1.1.2 Generation of Probable Primes p and q Using an Approved Hash Function."
.PD 0
.IP "A.2.3 Generation of canonical generator g." 4
.IX Item "A.2.3 Generation of canonical generator g."
.IP "A.2.1 Unverifiable Generation of the Generator g." 4
.IX Item "A.2.1 Unverifiable Generation of the Generator g."
.PD
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\s-1\fBEVP_PKEY\-DSA\s0\fR\|(7),
\&\s-1\fBEVP_PKEY\-DH\s0\fR\|(7),
\&\s-1\fBEVP_SIGNATURE\-DSA\s0\fR\|(7),
\&\s-1\fBEVP_KEYEXCH\-DH\s0\fR\|(7)
\&\s-1\fBEVP_KEYMGMT\s0\fR\|(3),
\&\s-1\fBEVP_PKEY\s0\fR\|(3),
\&\fBprovider\-keymgmt\fR\|(7),
\&\fBOSSL_PROVIDER\-default\fR\|(7),
\&\s-1\fBOSSL_PROVIDER\-FIPS\s0\fR\|(7),
.SH "COPYRIGHT"
.IX Header "COPYRIGHT"
Copyright 2020\-2021 The OpenSSL Project Authors. All Rights Reserved.
.PP
Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use
this file except in compliance with the License. You can obtain a copy
in the file \s-1LICENSE\s0 in the source distribution or at
<https://www.openssl.org/source/license.html>.

207
openssl-install/share/man/man7/EVP_PKEY-HMAC.7ossl
View File

@@ -1,207 +0,0 @@
.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42)
.\"
.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..
.de Vb \" Begin verbatim text
.ft CW
.nf
.ne \\$1
..
.de Ve \" End verbatim text
.ft R
.fi
..
.\" Set up some character translations and predefined strings. \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote. \*(C+ will
.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
.\" nothing in troff, for use with C<>.
.tr \(*W-
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\
. ds -- \(*W-
. ds PI pi
. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
. ds L" ""
. ds R" ""
. ds C` ""
. ds C' ""
'br\}
.el\{\
. ds -- \|\(em\|
. ds PI \(*p
. ds L" ``
. ds R" ''
. ds C`
. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
.ie \n(.g .ds Aq \(aq
.el .ds Aq '
.\"
.\" If the F register is >0, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
.\"
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
.nr rF 0
.if \n(.g .if rF .nr rF 1
.if (\n(rF:(\n(.g==0)) \{\
. if \nF \{\
. de IX
. tm Index:\\$1\t\\n%\t"\\$2"
..
. if !\nF==2 \{\
. nr % 0
. nr F 2
. \}
. \}
.\}
.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
. \" fudge factors for nroff and troff
.if n \{\
. ds #H 0
. ds #V .8m
. ds #F .3m
. ds #[ \f1
. ds #] \fP
.\}
.if t \{\
. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
. ds #V .6m
. ds #F 0
. ds #[ \&
. ds #] \&
.\}
. \" simple accents for nroff and troff
.if n \{\
. ds ' \&
. ds ` \&
. ds ^ \&
. ds , \&
. ds ~ ~
. ds /
.\}
.if t \{\
. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
.\}
. \" troff and (daisy-wheel) nroff accents
.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
.ds ae a\h'-(\w'a'u*4/10)'e
.ds Ae A\h'-(\w'A'u*4/10)'E
. \" corrections for vroff
.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
. \" for low resolution devices (crt and lpr)
.if \n(.H>23 .if \n(.V>19 \
\{\
. ds : e
. ds 8 ss
. ds o a
. ds d- d\h'-1'\(ga
. ds D- D\h'-1'\(hy
. ds th \o'bp'
. ds Th \o'LP'
. ds ae ae
. ds Ae AE
.\}
.rm #[ #] #H #V #F C
.\" ========================================================================
.\"
.IX Title "EVP_PKEY-HMAC 7ossl"
.TH EVP_PKEY-HMAC 7ossl "2025-07-01" "3.4.2" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
.nh
.SH "NAME"
EVP_PKEY\-HMAC, EVP_KEYMGMT\-HMAC, EVP_PKEY\-Siphash, EVP_KEYMGMT\-Siphash,
EVP_PKEY\-Poly1305, EVP_KEYMGMT\-Poly1305, EVP_PKEY\-CMAC, EVP_KEYMGMT\-CMAC
\&\- EVP_PKEY legacy MAC keytypes and algorithm support
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
The \fB\s-1HMAC\s0\fR and \fB\s-1CMAC\s0\fR key types are implemented in OpenSSL's default and \s-1FIPS\s0
providers. Additionally the \fBSiphash\fR and \fBPoly1305\fR key types are implemented
in the default provider. Performing \s-1MAC\s0 operations via an \s-1EVP_PKEY\s0
is considered legacy and are only available for backwards compatibility purposes
and for a restricted set of algorithms. The preferred way of performing \s-1MAC\s0
operations is via the \s-1EVP_MAC\s0 APIs. See \fBEVP_MAC_init\fR\|(3).
.PP
For further details on using \s-1EVP_PKEY\s0 based \s-1MAC\s0 keys see
\&\s-1\fBEVP_SIGNATURE\-HMAC\s0\fR\|(7), \fBEVP_SIGNATURE\-Siphash\fR\|(7),
\&\fBEVP_SIGNATURE\-Poly1305\fR\|(7) or \s-1\fBEVP_SIGNATURE\-CMAC\s0\fR\|(7).
.SS "Common \s-1MAC\s0 parameters"
.IX Subsection "Common MAC parameters"
All the \fB\s-1MAC\s0\fR keytypes support the following parameters.
.ie n .IP """priv"" (\fB\s-1OSSL_PKEY_PARAM_PRIV_KEY\s0\fR) <octet string>" 4
.el .IP "``priv'' (\fB\s-1OSSL_PKEY_PARAM_PRIV_KEY\s0\fR) <octet string>" 4
.IX Item "priv (OSSL_PKEY_PARAM_PRIV_KEY) <octet string>"
The \s-1MAC\s0 key value.
.ie n .IP """properties"" (\fB\s-1OSSL_PKEY_PARAM_PROPERTIES\s0\fR) <\s-1UTF8\s0 string>" 4
.el .IP "``properties'' (\fB\s-1OSSL_PKEY_PARAM_PROPERTIES\s0\fR) <\s-1UTF8\s0 string>" 4
.IX Item "properties (OSSL_PKEY_PARAM_PROPERTIES) <UTF8 string>"
A property query string to be used when any algorithms are fetched.
.SS "\s-1CMAC\s0 parameters"
.IX Subsection "CMAC parameters"
As well as the parameters described above, the \fB\s-1CMAC\s0\fR keytype additionally
supports the following parameters.
.ie n .IP """cipher"" (\fB\s-1OSSL_PKEY_PARAM_CIPHER\s0\fR) <\s-1UTF8\s0 string>" 4
.el .IP "``cipher'' (\fB\s-1OSSL_PKEY_PARAM_CIPHER\s0\fR) <\s-1UTF8\s0 string>" 4
.IX Item "cipher (OSSL_PKEY_PARAM_CIPHER) <UTF8 string>"
The name of a cipher to be used when generating the \s-1MAC.\s0
.ie n .IP """engine"" (\fB\s-1OSSL_PKEY_PARAM_ENGINE\s0\fR) <\s-1UTF8\s0 string>" 4
.el .IP "``engine'' (\fB\s-1OSSL_PKEY_PARAM_ENGINE\s0\fR) <\s-1UTF8\s0 string>" 4
.IX Item "engine (OSSL_PKEY_PARAM_ENGINE) <UTF8 string>"
The name of an engine to be used for the specified cipher (if any).
.SS "Common \s-1MAC\s0 key generation parameters"
.IX Subsection "Common MAC key generation parameters"
\&\s-1MAC\s0 key generation is unusual in that no new key is actually generated. Instead
a new provider side key object is created with the supplied raw key value. This
is done for backwards compatibility with previous versions of OpenSSL.
.ie n .IP """priv"" (\fB\s-1OSSL_PKEY_PARAM_PRIV_KEY\s0\fR) <octet string>" 4
.el .IP "``priv'' (\fB\s-1OSSL_PKEY_PARAM_PRIV_KEY\s0\fR) <octet string>" 4
.IX Item "priv (OSSL_PKEY_PARAM_PRIV_KEY) <octet string>"
The \s-1MAC\s0 key value.
.SS "\s-1CMAC\s0 key generation parameters"
.IX Subsection "CMAC key generation parameters"
In addition to the common \s-1MAC\s0 key generation parameters, the \s-1CMAC\s0 key generation
additionally recognises the following.
.ie n .IP """cipher"" (\fB\s-1OSSL_PKEY_PARAM_CIPHER\s0\fR) <\s-1UTF8\s0 string>" 4
.el .IP "``cipher'' (\fB\s-1OSSL_PKEY_PARAM_CIPHER\s0\fR) <\s-1UTF8\s0 string>" 4
.IX Item "cipher (OSSL_PKEY_PARAM_CIPHER) <UTF8 string>"
The name of a cipher to be used when generating the \s-1MAC.\s0
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\s-1\fBEVP_KEYMGMT\s0\fR\|(3), \s-1\fBEVP_PKEY\s0\fR\|(3), \fBprovider\-keymgmt\fR\|(7)
.SH "COPYRIGHT"
.IX Header "COPYRIGHT"
Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
.PP
Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use
this file except in compliance with the License. You can obtain a copy
in the file \s-1LICENSE\s0 in the source distribution or at
<https://www.openssl.org/source/license.html>.

