diff options
Diffstat (limited to 'secure/lib/libcrypto/man/man3/EC_KEY_new.3')
-rw-r--r-- | secure/lib/libcrypto/man/man3/EC_KEY_new.3 | 142 |
1 files changed, 102 insertions, 40 deletions
diff --git a/secure/lib/libcrypto/man/man3/EC_KEY_new.3 b/secure/lib/libcrypto/man/man3/EC_KEY_new.3 index b26b5b73f5cb..326f0d38eaad 100644 --- a/secure/lib/libcrypto/man/man3/EC_KEY_new.3 +++ b/secure/lib/libcrypto/man/man3/EC_KEY_new.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,23 +130,47 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "EC_KEY_NEW 3" -.TH EC_KEY_NEW 3 "2022-06-21" "1.1.1p" "OpenSSL" +.IX Title "EC_KEY_NEW 3ossl" +.TH EC_KEY_NEW 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -EC_KEY_get_method, EC_KEY_set_method, EC_KEY_new, EC_KEY_get_flags, EC_KEY_set_flags, EC_KEY_clear_flags, EC_KEY_new_by_curve_name, EC_KEY_free, EC_KEY_copy, EC_KEY_dup, EC_KEY_up_ref, EC_KEY_get0_engine, EC_KEY_get0_group, EC_KEY_set_group, EC_KEY_get0_private_key, EC_KEY_set_private_key, EC_KEY_get0_public_key, EC_KEY_set_public_key, EC_KEY_get_conv_form, EC_KEY_set_conv_form, EC_KEY_set_asn1_flag, EC_KEY_decoded_from_explicit_params, EC_KEY_precompute_mult, EC_KEY_generate_key, EC_KEY_check_key, EC_KEY_set_public_key_affine_coordinates, EC_KEY_oct2key, EC_KEY_key2buf, EC_KEY_oct2priv, EC_KEY_priv2oct, EC_KEY_priv2buf \- Functions for creating, destroying and manipulating EC_KEY objects +EVP_EC_gen, +EC_KEY_get_method, EC_KEY_set_method, EC_KEY_new_ex, +EC_KEY_new, EC_KEY_get_flags, EC_KEY_set_flags, EC_KEY_clear_flags, +EC_KEY_new_by_curve_name_ex, EC_KEY_new_by_curve_name, EC_KEY_free, +EC_KEY_copy, EC_KEY_dup, EC_KEY_up_ref, EC_KEY_get0_engine, +EC_KEY_get0_group, EC_KEY_set_group, EC_KEY_get0_private_key, +EC_KEY_set_private_key, EC_KEY_get0_public_key, EC_KEY_set_public_key, +EC_KEY_get_conv_form, +EC_KEY_set_conv_form, EC_KEY_set_asn1_flag, +EC_KEY_decoded_from_explicit_params, EC_KEY_precompute_mult, +EC_KEY_generate_key, EC_KEY_check_key, EC_KEY_set_public_key_affine_coordinates, +EC_KEY_oct2key, EC_KEY_key2buf, EC_KEY_oct2priv, EC_KEY_priv2oct, +EC_KEY_priv2buf \- Functions for creating, destroying and manipulating +EC_KEY objects .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/ec.h> \& +\& EVP_PKEY *EVP_EC_gen(const char *curve); +.Ve +.PP +The following functions have been deprecated since OpenSSL 3.0, and can be +hidden entirely by defining \fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, +see \fBopenssl_user_macros\fR\|(7): +.PP +.Vb 10 +\& EC_KEY *EC_KEY_new_ex(OSSL_LIB_CTX *ctx, const char *propq); \& EC_KEY *EC_KEY_new(void); \& int EC_KEY_get_flags(const EC_KEY *key); \& void EC_KEY_set_flags(EC_KEY *key, int flags); \& void EC_KEY_clear_flags(EC_KEY *key, int flags); +\& EC_KEY *EC_KEY_new_by_curve_name_ex(OSSL_LIB_CTX *ctx, const char *propq, +\& int nid); \& EC_KEY *EC_KEY_new_by_curve_name(int nid); \& void EC_KEY_free(EC_KEY *key); \& EC_KEY *EC_KEY_copy(EC_KEY *dst, const EC_KEY *src); @@ -158,14 +180,13 @@ EC_KEY_get_method, EC_KEY_set_method, EC_KEY_new, EC_KEY_get_flags, EC_KEY_set_f \& const EC_GROUP *EC_KEY_get0_group(const EC_KEY *key); \& int EC_KEY_set_group(EC_KEY *key, const EC_GROUP *group); \& const BIGNUM *EC_KEY_get0_private_key(const EC_KEY *key); -\& int EC_KEY_set_private_key(EC_KEY *key, const BIGNUM *prv); +\& int EC_KEY_set_private_key(EC_KEY *key, const BIGNUM *priv_key); \& const EC_POINT *EC_KEY_get0_public_key(const EC_KEY *key); \& int EC_KEY_set_public_key(EC_KEY *key, const EC_POINT *pub); \& point_conversion_form_t EC_KEY_get_conv_form(const EC_KEY *key); \& void EC_KEY_set_conv_form(EC_KEY *eckey, point_conversion_form_t cform); \& void EC_KEY_set_asn1_flag(EC_KEY *eckey, int asn1_flag); \& int EC_KEY_decoded_from_explicit_params(const EC_KEY *key); -\& int EC_KEY_precompute_mult(EC_KEY *key, BN_CTX *ctx); \& int EC_KEY_generate_key(EC_KEY *key); \& int EC_KEY_check_key(const EC_KEY *key); \& int EC_KEY_set_public_key_affine_coordinates(EC_KEY *key, BIGNUM *x, BIGNUM *y); @@ -180,27 +201,52 @@ EC_KEY_get_method, EC_KEY_set_method, EC_KEY_new, EC_KEY_get_flags, EC_KEY_set_f \& size_t EC_KEY_priv2oct(const EC_KEY *eckey, unsigned char *buf, size_t len); \& \& size_t EC_KEY_priv2buf(const EC_KEY *eckey, unsigned char **pbuf); +\& int EC_KEY_precompute_mult(EC_KEY *key, BN_CTX *ctx); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" +\&\fBEVP_EC_gen()\fR generates a new \s-1EC\s0 key pair on the given \fIcurve\fR. +.PP +All of the functions described below are deprecated. +Applications should instead use \fBEVP_EC_gen()\fR, \fBEVP_PKEY_Q_keygen\fR\|(3), or +\&\fBEVP_PKEY_keygen_init\fR\|(3) and \fBEVP_PKEY_keygen\fR\|(3). +.PP An \s-1EC_KEY\s0 represents a public key and, optionally, the associated private -key. A new \s-1EC_KEY\s0 with no associated curve can be constructed by calling -\&\fBEC_KEY_new()\fR. The reference count for the newly created \s-1EC_KEY\s0 is initially -set to 1. A curve can be associated with the \s-1EC_KEY\s0 by calling +key. +A new \s-1EC_KEY\s0 with no associated curve can be constructed by calling +\&\fBEC_KEY_new_ex()\fR and specifying the associated library context in \fIctx\fR +(see \s-1\fBOSSL_LIB_CTX\s0\fR\|(3)) and property query string \fIpropq\fR. +The \fIctx\fR parameter may be \s-1NULL\s0 in which case the default library context is +used. +The reference count for the newly created \s-1EC_KEY\s0 is initially +set to 1. +A curve can be associated with the \s-1EC_KEY\s0 by calling \&\fBEC_KEY_set_group()\fR. .PP +\&\fBEC_KEY_new()\fR is the same as \fBEC_KEY_new_ex()\fR except that the default library +context is always used. +.PP Alternatively a new \s-1EC_KEY\s0 can be constructed by calling -\&\fBEC_KEY_new_by_curve_name()\fR and supplying the nid of the associated curve. See -\&\fBEC_GROUP_new\fR\|(3) for a description of curve names. This function simply -wraps calls to \fBEC_KEY_new()\fR and \fBEC_GROUP_new_by_curve_name()\fR. +\&\fBEC_KEY_new_by_curve_name_ex()\fR and supplying the nid of the associated +curve, the library context to be used \fIctx\fR (see \s-1\fBOSSL_LIB_CTX\s0\fR\|(3)) and any +property query string \fIpropq\fR. +The \fIctx\fR parameter may be \s-1NULL\s0 in which case the default library context is +used. The \fIpropq\fR value may also be \s-1NULL.