summaryrefslogtreecommitdiffstats
path: root/doc
diff options
context:
space:
mode:
authorDr. David von Oheimb <dev@ddvo.net>2023-10-21 09:57:09 +0200
committerHugo Landau <hlandau@openssl.org>2023-10-26 16:05:06 +0100
commitd9aa640d12861eba845e7a5b5013495ad65ea126 (patch)
tree579ee63ef3fc89934cce22b66f1a9060b1224f2f /doc
parent51f4115dcc818a35e2c8838c01b3b08740d0c1e1 (diff)
EVP_PKEY_get_size.pod and provider-keymgmt.pod: document their relation
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22459) (cherry picked from commit 09298141592c579504966f1907a44cb95f37cc6e)
Diffstat (limited to 'doc')
-rw-r--r--doc/man3/EVP_PKEY_get_size.pod4
-rw-r--r--doc/man7/provider-keymgmt.pod6
2 files changed, 10 insertions, 0 deletions
diff --git a/doc/man3/EVP_PKEY_get_size.pod b/doc/man3/EVP_PKEY_get_size.pod
index 37bb9bb4c4..44b91cb00e 100644
--- a/doc/man3/EVP_PKEY_get_size.pod
+++ b/doc/man3/EVP_PKEY_get_size.pod
@@ -22,6 +22,7 @@ EVP_PKEY_bits, EVP_PKEY_security_bits, EVP_PKEY_size
EVP_PKEY_get_size() returns the maximum suitable size for the output
buffers for almost all operations that can be done with I<pkey>.
+This corresponds to the provider parameter B<OSSL_PKEY_PARAM_MAX_SIZE>.
The primary documented use is with L<EVP_SignFinal(3)> and
L<EVP_SealInit(3)>, but it isn't limited there. The returned size is
also large enough for the output buffer of L<EVP_PKEY_sign(3)>,
@@ -38,9 +39,11 @@ receive that length), to avoid bugs.
EVP_PKEY_get_bits() returns the cryptographic length of the cryptosystem
to which the key in I<pkey> belongs, in bits. Note that the definition
of cryptographic length is specific to the key cryptosystem.
+This length corresponds to the provider parameter B<OSSL_PKEY_PARAM_BITS>.
EVP_PKEY_get_security_bits() returns the number of security bits of the given
I<pkey>, bits of security is defined in NIST SP800-57.
+This corresponds to the provider parameter B<OSSL_PKEY_PARAM_SECURITY_BITS>.
=head1 RETURN VALUES
@@ -66,6 +69,7 @@ L<EVP_DigestSignFinal(3)/NOTES>.
=head1 SEE ALSO
+L<provider-keymgmt(7)>,
L<EVP_SignFinal(3)>,
L<EVP_SealInit(3)>,
L<EVP_PKEY_sign(3)>,
diff --git a/doc/man7/provider-keymgmt.pod b/doc/man7/provider-keymgmt.pod
index d5c628a93d..f8d04bfd0b 100644
--- a/doc/man7/provider-keymgmt.pod
+++ b/doc/man7/provider-keymgmt.pod
@@ -380,6 +380,9 @@ the result of asymmmetric encryption / decryption (I<out> in
L<provider-asym_cipher(7)>, a derived secret (I<secret> in
L<provider-keyexch(7)>, and similar data).
+Providers need to implement this parameter
+in order to properly support various use cases such as CMS signing.
+
Because an EVP_KEYMGMT method is always tightly bound to another method
(signature, asymmetric cipher, key exchange, ...) and must be of the
same provider, this number only needs to be synchronised with the
@@ -448,6 +451,9 @@ always return a constant L<OSSL_PARAM(3)> array.
=head1 SEE ALSO
+L<EVP_PKEY_get_size(3)>,
+L<EVP_PKEY_get_bits(3)>,
+L<EVP_PKEY_get_security_bits(3)>,
L<provider(7)>,
L<EVP_PKEY-X25519(7)>, L<EVP_PKEY-X448(7)>, L<EVP_PKEY-ED25519(7)>,
L<EVP_PKEY-ED448(7)>, L<EVP_PKEY-EC(7)>, L<EVP_PKEY-RSA(7)>,