diff options
-rw-r--r-- | doc/man3/EVP_PKEY_CTX_ctrl.pod | 41 | ||||
-rw-r--r-- | doc/man3/EVP_PKEY_new.pod | 51 | ||||
-rw-r--r-- | util/private.num | 2 |
3 files changed, 81 insertions, 13 deletions
diff --git a/doc/man3/EVP_PKEY_CTX_ctrl.pod b/doc/man3/EVP_PKEY_CTX_ctrl.pod index 2ad470b558..ed4fd80917 100644 --- a/doc/man3/EVP_PKEY_CTX_ctrl.pod +++ b/doc/man3/EVP_PKEY_CTX_ctrl.pod @@ -2,13 +2,20 @@ =head1 NAME -EVP_PKEY_CTX_ctrl, EVP_PKEY_CTX_ctrl_str, -EVP_PKEY_CTX_set_signature_md, EVP_PKEY_CTX_set_rsa_padding, -EVP_PKEY_CTX_set_rsa_pss_saltlen, EVP_PKEY_CTX_set_rsa_keygen_bits, -EVP_PKEY_CTX_set_rsa_keygen_pubexp, EVP_PKEY_CTX_set_dsa_paramgen_bits, +EVP_PKEY_CTX_ctrl, +EVP_PKEY_CTX_ctrl_str, +EVP_PKEY_CTX_set_signature_md, +EVP_PKEY_CTX_get_signature_md, +EVP_PKEY_CTX_set_mac_key, +EVP_PKEY_CTX_set_rsa_padding, +EVP_PKEY_CTX_set_rsa_pss_saltlen, +EVP_PKEY_CTX_set_rsa_keygen_bits, +EVP_PKEY_CTX_set_rsa_keygen_pubexp, +EVP_PKEY_CTX_set_dsa_paramgen_bits, EVP_PKEY_CTX_set_dh_paramgen_prime_len, EVP_PKEY_CTX_set_dh_paramgen_generator, -EVP_PKEY_CTX_set_dh_pad, EVP_PKEY_CTX_set_dh_nid, +EVP_PKEY_CTX_set_dh_pad, +EVP_PKEY_CTX_set_dh_nid, EVP_PKEY_CTX_set_ec_paramgen_curve_nid, EVP_PKEY_CTX_set_ec_param_enc - algorithm specific control operations @@ -21,9 +28,12 @@ EVP_PKEY_CTX_set_ec_param_enc - algorithm specific control operations int EVP_PKEY_CTX_ctrl_str(EVP_PKEY_CTX *ctx, const char *type, const char *value); - #include <openssl/rsa.h> - int EVP_PKEY_CTX_set_signature_md(EVP_PKEY_CTX *ctx, const EVP_MD *md); + int EVP_PKEY_CTX_get_signature_md(EVP_PKEY_CTX *ctx, const EVP_MD **pmd); + + int EVP_PKEY_CTX_set_mac_key(EVP_PKEY_CTX *ctx, unsigned char *key, int len); + + #include <openssl/rsa.h> int EVP_PKEY_CTX_set_rsa_padding(EVP_PKEY_CTX *ctx, int pad); int EVP_PKEY_CTX_set_rsa_pss_saltlen(EVP_PKEY_CTX *ctx, int len); @@ -67,8 +77,21 @@ B<pkeyutl>, B<genpkey> and B<req> commands. All the remaining "functions" are implemented as macros. The EVP_PKEY_CTX_set_signature_md() macro sets the message digest type used -in a signature. It can be used with any public key algorithm supporting -signature operations. +in a signature. It can be used in the RSA, DSA and ECDSA algorithms. + +The EVP_PKEY_CTX_get_signature_md() macro gets the message digest type used in a +signature. It can be used in the RSA, DSA and ECDSA algorithms. + +Key generation typically involves setting up parameters to be used and +generating the private and public key data. Some algorithm implementations +allow private key data to be set explicitly using the EVP_PKEY_CTX_set_mac_key() +macro. In this case key generation is simply the process of setting up the +parameters for the key and then setting the raw key data to the value explicitly +provided by that macro. Normally applications would call +L<EVP_PKEY_new_private_key(3)> or similar functions instead of this macro. + +The EVP_PKEY_CTX_set_mac_key() macro can be used with any of the algorithms +supported by the L<EVP_PKEY_new_private_key(3)> function. The macro EVP_PKEY_CTX_set_rsa_padding() sets the RSA padding mode for B<ctx>. The B<pad> parameter can take the value RSA_PKCS1_PADDING for PKCS#1 padding, diff --git a/doc/man3/EVP_PKEY_new.pod b/doc/man3/EVP_PKEY_new.pod index 956d699002..e426a38c98 100644 --- a/doc/man3/EVP_PKEY_new.pod +++ b/doc/man3/EVP_PKEY_new.pod @@ -2,7 +2,14 @@ =head1 NAME -EVP_PKEY_new, EVP_PKEY_up_ref, EVP_PKEY_free - private key allocation functions +EVP_PKEY_new, +EVP_PKEY_up_ref, +EVP_PKEY_free, +EVP_PKEY_new_private_key, +EVP_PKEY_new_public_key, +EVP_PKEY_new_CMAC_key, +EVP_PKEY_new_mac_key +- public/private key allocation functions =head1 SYNOPSIS @@ -12,6 +19,14 @@ EVP_PKEY_new, EVP_PKEY_up_ref, EVP_PKEY_free - private key allocation functions int EVP_PKEY_up_ref(EVP_PKEY *key); void EVP_PKEY_free(EVP_PKEY *key); + EVP_PKEY *EVP_PKEY_new_private_key(int type, ENGINE *e, + const unsigned char *key, size_t keylen); + EVP_PKEY *EVP_PKEY_new_public_key(int type, ENGINE *e, + const unsigned char *key, size_t keylen); + EVP_PKEY *EVP_PKEY_new_CMAC_key(ENGINE *e, const unsigned char *priv, + size_t len, const EVP_CIPHER *cipher); + EVP_PKEY *EVP_PKEY_new_mac_key(int type, ENGINE *e, const unsigned char *key, + int keylen); =head1 DESCRIPTION @@ -23,6 +38,31 @@ EVP_PKEY_up_ref() increments the reference count of B<key>. EVP_PKEY_free() decrements the reference count of B<key> and, if the reference count is zero, frees it up. If B<key> is NULL, nothing is done. +EVP_PKEY_new_private_key() allocates a new B<EVP_PKEY>. If B<e> is non-NULL then +the new B<EVP_PKEY> structure is associated with the engine B<e>. The B<type> +argument indicates what kind of key this is. The value should be a NID for a +public key algorithm that supports raw private keys, i.e. one of +B<EVP_PKEY_HMAC>, B<EVP_PKEY_POLY1305>, B<EVP_PKEY_SIPHASH>, B<EVP_PKEY_X25519>, +B<EVP_PKEY_ED25519>, B<EVP_PKEY_X448> or B<EVP_PKEY_ED448>. B<key> points to the +raw private key data for this B<EVP_PKEY> which should be of length B<keylen>. +The length should be appropriate for the type of the key. The public key data +will be automatically derived from the given private key data (if appropriate +for the algorithm type). + +EVP_PKEY_new_public_key() works in the same way as EVP_PKEY_new_private_key() +except that B<key> points to the raw public key data. The B<EVP_PKEY> structure +will be initialised without any private key information. Algorithm types that +support raw public keys are B<EVP_PKEY_X25519>, B<EVP_PKEY_ED25519>, +B<EVP_PKEY_X448> or B<EVP_PKEY_ED448>. + +EVP_PKEY_new_CMAC_key() works in the same way as EVP_PKEY_new_private_key() +except it is only for the B<EVP_PKEY_CMAC> algorithm type. In addition to the +raw private key data, it also takes a cipher algorithm to be used during +creation of a CMAC in the B<cipher> argument. + +EVP_PKEY_new_mac_key() works in the same way as EVP_PKEY_new_private_key(). New +applications should use EVP_PKEY_new_private_key() instead. + =head1 NOTES The B<EVP_PKEY> structure is used by various OpenSSL functions which require a @@ -34,8 +74,9 @@ used. =head1 RETURN VALUES -EVP_PKEY_new() returns either the newly allocated B<EVP_PKEY> structure or -B<NULL> if an error occurred. +EVP_PKEY_new(), EVP_PKEY_new_private_key(), EVP_PKEY_new_public_key(), +EVP_PKEY_new_CMAC_key() and EVP_PKEY_new_mac_key() return either the newly +allocated B<EVP_PKEY> structure or B<NULL> if an error occurred. EVP_PKEY_up_ref() returns 1 for success and 0 for failure. @@ -47,7 +88,9 @@ L<EVP_PKEY_set1_RSA(3)> EVP_PKEY_new() and EVP_PKEY_free() exist in all versions of OpenSSL. -EVP_PKEY_up_ref() was first added to OpenSSL 1.1.0. +EVP_PKEY_up_ref() was first added to OpenSSL 1.1.0. EVP_PKEY_new_private_key(), +EVP_PKEY_new_public_key() and EVP_PKEY_new_CMAC_key() were first added to +OpenSSL 1.1.1. =head1 COPYRIGHT diff --git a/util/private.num b/util/private.num index 6c1a0ef32f..dea5cc2677 100644 --- a/util/private.num +++ b/util/private.num @@ -173,6 +173,7 @@ EVP_MD_CTX_type define EVP_OpenUpdate define EVP_PKEY_CTX_add1_hkdf_info define EVP_PKEY_CTX_add1_tls1_prf_seed define +EVP_PKEY_CTX_get_signature_md define EVP_PKEY_CTX_hkdf_mode define EVP_PKEY_CTX_set1_hkdf_key define EVP_PKEY_CTX_set1_hkdf_salt define @@ -185,6 +186,7 @@ EVP_PKEY_CTX_set_dsa_paramgen_bits define EVP_PKEY_CTX_set_ec_param_enc define EVP_PKEY_CTX_set_ec_paramgen_curve_nid define EVP_PKEY_CTX_set_hkdf_md define +EVP_PKEY_CTX_set_mac_key define EVP_PKEY_CTX_set_rsa_keygen_pubexp define EVP_PKEY_CTX_set_rsa_padding define EVP_PKEY_CTX_set_rsa_pss_saltlen define |