\s0 +See \fBEC_GROUP_new\fR\|(3) for a description of curve names. +This function simply wraps calls to \fBEC_KEY_new_ex()\fR and +\&\fBEC_GROUP_new_by_curve_name_ex()\fR. +.PP +\&\fBEC_KEY_new_by_curve_name()\fR is the same as \fBEC_KEY_new_by_curve_name_ex()\fR +except that the default library context is always used and a \s-1NULL\s0 property query +string. .PP Calling \fBEC_KEY_free()\fR decrements the reference count for the \s-1EC_KEY\s0 object, and if it has dropped to zero then frees the memory associated with it. If -\&\fBkey\fR is \s-1NULL\s0 nothing is done. +\&\fIkey\fR is \s-1NULL\s0 nothing is done. .PP -\&\fBEC_KEY_copy()\fR copies the contents of the \s-1EC_KEY\s0 in \fBsrc\fR into \fBdest\fR. +\&\fBEC_KEY_copy()\fR copies the contents of the \s-1EC_KEY\s0 in \fIsrc\fR into \fIdest\fR. .PP -\&\fBEC_KEY_dup()\fR creates a new \s-1EC_KEY\s0 object and copies \fBec_key\fR into it. +\&\fBEC_KEY_dup()\fR creates a new \s-1EC_KEY\s0 object and copies \fIec_key\fR into it. .PP \&\fBEC_KEY_up_ref()\fR increments the reference count associated with the \s-1EC_KEY\s0 object. @@ -209,7 +255,7 @@ object. this \s-1EC_KEY\s0 object. .PP \&\fBEC_KEY_generate_key()\fR generates a new public and private key for the supplied -\&\fBeckey\fR object. \fBeckey\fR must have an \s-1EC_GROUP\s0 object associated with it +\&\fIeckey\fR object. \fIeckey\fR must have an \s-1EC_GROUP\s0 object associated with it before calling this function. The private key is a random integer (0 < priv_key < order, where \fIorder\fR is the order of the \s-1EC_GROUP\s0 object). The public key is an \s-1EC_POINT\s0 on the curve calculated by multiplying the generator for the @@ -218,27 +264,29 @@ curve by the private key. \&\fBEC_KEY_check_key()\fR performs various sanity checks on the \s-1EC_KEY\s0 object to confirm that it is valid. .PP -\&\fBEC_KEY_set_public_key_affine_coordinates()\fR sets the public key for \fBkey\fR based -on its affine co-ordinates; i.e., it constructs an \s-1EC_POINT\s0 object based on -the supplied \fBx\fR and \fBy\fR values and sets the public key to be this +\&\fBEC_KEY_set_public_key_affine_coordinates()\fR sets the public key for \fIkey\fR based +on its affine coordinates; i.e., it constructs an \s-1EC_POINT\s0 object based on +the supplied \fIx\fR and \fIy\fR values and sets the public key to be this \&\s-1EC_POINT.\s0 It also performs certain sanity checks on the key to confirm that it is valid. .PP The functions \fBEC_KEY_get0_group()\fR, \fBEC_KEY_set_group()\fR, \&\fBEC_KEY_get0_private_key()\fR, \fBEC_KEY_set_private_key()\fR, \fBEC_KEY_get0_public_key()\fR, and \fBEC_KEY_set_public_key()\fR get and set the \s-1EC_GROUP\s0 object, the private key, -and the \s-1EC_POINT\s0 public key for the \fBkey\fR respectively. +and the \s-1EC_POINT\s0 public key for the \fBkey\fR respectively. The function +\&\fBEC_KEY_set_private_key()\fR accepts \s-1NULL\s0 as the priv_key argument to securely clear +the private key component from the \s-1EC_KEY.