1
openssl-install/share/man/man7/EVP_PKEY-Poly1305.7ossl
View File

@@ -1 +0,0 @@
EVP_PKEY-HMAC.7ossl

438
openssl-install/share/man/man7/EVP_PKEY-RSA.7ossl
View File

@@ -1,438 +0,0 @@
.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42)
.\"
.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..
.de Vb \" Begin verbatim text
.ft CW
.nf
.ne \\$1
..
.de Ve \" End verbatim text
.ft R
.fi
..
.\" Set up some character translations and predefined strings. \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote. \*(C+ will
.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
.\" nothing in troff, for use with C<>.
.tr \(*W-
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\
. ds -- \(*W-
. ds PI pi
. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
. ds L" ""
. ds R" ""
. ds C` ""
. ds C' ""
'br\}
.el\{\
. ds -- \|\(em\|
. ds PI \(*p
. ds L" ``
. ds R" ''
. ds C`
. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
.ie \n(.g .ds Aq \(aq
.el .ds Aq '
.\"
.\" If the F register is >0, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
.\"
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
.nr rF 0
.if \n(.g .if rF .nr rF 1
.if (\n(rF:(\n(.g==0)) \{\
. if \nF \{\
. de IX
. tm Index:\\$1\t\\n%\t"\\$2"
..
. if !\nF==2 \{\
. nr % 0
. nr F 2
. \}
. \}
.\}
.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
. \" fudge factors for nroff and troff
.if n \{\
. ds #H 0
. ds #V .8m
. ds #F .3m
. ds #[ \f1
. ds #] \fP
.\}
.if t \{\
. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
. ds #V .6m
. ds #F 0
. ds #[ \&
. ds #] \&
.\}
. \" simple accents for nroff and troff
.if n \{\
. ds ' \&
. ds ` \&
. ds ^ \&
. ds , \&
. ds ~ ~
. ds /
.\}
.if t \{\
. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
.\}
. \" troff and (daisy-wheel) nroff accents
.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
.ds ae a\h'-(\w'a'u*4/10)'e
.ds Ae A\h'-(\w'A'u*4/10)'E
. \" corrections for vroff
.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
. \" for low resolution devices (crt and lpr)
.if \n(.H>23 .if \n(.V>19 \
\{\
. ds : e
. ds 8 ss
. ds o a
. ds d- d\h'-1'\(ga
. ds D- D\h'-1'\(hy
. ds th \o'bp'
. ds Th \o'LP'
. ds ae ae
. ds Ae AE
.\}
.rm #[ #] #H #V #F C
.\" ========================================================================
.\"
.IX Title "EVP_PKEY-RSA 7ossl"
.TH EVP_PKEY-RSA 7ossl "2025-07-01" "3.4.2" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
.nh
.SH "NAME"
EVP_PKEY\-RSA, EVP_KEYMGMT\-RSA, RSA
\&\- EVP_PKEY RSA keytype and algorithm support
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
The \fB\s-1RSA\s0\fR keytype is implemented in OpenSSL's default and \s-1FIPS\s0 providers.
That implementation supports the basic \s-1RSA\s0 keys, containing the modulus \fIn\fR,
the public exponent \fIe\fR, the private exponent \fId\fR, and a collection of prime
factors, exponents and coefficient for \s-1CRT\s0 calculations, of which the first
few are known as \fIp\fR and \fIq\fR, \fIdP\fR and \fIdQ\fR, and \fIqInv\fR.
.SS "Common \s-1RSA\s0 parameters"
.IX Subsection "Common RSA parameters"
In addition to the common parameters that all keytypes should support (see
\&\*(L"Common parameters\*(R" in \fBprovider\-keymgmt\fR\|(7)), the \fB\s-1RSA\s0\fR keytype implementation
supports the following.
.ie n .IP """n"" (\fB\s-1OSSL_PKEY_PARAM_RSA_N\s0\fR) <unsigned integer>" 4
.el .IP "``n'' (\fB\s-1OSSL_PKEY_PARAM_RSA_N\s0\fR) <unsigned integer>" 4
.IX Item "n (OSSL_PKEY_PARAM_RSA_N) <unsigned integer>"
The \s-1RSA\s0 modulus \*(L"n\*(R" value.
.ie n .IP """e"" (\fB\s-1OSSL_PKEY_PARAM_RSA_E\s0\fR) <unsigned integer>" 4
.el .IP "``e'' (\fB\s-1OSSL_PKEY_PARAM_RSA_E\s0\fR) <unsigned integer>" 4
.IX Item "e (OSSL_PKEY_PARAM_RSA_E) <unsigned integer>"
The \s-1RSA\s0 public exponent \*(L"e\*(R" value.
This value must always be set when creating a raw key using \fBEVP_PKEY_fromdata\fR\|(3).
Note that when a decryption operation is performed, that this value is used for
blinding purposes to prevent timing attacks.
.ie n .IP """d"" (\fB\s-1OSSL_PKEY_PARAM_RSA_D\s0\fR) <unsigned integer>" 4
.el .IP "``d'' (\fB\s-1OSSL_PKEY_PARAM_RSA_D\s0\fR) <unsigned integer>" 4
.IX Item "d (OSSL_PKEY_PARAM_RSA_D) <unsigned integer>"
The \s-1RSA\s0 private exponent \*(L"d\*(R" value.
.ie n .IP """rsa\-factor1"" (\fB\s-1OSSL_PKEY_PARAM_RSA_FACTOR1\s0\fR) <unsigned integer>" 4
.el .IP "``rsa\-factor1'' (\fB\s-1OSSL_PKEY_PARAM_RSA_FACTOR1\s0\fR) <unsigned integer>" 4
.IX Item "rsa-factor1 (OSSL_PKEY_PARAM_RSA_FACTOR1) <unsigned integer>"
.PD 0
.ie n .IP """rsa\-factor2"" (\fB\s-1OSSL_PKEY_PARAM_RSA_FACTOR2\s0\fR) <unsigned integer>" 4
.el .IP "``rsa\-factor2'' (\fB\s-1OSSL_PKEY_PARAM_RSA_FACTOR2\s0\fR) <unsigned integer>" 4
.IX Item "rsa-factor2 (OSSL_PKEY_PARAM_RSA_FACTOR2) <unsigned integer>"
.ie n .IP """rsa\-factor3"" (\fB\s-1OSSL_PKEY_PARAM_RSA_FACTOR3\s0\fR) <unsigned integer>" 4
.el .IP "``rsa\-factor3'' (\fB\s-1OSSL_PKEY_PARAM_RSA_FACTOR3\s0\fR) <unsigned integer>" 4
.IX Item "rsa-factor3 (OSSL_PKEY_PARAM_RSA_FACTOR3) <unsigned integer>"
.ie n .IP """rsa\-factor4"" (\fB\s-1OSSL_PKEY_PARAM_RSA_FACTOR4\s0\fR) <unsigned integer>" 4
.el .IP "``rsa\-factor4'' (\fB\s-1OSSL_PKEY_PARAM_RSA_FACTOR4\s0\fR) <unsigned integer>" 4
.IX Item "rsa-factor4 (OSSL_PKEY_PARAM_RSA_FACTOR4) <unsigned integer>"
.ie n .IP """rsa\-factor5"" (\fB\s-1OSSL_PKEY_PARAM_RSA_FACTOR5\s0\fR) <unsigned integer>" 4
.el .IP "``rsa\-factor5'' (\fB\s-1OSSL_PKEY_PARAM_RSA_FACTOR5\s0\fR) <unsigned integer>" 4
.IX Item "rsa-factor5 (OSSL_PKEY_PARAM_RSA_FACTOR5) <unsigned integer>"
.ie n .IP """rsa\-factor6"" (\fB\s-1OSSL_PKEY_PARAM_RSA_FACTOR6\s0\fR) <unsigned integer>" 4
.el .IP "``rsa\-factor6'' (\fB\s-1OSSL_PKEY_PARAM_RSA_FACTOR6\s0\fR) <unsigned integer>" 4
.IX Item "rsa-factor6 (OSSL_PKEY_PARAM_RSA_FACTOR6) <unsigned integer>"
.ie n .IP """rsa\-factor7"" (\fB\s-1OSSL_PKEY_PARAM_RSA_FACTOR7\s0\fR) <unsigned integer>" 4
.el .IP "``rsa\-factor7'' (\fB\s-1OSSL_PKEY_PARAM_RSA_FACTOR7\s0\fR) <unsigned integer>" 4
.IX Item "rsa-factor7 (OSSL_PKEY_PARAM_RSA_FACTOR7) <unsigned integer>"
.ie n .IP """rsa\-factor8"" (\fB\s-1OSSL_PKEY_PARAM_RSA_FACTOR8\s0\fR) <unsigned integer>" 4
.el .IP "``rsa\-factor8'' (\fB\s-1OSSL_PKEY_PARAM_RSA_FACTOR8\s0\fR) <unsigned integer>" 4
.IX Item "rsa-factor8 (OSSL_PKEY_PARAM_RSA_FACTOR8) <unsigned integer>"
.ie n .IP """rsa\-factor9"" (\fB\s-1OSSL_PKEY_PARAM_RSA_FACTOR9\s0\fR) <unsigned integer>" 4
.el .IP "``rsa\-factor9'' (\fB\s-1OSSL_PKEY_PARAM_RSA_FACTOR9\s0\fR) <unsigned integer>" 4
.IX Item "rsa-factor9 (OSSL_PKEY_PARAM_RSA_FACTOR9) <unsigned integer>"
.ie n .IP """rsa\-factor10"" (\fB\s-1OSSL_PKEY_PARAM_RSA_FACTOR10\s0\fR) <unsigned integer>" 4
.el .IP "``rsa\-factor10'' (\fB\s-1OSSL_PKEY_PARAM_RSA_FACTOR10\s0\fR) <unsigned integer>" 4
.IX Item "rsa-factor10 (OSSL_PKEY_PARAM_RSA_FACTOR10) <unsigned integer>"
.PD
\&\s-1RSA\s0 prime factors. The factors are known as \*(L"p\*(R", \*(L"q\*(R" and \*(L"r_i\*(R" in \s-1RFC8017.\s0
Up to eight additional \*(L"r_i\*(R" prime factors are supported.
