diff options
Diffstat (limited to 'secure/lib/libcrypto/man/man3/RSA_generate_key.3')
-rw-r--r-- | secure/lib/libcrypto/man/man3/RSA_generate_key.3 | 80 |
1 files changed, 48 insertions, 32 deletions
diff --git a/secure/lib/libcrypto/man/man3/RSA_generate_key.3 b/secure/lib/libcrypto/man/man3/RSA_generate_key.3 index e15d3df7bc0b..cddd181e04de 100644 --- a/secure/lib/libcrypto/man/man3/RSA_generate_key.3 +++ b/secure/lib/libcrypto/man/man3/RSA_generate_key.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,51 +130,65 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "RSA_GENERATE_KEY 3" -.TH RSA_GENERATE_KEY 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "RSA_GENERATE_KEY 3ossl" +.TH RSA_GENERATE_KEY 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -RSA_generate_key_ex, RSA_generate_key, RSA_generate_multi_prime_key \- generate RSA key pair +EVP_RSA_gen, +RSA_generate_key_ex, RSA_generate_key, +RSA_generate_multi_prime_key \- generate RSA key pair .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/rsa.h> \& +\& EVP_PKEY *EVP_RSA_gen(unsigned int bits); +.Ve +.PP +The following functions have been deprecated since OpenSSL 3.0, and can be +hidden entirely by defining \fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, +see \fBopenssl_user_macros\fR\|(7): +.PP +.Vb 2 \& int RSA_generate_key_ex(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb); \& int RSA_generate_multi_prime_key(RSA *rsa, int bits, int primes, BIGNUM *e, BN_GENCB *cb); .Ve .PP -Deprecated: +The following function has been deprecated since OpenSSL 0.9.8, and can be +hidden entirely by defining \fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, +see \fBopenssl_user_macros\fR\|(7): .PP -.Vb 4 -\& #if OPENSSL_API_COMPAT < 0x00908000L +.Vb 2 \& RSA *RSA_generate_key(int bits, unsigned long e, \& void (*callback)(int, int, void *), void *cb_arg); -\& #endif .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" +\&\fBEVP_RSA_gen()\fR generates a new \s-1RSA\s0 key pair with modulus size \fIbits\fR. +.PP +All of the functions described below are deprecated. +Applications should instead use \fBEVP_RSA_gen()\fR, \fBEVP_PKEY_Q_keygen\fR\|(3), or +\&\fBEVP_PKEY_keygen_init\fR\|(3) and \fBEVP_PKEY_keygen\fR\|(3). +.PP \&\fBRSA_generate_key_ex()\fR generates a 2\-prime \s-1RSA\s0 key pair and stores it in the -\&\fB\s-1RSA\s0\fR structure provided in \fBrsa\fR. The pseudo-random number generator must -be seeded prior to calling \fBRSA_generate_key_ex()\fR. +\&\fB\s-1RSA\s0\fR structure provided in \fIrsa\fR. .PP \&\fBRSA_generate_multi_prime_key()\fR generates a multi-prime \s-1RSA\s0 key pair and stores -it in the \fB\s-1RSA\s0\fR structure provided in \fBrsa\fR. The number of primes is given by -the \fBprimes\fR parameter. The random number generator must be seeded when -calling \fBRSA_generate_multi_prime_key()\fR. +it in the \fB\s-1RSA\s0\fR structure provided in \fIrsa\fR. The number of primes is given by +the \fIprimes\fR parameter. If the automatic seeding or reseeding of the OpenSSL \s-1CSPRNG\s0 fails due to external circumstances (see \s-1\fBRAND\s0\fR\|(7)), the operation will fail. .PP -The modulus size will be of length \fBbits\fR, the number of primes to form the -modulus will be \fBprimes\fR, and the public exponent will be \fBe\fR. Key sizes -with \fBnum\fR < 1024 should be considered insecure. The exponent is an odd +The modulus size will be of length \fIbits\fR, the number of primes to form the +modulus will be \fIprimes\fR, and the public exponent will be \fIe\fR. Key sizes +with \fInum\fR < 1024 should be considered insecure. The exponent is an odd number, typically 3, 17 or 65537. .PP In order to maintain adequate security level, the maximum number of permitted -\&\fBprimes\fR depends on modulus bit length: +\&\fIprimes\fR depends on modulus bit length: .PP .Vb 3 \& <1024 | >=1024 | >=4096 | >=8192 @@ -185,7 +197,7 @@ In order to maintain adequate security level, the maximum number of permitted .Ve .PP A callback function may be used to provide feedback about the -progress of the key generation. If \fBcb\fR is not \fB\s-1NULL\s0\fR, it +progress of the key generation. If \fIcb\fR is not \s-1NULL,\s0 it will be called as follows using the \fBBN_GENCB_call()\fR function described on the \fBBN_generate_prime\fR\|(3) page. .PP @@ -197,37 +209,41 @@ While a random prime number is generated, it is called as described in \fBBN_generate_prime\fR\|(3). .IP "\(bu" 2 When the n\-th randomly generated prime is rejected as not -suitable for the key, \fBBN_GENCB_call(cb, 2, n)\fR is called. +suitable for the key, \fIBN_GENCB_call(cb, 2, n)\fR is called. .IP "\(bu" 2 -When a random p has been found with p\-1 relatively prime to \fBe\fR, -it is called as \fBBN_GENCB_call(cb, 3, 0)\fR. +When a random p has been found with p\-1 relatively prime to \fIe\fR, +it is called as \fIBN_GENCB_call(cb, 3, 0)\fR. .PP The process is then repeated for prime q and other primes (if any) -with \fBBN_GENCB_call(cb, 3, i)\fR where \fBi\fR indicates the i\-th prime. +with \fIBN_GENCB_call(cb, 3, i)\fR where \fIi\fR indicates the i\-th prime. .SH "RETURN VALUES" .IX Header "RETURN VALUES" +\&\fBEVP_RSA_gen()\fR returns an \fI\s-1EVP_PKEY\s0\fR or \s-1NULL\s0 on failure. +.PP \&\fBRSA_generate_multi_prime_key()\fR returns 1 on success or 0 on error. \&\fBRSA_generate_key_ex()\fR returns 1 on success or 0 on error. The error codes can be obtained by \fBERR_get_error\fR\|(3). .PP \&\fBRSA_generate_key()\fR returns a pointer to the \s-1RSA\s0 structure or -\&\fB\s-1NULL\s0\fR if the key generation fails. +\&\s-1NULL\s0 if the key generation fails. .SH "BUGS" .IX Header "BUGS" -\&\fBBN_GENCB_call(cb, 2, x)\fR is used with two different meanings. +\&\fIBN_GENCB_call(cb, 2, x)\fR is used with two different meanings. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fBERR_get_error\fR\|(3), \fBRAND_bytes\fR\|(3), \fBBN_generate_prime\fR\|(3), -\&\s-1\fBRAND\s0\fR\|(7) +\&\fBEVP_PKEY_Q_keygen\fR\|(3) +\&\fBBN_generate_prime\fR\|(3), \fBERR_get_error\fR\|(3), +\&\fBRAND_bytes\fR\|(3), \s-1\fBRAND\s0\fR\|(7) .SH "HISTORY" .IX Header "HISTORY" -\&\fBRSA_generate_key()\fR was deprecated in OpenSSL 0.9.8; use -\&\fBRSA_generate_key_ex()\fR instead. +\&\fBEVP_RSA_gen()\fR was added in OpenSSL 3.0. +All other functions described here were deprecated in OpenSSL 3.0. +For replacement see \s-1\fBEVP_PKEY\-RSA\s0\fR\|(7). .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. |