From ad60cd522b4f717a69c690f68f1591371a048591 Mon Sep 17 00:00:00 2001
From: slontis <shane.lontis@oracle.com>
Date: Wed, 16 Nov 2022 15:40:09 +1000
Subject: [PATCH] Add doc for EVP_ASYM_CIPHER-RSA and clean up
 OSSL_PROVIDER-FIPS.pod.

Removed fields from missingcrypto.txt that are no longer missing.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19692)
---
 doc/build.info                    | 10 +++-
 doc/man7/EVP_ASYM_CIPHER-RSA.pod  | 90 +++++++++++++++++++++++++++++++
 doc/man7/OSSL_PROVIDER-FIPS.pod   |  8 ++-
 doc/man7/provider-asym_cipher.pod | 20 ++++---
 util/missingcrypto.txt            | 37 -------------
 5 files changed, 110 insertions(+), 55 deletions(-)
 create mode 100644 doc/man7/EVP_ASYM_CIPHER-RSA.pod

diff --git a/doc/build.info b/doc/build.info
index 71c7f3aa40..bc81e8378e 100644
--- a/doc/build.info
+++ b/doc/build.info
@@ -4123,6 +4123,10 @@ html/man5/x509v3_config.html
 MANDOCS[man5]=man/man5/config.5 \
 man/man5/fips_config.5 \
 man/man5/x509v3_config.5
+DEPEND[html/man7/EVP_ASYM_CIPHER-RSA.html]=man7/EVP_ASYM_CIPHER-RSA.pod
+GENERATE[html/man7/EVP_ASYM_CIPHER-RSA.html]=man7/EVP_ASYM_CIPHER-RSA.pod
+DEPEND[man/man7/EVP_ASYM_CIPHER-RSA.7]=man7/EVP_ASYM_CIPHER-RSA.pod
+GENERATE[man/man7/EVP_ASYM_CIPHER-RSA.7]=man7/EVP_ASYM_CIPHER-RSA.pod
 DEPEND[html/man7/EVP_ASYM_CIPHER-SM2.html]=man7/EVP_ASYM_CIPHER-SM2.pod
 GENERATE[html/man7/EVP_ASYM_CIPHER-SM2.html]=man7/EVP_ASYM_CIPHER-SM2.pod
 DEPEND[man/man7/EVP_ASYM_CIPHER-SM2.7]=man7/EVP_ASYM_CIPHER-SM2.pod
@@ -4639,7 +4643,8 @@ man7/img/kdf.png \
 man7/img/mac.png \
 man7/img/pkey.png \
 man7/img/rand.png
-HTMLDOCS[man7]=html/man7/EVP_ASYM_CIPHER-SM2.html \
+HTMLDOCS[man7]=html/man7/EVP_ASYM_CIPHER-RSA.html \
+html/man7/EVP_ASYM_CIPHER-SM2.html \
 html/man7/EVP_CIPHER-AES.html \
 html/man7/EVP_CIPHER-ARIA.html \
 html/man7/EVP_CIPHER-BLOWFISH.html \
@@ -4766,7 +4771,8 @@ html/man7/provider.html \
 html/man7/proxy-certificates.html \
 html/man7/ssl.html \
 html/man7/x509.html
-MANDOCS[man7]=man/man7/EVP_ASYM_CIPHER-SM2.7 \
+MANDOCS[man7]=man/man7/EVP_ASYM_CIPHER-RSA.7 \
+man/man7/EVP_ASYM_CIPHER-SM2.7 \
 man/man7/EVP_CIPHER-AES.7 \
 man/man7/EVP_CIPHER-ARIA.7 \
 man/man7/EVP_CIPHER-BLOWFISH.7 \
diff --git a/doc/man7/EVP_ASYM_CIPHER-RSA.pod b/doc/man7/EVP_ASYM_CIPHER-RSA.pod
new file mode 100644
index 0000000000..c68cad6c42
--- /dev/null
+++ b/doc/man7/EVP_ASYM_CIPHER-RSA.pod
@@ -0,0 +1,90 @@
+=pod
+
+=head1 NAME
+
+EVP_ASYM_CIPHER-RSA
+- RSA Asymmetric Cipher algorithm support
+
+=head1 DESCRIPTION
+
+Asymmetric Cipher support for the B<RSA> key type.
+
+=head2 RSA Asymmetric Cipher parameters
+
+=over 4
+
+=item "pad-mode" (B<OSSL_ASYM_CIPHER_PARAM_PAD_MODE>) <UTF8 string>
+
+The default provider understands these RSA padding modes in string form:
+
+=over 4
+
+=item "none" (B<OSSL_PKEY_RSA_PAD_MODE_NONE>)
+
+=item "oaep" (B<OSSL_PKEY_RSA_PAD_MODE_OAEP>)
+
+=item "pkcs1" (B<OSSL_PKEY_RSA_PAD_MODE_PKCSV15>)
+
+=item "x931" (B<OSSL_PKEY_RSA_PAD_MODE_X931>)
+
+=back
+
+=item "pad-mode" (B<OSSL_ASYM_CIPHER_PARAM_PAD_MODE>) <integer>
+
+The default provider understands these RSA padding modes in integer form:
+
+=over 4
+
+=item 1 (B<RSA_PKCS1_PADDING>)
+
+=item 3 (B<RSA_NO_PADDING>)
+
+=item 4 (B<RSA_PKCS1_OAEP_PADDING>)
+
+=item 5 (B<RSA_X931_PADDING>)
+
+=back
+
+See L<EVP_PKEY_CTX_set_rsa_padding(3)> for further details.
+
+=item "digest" (B<OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST>) <UTF8 string>
+
+=item "digest-props" (B<OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST_PROPS>) <UTF8 string>
+
+=item "mgf1-digest" (B<OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST>) <UTF8 string>
+
+=item "mgf1-digest-props" (B<OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST_PROPS>) <UTF8 string>
+
+=item "oaep-label" (B<OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL>) <octet string>
+
+=item "tls-client-version" (B<OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION>) <unsigned integer>
+
+See B<RSA_PKCS1_WITH_TLS_PADDING> on the page L<EVP_PKEY_CTX_set_rsa_padding(3)>.
+
+=item "tls-negotiated-version" (B<OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION>) <unsigned integer>
+
+See B<RSA_PKCS1_WITH_TLS_PADDING> on the page L<EVP_PKEY_CTX_set_rsa_padding(3)>.
+
+See L<provider-asym_cipher(7)/Asymmetric Cipher Parameters> for more information.
+
+=back
+
+=head1 SEE ALSO
+
+L<EVP_PKEY-RSA(7)>,
+L<EVP_PKEY(3)>,
+L<provider-asym_cipher(7)>,
+L<provider-keymgmt(7)>,
+L<OSSL_PROVIDER-default(7)>
+L<OSSL_PROVIDER-FIPS(7)>
+
+=head1 COPYRIGHT
+
+Copyright 2022 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the Apache License 2.0 (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/doc/man7/OSSL_PROVIDER-FIPS.pod b/doc/man7/OSSL_PROVIDER-FIPS.pod
index 899185974e..54ac236702 100644
--- a/doc/man7/OSSL_PROVIDER-FIPS.pod
+++ b/doc/man7/OSSL_PROVIDER-FIPS.pod
@@ -88,7 +88,7 @@ The OpenSSL FIPS provider supports these operations and algorithms:
 