.ie n .IP """rsa\-exponent1"" (\fB\s-1OSSL_PKEY_PARAM_RSA_EXPONENT1\s0\fR) <unsigned integer>" 4
.el .IP "``rsa\-exponent1'' (\fB\s-1OSSL_PKEY_PARAM_RSA_EXPONENT1\s0\fR) <unsigned integer>" 4
.IX Item "rsa-exponent1 (OSSL_PKEY_PARAM_RSA_EXPONENT1) <unsigned integer>"
.PD 0
.ie n .IP """rsa\-exponent2"" (\fB\s-1OSSL_PKEY_PARAM_RSA_EXPONENT2\s0\fR) <unsigned integer>" 4
.el .IP "``rsa\-exponent2'' (\fB\s-1OSSL_PKEY_PARAM_RSA_EXPONENT2\s0\fR) <unsigned integer>" 4
.IX Item "rsa-exponent2 (OSSL_PKEY_PARAM_RSA_EXPONENT2) <unsigned integer>"
.ie n .IP """rsa\-exponent3"" (\fB\s-1OSSL_PKEY_PARAM_RSA_EXPONENT3\s0\fR) <unsigned integer>" 4
.el .IP "``rsa\-exponent3'' (\fB\s-1OSSL_PKEY_PARAM_RSA_EXPONENT3\s0\fR) <unsigned integer>" 4
.IX Item "rsa-exponent3 (OSSL_PKEY_PARAM_RSA_EXPONENT3) <unsigned integer>"
.ie n .IP """rsa\-exponent4"" (\fB\s-1OSSL_PKEY_PARAM_RSA_EXPONENT4\s0\fR) <unsigned integer>" 4
.el .IP "``rsa\-exponent4'' (\fB\s-1OSSL_PKEY_PARAM_RSA_EXPONENT4\s0\fR) <unsigned integer>" 4
.IX Item "rsa-exponent4 (OSSL_PKEY_PARAM_RSA_EXPONENT4) <unsigned integer>"
.ie n .IP """rsa\-exponent5"" (\fB\s-1OSSL_PKEY_PARAM_RSA_EXPONENT5\s0\fR) <unsigned integer>" 4
.el .IP "``rsa\-exponent5'' (\fB\s-1OSSL_PKEY_PARAM_RSA_EXPONENT5\s0\fR) <unsigned integer>" 4
.IX Item "rsa-exponent5 (OSSL_PKEY_PARAM_RSA_EXPONENT5) <unsigned integer>"
.ie n .IP """rsa\-exponent6"" (\fB\s-1OSSL_PKEY_PARAM_RSA_EXPONENT6\s0\fR) <unsigned integer>" 4
.el .IP "``rsa\-exponent6'' (\fB\s-1OSSL_PKEY_PARAM_RSA_EXPONENT6\s0\fR) <unsigned integer>" 4
.IX Item "rsa-exponent6 (OSSL_PKEY_PARAM_RSA_EXPONENT6) <unsigned integer>"
.ie n .IP """rsa\-exponent7"" (\fB\s-1OSSL_PKEY_PARAM_RSA_EXPONENT7\s0\fR) <unsigned integer>" 4
.el .IP "``rsa\-exponent7'' (\fB\s-1OSSL_PKEY_PARAM_RSA_EXPONENT7\s0\fR) <unsigned integer>" 4
.IX Item "rsa-exponent7 (OSSL_PKEY_PARAM_RSA_EXPONENT7) <unsigned integer>"
.ie n .IP """rsa\-exponent8"" (\fB\s-1OSSL_PKEY_PARAM_RSA_EXPONENT8\s0\fR) <unsigned integer>" 4
.el .IP "``rsa\-exponent8'' (\fB\s-1OSSL_PKEY_PARAM_RSA_EXPONENT8\s0\fR) <unsigned integer>" 4
.IX Item "rsa-exponent8 (OSSL_PKEY_PARAM_RSA_EXPONENT8) <unsigned integer>"
.ie n .IP """rsa\-exponent9"" (\fB\s-1OSSL_PKEY_PARAM_RSA_EXPONENT9\s0\fR) <unsigned integer>" 4
.el .IP "``rsa\-exponent9'' (\fB\s-1OSSL_PKEY_PARAM_RSA_EXPONENT9\s0\fR) <unsigned integer>" 4
.IX Item "rsa-exponent9 (OSSL_PKEY_PARAM_RSA_EXPONENT9) <unsigned integer>"
.ie n .IP """rsa\-exponent10"" (\fB\s-1OSSL_PKEY_PARAM_RSA_EXPONENT10\s0\fR) <unsigned integer>" 4
.el .IP "``rsa\-exponent10'' (\fB\s-1OSSL_PKEY_PARAM_RSA_EXPONENT10\s0\fR) <unsigned integer>" 4
.IX Item "rsa-exponent10 (OSSL_PKEY_PARAM_RSA_EXPONENT10) <unsigned integer>"
.PD
\&\s-1RSA CRT\s0 (Chinese Remainder Theorem) exponents. The exponents are known
as \*(L"dP\*(R", \*(L"dQ\*(R" and \*(L"d_i\*(R" in \s-1RFC8017.\s0
Up to eight additional \*(L"d_i\*(R" exponents are supported.
.ie n .IP """rsa\-coefficient1"" (\fB\s-1OSSL_PKEY_PARAM_RSA_COEFFICIENT1\s0\fR) <unsigned integer>" 4
.el .IP "``rsa\-coefficient1'' (\fB\s-1OSSL_PKEY_PARAM_RSA_COEFFICIENT1\s0\fR) <unsigned integer>" 4
.IX Item "rsa-coefficient1 (OSSL_PKEY_PARAM_RSA_COEFFICIENT1) <unsigned integer>"
.PD 0
.ie n .IP """rsa\-coefficient2"" (\fB\s-1OSSL_PKEY_PARAM_RSA_COEFFICIENT2\s0\fR) <unsigned integer>" 4
.el .IP "``rsa\-coefficient2'' (\fB\s-1OSSL_PKEY_PARAM_RSA_COEFFICIENT2\s0\fR) <unsigned integer>" 4
.IX Item "rsa-coefficient2 (OSSL_PKEY_PARAM_RSA_COEFFICIENT2) <unsigned integer>"
.ie n .IP """rsa\-coefficient3"" (\fB\s-1OSSL_PKEY_PARAM_RSA_COEFFICIENT3\s0\fR) <unsigned integer>" 4
.el .IP "``rsa\-coefficient3'' (\fB\s-1OSSL_PKEY_PARAM_RSA_COEFFICIENT3\s0\fR) <unsigned integer>" 4
.IX Item "rsa-coefficient3 (OSSL_PKEY_PARAM_RSA_COEFFICIENT3) <unsigned integer>"
.ie n .IP """rsa\-coefficient4"" (\fB\s-1OSSL_PKEY_PARAM_RSA_COEFFICIENT4\s0\fR) <unsigned integer>" 4
.el .IP "``rsa\-coefficient4'' (\fB\s-1OSSL_PKEY_PARAM_RSA_COEFFICIENT4\s0\fR) <unsigned integer>" 4
.IX Item "rsa-coefficient4 (OSSL_PKEY_PARAM_RSA_COEFFICIENT4) <unsigned integer>"
.ie n .IP """rsa\-coefficient5"" (\fB\s-1OSSL_PKEY_PARAM_RSA_COEFFICIENT5\s0\fR) <unsigned integer>" 4
.el .IP "``rsa\-coefficient5'' (\fB\s-1OSSL_PKEY_PARAM_RSA_COEFFICIENT5\s0\fR) <unsigned integer>" 4
.IX Item "rsa-coefficient5 (OSSL_PKEY_PARAM_RSA_COEFFICIENT5) <unsigned integer>"
.ie n .IP """rsa\-coefficient6"" (\fB\s-1OSSL_PKEY_PARAM_RSA_COEFFICIENT6\s0\fR) <unsigned integer>" 4
.el .IP "``rsa\-coefficient6'' (\fB\s-1OSSL_PKEY_PARAM_RSA_COEFFICIENT6\s0\fR) <unsigned integer>" 4
.IX Item "rsa-coefficient6 (OSSL_PKEY_PARAM_RSA_COEFFICIENT6) <unsigned integer>"
.ie n .IP """rsa\-coefficient7"" (\fB\s-1OSSL_PKEY_PARAM_RSA_COEFFICIENT7\s0\fR) <unsigned integer>" 4
.el .IP "``rsa\-coefficient7'' (\fB\s-1OSSL_PKEY_PARAM_RSA_COEFFICIENT7\s0\fR) <unsigned integer>" 4
.IX Item "rsa-coefficient7 (OSSL_PKEY_PARAM_RSA_COEFFICIENT7) <unsigned integer>"
.ie n .IP """rsa\-coefficient8"" (\fB\s-1OSSL_PKEY_PARAM_RSA_COEFFICIENT8\s0\fR) <unsigned integer>" 4
.el .IP "``rsa\-coefficient8'' (\fB\s-1OSSL_PKEY_PARAM_RSA_COEFFICIENT8\s0\fR) <unsigned integer>" 4
.IX Item "rsa-coefficient8 (OSSL_PKEY_PARAM_RSA_COEFFICIENT8) <unsigned integer>"
.ie n .IP """rsa\-coefficient9"" (\fB\s-1OSSL_PKEY_PARAM_RSA_COEFFICIENT9\s0\fR) <unsigned integer>" 4
.el .IP "``rsa\-coefficient9'' (\fB\s-1OSSL_PKEY_PARAM_RSA_COEFFICIENT9\s0\fR) <unsigned integer>" 4
.IX Item "rsa-coefficient9 (OSSL_PKEY_PARAM_RSA_COEFFICIENT9) <unsigned integer>"
.PD
\&\s-1RSA CRT\s0 (Chinese Remainder Theorem) coefficients. The coefficients are known as
\&\*(L"qInv\*(R" and \*(L"t_i\*(R".
Up to eight additional \*(L"t_i\*(R" exponents are supported.
.SS "\s-1RSA\s0 key generation parameters"
.IX Subsection "RSA key generation parameters"
When generating \s-1RSA\s0 keys, the following key generation parameters may be used.
.ie n .IP """bits"" (\fB\s-1OSSL_PKEY_PARAM_RSA_BITS\s0\fR) <unsigned integer>" 4
.el .IP "``bits'' (\fB\s-1OSSL_PKEY_PARAM_RSA_BITS\s0\fR) <unsigned integer>" 4
.IX Item "bits (OSSL_PKEY_PARAM_RSA_BITS) <unsigned integer>"
The value should be the cryptographic length for the \fB\s-1RSA\s0\fR cryptosystem, in
bits.
.ie n .IP """primes"" (\fB\s-1OSSL_PKEY_PARAM_RSA_PRIMES\s0\fR) <unsigned integer>" 4
.el .IP "``primes'' (\fB\s-1OSSL_PKEY_PARAM_RSA_PRIMES\s0\fR) <unsigned integer>" 4
.IX Item "primes (OSSL_PKEY_PARAM_RSA_PRIMES) <unsigned integer>"
The value should be the number of primes for the generated \fB\s-1RSA\s0\fR key. The
default is 2. It isn't permitted to specify a larger number of primes than
10. Additionally, the number of primes is limited by the length of the key
being generated so the maximum number could be less.
Some providers may only support a value of 2.
.ie n .IP """e"" (\fB\s-1OSSL_PKEY_PARAM_RSA_E\s0\fR) <unsigned integer>" 4
.el .IP "``e'' (\fB\s-1OSSL_PKEY_PARAM_RSA_E\s0\fR) <unsigned integer>" 4
.IX Item "e (OSSL_PKEY_PARAM_RSA_E) <unsigned integer>"
The \s-1RSA\s0 \*(L"e\*(R" value. The value may be any odd number greater than or equal to
65537. The default value is 65537.
