doc: Bad prototypes of EVP_PKEY_CTX_new()

[openssl.git] / doc / man3 / EVP_PKEY_keygen.pod

diff --git a/doc/man3/EVP_PKEY_keygen.pod b/doc/man3/EVP_PKEY_keygen.pod
index ed4a3e1db8c7d24ee11001c12748ddafdad941c8..3943a0283cc304e1f20d73d877aabe8ab091a507 100644 (file)
--- a/doc/man3/EVP_PKEY_keygen.pod
+++ b/doc/man3/EVP_PKEY_keygen.pod
@@ -6,8 +6,9 @@ EVP_PKEY_keygen_init, EVP_PKEY_keygen, EVP_PKEY_paramgen_init,
 EVP_PKEY_paramgen, EVP_PKEY_CTX_set_cb, EVP_PKEY_CTX_get_cb,
 EVP_PKEY_CTX_get_keygen_info, EVP_PKEY_CTX_set_app_data,
 EVP_PKEY_CTX_get_app_data,
-EVP_PKEY_gen_cb
-- key and parameter generation functions
+EVP_PKEY_gen_cb, EVP_PKEY_check, EVP_PKEY_public_check,
+EVP_PKEY_param_check
+- key and parameter generation and check functions
 
 =head1 SYNOPSIS
 
@@ -18,7 +19,7 @@ EVP_PKEY_gen_cb
  int EVP_PKEY_paramgen_init(EVP_PKEY_CTX *ctx);
  int EVP_PKEY_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey);
 
- typedef int (*EVP_PKEY_gen_cb)(EVP_PKEY_CTX *ctx);
+ typedef int EVP_PKEY_gen_cb(EVP_PKEY_CTX *ctx);
 
  void EVP_PKEY_CTX_set_cb(EVP_PKEY_CTX *ctx, EVP_PKEY_gen_cb *cb);
  EVP_PKEY_gen_cb *EVP_PKEY_CTX_get_cb(EVP_PKEY_CTX *ctx);
@@ -28,6 +29,10 @@ EVP_PKEY_gen_cb
  void EVP_PKEY_CTX_set_app_data(EVP_PKEY_CTX *ctx, void *data);
  void *EVP_PKEY_CTX_get_app_data(EVP_PKEY_CTX *ctx);
 
+ int EVP_PKEY_check(EVP_PKEY_CTX *ctx);
+ int EVP_PKEY_public_check(EVP_PKEY_CTX *ctx);
+ int EVP_PKEY_param_check(EVP_PKEY_CTX *ctx);
+
 =head1 DESCRIPTION
 
 The EVP_PKEY_keygen_init() function initializes a public key algorithm
@@ -58,6 +63,18 @@ and retrieve an opaque pointer. This can be used to set some application
 defined value which can be retrieved in the callback: for example a handle
 which is used to update a "progress dialog".
 
+EVP_PKEY_check() validates the key-pair given by B<ctx>. This function first tries
+to use customized key check method in B<EVP_PKEY_METHOD> if it's present; otherwise
+it calls a default one defined in B<EVP_PKEY_ASN1_METHOD>.
+
+EVP_PKEY_public_check() validates the public component of the key-pair given by B<ctx>.
+This function first tries to use customized key check method in B<EVP_PKEY_METHOD>
+if it's present; otherwise it calls a default one defined in B<EVP_PKEY_ASN1_METHOD>.
+
+EVP_PKEY_param_check() validates the algorithm parameters of the key-pair given by B<ctx>.
+This function first tries to use customized key check method in B<EVP_PKEY_METHOD>
+if it's present; otherwise it calls a default one defined in B<EVP_PKEY_ASN1_METHOD>.
+
 =head1 NOTES
 
 After the call to EVP_PKEY_keygen_init() or EVP_PKEY_paramgen_init() algorithm
@@ -89,6 +106,10 @@ EVP_PKEY_paramgen() return 1 for success and 0 or a negative value for failure.
 In particular a return value of -2 indicates the operation is not supported by
 the public key algorithm.
 
+EVP_PKEY_check(), EVP_PKEY_public_check() and EVP_PKEY_param_check() return 1
+for success or others for failure. They return -2 if the operation is not supported
+for the specific algorithm.
+
 =head1 EXAMPLES
 
 Generate a 2048 bit RSA key:
@@ -98,17 +119,18 @@ Generate a 2048 bit RSA key:
 
  EVP_PKEY_CTX *ctx;
  EVP_PKEY *pkey = NULL;
+
  ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL);
  if (!ctx)
-        /* Error occurred */
+     /* Error occurred */
  if (EVP_PKEY_keygen_init(ctx) <= 0)
-        /* Error */
+     /* Error */
  if (EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, 2048) <= 0)
-        /* Error */
+     /* Error */
 
  /* Generate key */
  if (EVP_PKEY_keygen(ctx, &pkey) <= 0)
-        /* Error */
+     /* Error */
 
 Generate a key from a set of parameters:
 
@@ -116,17 +138,19 @@ Generate a key from a set of parameters:
  #include <openssl/rsa.h>
 
  EVP_PKEY_CTX *ctx;
+ ENGINE *eng;
  EVP_PKEY *pkey = NULL, *param;
- /* Assumed param is set up already */
- ctx = EVP_PKEY_CTX_new(param);
+
+ /* Assumed param, eng are set up already */
+ ctx = EVP_PKEY_CTX_new(param, eng);
  if (!ctx)
-        /* Error occurred */
+     /* Error occurred */
  if (EVP_PKEY_keygen_init(ctx) <= 0)
-        /* Error */
+     /* Error */
 
  /* Generate key */
  if (EVP_PKEY_keygen(ctx, &pkey) <= 0)
-        /* Error */
+     /* Error */
 
 Example of generation callback for OpenSSL public key implementations:
 
@@ -135,19 +159,23 @@ Example of generation callback for OpenSSL public key implementations:
  EVP_PKEY_CTX_set_app_data(ctx, status_bio);
 
  static int genpkey_cb(EVP_PKEY_CTX *ctx)
-        {
-        char c = '*';
-        BIO *b = EVP_PKEY_CTX_get_app_data(ctx);
-        int p;
-        p = EVP_PKEY_CTX_get_keygen_info(ctx, 0);
-        if (p == 0) c = '.';
-        if (p == 1) c = '+';
-        if (p == 2) c = '*';
-        if (p == 3) c = '\n';
-        BIO_write(b, &c, 1);
-        (void)BIO_flush(b);
-        return 1;
-        }
+ {
+     char c = '*';
+     BIO *b = EVP_PKEY_CTX_get_app_data(ctx);
+     int p = EVP_PKEY_CTX_get_keygen_info(ctx, 0);
+
+     if (p == 0)
+         c = '.';
+     if (p == 1)
+         c = '+';
+     if (p == 2)
+         c = '*';
+     if (p == 3)
+         c = '\n';
+     BIO_write(b, &c, 1);
+     (void)BIO_flush(b);
+     return 1;
+ }
 
 =head1 SEE ALSO
 
@@ -163,9 +191,12 @@ L<EVP_PKEY_derive(3)>
 
 These functions were first added to OpenSSL 1.0.0.
 
+EVP_PKEY_check(), EVP_PKEY_public_check() and EVP_PKEY_param_check() were added
+in OpenSSL 1.1.1.
+
 =head1 COPYRIGHT
 
-Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2006-2017 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the OpenSSL license (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy