=head1 NAME
-EVP_PKEY_CTX_ctrl, EVP_PKEY_CTX_ctrl_str,
-EVP_PKEY_CTX_set_signature_md, EVP_PKEY_CTX_set_rsa_padding,
-EVP_PKEY_CTX_set_rsa_pss_saltlen, EVP_PKEY_CTX_set_rsa_keygen_bits,
-EVP_PKEY_CTX_set_rsa_keygen_pubexp, EVP_PKEY_CTX_set_dsa_paramgen_bits,
+EVP_PKEY_CTX_ctrl,
+EVP_PKEY_CTX_ctrl_str,
+EVP_PKEY_CTX_set_signature_md,
+EVP_PKEY_CTX_get_signature_md,
+EVP_PKEY_CTX_set_mac_key,
+EVP_PKEY_CTX_set_rsa_padding,
+EVP_PKEY_CTX_set_rsa_pss_saltlen,
+EVP_PKEY_CTX_set_rsa_keygen_bits,
+EVP_PKEY_CTX_set_rsa_keygen_pubexp,
+EVP_PKEY_CTX_set_dsa_paramgen_bits,
EVP_PKEY_CTX_set_dh_paramgen_prime_len,
EVP_PKEY_CTX_set_dh_paramgen_generator,
-EVP_PKEY_CTX_set_dh_pad, EVP_PKEY_CTX_set_dh_nid,
+EVP_PKEY_CTX_set_dh_pad,
+EVP_PKEY_CTX_set_dh_nid,
EVP_PKEY_CTX_set_ec_paramgen_curve_nid,
EVP_PKEY_CTX_set_ec_param_enc - algorithm specific control operations
int EVP_PKEY_CTX_ctrl_str(EVP_PKEY_CTX *ctx, const char *type,
const char *value);
- #include <openssl/rsa.h>
-
int EVP_PKEY_CTX_set_signature_md(EVP_PKEY_CTX *ctx, const EVP_MD *md);
+ int EVP_PKEY_CTX_get_signature_md(EVP_PKEY_CTX *ctx, const EVP_MD **pmd);
+
+ int EVP_PKEY_CTX_set_mac_key(EVP_PKEY_CTX *ctx, unsigned char *key, int len);
+
+ #include <openssl/rsa.h>
int EVP_PKEY_CTX_set_rsa_padding(EVP_PKEY_CTX *ctx, int pad);
int EVP_PKEY_CTX_set_rsa_pss_saltlen(EVP_PKEY_CTX *ctx, int len);
All the remaining "functions" are implemented as macros.
The EVP_PKEY_CTX_set_signature_md() macro sets the message digest type used
-in a signature. It can be used with any public key algorithm supporting
-signature operations.
+in a signature. It can be used in the RSA, DSA and ECDSA algorithms.
+
+The EVP_PKEY_CTX_get_signature_md() macro gets the message digest type used in a
+signature. It can be used in the RSA, DSA and ECDSA algorithms.
+
+Key generation typically involves setting up parameters to be used and
+generating the private and public key data. Some algorithm implementations
+allow private key data to be set explicitly using the EVP_PKEY_CTX_set_mac_key()
+macro. In this case key generation is simply the process of setting up the
+parameters for the key and then setting the raw key data to the value explicitly
+provided by that macro. Normally applications would call
+L<EVP_PKEY_new_private_key(3)> or similar functions instead of this macro.
+
+The EVP_PKEY_CTX_set_mac_key() macro can be used with any of the algorithms
+supported by the L<EVP_PKEY_new_private_key(3)> function.
The macro EVP_PKEY_CTX_set_rsa_padding() sets the RSA padding mode for B<ctx>.
The B<pad> parameter can take the value RSA_PKCS1_PADDING for PKCS#1 padding,
=head1 NAME
-EVP_PKEY_new, EVP_PKEY_up_ref, EVP_PKEY_free - private key allocation functions
+EVP_PKEY_new,
+EVP_PKEY_up_ref,
+EVP_PKEY_free,
+EVP_PKEY_new_private_key,
+EVP_PKEY_new_public_key,
+EVP_PKEY_new_CMAC_key,
+EVP_PKEY_new_mac_key
+- public/private key allocation functions
=head1 SYNOPSIS
int EVP_PKEY_up_ref(EVP_PKEY *key);
void EVP_PKEY_free(EVP_PKEY *key);
+ EVP_PKEY *EVP_PKEY_new_private_key(int type, ENGINE *e,
+ const unsigned char *key, size_t keylen);
+ EVP_PKEY *EVP_PKEY_new_public_key(int type, ENGINE *e,
+ const unsigned char *key, size_t keylen);
+ EVP_PKEY *EVP_PKEY_new_CMAC_key(ENGINE *e, const unsigned char *priv,
+ size_t len, const EVP_CIPHER *cipher);
+ EVP_PKEY *EVP_PKEY_new_mac_key(int type, ENGINE *e, const unsigned char *key,
+ int keylen);
=head1 DESCRIPTION
EVP_PKEY_free() decrements the reference count of B<key> and, if the reference
count is zero, frees it up. If B<key> is NULL, nothing is done.