For legacy reasons a value of 3 is currently accepted but is deprecated.
.ie n .IP """rsa-derive-from-pq"" (\fB\s-1OSSL_PKEY_PARAM_RSA_DERIVE_FROM_PQ\s0\fR) <unsigned integer>" 4
.el .IP "``rsa-derive-from-pq'' (\fB\s-1OSSL_PKEY_PARAM_RSA_DERIVE_FROM_PQ\s0\fR) <unsigned integer>" 4
.IX Item "rsa-derive-from-pq (OSSL_PKEY_PARAM_RSA_DERIVE_FROM_PQ) <unsigned integer>"
Indicate that missing parameters not passed in the parameter list should be
derived if not provided. Setting a nonzero value will cause all
needed exponents and coefficients to be derived if not available. Setting this
option requires at least \s-1OSSL_PARAM_RSA_FACTOR1, OSSL_PARAM_RSA_FACTOR2,\s0
and \s-1OSSL_PARAM_RSA_N\s0 to be provided. This option is ignored if
\&\s-1OSSL_KEYMGMT_SELECT_PRIVATE_KEY\s0 is not set in the selection parameter.
.SS "\s-1RSA\s0 key generation parameters for \s-1FIPS\s0 module testing"
.IX Subsection "RSA key generation parameters for FIPS module testing"
When generating \s-1RSA\s0 keys, the following additional key generation parameters may
be used for algorithm testing purposes only. Do not use these to generate
\&\s-1RSA\s0 keys for a production environment.
.ie n .IP """xp"" (\fB\s-1OSSL_PKEY_PARAM_RSA_TEST_XP\s0\fR) <unsigned integer>" 4
.el .IP "``xp'' (\fB\s-1OSSL_PKEY_PARAM_RSA_TEST_XP\s0\fR) <unsigned integer>" 4
.IX Item "xp (OSSL_PKEY_PARAM_RSA_TEST_XP) <unsigned integer>"
.PD 0
.ie n .IP """xq"" (\fB\s-1OSSL_PKEY_PARAM_RSA_TEST_XQ\s0\fR) <unsigned integer>" 4
.el .IP "``xq'' (\fB\s-1OSSL_PKEY_PARAM_RSA_TEST_XQ\s0\fR) <unsigned integer>" 4
.IX Item "xq (OSSL_PKEY_PARAM_RSA_TEST_XQ) <unsigned integer>"
.PD
These 2 fields are normally randomly generated and are used to generate \*(L"p\*(R" and
\&\*(L"q\*(R".
.ie n .IP """xp1"" (\fB\s-1OSSL_PKEY_PARAM_RSA_TEST_XP1\s0\fR) <unsigned integer>" 4
.el .IP "``xp1'' (\fB\s-1OSSL_PKEY_PARAM_RSA_TEST_XP1\s0\fR) <unsigned integer>" 4
.IX Item "xp1 (OSSL_PKEY_PARAM_RSA_TEST_XP1) <unsigned integer>"
.PD 0
.ie n .IP """xp2"" (\fB\s-1OSSL_PKEY_PARAM_RSA_TEST_XP2\s0\fR) <unsigned integer>" 4
.el .IP "``xp2'' (\fB\s-1OSSL_PKEY_PARAM_RSA_TEST_XP2\s0\fR) <unsigned integer>" 4
.IX Item "xp2 (OSSL_PKEY_PARAM_RSA_TEST_XP2) <unsigned integer>"
.ie n .IP """xq1"" (\fB\s-1OSSL_PKEY_PARAM_RSA_TEST_XQ1\s0\fR) <unsigned integer>" 4
.el .IP "``xq1'' (\fB\s-1OSSL_PKEY_PARAM_RSA_TEST_XQ1\s0\fR) <unsigned integer>" 4
.IX Item "xq1 (OSSL_PKEY_PARAM_RSA_TEST_XQ1) <unsigned integer>"
.ie n .IP """xq2"" (\fB\s-1OSSL_PKEY_PARAM_RSA_TEST_XQ2\s0\fR) <unsigned integer>" 4
.el .IP "``xq2'' (\fB\s-1OSSL_PKEY_PARAM_RSA_TEST_XQ2\s0\fR) <unsigned integer>" 4
.IX Item "xq2 (OSSL_PKEY_PARAM_RSA_TEST_XQ2) <unsigned integer>"
.PD
These 4 fields are normally randomly generated. The prime factors \*(L"p1\*(R", \*(L"p2\*(R",
\&\*(L"q1\*(R" and \*(L"q2\*(R" are determined from these values.
.SS "\s-1RSA\s0 key parameters for \s-1FIPS\s0 module testing"
.IX Subsection "RSA key parameters for FIPS module testing"
The following intermediate values can be retrieved only if the values
specified in \*(L"\s-1RSA\s0 key generation parameters for \s-1FIPS\s0 module testing\*(R" are set.
These should not be accessed in a production environment.
.ie n .IP """p1"" (\fB\s-1OSSL_PKEY_PARAM_RSA_TEST_P1\s0\fR) <unsigned integer>" 4
.el .IP "``p1'' (\fB\s-1OSSL_PKEY_PARAM_RSA_TEST_P1\s0\fR) <unsigned integer>" 4
.IX Item "p1 (OSSL_PKEY_PARAM_RSA_TEST_P1) <unsigned integer>"
.PD 0
.ie n .IP """p2"" (\fB\s-1OSSL_PKEY_PARAM_RSA_TEST_P2\s0\fR) <unsigned integer>" 4
.el .IP "``p2'' (\fB\s-1OSSL_PKEY_PARAM_RSA_TEST_P2\s0\fR) <unsigned integer>" 4
.IX Item "p2 (OSSL_PKEY_PARAM_RSA_TEST_P2) <unsigned integer>"
.ie n .IP """q1"" (\fB\s-1OSSL_PKEY_PARAM_RSA_TEST_Q1\s0\fR) <unsigned integer>" 4
.el .IP "``q1'' (\fB\s-1OSSL_PKEY_PARAM_RSA_TEST_Q1\s0\fR) <unsigned integer>" 4
.IX Item "q1 (OSSL_PKEY_PARAM_RSA_TEST_Q1) <unsigned integer>"
.ie n .IP """q2"" (\fB\s-1OSSL_PKEY_PARAM_RSA_TEST_Q2\s0\fR) <unsigned integer>" 4
.el .IP "``q2'' (\fB\s-1OSSL_PKEY_PARAM_RSA_TEST_Q2\s0\fR) <unsigned integer>" 4
.IX Item "q2 (OSSL_PKEY_PARAM_RSA_TEST_Q2) <unsigned integer>"
.PD
The auxiliary probable primes.
.SS "\s-1RSA\s0 key validation"
.IX Subsection "RSA key validation"
For \s-1RSA\s0 keys, \fBEVP_PKEY_param_check\fR\|(3) and \fBEVP_PKEY_param_check_quick\fR\|(3)
both return 1 unconditionally.
.PP
For \s-1RSA\s0 keys, \fBEVP_PKEY_public_check\fR\|(3) conforms to the SP800\-56Br1 \fIpublic key
check\fR when the OpenSSL \s-1FIPS\s0 provider is used. The OpenSSL default provider
performs similar tests but relaxes the keysize restrictions for backwards
compatibility.
.PP
For \s-1RSA\s0 keys, \fBEVP_PKEY_public_check_quick\fR\|(3) is the same as
\&\fBEVP_PKEY_public_check\fR\|(3).
.PP
For \s-1RSA\s0 keys, \fBEVP_PKEY_private_check\fR\|(3) conforms to the SP800\-56Br1
\&\fIprivate key test\fR.
.PP
For \s-1RSA\s0 keys, \fBEVP_PKEY_pairwise_check\fR\|(3) conforms to the
SP800\-56Br1 \fIKeyPair Validation check\fR for the OpenSSL \s-1FIPS\s0 provider. The
OpenSSL default provider allows testing of the validity of multi-primes.
.SH "CONFORMING TO"
.IX Header "CONFORMING TO"
.IP "\s-1FIPS186\-4\s0" 4
.IX Item "FIPS186-4"
Section B.3.6 Generation of Probable Primes with Conditions Based on
Auxiliary Probable Primes
.IP "\s-1RFC 8017,\s0 excluding RSA-PSS and RSA-OAEP" 4
.IX Item "RFC 8017, excluding RSA-PSS and RSA-OAEP"
.SH "EXAMPLES"
.IX Header "EXAMPLES"
An \fB\s-1EVP_PKEY\s0\fR context can be obtained by calling:
.PP
.Vb 2
\& EVP_PKEY_CTX *pctx =
\& EVP_PKEY_CTX_new_from_name(NULL, "RSA", NULL);
.Ve
.PP
An \fB\s-1RSA\s0\fR key can be generated simply like this:
.PP
.Vb 1
\& pkey = EVP_RSA_gen(4096);
.Ve
.PP
or like this:
.PP
.Vb 3
\& EVP_PKEY *pkey = NULL;
\& EVP_PKEY_CTX *pctx =
\& EVP_PKEY_CTX_new_from_name(NULL, "RSA", NULL);
\&
\& EVP_PKEY_keygen_init(pctx);
\& EVP_PKEY_generate(pctx, &pkey);
\& EVP_PKEY_CTX_free(pctx);
.Ve
.PP
An \fB\s-1RSA\s0\fR key can be generated with key generation parameters:
.PP
.Vb 5
\& unsigned int primes = 3;
\& unsigned int bits = 4096;
\& OSSL_PARAM params[3];
\& EVP_PKEY *pkey = NULL;
\& EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_from_name(NULL, "RSA", NULL);
\&
\& EVP_PKEY_keygen_init(pctx);
\&
\& params[0] = OSSL_PARAM_construct_uint("bits", &bits);
\& params[1] = OSSL_PARAM_construct_uint("primes", &primes);
\& params[2] = OSSL_PARAM_construct_end();
\& EVP_PKEY_CTX_set_params(pctx, params);
\&
\& EVP_PKEY_generate(pctx, &pkey);
\& EVP_PKEY_print_private(bio_out, pkey, 0, NULL);
\& EVP_PKEY_CTX_free(pctx);
.Ve
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\fBEVP_RSA_gen\fR\|(3), \s-1\fBEVP_KEYMGMT\s0\fR\|(3), \s-1\fBEVP_PKEY\s0\fR\|(3), \fBprovider\-keymgmt\fR\|(7)
.SH "COPYRIGHT"
.IX Header "COPYRIGHT"
Copyright 2020\-2024 The OpenSSL Project Authors. All Rights Reserved.
.PP
Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use
this file except in compliance with the License. You can obtain a copy
in the file \s-1LICENSE\s0 in the source distribution or at
<https://www.openssl.org/source/license.html>.

227
openssl-install/share/man/man7/EVP_PKEY-SM2.7ossl
View File

@@ -1,227 +0,0 @@
.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42)
.\"
.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..
.de Vb \" Begin verbatim text
.ft CW
.nf
.ne \\$1
..
.de Ve \" End verbatim text
.ft R
.fi
..
.\" Set up some character translations and predefined strings. \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote. \*(C+ will
.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
.\" nothing in troff, for use with C<>.
.tr \(*W-
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\
. ds -- \(*W-
. ds PI pi
. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
. ds L" ""
. ds R" ""
. ds C` ""
. ds C' ""
'br\}
.el\{\
. ds -- \|\(em\|
. ds PI \(*p
. ds L" ``
. ds R" ''
. ds C`
. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
.ie \n(.g .ds Aq \(aq
.el .ds Aq '
.\"
.\" If the F register is >0, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
.\"
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
.nr rF 0
.if \n(.g .if rF .nr rF 1
.if (\n(rF:(\n(.g==0)) \{\
. if \nF \{\
. de IX
. tm Index:\\$1\t\\n%\t"\\$2"
..
. if !\nF==2 \{\
. nr % 0
. nr F 2
. \}
. \}
.\}
.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
. \" fudge factors for nroff and troff
.if n \{\
. ds #H 0
. ds #V .8m
. ds #F .3m
. ds #[ \f1
. ds #] \fP
.\}
.if t \{\
. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
. ds #V .6m
. ds #F 0
. ds #[ \&
. ds #] \&
.\}
. \" simple accents for nroff and troff
.if n \{\
. ds ' \&
. ds ` \&
. ds ^ \&
. ds , \&
. ds ~ ~
. ds /
.\}
.if t \{\
. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
.\}
. \" troff and (daisy-wheel) nroff accents
.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
.ds ae a\h'-(\w'a'u*4/10)'e
.ds Ae A\h'-(\w'A'u*4/10)'E
. \" corrections for vroff
.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
. \" for low resolution devices (crt and lpr)
.if \n(.H>23 .if \n(.V>19 \
\{\
. ds : e
. ds 8 ss
. ds o a
. ds d- d\h'-1'\(ga
. ds D- D\h'-1'\(hy
. ds th \o'bp'
. ds Th \o'LP'
. ds ae ae
. ds Ae AE
.\}
.rm #[ #] #H #V #F C
.\" ========================================================================
.\"
.IX Title "EVP_PKEY-SM2 7ossl"
.TH EVP_PKEY-SM2 7ossl "2025-07-01" "3.4.2" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
.nh
.SH "NAME"
EVP_PKEY\-SM2, EVP_KEYMGMT\-SM2, SM2
\&\- EVP_PKEY keytype support for the Chinese SM2 signature and encryption algorithms
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
The \fB\s-1SM2\s0\fR algorithm was first defined by the Chinese national standard \s-1GM/T
0003\-2012\s0 and was later standardized by \s-1ISO\s0 as \s-1ISO/IEC 14888.\s0 \fB\s-1SM2\s0\fR is actually
an elliptic curve based algorithm. The current implementation in OpenSSL supports
both signature and encryption schemes via the \s-1EVP\s0 interface.
.PP
When doing the \fB\s-1SM2\s0\fR signature algorithm, it requires a distinguishing identifier
to form the message prefix which is hashed before the real message is hashed.
.SS "Common \s-1SM2\s0 parameters"
.IX Subsection "Common SM2 parameters"
\&\s-1SM2\s0 uses the parameters defined in \*(L"Common \s-1EC\s0 parameters\*(R" in \s-1\fBEVP_PKEY\-EC\s0\fR\|(7).
The following parameters are different:
.ie n .IP """cofactor"" (\fB\s-1OSSL_PKEY_PARAM_EC_COFACTOR\s0\fR) <unsigned integer>" 4
.el .IP "``cofactor'' (\fB\s-1OSSL_PKEY_PARAM_EC_COFACTOR\s0\fR) <unsigned integer>" 4
.IX Item "cofactor (OSSL_PKEY_PARAM_EC_COFACTOR) <unsigned integer>"
This parameter is ignored for \fB\s-1SM2\s0\fR.
.IP "(\fB\s-1OSSL_PKEY_PARAM_DEFAULT_DIGEST\s0\fR) <\s-1UTF8\s0 string>" 4
.IX Item "(OSSL_PKEY_PARAM_DEFAULT_DIGEST) <UTF8 string>"
Getter that returns the default digest name.
(Currently returns \*(L"\s-1SM3\*(R"\s0 as of OpenSSL 3.0).
.SH "NOTES"
.IX Header "NOTES"
\&\fB\s-1SM2\s0\fR signatures can be generated by using the 'DigestSign' series of APIs, for
instance, \fBEVP_DigestSignInit()\fR, \fBEVP_DigestSignUpdate()\fR and \fBEVP_DigestSignFinal()\fR.
Ditto for the verification process by calling the 'DigestVerify' series of APIs.
Note that the \s-1SM2\s0 algorithm requires the presence of the public key for signatures,
as such the \fB\s-1OSSL_PKEY_PARAM_PUB_KEY\s0\fR option must be set on any key used in signature
generation.
.PP
Before computing an \fB\s-1SM2\s0\fR signature, an \fB\s-1EVP_PKEY_CTX\s0\fR needs to be created,
and an \fB\s-1SM2\s0\fR \s-1ID\s0 must be set for it, like this:
.PP
.Vb 1
\& EVP_PKEY_CTX_set1_id(pctx, id, id_len);
.Ve
.PP
Before calling the \fBEVP_DigestSignInit()\fR or \fBEVP_DigestVerifyInit()\fR functions,
that \fB\s-1EVP_PKEY_CTX\s0\fR should be assigned to the \fB\s-1EVP_MD_CTX\s0\fR, like this:
.PP
.Vb 1
\& EVP_MD_CTX_set_pkey_ctx(mctx, pctx);
.Ve
.PP
There is normally no need to pass a \fBpctx\fR parameter to \fBEVP_DigestSignInit()\fR
or \fBEVP_DigestVerifyInit()\fR in such a scenario.
.PP
\&\s-1SM2\s0 can be tested with the \fBopenssl\-speed\fR\|(1) application since version 3.0.
Currently, the only valid algorithm name is \fBsm2\fR.
.PP
Since version 3.0, \s-1SM2\s0 keys can be generated and loaded only when the domain
parameters specify the \s-1SM2\s0 elliptic curve.
.SH "EXAMPLES"
.IX Header "EXAMPLES"
This example demonstrates the calling sequence for using an \fB\s-1EVP_PKEY\s0\fR to verify
a message with the \s-1SM2\s0 signature algorithm and the \s-1SM3\s0 hash algorithm:
.PP
.Vb 1
\& #include <openssl/evp.h>
\&
\& /* obtain an EVP_PKEY using whatever methods... */
\& mctx = EVP_MD_CTX_new();
\& pctx = EVP_PKEY_CTX_new(pkey, NULL);
\& EVP_PKEY_CTX_set1_id(pctx, id, id_len);
\& EVP_MD_CTX_set_pkey_ctx(mctx, pctx);
\& EVP_DigestVerifyInit(mctx, NULL, EVP_sm3(), NULL, pkey);
\& EVP_DigestVerifyUpdate(mctx, msg, msg_len);
\& EVP_DigestVerifyFinal(mctx, sig, sig_len)
.Ve
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\fBEVP_PKEY_CTX_new\fR\|(3),
\&\fBEVP_DigestSignInit\fR\|(3),
\&\fBEVP_DigestVerifyInit\fR\|(3),
\&\fBEVP_PKEY_CTX_set1_id\fR\|(3),
\&\fBEVP_MD_CTX_set_pkey_ctx\fR\|(3)
.SH "COPYRIGHT"
.IX Header "COPYRIGHT"
Copyright 2018\-2024 The OpenSSL Project Authors. All Rights Reserved.
.PP
Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use
this file except in compliance with the License. You can obtain a copy
in the file \s-1LICENSE\s0 in the source distribution or at
<https://www.openssl.org/source/license.html>.

