diff options
Diffstat (limited to 'doc')
-rw-r--r-- | doc/man3/EVP_DigestInit.pod | 2 | ||||
-rw-r--r-- | doc/man3/EVP_PKEY_CTX_ctrl.pod | 20 | ||||
-rw-r--r-- | doc/man3/EVP_PKEY_meth_new.pod | 4 | ||||
-rw-r--r-- | doc/man7/SM2.pod | 32 |
4 files changed, 30 insertions, 28 deletions
diff --git a/doc/man3/EVP_DigestInit.pod b/doc/man3/EVP_DigestInit.pod index 9b74e41d39..0fedd17ce6 100644 --- a/doc/man3/EVP_DigestInit.pod +++ b/doc/man3/EVP_DigestInit.pod @@ -187,7 +187,7 @@ B<ASN1_OBJECT> structure respectively. Assigns an B<EVP_PKEY_CTX> to B<EVP_MD_CTX>. This is usually used to provide a customzied B<EVP_PKEY_CTX> to L<EVP_DigestSignInit(3)> or L<EVP_DigestVerifyInit(3)>. The B<pctx> passed to this function should be freed -by the caller. A null B<pctx> pointer is also allowed to clear the B<EVP_PKEY_CTX> +by the caller. A NULL B<pctx> pointer is also allowed to clear the B<EVP_PKEY_CTX> assigned to B<ctx>. In such case, freeing the cleared B<EVP_PKEY_CTX> or not depends on how the B<EVP_PKEY_CTX> is created. diff --git a/doc/man3/EVP_PKEY_CTX_ctrl.pod b/doc/man3/EVP_PKEY_CTX_ctrl.pod index d70dbb9cf2..e1a107c06e 100644 --- a/doc/man3/EVP_PKEY_CTX_ctrl.pod +++ b/doc/man3/EVP_PKEY_CTX_ctrl.pod @@ -167,15 +167,15 @@ B<OPENSSL_EC_NAMED_CURVE> value was only added to OpenSSL 1.1.0; previous versions should use 0 instead. The EVP_PKEY_CTX_set1_id(), EVP_PKEY_CTX_get1_id() and EVP_PKEY_CTX_get1_id_len() -are used to manipulate special identifier field for specific signature algorithm -such as SM2. The EVP_PKEY_set1_id() sets an ID pointed by B<id> with the length -B<id_len> to the library. The library maintains the memory management stuffs so -the caller can safely free the original memory pointed by B<id>. The -EVP_PKEY_CTX_get1_id_len() returns the length of the ID set via a previous call -to EVP_PKEY_set1_id(). The length is usually used to allocate adequate memory for -further calls to EVP_PKEY_CTX_get1_id(). The EVP_PKEY_CTX_get1_id() returns the -previously set ID value to caller into B<id>, caller should allocate adequate -memory space to B<id> before calling EVP_PKEY_CTX_get1_id(). +macros are used to manipulate the special identifier field for specific signature +algorithms such as SM2. The EVP_PKEY_CTX_set1_id() sets an ID pointed by B<id> with +the length B<id_len> to the library. The library takes a copy of the id so that +the caller can safely free the original memory pointed to by B<id>. The +EVP_PKEY_CTX_get1_id_len() macro returns the length of the ID set via a previous +call to EVP_PKEY_CTX_set1_id(). The length is usually used to allocate adequate +memory for further calls to EVP_PKEY_CTX_get1_id(). The EVP_PKEY_CTX_get1_id() +macro returns the previously set ID value to caller in B<id>. The caller should +allocate adequate memory space for the B<id> before calling EVP_PKEY_CTX_get1_id(). =head1 RETURN VALUES @@ -197,7 +197,7 @@ L<EVP_PKEY_keygen(3)> =head1 HISTORY EVP_PKEY_CTX_set1_id(), EVP_PKEY_CTX_get1_id() and EVP_PKEY_CTX_get1_id_len() -were added in 1.1.1, other functions were first added to OpenSSL 1.0.0. +macros were added in 1.1.1, other functions were first added to OpenSSL 1.0.0. =head1 COPYRIGHT diff --git a/doc/man3/EVP_PKEY_meth_new.pod b/doc/man3/EVP_PKEY_meth_new.pod index 171d4da744..db803fc2a2 100644 --- a/doc/man3/EVP_PKEY_meth_new.pod +++ b/doc/man3/EVP_PKEY_meth_new.pod @@ -348,8 +348,8 @@ The digest_custom() method is used to generate customized digest content before the real message is passed to functions like