diff options
author | Matt Caswell <matt@openssl.org> | 2020-05-27 11:50:05 +0100 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2020-06-19 11:41:23 +0100 |
commit | 4dcfdfce93d6c5b5065323b0488ea93a938acb49 (patch) | |
tree | f6a8d6f9671ec8d178e90ef7e4eeae40dced5753 /doc | |
parent | 19b4fe5844b71620c87de2ffb8734c99d833f636 (diff) |
Make it clear that you can't use all ciphers for CMAC
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12107)
Diffstat (limited to 'doc')
-rw-r--r-- | doc/man3/EVP_PKEY_new.pod | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/doc/man3/EVP_PKEY_new.pod b/doc/man3/EVP_PKEY_new.pod index 667269cc62..faf5a117e5 100644 --- a/doc/man3/EVP_PKEY_new.pod +++ b/doc/man3/EVP_PKEY_new.pod @@ -66,7 +66,8 @@ B<EVP_PKEY_X25519>, B<EVP_PKEY_ED25519>, B<EVP_PKEY_X448> or B<EVP_PKEY_ED448>. EVP_PKEY_new_CMAC_key() works in the same way as EVP_PKEY_new_raw_private_key() except it is only for the B<EVP_PKEY_CMAC> algorithm type. In addition to the raw private key data, it also takes a cipher algorithm to be used during -creation of a CMAC in the B<cipher> argument. +creation of a CMAC in the B<cipher> argument. The cipher should be a standard +encryption only cipher. For example AEAD and XTS ciphers should not be used. EVP_PKEY_new_mac_key() works in the same way as EVP_PKEY_new_raw_private_key(). New applications should use EVP_PKEY_new_raw_private_key() instead. |