1
openssl-install/share/man/man7/EVP_PKEY-Siphash.7ossl
View File

@@ -1 +0,0 @@
EVP_PKEY-HMAC.7ossl

246
openssl-install/share/man/man7/EVP_PKEY-X25519.7ossl
View File

@@ -1,246 +0,0 @@
.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42)
.\"
.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..
.de Vb \" Begin verbatim text
.ft CW
.nf
.ne \\$1
..
.de Ve \" End verbatim text
.ft R
.fi
..
.\" Set up some character translations and predefined strings. \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote. \*(C+ will
.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
.\" nothing in troff, for use with C<>.
.tr \(*W-
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\
. ds -- \(*W-
. ds PI pi
. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
. ds L" ""
. ds R" ""
. ds C` ""
. ds C' ""
'br\}
.el\{\
. ds -- \|\(em\|
. ds PI \(*p
. ds L" ``
. ds R" ''
. ds C`
. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
.ie \n(.g .ds Aq \(aq
.el .ds Aq '
.\"
.\" If the F register is >0, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
.\"
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
.nr rF 0
.if \n(.g .if rF .nr rF 1
.if (\n(rF:(\n(.g==0)) \{\
. if \nF \{\
. de IX
. tm Index:\\$1\t\\n%\t"\\$2"
..
. if !\nF==2 \{\
. nr % 0
. nr F 2
. \}
. \}
.\}
.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
. \" fudge factors for nroff and troff
.if n \{\
. ds #H 0
. ds #V .8m
. ds #F .3m
. ds #[ \f1
. ds #] \fP
.\}
.if t \{\
. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
. ds #V .6m
. ds #F 0
. ds #[ \&
. ds #] \&
.\}
. \" simple accents for nroff and troff
.if n \{\
. ds ' \&
. ds ` \&
. ds ^ \&
. ds , \&
. ds ~ ~
. ds /
.\}
.if t \{\
. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
.\}
. \" troff and (daisy-wheel) nroff accents
.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
.ds ae a\h'-(\w'a'u*4/10)'e
.ds Ae A\h'-(\w'A'u*4/10)'E
. \" corrections for vroff
.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
. \" for low resolution devices (crt and lpr)
.if \n(.H>23 .if \n(.V>19 \
\{\
. ds : e
. ds 8 ss
. ds o a
. ds d- d\h'-1'\(ga
. ds D- D\h'-1'\(hy
. ds th \o'bp'
. ds Th \o'LP'
. ds ae ae
. ds Ae AE
.\}
.rm #[ #] #H #V #F C
.\" ========================================================================
.\"
.IX Title "EVP_PKEY-X25519 7ossl"
.TH EVP_PKEY-X25519 7ossl "2025-07-01" "3.4.2" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
.nh
.SH "NAME"
EVP_PKEY\-X25519, EVP_PKEY\-X448, EVP_PKEY\-ED25519, EVP_PKEY\-ED448,
EVP_KEYMGMT\-X25519, EVP_KEYMGMT\-X448, EVP_KEYMGMT\-ED25519, EVP_KEYMGMT\-ED448
\&\- EVP_PKEY X25519, X448, ED25519 and ED448 keytype and algorithm support
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
The \fBX25519\fR, \fBX448\fR, \fB\s-1ED25519\s0\fR and \fB\s-1ED448\s0\fR keytypes are
implemented in OpenSSL's default and \s-1FIPS\s0 providers. These implementations
support the associated key, containing the public key \fIpub\fR and the
private key \fIpriv\fR.
.SS "Keygen Parameters"
.IX Subsection "Keygen Parameters"
.ie n .IP """dhkem-ikm"" (\fB\s-1OSSL_PKEY_PARAM_DHKEM_IKM\s0\fR) <octet string>" 4
.el .IP "``dhkem-ikm'' (\fB\s-1OSSL_PKEY_PARAM_DHKEM_IKM\s0\fR) <octet string>" 4
.IX Item "dhkem-ikm (OSSL_PKEY_PARAM_DHKEM_IKM) <octet string>"
\&\s-1DHKEM\s0 requires the generation of a keypair using an input key material (seed).
Use this to specify the key material used for generation of the private key.
This value should not be reused for other purposes.
It should have a length of at least 32 for X25519, and 56 for X448.
This is only supported by X25519 and X448.
.ie n .IP """fips-indicator"" (\fB\s-1OSSL_PKEY_PARAM_FIPS_APPROVED_INDICATOR\s0\fR) <integer>" 4
.el .IP "``fips-indicator'' (\fB\s-1OSSL_PKEY_PARAM_FIPS_APPROVED_INDICATOR\s0\fR) <integer>" 4
.IX Item "fips-indicator (OSSL_PKEY_PARAM_FIPS_APPROVED_INDICATOR) <integer>"
This getter is only supported by X25519 and X448 for the \s-1FIPS\s0 provider.
Since X25519 and X448 are unapproved in \s-1FIPS 140\-3\s0 this getter return 0.
.Sp
See \*(L"Common Information Parameters\*(R" in \fBprovider\-keymgmt\fR\|(7) for further information.
.PP
Use \fBEVP_PKEY_CTX_set_params()\fR after calling \fBEVP_PKEY_keygen_init()\fR.
.SS "Common X25519, X448, \s-1ED25519\s0 and \s-1ED448\s0 parameters"
.IX Subsection "Common X25519, X448, ED25519 and ED448 parameters"
In addition to the common parameters that all keytypes should support (see
\&\*(L"Common parameters\*(R" in \fBprovider\-keymgmt\fR\|(7)), the implementation of these keytypes
support the following.
.ie n .IP """group"" (\fB\s-1OSSL_PKEY_PARAM_GROUP_NAME\s0\fR) <\s-1UTF8\s0 string>" 4
.el .IP "``group'' (\fB\s-1OSSL_PKEY_PARAM_GROUP_NAME\s0\fR) <\s-1UTF8\s0 string>" 4
.IX Item "group (OSSL_PKEY_PARAM_GROUP_NAME) <UTF8 string>"
This is only supported by X25519 and X448. The group name must be \*(L"x25519\*(R" or
\&\*(L"x448\*(R" respectively for those algorithms. This is only present for consistency
with other key exchange algorithms and is typically not needed.
.ie n .IP """pub"" (\fB\s-1OSSL_PKEY_PARAM_PUB_KEY\s0\fR) <octet string>" 4
.el .IP "``pub'' (\fB\s-1OSSL_PKEY_PARAM_PUB_KEY\s0\fR) <octet string>" 4
.IX Item "pub (OSSL_PKEY_PARAM_PUB_KEY) <octet string>"
The public key value.
.ie n .IP """priv"" (\fB\s-1OSSL_PKEY_PARAM_PRIV_KEY\s0\fR) <octet string>" 4
.el .IP "``priv'' (\fB\s-1OSSL_PKEY_PARAM_PRIV_KEY\s0\fR) <octet string>" 4
.IX Item "priv (OSSL_PKEY_PARAM_PRIV_KEY) <octet string>"
The private key value.
.ie n .IP """encoded-pub-key"" (\fB\s-1OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY\s0\fR) <octet string>" 4
.el .IP "``encoded-pub-key'' (\fB\s-1OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY\s0\fR) <octet string>" 4
.IX Item "encoded-pub-key (OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY) <octet string>"
Used for getting and setting the encoding of a public key for the \fBX25519\fR and
\&\fBX448\fR key types. Public keys are expected be encoded in a format as defined by
\&\s-1RFC7748.\s0
.SS "\s-1ED25519\s0 and \s-1ED448\s0 parameters"
.IX Subsection "ED25519 and ED448 parameters"
.ie n .IP """mandatory-digest"" (\fB\s-1OSSL_PKEY_PARAM_MANDATORY_DIGEST\s0\fR) <\s-1UTF8\s0 string>" 4
.el .IP "``mandatory-digest'' (\fB\s-1OSSL_PKEY_PARAM_MANDATORY_DIGEST\s0\fR) <\s-1UTF8\s0 string>" 4
.IX Item "mandatory-digest (OSSL_PKEY_PARAM_MANDATORY_DIGEST) <UTF8 string>"
The empty string, signifying that no digest may be specified.
.SH "CONFORMING TO"
.IX Header "CONFORMING TO"
.IP "\s-1RFC 8032\s0" 4
.IX Item "RFC 8032"
.PD 0
.IP "\s-1RFC 8410\s0" 4
.IX Item "RFC 8410"
.PD
.SH "EXAMPLES"
.IX Header "EXAMPLES"
An \fB\s-1EVP_PKEY\s0\fR context can be obtained by calling:
.PP
.Vb 2
\& EVP_PKEY_CTX *pctx =
\& EVP_PKEY_CTX_new_from_name(NULL, "X25519", NULL);
\&
\& EVP_PKEY_CTX *pctx =
\& EVP_PKEY_CTX_new_from_name(NULL, "X448", NULL);
\&
\& EVP_PKEY_CTX *pctx =
\& EVP_PKEY_CTX_new_from_name(NULL, "ED25519", NULL);
\&
\& EVP_PKEY_CTX *pctx =
\& EVP_PKEY_CTX_new_from_name(NULL, "ED448", NULL);
.Ve
.PP
An \fBX25519\fR key can be generated like this:
.PP
.Vb 1
\& pkey = EVP_PKEY_Q_keygen(NULL, NULL, "X25519");
.Ve
.PP
An \fBX448\fR, \fB\s-1ED25519\s0\fR, or \fB\s-1ED448\s0\fR key can be generated likewise.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\s-1\fBEVP_KEYMGMT\s0\fR\|(3), \s-1\fBEVP_PKEY\s0\fR\|(3), \fBprovider\-keymgmt\fR\|(7),
\&\s-1\fBEVP_KEYEXCH\-X25519\s0\fR\|(7), \s-1\fBEVP_KEYEXCH\-X448\s0\fR\|(7),
\&\s-1\fBEVP_SIGNATURE\-ED25519\s0\fR\|(7), \s-1\fBEVP_SIGNATURE\-ED448\s0\fR\|(7)
.SH "COPYRIGHT"
.IX Header "COPYRIGHT"
Copyright 2020\-2024 The OpenSSL Project Authors. All Rights Reserved.
.PP
Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use
this file except in compliance with the License. You can obtain a copy
in the file \s-1LICENSE\s0 in the source distribution or at
<https://www.openssl.org/source/license.html>.