 =item TLS13-KDF, see L<EVP_KDF-TLS13_KDF(7)>
 
-=item SSKDF, see L<EVP_KDF-SSKDF(7)>
+=item SSKDF, see L<EVP_KDF-SS(7)>
 
 =item PBKDF2, see L<EVP_KDF-PBKDF2(7)>
 
@@ -96,7 +96,7 @@ The OpenSSL FIPS provider supports these operations and algorithms:
 
 =item TLS1-PRF, see L<EVP_KDF-TLS1_PRF(7)>
 
-=item KBKDF, see L<EVP_KDF-KBKDF(7)>
+=item KBKDF, see L<EVP_KDF-KB(7)>
 
 =item X942KDF-ASN1, see L<EVP_KDF-X942-ASN1(7)>
 
@@ -124,8 +124,6 @@ The OpenSSL FIPS provider supports these operations and algorithms:
 
 =over 4
 
-=item DSA, see L<EVP_KEYEXCH-DSA(7)>
-
 =item RSA, see L<EVP_SIGNATURE-RSA(7)>
 
 =item X25519, see L<EVP_SIGNATURE-ED25519(7)>
@@ -142,7 +140,7 @@ The OpenSSL FIPS provider supports these operations and algorithms:
 
 =over 4
 
-=item RSA, see L<EVP_KEYEXCH-RSA(7)>
+=item RSA, see L<EVP_ASYM_CIPHER-RSA(7)>
 
 =back
 
diff --git a/doc/man7/provider-asym_cipher.pod b/doc/man7/provider-asym_cipher.pod
index 99207b4e65..e14a1d9019 100644
--- a/doc/man7/provider-asym_cipher.pod
+++ b/doc/man7/provider-asym_cipher.pod
@@ -187,14 +187,10 @@ algorithms:
 