L<EVP_DigestSignUpdate(3)> or L<EVP_DigestVerifyInit(3)>. This is usually required by some public key signature algorithms like SM2 which requires a hashed prefix to the message to -be signed. The digest_custom() will be called by L<EVP_DigestSignInit(3)> and -L<EVP_DigestVerifyInit(3)>. +be signed. The digest_custom() function will be called by L<EVP_DigestSignInit(3)> +and L<EVP_DigestVerifyInit(3)>. =head2 Functions diff --git a/doc/man7/SM2.pod b/doc/man7/SM2.pod index 40dc317dcf..029dc736cb 100644 --- a/doc/man7/SM2.pod +++ b/doc/man7/SM2.pod @@ -6,23 +6,25 @@ SM2 - Chinese SM2 signature and encryption algorithm support =head1 DESCRIPTION -B<SM2> algorithm is first defined by the Chinese national standard GM/T 0003-2012 -and is standardized by ISO as ISO/IEC 14888. B<SM2> is actually an elliptic curve -based algorithm. Currnet implementation in OpenSSL supports both signature and -encryption schemes via EVP interface. +The B<SM2> algorithm was first defined by the Chinese national standard GM/T +0003-2012 and was later standardized by ISO as ISO/IEC 14888. B<SM2> is actually +an elliptic curve based algorithm. The current implementation in OpenSSL supports +both signature and encryption schemes via the EVP interface. When doing the B<SM2> signature algorithm, it requires a distinguishing identifier to form the message prefix which is hashed before the real message is hashed. =head1 NOTES -B<SM2> signature can be generated by using the 'DigestSign' series APIs, for instance, -EVP_DigestSignInit(), EVP_DigestSignUpdate() and EVP_DigestSignFinal(). Ditto -for the verification process by calling the 'DigestVerify' series APIs. +B<SM2> signatures can be generated by using the 'DigestSign' series of APIs, for +instance, EVP_DigestSignInit(), EVP_DigestSignUpdate() and EVP_DigestSignFinal(). +Ditto for the verification process by calling the 'DigestVerify' series of APIs. -There are several special steps need to be done before computing an B<SM2> signature. +There are several special steps that need to be done before computing an B<SM2> +signature. -The B<EVP_PKEY> structure should be set to B<EVP_PKEY_SM2> by calling: +The B<EVP_PKEY> structure will default to using ECDSA for signatures when it is +created. It should be set to B<EVP_PKEY_SM2> by calling: EVP_PKEY_set_alias_type(pkey, EVP_PKEY_SM2); @@ -30,23 +32,23 @@ Then an ID should be set by calling: EVP_PKEY_CTX_set1_id(pctx, id, id_len); -When calling the EVP_DeigestSignInit() or EVP_DigestVerifyInit() function, a +When calling the EVP_DigestSignInit() or EVP_DigestVerifyInit() functions, a pre-allocated B<EVP_PKEY_CTX> should be assigned to the B<EVP_MD_CTX>. This is done by calling: EVP_MD_CTX_set_pkey_ctx(mctx, pctx); -And normally there is no need to pass a B<pctx> parameter to EVP_DeigestSignInit() -or EVP_DigestVerifyInit() in such scenario. +And normally there is no need to pass a B<pctx> parameter to EVP_DigestSignInit() +or EVP_DigestVerifyInit() in such a scenario. =head1 EXAMPLE -This example demonstrates the calling sequence on how to use an B<EVP_PKEY> to -sign a message with SM2 signature algorithm and SM3 hash algorithm: +This example demonstrates the calling sequence for using an B<EVP_PKEY> to verify +a message with the SM2 signature algorithm and the SM3 hash algorithm: #include <openssl/evp.h> - /* obtain an EVP_PKEY from whatever methods... */ + /* obtain an EVP_PKEY using whatever methods... */ EVP_PKEY_set_alias_type(pkey, EVP_PKEY_SM2); mctx = EVP_MD_CTX_new(); pctx = EVP_PKEY_CTX_new(pkey, NULL); |