+EVP_PKEY_new_private_key() allocates a new B<EVP_PKEY>. If B<e> is non-NULL then
+the new B<EVP_PKEY> structure is associated with the engine B<e>. The B<type>
+argument indicates what kind of key this is. The value should be a NID for a
+public key algorithm that supports raw private keys, i.e. one of
+B<EVP_PKEY_HMAC>, B<EVP_PKEY_POLY1305>, B<EVP_PKEY_SIPHASH>, B<EVP_PKEY_X25519>,
+B<EVP_PKEY_ED25519>, B<EVP_PKEY_X448> or B<EVP_PKEY_ED448>. B<key> points to the
+raw private key data for this B<EVP_PKEY> which should be of length B<keylen>.
+The length should be appropriate for the type of the key. The public key data
+will be automatically derived from the given private key data (if appropriate
+for the algorithm type).
+
+EVP_PKEY_new_public_key() works in the same way as EVP_PKEY_new_private_key()
+except that B<key> points to the raw public key data. The B<EVP_PKEY> structure
+will be initialised without any private key information. Algorithm types that
+support raw public keys are B<EVP_PKEY_X25519>, B<EVP_PKEY_ED25519>,
+B<EVP_PKEY_X448> or B<EVP_PKEY_ED448>.
+
+EVP_PKEY_new_CMAC_key() works in the same way as EVP_PKEY_new_private_key()
+except it is only for the B<EVP_PKEY_CMAC> algorithm type. In addition to the
+raw private key data, it also takes a cipher algorithm to be used during
+creation of a CMAC in the B<cipher> argument.
+
+EVP_PKEY_new_mac_key() works in the same way as EVP_PKEY_new_private_key(). New
+applications should use EVP_PKEY_new_private_key() instead.
+
=head1 NOTES
The B<EVP_PKEY> structure is used by various OpenSSL functions which require a
=head1 RETURN VALUES
-EVP_PKEY_new() returns either the newly allocated B<EVP_PKEY> structure or
-B<NULL> if an error occurred.
+EVP_PKEY_new(), EVP_PKEY_new_private_key(), EVP_PKEY_new_public_key(),
+EVP_PKEY_new_CMAC_key() and EVP_PKEY_new_mac_key() return either the newly
+allocated B<EVP_PKEY> structure or B<NULL> if an error occurred.
EVP_PKEY_up_ref() returns 1 for success and 0 for failure.
EVP_PKEY_new() and EVP_PKEY_free() exist in all versions of OpenSSL.
-EVP_PKEY_up_ref() was first added to OpenSSL 1.1.0.
+EVP_PKEY_up_ref() was first added to OpenSSL 1.1.0. EVP_PKEY_new_private_key(),
+EVP_PKEY_new_public_key() and EVP_PKEY_new_CMAC_key() were first added to
+OpenSSL 1.1.1.
=head1 COPYRIGHT
EVP_OpenUpdate define
EVP_PKEY_CTX_add1_hkdf_info define
EVP_PKEY_CTX_add1_tls1_prf_seed define
+EVP_PKEY_CTX_get_signature_md define
EVP_PKEY_CTX_hkdf_mode define
EVP_PKEY_CTX_set1_hkdf_key define
EVP_PKEY_CTX_set1_hkdf_salt define
EVP_PKEY_CTX_set_ec_param_enc define
EVP_PKEY_CTX_set_ec_paramgen_curve_nid define
EVP_PKEY_CTX_set_hkdf_md define
+EVP_PKEY_CTX_set_mac_key define
EVP_PKEY_CTX_set_rsa_keygen_pubexp define
EVP_PKEY_CTX_set_rsa_padding define
EVP_PKEY_CTX_set_rsa_pss_saltlen define
projects / oweals / openssl.git / commitdiff