From 2b1bc78acc0d7ef3a10ca0cb3d2280375032d137 Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Mon, 27 Apr 2020 16:48:18 +0100 Subject: [PATCH] Document the new raw private/public key functions Document the newly added EVP_PKEY_new_raw_private_key_with_libctx and EVP_PKEY_new_raw_public_key_with_libctx functions. Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/11635) --- doc/man3/EVP_PKEY_new.pod | 53 +++++++++++++++++++++++++++++++-------- 1 file changed, 43 insertions(+), 10 deletions(-) diff --git a/doc/man3/EVP_PKEY_new.pod b/doc/man3/EVP_PKEY_new.pod index b3bbe63aec..3efab95671 100644 --- a/doc/man3/EVP_PKEY_new.pod +++ b/doc/man3/EVP_PKEY_new.pod @@ -5,7 +5,9 @@ EVP_PKEY_new, EVP_PKEY_up_ref, EVP_PKEY_free, +EVP_PKEY_new_raw_private_key_with_libctx, EVP_PKEY_new_raw_private_key, +EVP_PKEY_new_raw_public_key_with_libctx, EVP_PKEY_new_raw_public_key, EVP_PKEY_new_CMAC_key, EVP_PKEY_new_mac_key, @@ -21,8 +23,18 @@ EVP_PKEY_get_raw_public_key int EVP_PKEY_up_ref(EVP_PKEY *key); void EVP_PKEY_free(EVP_PKEY *key); + EVP_PKEY *EVP_PKEY_new_raw_private_key_with_libctx(OPENSSL_CTX *libctx, + const char *keytype, + const char *propq, + const unsigned char *key, + size_t keylen); EVP_PKEY *EVP_PKEY_new_raw_private_key(int type, ENGINE *e, const unsigned char *key, size_t keylen); + EVP_PKEY *EVP_PKEY_new_raw_public_key_with_libctx(OPENSSL_CTX *libctx, + const char *keytype, + const char *propq, + const unsigned char *key, + size_t keylen); EVP_PKEY *EVP_PKEY_new_raw_public_key(int type, ENGINE *e, const unsigned char *key, size_t keylen); EVP_PKEY *EVP_PKEY_new_CMAC_key(ENGINE *e, const unsigned char *priv, @@ -46,16 +58,34 @@ EVP_PKEY_up_ref() increments the reference count of B. EVP_PKEY_free() decrements the reference count of B and, if the reference count is zero, frees it up. If B is NULL, nothing is done. -EVP_PKEY_new_raw_private_key() allocates a new B. If B is non-NULL -then the new B structure is associated with the engine B. The -B argument indicates what kind of key this is. The value should be a NID -for a public key algorithm that supports raw private keys, i.e. one of -B, B, B, B, -B, B or B. B points to the -raw private key data for this B which should be of length B. -The length should be appropriate for the type of the key. The public key data -will be automatically derived from the given private key data (if appropriate -for the algorithm type). +EVP_PKEY_new_raw_private_key_with_libctx() allocates a new B. Unless +an engine should be used for the key type, a provider for the key is found using +the library context I and the property query string I. The +I argument indicates what kind of key this is. The value should be a +string for a public key algorithm that supports raw private keys, i.e one of +"POLY1305", "SIPHASH", "X25519", "ED25519", "X448" or "ED448". Note that you may +also use "HMAC" which is not a public key algorithm but is treated as such by +some OpenSSL APIs. You are encouraged to use the EVP_MAC APIs instead for HMAC +(see L). I points to the raw private key data for this +B which should be of length I. The length should be +appropriate for the type of the key. The public key data will be automatically +derived from the given private key data (if appropriate for the algorithm type). + +EVP_PKEY_new_raw_private_key() does the same as +EVP_PKEY_new_raw_private_key_with_libctx() except that the default library +context and default property query are used instead. If B is non-NULL then +the new B structure is associated with the engine B. The B +argument indicates what kind of key this is. The value should be a NID for a +public key algorithm that supports raw private keys, i.e. one of +B, B, B, +B, B or B. As for +EVP_PKEY_new_raw_private_key_with_libctx() you may also use B. + +EVP_PKEY_new_raw_public_key_with_libctx() works in the same way as +EVP_PKEY_new_raw_private_key_with_libctx() except that B points to the raw +public key data. The B structure will be initialised without any +private key information. Algorithm types that support raw public keys are +"X25519", "ED25519", "X448" or "ED448". EVP_PKEY_new_raw_public_key() works in the same way as EVP_PKEY_new_raw_private_key() except that B points to the raw public key @@ -127,6 +157,9 @@ EVP_PKEY_new_raw_private_key(), EVP_PKEY_new_raw_public_key(), EVP_PKEY_new_CMAC_key(), EVP_PKEY_new_raw_private_key() and EVP_PKEY_get_raw_public_key() functions were added in OpenSSL 1.1.1. +The EVP_PKEY_new_raw_private_key_with_libctx and +EVP_PKEY_new_raw_public_key_with_libctx functions were added in OpenSSL 3.0. + =head1 COPYRIGHT Copyright 2002-2020 The OpenSSL Project Authors. All Rights Reserved. -- 2.25.1