From 4eca3ec728f328a1b05553814e58ca9aa1cb4e78 Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Thu, 5 Mar 2020 09:21:56 +0000 Subject: [PATCH] Clarify the usage of EVP_PKEY_get_raw_[private|public]_key() EVP_PKEY_get_raw_private_key() and EVP_PKEY_get_raw_public_key() expect the size of the key buffer to be populated in the |*len| parameter on entry - but the docs made no mention of this. Fixes #11245 Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/11254) (cherry picked from commit f529fc7d53bf4228fae61cb1efe73d97fe3eb35f) --- doc/man3/EVP_PKEY_new.pod | 29 ++++++++++++++++------------- 1 file changed, 16 insertions(+), 13 deletions(-) diff --git a/doc/man3/EVP_PKEY_new.pod b/doc/man3/EVP_PKEY_new.pod index ebe20986db..cb77878dac 100644 --- a/doc/man3/EVP_PKEY_new.pod +++ b/doc/man3/EVP_PKEY_new.pod @@ -72,21 +72,24 @@ EVP_PKEY_new_mac_key() works in the same way as EVP_PKEY_new_raw_private_key(). New applications should use EVP_PKEY_new_raw_private_key() instead. EVP_PKEY_get_raw_private_key() fills the buffer provided by B with raw -private key data. The number of bytes written is populated in B<*len>. If the -buffer B is NULL then B<*len> is populated with the number of bytes -required to hold the key. The calling application is responsible for ensuring -that the buffer is large enough to receive the private key data. This function -only works for algorithms that support raw private keys. Currently this is: -B, B, B, B, -B, B or B. +private key data. The size of the B buffer should be in B<*len> on entry +to the function, and on exit B<*len> is updated with the number of bytes +actually written. If the buffer B is NULL then B<*len> is populated with +the number of bytes required to hold the key. The calling application is +responsible for ensuring that the buffer is large enough to receive the private +key data. This function only works for algorithms that support raw private keys. +Currently this is: B, B, B, +B, B, B or B. EVP_PKEY_get_raw_public_key() fills the buffer provided by B with raw -public key data. The number of bytes written is populated in B<*len>. If the -buffer B is NULL then B<*len> is populated with the number of bytes -required to hold the key. The calling application is responsible for ensuring -that the buffer is large enough to receive the public key data. This function -only works for algorithms that support raw public keys. Currently this is: -B, B, B or B. +public key data. The size of the B buffer should be in B<*len> on entry +to the function, and on exit B<*len> is updated with the number of bytes +actually written. If the buffer B is NULL then B<*len> is populated with +the number of bytes required to hold the key. The calling application is +responsible for ensuring that the buffer is large enough to receive the public +key data. This function only works for algorithms that support raw public keys. +Currently this is: B, B, B or +B. =head1 NOTES -- 2.25.1