 =over 4
 
-=item "pad-mode" (B<OSSL_ASYM_CIPHER_PARAM_PAD_MODE>) <integer>
+=item "pad-mode" (B<OSSL_ASYM_CIPHER_PARAM_PAD_MODE>) <UTF8 string> OR <integer>
 
 The type of padding to be used. The interpretation of this value will depend
-on the algorithm in use. The default provider understands these RSA padding
-modes: 1 (RSA_PKCS1_PADDING), 3 (RSA_NO_PADDING),
-4 (RSA_PKCS1_OAEP_PADDING), 5 (RSA_X931_PADDING), 6 (RSA_PKCS1_PSS_PADDING) and
-7 (RSA_PKCS1_WITH_TLS_PADDING). See L<EVP_PKEY_CTX_set_rsa_padding(3)> for
-further details.
+on the algorithm in use.
 
 =item "digest" (B<OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST>) <UTF8 string>
 
@@ -223,19 +219,21 @@ is in use.
 
 Gets or sets the properties to use when fetching the MGF1 digest algorithm.
 
+=item "oaep-label" (B<OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL>) <octet string ptr>
+
+Gets the OAEP label used when OAEP padding is in use.
+
 =item "oaep-label" (B<OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL>) <octet string>
 
-Gets or sets the OAEP label used when OAEP padding is in use.
+Sets the OAEP label used when OAEP padding is in use.
 
 =item "tls-client-version" (B<OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION>) <unsigned integer>
 
-The TLS protocol version first requested by the client. See
-B<RSA_PKCS1_WITH_TLS_PADDING> on the page L<EVP_PKEY_CTX_set_rsa_padding(3)>.
+The TLS protocol version first requested by the client.
 
 =item "tls-negotiated-version" (B<OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION>) <unsigned integer>
 
-The negotiated TLS protocol version. See
-B<RSA_PKCS1_WITH_TLS_PADDING> on the page L<EVP_PKEY_CTX_set_rsa_padding(3)>.
+The negotiated TLS protocol version.
 
 =back
 
diff --git a/util/missingcrypto.txt b/util/missingcrypto.txt
index 56ee90c8a1..a70861fb1f 100644
--- a/util/missingcrypto.txt
+++ b/util/missingcrypto.txt
@@ -542,42 +542,6 @@ ENGINE_setup_bsd_cryptodev(3)
 ENGINE_unregister_EC(3)
 ENGINE_unregister_pkey_asn1_meths(3)
 ENGINE_unregister_pkey_meths(3)
-EVP_ASYM_CIPHER-RSA(7)
-EVP_CIPHER-AES(7)
-EVP_CIPHER-ARIA(7)
-EVP_CIPHER-BF(7)
-EVP_CIPHER-DES(7)
-EVP_CIPHER-CAMELLIA(7)
-EVP_CIPHER-CAST5(7)
-EVP_CIPHER-ChaCha20(7)
-EVP_CIPHER-ChaCha20-Poly1305(7)
-EVP_CIPHER-DES(7)
-EVP_CIPHER-IDEA(7)
-EVP_CIPHER-RC2(7)
-EVP_CIPHER-RC4(7)
-EVP_CIPHER-RC5(7)
-EVP_CIPHER-SEED(7)
-EVP_CIPHER-SM4(7)
-EVP_KDF-KBKDF(7)
-EVP_KDF-SSKDF(7)
-EVP_KDF-TLS1-PRF(7)
-EVP_KEYEXCH-DH(7)
-EVP_KEYEXCH-ECDH(7)
-EVP_KEYEXCH-DSA(7)
-EVP_KEYEXCH-RSA(7)
-EVP_KEYEXCH-X25519(7)
-EVP_KEYEXCH-X448(7)
-EVP_KEYMGMT-DH(7)
-EVP_KEYMGMT-EC(7)
-EVP_KEYMGMT-DSA(7)
-EVP_KEYMGMT-RSA(7)
-EVP_KEYMGMT-X25519(7)
-EVP_KEYMGMT-X448(7)
-EVP_SIGNATURE-DSA(7)
-EVP_SIGNATURE-ECDSA(7)
-EVP_SIGNATURE-ED25519(7)
-EVP_SIGNATURE-ED448(7)
-EVP_SIGNATURE-RSA(7)
 ERR_get_state(3)
 ERR_load_ASN1_strings(3)
 ERR_load_ASYNC_strings(3)
@@ -1392,7 +1356,6 @@ i2v_ASN1_BIT_STRING(3)
 i2v_GENERAL_NAME(3)
 i2v_GENERAL_NAMES(3)
 o2i_ECPublicKey(3)
-provider-kdf(7)
 v2i_ASN1_BIT_STRING(3)
 v2i_GENERAL_NAME(3)
 v2i_GENERAL_NAMES(3)