3 files changed, 81 insertions, 13 deletions

diff --git a/doc/man3/EVP_PKEY_CTX_ctrl.pod b/doc/man3/EVP_PKEY_CTX_ctrl.pod
index 2ad470b558..ed4fd80917 100644
--- a/doc/man3/EVP_PKEY_CTX_ctrl.pod
+++ b/doc/man3/EVP_PKEY_CTX_ctrl.pod
@@ -2,13 +2,20 @@
 
 =head1 NAME
 
-EVP_PKEY_CTX_ctrl, EVP_PKEY_CTX_ctrl_str,
-EVP_PKEY_CTX_set_signature_md, EVP_PKEY_CTX_set_rsa_padding,
-EVP_PKEY_CTX_set_rsa_pss_saltlen, EVP_PKEY_CTX_set_rsa_keygen_bits,
-EVP_PKEY_CTX_set_rsa_keygen_pubexp, EVP_PKEY_CTX_set_dsa_paramgen_bits,
+EVP_PKEY_CTX_ctrl,
+EVP_PKEY_CTX_ctrl_str,
+EVP_PKEY_CTX_set_signature_md,
+EVP_PKEY_CTX_get_signature_md,
+EVP_PKEY_CTX_set_mac_key,
+EVP_PKEY_CTX_set_rsa_padding,
+EVP_PKEY_CTX_set_rsa_pss_saltlen,
+EVP_PKEY_CTX_set_rsa_keygen_bits,
+EVP_PKEY_CTX_set_rsa_keygen_pubexp,
+EVP_PKEY_CTX_set_dsa_paramgen_bits,
 EVP_PKEY_CTX_set_dh_paramgen_prime_len,
 EVP_PKEY_CTX_set_dh_paramgen_generator,
-EVP_PKEY_CTX_set_dh_pad, EVP_PKEY_CTX_set_dh_nid,
+EVP_PKEY_CTX_set_dh_pad,
+EVP_PKEY_CTX_set_dh_nid,
 EVP_PKEY_CTX_set_ec_paramgen_curve_nid,
 EVP_PKEY_CTX_set_ec_param_enc - algorithm specific control operations
 
@@ -21,9 +28,12 @@ EVP_PKEY_CTX_set_ec_param_enc - algorithm specific control operations
  int EVP_PKEY_CTX_ctrl_str(EVP_PKEY_CTX *ctx, const char *type,
                            const char *value);
 
- #include <openssl/rsa.h>
-
  int EVP_PKEY_CTX_set_signature_md(EVP_PKEY_CTX *ctx, const EVP_MD *md);
+ int EVP_PKEY_CTX_get_signature_md(EVP_PKEY_CTX *ctx, const EVP_MD **pmd);
+
+ int EVP_PKEY_CTX_set_mac_key(EVP_PKEY_CTX *ctx, unsigned char *key, int len);
+
+ #include <openssl/rsa.h>
 
  int EVP_PKEY_CTX_set_rsa_padding(EVP_PKEY_CTX *ctx, int pad);
  int EVP_PKEY_CTX_set_rsa_pss_saltlen(EVP_PKEY_CTX *ctx, int len);
@@ -67,8 +77,21 @@ B<pkeyutl>, B<genpkey> and B<req> commands.
 All the remaining "functions" are implemented as macros.
 
 The EVP_PKEY_CTX_set_signature_md() macro sets the message digest type used
-in a signature. It can be used with any public key algorithm supporting
-signature operations.
+in a signature. It can be used in the RSA, DSA and ECDSA algorithms.
+
+The EVP_PKEY_CTX_get_signature_md() macro gets the message digest type used in a
+signature. It can be used in the RSA, DSA and ECDSA algorithms.
+
+Key generation typically involves setting up parameters to be used and
+generating the private and public key data. Some algorithm implementations
+allow private key data to be set explicitly using the EVP_PKEY_CTX_set_mac_key()
+macro. In this case key generation is simply the process of setting up the
+parameters for the key and then setting the raw key data to the value explicitly
+provided by that macro. Normally applications would call
+L<EVP_PKEY_new_private_key(3)> or similar functions instead of this macro.
+
+The EVP_PKEY_CTX_set_mac_key() macro can be used with any of the algorithms
+supported by the L<EVP_PKEY_new_private_key(3)> function.
 