\s0 .PP The functions \fBEC_KEY_get_conv_form()\fR and \fBEC_KEY_set_conv_form()\fR get and set the -point_conversion_form for the \fBkey\fR. For a description of +point_conversion_form for the \fIkey\fR. For a description of point_conversion_forms please see \fBEC_POINT_new\fR\|(3). .PP -\&\fBEC_KEY_set_flags()\fR sets the flags in the \fBflags\fR parameter on the \s-1EC_KEY\s0 +\&\fBEC_KEY_set_flags()\fR sets the flags in the \fIflags\fR parameter on the \s-1EC_KEY\s0 object. Any flags that are already set are left set. The flags currently defined are \s-1EC_FLAG_NON_FIPS_ALLOW\s0 and \s-1EC_FLAG_FIPS_CHECKED.\s0 In addition there is the flag \s-1EC_FLAG_COFACTOR_ECDH\s0 which is specific to \s-1ECDH.\s0 \&\fBEC_KEY_get_flags()\fR returns the current flags that are set for this \s-1EC_KEY.\s0 -\&\fBEC_KEY_clear_flags()\fR clears the flags indicated by the \fBflags\fR parameter; all +\&\fBEC_KEY_clear_flags()\fR clears the flags indicated by the \fIflags\fR parameter; all other flags are left in their existing state. .PP \&\fBEC_KEY_set_asn1_flag()\fR sets the asn1_flag on the underlying \s-1EC_GROUP\s0 object @@ -251,14 +299,16 @@ is \s-1NULL\s0 or the group parameters are missing, and 0 otherwise. .PP \&\fBEC_KEY_precompute_mult()\fR stores multiples of the underlying \s-1EC_GROUP\s0 generator for faster point multiplication. See also \fBEC_POINT_add\fR\|(3). +Modern versions should instead switch to named curves which OpenSSL has +hardcoded lookup tables for. .PP \&\fBEC_KEY_oct2key()\fR and \fBEC_KEY_key2buf()\fR are identical to the functions \&\fBEC_POINT_oct2point()\fR and \fBEC_POINT_point2buf()\fR except they use the public key -\&\s-1EC_POINT\s0 in \fBeckey\fR. +\&\s-1EC_POINT\s0 in \fIeckey\fR. .PP \&\fBEC_KEY_oct2priv()\fR and \fBEC_KEY_priv2oct()\fR convert between the private key -component of \fBeckey\fR and octet form. The octet form consists of the content -octets of the \fBprivateKey\fR \s-1OCTET STRING\s0 in an \fBECPrivateKey\fR \s-1ASN.1\s0 structure. +component of \fIeckey\fR and octet form. The octet form consists of the content +octets of the \fIprivateKey\fR \s-1OCTET STRING\s0 in an \fIECPrivateKey\fR \s-1ASN.1\s0 structure. .PP The function \fBEC_KEY_priv2oct()\fR must be supplied with a buffer long enough to store the octet form. The return value provides the number of octets stored. @@ -266,16 +316,17 @@ Calling the function with a \s-1NULL\s0 buffer will not perform the conversion b will just return the required buffer length. .PP The function \fBEC_KEY_priv2buf()\fR allocates a buffer of suitable length and writes -an \s-1EC_KEY\s0 to it in octet format. The allocated buffer is written to \fB*pbuf\fR +an \s-1EC_KEY\s0 to it in