1
openssl-install/share/man/man7/EVP_PKEY-X448.7ossl
View File

@@ -1 +0,0 @@
EVP_PKEY-X25519.7ossl

202
openssl-install/share/man/man7/EVP_RAND-CRNG-TEST.7ossl
View File

@@ -1,202 +0,0 @@
.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42)
.\"
.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..
.de Vb \" Begin verbatim text
.ft CW
.nf
.ne \\$1
..
.de Ve \" End verbatim text
.ft R
.fi
..
.\" Set up some character translations and predefined strings. \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote. \*(C+ will
.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
.\" nothing in troff, for use with C<>.
.tr \(*W-
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\
. ds -- \(*W-
. ds PI pi
. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
. ds L" ""
. ds R" ""
. ds C` ""
. ds C' ""
'br\}
.el\{\
. ds -- \|\(em\|
. ds PI \(*p
. ds L" ``
. ds R" ''
. ds C`
. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
.ie \n(.g .ds Aq \(aq
.el .ds Aq '
.\"
.\" If the F register is >0, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
.\"
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
.nr rF 0
.if \n(.g .if rF .nr rF 1
.if (\n(rF:(\n(.g==0)) \{\
. if \nF \{\
. de IX
. tm Index:\\$1\t\\n%\t"\\$2"
..
. if !\nF==2 \{\
. nr % 0
. nr F 2
. \}
. \}
.\}
.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
. \" fudge factors for nroff and troff
.if n \{\
. ds #H 0
. ds #V .8m
. ds #F .3m
. ds #[ \f1
. ds #] \fP
.\}
.if t \{\
. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
. ds #V .6m
. ds #F 0
. ds #[ \&
. ds #] \&
.\}
. \" simple accents for nroff and troff
.if n \{\
. ds ' \&
. ds ` \&
. ds ^ \&
. ds , \&
. ds ~ ~
. ds /
.\}
.if t \{\
. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
.\}
. \" troff and (daisy-wheel) nroff accents
.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
.ds ae a\h'-(\w'a'u*4/10)'e
.ds Ae A\h'-(\w'A'u*4/10)'E
. \" corrections for vroff
.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
. \" for low resolution devices (crt and lpr)
.if \n(.H>23 .if \n(.V>19 \
\{\
. ds : e
. ds 8 ss
. ds o a
. ds d- d\h'-1'\(ga
. ds D- D\h'-1'\(hy
. ds th \o'bp'
. ds Th \o'LP'
. ds ae ae
. ds Ae AE
.\}
.rm #[ #] #H #V #F C
.\" ========================================================================
.\"
.IX Title "EVP_RAND-CRNG-TEST 7ossl"
.TH EVP_RAND-CRNG-TEST 7ossl "2025-07-01" "3.4.2" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
.nh
.SH "NAME"
EVP_RAND\-CRNG\-TEST \- The FIPS health testing EVP_RAND filter
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
This \fB\s-1EVP_RAND\s0\fR object acts as a filter between the entropy source
and its users. It performs \s-1CRNG\s0 health tests as defined in
\&\s-1SP 800\-90B\s0 <https://csrc.nist.gov/pubs/sp/800/90/b/final> Section 4 \*(L"Health
Tests\*(R". Most requests are forwarded to the entropy source, either via
its parent reference or via the provider entropy upcalls.
.SS "Identity"
.IX Subsection "Identity"
\&\*(L"CRNG-TEST\*(R" is the name for this implementation; it can be used with the
\&\fBEVP_RAND_fetch()\fR function.
.SS "Supported parameters"
.IX Subsection "Supported parameters"
If a parent \s-1EVP_RAND\s0 is specified on context creation, the parent's
parameters are supported because the request is forwarded to the parent
seed source for processing.
.PP
If no parent \s-1EVP_RAND\s0 is specified on context creation, the following parameters
are supported:
.ie n .IP """state"" (\fB\s-1OSSL_RAND_PARAM_STATE\s0\fR) <integer>" 4
.el .IP "``state'' (\fB\s-1OSSL_RAND_PARAM_STATE\s0\fR) <integer>" 4
.IX Item "state (OSSL_RAND_PARAM_STATE) <integer>"
.PD 0
.ie n .IP """strength"" (\fB\s-1OSSL_RAND_PARAM_STRENGTH\s0\fR) <unsigned integer>" 4
.el .IP "``strength'' (\fB\s-1OSSL_RAND_PARAM_STRENGTH\s0\fR) <unsigned integer>" 4
.IX Item "strength (OSSL_RAND_PARAM_STRENGTH) <unsigned integer>"
.ie n .IP """max_request"" (\fB\s-1OSSL_RAND_PARAM_MAX_REQUEST\s0\fR) <unsigned integer>" 4
.el .IP "``max_request'' (\fB\s-1OSSL_RAND_PARAM_MAX_REQUEST\s0\fR) <unsigned integer>" 4
.IX Item "max_request (OSSL_RAND_PARAM_MAX_REQUEST) <unsigned integer>"
.PD
These parameters work as described in \*(L"\s-1PARAMETERS\*(R"\s0 in \s-1\fBEVP_RAND\s0\fR\|(3).
.ie n .IP """fips-indicator"" (\fB\s-1OSSL_DRBG_PARAM_FIPS_APPROVED_INDICATOR\s0\fR) <integer>" 4
.el .IP "``fips-indicator'' (\fB\s-1OSSL_DRBG_PARAM_FIPS_APPROVED_INDICATOR\s0\fR) <integer>" 4
.IX Item "fips-indicator (OSSL_DRBG_PARAM_FIPS_APPROVED_INDICATOR) <integer>"
This parameter works as described in \*(L"\s-1PARAMETERS\*(R"\s0 in \fBprovider\-rand\fR\|(7).
.SH "NOTES"
.IX Header "NOTES"
This \s-1EVP_RAND\s0 is only implemented by the OpenSSL \s-1FIPS\s0 provider.
.PP
A context for a health test filter can be obtained by calling:
.PP
.Vb 3
\& EVP_RAND *parent = ...;
\& EVP_RAND *rand = EVP_RAND_fetch(NULL, "CRNG\-TEST", NULL);
\& EVP_RAND_CTX *rctx = EVP_RAND_CTX_new(rand, parent);
.Ve
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\s-1\fBEVP_RAND\s0\fR\|(3), \s-1\fBOSSL_PROVIDER\-FIPS\s0\fR\|(7)
.SH "HISTORY"
.IX Header "HISTORY"
This functionality was added in OpenSSL 3.4.
.SH "COPYRIGHT"
.IX Header "COPYRIGHT"
Copyright 2024 The OpenSSL Project Authors. All Rights Reserved.
.PP
Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use
this file except in compliance with the License. You can obtain a copy
in the file \s-1LICENSE\s0 in the source distribution or at
<https://www.openssl.org/source/license.html>.