octet format. The allocated buffer is written to \fI*pbuf\fR and its length is returned. The caller must free up the allocated buffer with a -call to \fBOPENSSL_free()\fR. Since the allocated buffer value is written to \fB*pbuf\fR -the \fBpbuf\fR parameter \fB\s-1MUST NOT\s0\fR be \fB\s-1NULL\s0\fR. +call to \fBOPENSSL_free()\fR. Since the allocated buffer value is written to \fI*pbuf\fR +the \fIpbuf\fR parameter \fB\s-1MUST NOT\s0\fR be \fB\s-1NULL\s0\fR. .PP \&\fBEC_KEY_priv2buf()\fR converts an \s-1EC_KEY\s0 private key into an allocated buffer. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fBEC_KEY_new()\fR, \fBEC_KEY_new_by_curve_name()\fR and \fBEC_KEY_dup()\fR return a pointer to -the newly created \s-1EC_KEY\s0 object, or \s-1NULL\s0 on error. +\&\fBEC_KEY_new_ex()\fR, \fBEC_KEY_new()\fR, \fBEC_KEY_new_by_curve_name_ex()\fR, +\&\fBEC_KEY_new_by_curve_name()\fR and \fBEC_KEY_dup()\fR return a pointer to the newly +created \s-1EC_KEY\s0 object, or \s-1NULL\s0 on error. .PP \&\fBEC_KEY_get_flags()\fR returns the flags associated with the \s-1EC_KEY\s0 object as an integer. @@ -284,10 +335,14 @@ integer. .PP \&\fBEC_KEY_get0_engine()\fR returns a pointer to an \s-1ENGINE,\s0 or \s-1NULL\s0 if it wasn't set. .PP -\&\fBEC_KEY_up_ref()\fR, \fBEC_KEY_set_group()\fR, \fBEC_KEY_set_private_key()\fR, -\&\fBEC_KEY_set_public_key()\fR, \fBEC_KEY_precompute_mult()\fR, \fBEC_KEY_generate_key()\fR, -\&\fBEC_KEY_check_key()\fR, \fBEC_KEY_set_public_key_affine_coordinates()\fR, -\&\fBEC_KEY_oct2key()\fR and \fBEC_KEY_oct2priv()\fR return 1 on success or 0 on error. +\&\fBEC_KEY_up_ref()\fR, \fBEC_KEY_set_group()\fR, \fBEC_KEY_set_public_key()\fR, +\&\fBEC_KEY_precompute_mult()\fR, \fBEC_KEY_generate_key()\fR, \fBEC_KEY_check_key()\fR, +\&\fBEC_KEY_set_public_key_affine_coordinates()\fR, \fBEC_KEY_oct2key()\fR and +\&\fBEC_KEY_oct2priv()\fR return 1 on success or 0 on error. +.PP +\&\fBEC_KEY_set_private_key()\fR returns 1 on success or 0 on error except when the +priv_key argument is \s-1NULL,\s0 in that case it returns 0, for legacy compatibility, +and should not be treated as an error. .PP \&\fBEC_KEY_get0_group()\fR returns the \s-1EC_GROUP\s0 associated with the \s-1EC_KEY.\s0 .PP @@ -299,16 +354,23 @@ integer. of the buffer or 0 on error. .SH "SEE ALSO" .IX Header "SEE ALSO" +\&\fBEVP_PKEY_Q_keygen\fR\|(3) \&\fBcrypto\fR\|(7), \fBEC_GROUP_new\fR\|(3), \&\fBEC_GROUP_copy\fR\|(3), \fBEC_POINT_new\fR\|(3), \&\fBEC_POINT_add\fR\|(3), \&\fBEC_GFp_simple_method\fR\|(3), -\&\fBd2i_ECPKParameters\fR\|(3) +\&\fBd2i_ECPKParameters\fR\|(3), +\&\s-1\fBOSSL_LIB_CTX\s0\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fBEVP_EC_gen()\fR was added in OpenSSL 3.0. +All other functions described here were deprecated in OpenSSL 3.0. +For replacement see \s-1\fBEVP_PKEY\-EC\s0\fR\|(7). .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2013\-2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2013\-2023 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. |