249
openssl-install/share/man/man7/EVP_RAND-CTR-DRBG.7ossl
View File

@@ -1,249 +0,0 @@
.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42)
.\"
.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..
.de Vb \" Begin verbatim text
.ft CW
.nf
.ne \\$1
..
.de Ve \" End verbatim text
.ft R
.fi
..
.\" Set up some character translations and predefined strings. \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote. \*(C+ will
.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
.\" nothing in troff, for use with C<>.
.tr \(*W-
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\
. ds -- \(*W-
. ds PI pi
. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
. ds L" ""
. ds R" ""
. ds C` ""
. ds C' ""
'br\}
.el\{\
. ds -- \|\(em\|
. ds PI \(*p
. ds L" ``
. ds R" ''
. ds C`
. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
.ie \n(.g .ds Aq \(aq
.el .ds Aq '
.\"
.\" If the F register is >0, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
.\"
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
.nr rF 0
.if \n(.g .if rF .nr rF 1
.if (\n(rF:(\n(.g==0)) \{\
. if \nF \{\
. de IX
. tm Index:\\$1\t\\n%\t"\\$2"
..
. if !\nF==2 \{\
. nr % 0
. nr F 2
. \}
. \}
.\}
.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
. \" fudge factors for nroff and troff
.if n \{\
. ds #H 0
. ds #V .8m
. ds #F .3m
. ds #[ \f1
. ds #] \fP
.\}
.if t \{\
. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
. ds #V .6m
. ds #F 0
. ds #[ \&
. ds #] \&
.\}
. \" simple accents for nroff and troff
.if n \{\
. ds ' \&
. ds ` \&
. ds ^ \&
. ds , \&
. ds ~ ~
. ds /
.\}
.if t \{\
. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
.\}
. \" troff and (daisy-wheel) nroff accents
.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
.ds ae a\h'-(\w'a'u*4/10)'e
.ds Ae A\h'-(\w'A'u*4/10)'E
. \" corrections for vroff
.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
. \" for low resolution devices (crt and lpr)
.if \n(.H>23 .if \n(.V>19 \
\{\
. ds : e
. ds 8 ss
. ds o a
. ds d- d\h'-1'\(ga
. ds D- D\h'-1'\(hy
. ds th \o'bp'
. ds Th \o'LP'
. ds ae ae
. ds Ae AE
.\}
.rm #[ #] #H #V #F C
.\" ========================================================================
.\"
.IX Title "EVP_RAND-CTR-DRBG 7ossl"
.TH EVP_RAND-CTR-DRBG 7ossl "2025-07-01" "3.4.2" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
.nh
.SH "NAME"
EVP_RAND\-CTR\-DRBG \- The CTR DRBG EVP_RAND implementation
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
Support for the counter deterministic random bit generator through the
\&\fB\s-1EVP_RAND\s0\fR \s-1API.\s0
.SS "Identity"
.IX Subsection "Identity"
\&\*(L"CTR-DRBG\*(R" is the name for this implementation; it can be used with the
\&\fBEVP_RAND_fetch()\fR function.
.SS "Supported parameters"
.IX Subsection "Supported parameters"
The supported parameters are:
.ie n .IP """state"" (\fB\s-1OSSL_RAND_PARAM_STATE\s0\fR) <integer>" 4
.el .IP "``state'' (\fB\s-1OSSL_RAND_PARAM_STATE\s0\fR) <integer>" 4
.IX Item "state (OSSL_RAND_PARAM_STATE) <integer>"
.PD 0
.ie n .IP """strength"" (\fB\s-1OSSL_RAND_PARAM_STRENGTH\s0\fR) <unsigned integer>" 4
.el .IP "``strength'' (\fB\s-1OSSL_RAND_PARAM_STRENGTH\s0\fR) <unsigned integer>" 4
.IX Item "strength (OSSL_RAND_PARAM_STRENGTH) <unsigned integer>"
.ie n .IP """max_request"" (\fB\s-1OSSL_RAND_PARAM_MAX_REQUEST\s0\fR) <unsigned integer>" 4
.el .IP "``max_request'' (\fB\s-1OSSL_RAND_PARAM_MAX_REQUEST\s0\fR) <unsigned integer>" 4
.IX Item "max_request (OSSL_RAND_PARAM_MAX_REQUEST) <unsigned integer>"
.ie n .IP """reseed_requests"" (\fB\s-1OSSL_DRBG_PARAM_RESEED_REQUESTS\s0\fR) <unsigned integer>" 4
.el .IP "``reseed_requests'' (\fB\s-1OSSL_DRBG_PARAM_RESEED_REQUESTS\s0\fR) <unsigned integer>" 4
.IX Item "reseed_requests (OSSL_DRBG_PARAM_RESEED_REQUESTS) <unsigned integer>"
.ie n .IP """reseed_time_interval"" (\fB\s-1OSSL_DRBG_PARAM_RESEED_TIME_INTERVAL\s0\fR) <integer>" 4
.el .IP "``reseed_time_interval'' (\fB\s-1OSSL_DRBG_PARAM_RESEED_TIME_INTERVAL\s0\fR) <integer>" 4
.IX Item "reseed_time_interval (OSSL_DRBG_PARAM_RESEED_TIME_INTERVAL) <integer>"
.ie n .IP """min_entropylen"" (\fB\s-1OSSL_DRBG_PARAM_MIN_ENTROPYLEN\s0\fR) <unsigned integer>" 4
.el .IP "``min_entropylen'' (\fB\s-1OSSL_DRBG_PARAM_MIN_ENTROPYLEN\s0\fR) <unsigned integer>" 4
.IX Item "min_entropylen (OSSL_DRBG_PARAM_MIN_ENTROPYLEN) <unsigned integer>"
.ie n .IP """max_entropylen"" (\fB\s-1OSSL_DRBG_PARAM_MAX_ENTROPYLEN\s0\fR) <unsigned integer>" 4
.el .IP "``max_entropylen'' (\fB\s-1OSSL_DRBG_PARAM_MAX_ENTROPYLEN\s0\fR) <unsigned integer>" 4
.IX Item "max_entropylen (OSSL_DRBG_PARAM_MAX_ENTROPYLEN) <unsigned integer>"
.ie n .IP """min_noncelen"" (\fB\s-1OSSL_DRBG_PARAM_MIN_NONCELEN\s0\fR) <unsigned integer>" 4
.el .IP "``min_noncelen'' (\fB\s-1OSSL_DRBG_PARAM_MIN_NONCELEN\s0\fR) <unsigned integer>" 4
.IX Item "min_noncelen (OSSL_DRBG_PARAM_MIN_NONCELEN) <unsigned integer>"
.ie n .IP """max_noncelen"" (\fB\s-1OSSL_DRBG_PARAM_MAX_NONCELEN\s0\fR) <unsigned integer>" 4
.el .IP "``max_noncelen'' (\fB\s-1OSSL_DRBG_PARAM_MAX_NONCELEN\s0\fR) <unsigned integer>" 4
.IX Item "max_noncelen (OSSL_DRBG_PARAM_MAX_NONCELEN) <unsigned integer>"
.ie n .IP """max_perslen"" (\fB\s-1OSSL_DRBG_PARAM_MAX_PERSLEN\s0\fR) <unsigned integer>" 4
.el .IP "``max_perslen'' (\fB\s-1OSSL_DRBG_PARAM_MAX_PERSLEN\s0\fR) <unsigned integer>" 4
.IX Item "max_perslen (OSSL_DRBG_PARAM_MAX_PERSLEN) <unsigned integer>"
.ie n .IP """max_adinlen"" (\fB\s-1OSSL_DRBG_PARAM_MAX_ADINLEN\s0\fR) <unsigned integer>" 4
.el .IP "``max_adinlen'' (\fB\s-1OSSL_DRBG_PARAM_MAX_ADINLEN\s0\fR) <unsigned integer>" 4
.IX Item "max_adinlen (OSSL_DRBG_PARAM_MAX_ADINLEN) <unsigned integer>"
.ie n .IP """reseed_counter"" (\fB\s-1OSSL_DRBG_PARAM_RESEED_COUNTER\s0\fR) <unsigned integer>" 4
.el .IP "``reseed_counter'' (\fB\s-1OSSL_DRBG_PARAM_RESEED_COUNTER\s0\fR) <unsigned integer>" 4
.IX Item "reseed_counter (OSSL_DRBG_PARAM_RESEED_COUNTER) <unsigned integer>"
.ie n .IP """properties"" (\fB\s-1OSSL_DRBG_PARAM_PROPERTIES\s0\fR) <\s-1UTF8\s0 string>" 4
.el .IP "``properties'' (\fB\s-1OSSL_DRBG_PARAM_PROPERTIES\s0\fR) <\s-1UTF8\s0 string>" 4
.IX Item "properties (OSSL_DRBG_PARAM_PROPERTIES) <UTF8 string>"
.ie n .IP """cipher"" (\fB\s-1OSSL_DRBG_PARAM_CIPHER\s0\fR) <\s-1UTF8\s0 string>" 4
.el .IP "``cipher'' (\fB\s-1OSSL_DRBG_PARAM_CIPHER\s0\fR) <\s-1UTF8\s0 string>" 4
.IX Item "cipher (OSSL_DRBG_PARAM_CIPHER) <UTF8 string>"
.PD
These parameters work as described in \*(L"\s-1PARAMETERS\*(R"\s0 in \s-1\fBEVP_RAND\s0\fR\|(3).
.ie n .IP """use_derivation_function"" (\fB\s-1OSSL_DRBG_PARAM_USE_DF\s0\fR) <integer>" 4
.el .IP "``use_derivation_function'' (\fB\s-1OSSL_DRBG_PARAM_USE_DF\s0\fR) <integer>" 4
.IX Item "use_derivation_function (OSSL_DRBG_PARAM_USE_DF) <integer>"
This Boolean indicates if a derivation function should be used or not.
A nonzero value (the default) uses the derivation function. A zero value
does not.
.SH "NOTES"
.IX Header "NOTES"
A context for \s-1CTR DRBG\s0 can be obtained by calling:
.PP
.Vb 2
\& EVP_RAND *rand = EVP_RAND_fetch(NULL, "CTR\-DRBG", NULL);
\& EVP_RAND_CTX *rctx = EVP_RAND_CTX_new(rand, NULL);
.Ve
.SH "EXAMPLES"
.IX Header "EXAMPLES"
.Vb 5
\& EVP_RAND *rand;
\& EVP_RAND_CTX *rctx;
\& unsigned char bytes[100];
\& OSSL_PARAM params[2], *p = params;
\& unsigned int strength = 128;
\&
\& rand = EVP_RAND_fetch(NULL, "CTR\-DRBG", NULL);
\& rctx = EVP_RAND_CTX_new(rand, NULL);
\& EVP_RAND_free(rand);
\&
\& *p++ = OSSL_PARAM_construct_utf8_string(OSSL_DRBG_PARAM_CIPHER,
\& SN_aes_256_ctr, 0);
\& *p = OSSL_PARAM_construct_end();
\& EVP_RAND_instantiate(rctx, strength, 0, NULL, 0, params);
\&
\& EVP_RAND_generate(rctx, bytes, sizeof(bytes), strength, 0, NULL, 0);
\&
\& EVP_RAND_CTX_free(rctx);
.Ve
.SH "CONFORMING TO"
.IX Header "CONFORMING TO"
\&\s-1NIST SP 800\-90A\s0 and \s-1SP 800\-90B\s0
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\s-1\fBEVP_RAND\s0\fR\|(3),
\&\*(L"\s-1PARAMETERS\*(R"\s0 in \s-1\fBEVP_RAND\s0\fR\|(3)
.SH "COPYRIGHT"
.IX Header "COPYRIGHT"
Copyright 2020\-2021 The OpenSSL Project Authors. All Rights Reserved.
.PP
Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use
this file except in compliance with the License. You can obtain a copy
in the file \s-1LICENSE\s0 in the source distribution or at
<https://www.openssl.org/source/license.html>.

Some files were not shown because too many files have changed in this diff Show More