 The macro EVP_PKEY_CTX_set_rsa_padding() sets the RSA padding mode for B<ctx>.
 The B<pad> parameter can take the value RSA_PKCS1_PADDING for PKCS#1 padding,
diff --git a/doc/man3/EVP_PKEY_new.pod b/doc/man3/EVP_PKEY_new.pod
index 956d699002..e426a38c98 100644
--- a/doc/man3/EVP_PKEY_new.pod
+++ b/doc/man3/EVP_PKEY_new.pod
@@ -2,7 +2,14 @@
 
 =head1 NAME
 
-EVP_PKEY_new, EVP_PKEY_up_ref, EVP_PKEY_free - private key allocation functions
+EVP_PKEY_new,
+EVP_PKEY_up_ref,
+EVP_PKEY_free,
+EVP_PKEY_new_private_key,
+EVP_PKEY_new_public_key,
+EVP_PKEY_new_CMAC_key,
+EVP_PKEY_new_mac_key
+- public/private key allocation functions
 
 =head1 SYNOPSIS
 
@@ -12,6 +19,14 @@ EVP_PKEY_new, EVP_PKEY_up_ref, EVP_PKEY_free - private key allocation functions
  int EVP_PKEY_up_ref(EVP_PKEY *key);
  void EVP_PKEY_free(EVP_PKEY *key);
 
+ EVP_PKEY *EVP_PKEY_new_private_key(int type, ENGINE *e,
+                                    const unsigned char *key, size_t keylen);
+ EVP_PKEY *EVP_PKEY_new_public_key(int type, ENGINE *e,
+                                   const unsigned char *key, size_t keylen);
+ EVP_PKEY *EVP_PKEY_new_CMAC_key(ENGINE *e, const unsigned char *priv,
+                                 size_t len, const EVP_CIPHER *cipher);
+ EVP_PKEY *EVP_PKEY_new_mac_key(int type, ENGINE *e, const unsigned char *key,
+                                int keylen);
 
 =head1 DESCRIPTION
 
@@ -23,6 +38,31 @@ EVP_PKEY_up_ref() increments the reference count of B<key>.
 EVP_PKEY_free() decrements the reference count of B<key> and, if the reference
 count is zero, frees it up. If B<key> is NULL, nothing is done.
 
+EVP_PKEY_new_private_key() allocates a new B<EVP_PKEY>. If B<e> is non-NULL then
+the new B<EVP_PKEY> structure is associated with the engine B<e>. The B<type>
+argument indicates what kind of key this is. The value should be a NID for a
+public key algorithm that supports raw private keys, i.e. one of
+B<EVP_PKEY_HMAC>, B<EVP_PKEY_POLY1305>, B<EVP_PKEY_SIPHASH>, B<EVP_PKEY_X25519>,
+B<EVP_PKEY_ED25519>, B<EVP_PKEY_X448> or B<EVP_PKEY_ED448>. B<key> points to the
+raw private key data for this B<EVP_PKEY> which should be of length B<keylen>.
+The length should be appropriate for the type of the key. The public key data
+will be automatically derived from the given private key data (if appropriate
+for the algorithm type).
+
+EVP_PKEY_new_public_key() works in the same way as EVP_PKEY_new_private_key()
+except that B<key> points to the raw public key data. The B<EVP_PKEY> structure
+will be initialised without any private key information. Algorithm types that
+support raw public keys are B<EVP_PKEY_X25519>, B<EVP_PKEY_ED25519>,
+B<EVP_PKEY_X448> or B<EVP_PKEY_ED448>.
+
+EVP_PKEY_new_CMAC_key() works in the same way as EVP_PKEY_new_private_key()
+except it is only for the B<EVP_PKEY_CMAC> algorithm type. In addition to the
+raw private key data, it also takes a cipher algorithm to be used during
+creation of a CMAC in the B<cipher> argument.
+
+EVP_PKEY_new_mac_key() works in the same way as EVP_PKEY_new_private_key(). New
+applications should use EVP_PKEY_new_private_key() instead.
+
 =head1 NOTES
 
 The B<EVP_PKEY> structure is used by various OpenSSL functions which require a
@@ -34,8 +74,9 @@ used.
 
 =head1 RETURN VALUES
 
-EVP_PKEY_new() returns either the newly allocated B<EVP_PKEY> structure or
-B<NULL> if an error occurred.
+EVP_PKEY_new(), EVP_PKEY_new_private_key(), EVP_PKEY_new_public_key(),
+EVP_PKEY_new_CMAC_key() and EVP_PKEY_new_mac_key() return either the newly
+allocated B<EVP_PKEY> structure or B<NULL> if an error occurred.
 
 EVP_PKEY_up_ref() returns 1 for success and 0 for failure.
 
@@ -47,7 +88,9 @@ L<EVP_PKEY_set1_RSA(3)>
 
 EVP_PKEY_new() and EVP_PKEY_free() exist in all versions of OpenSSL.
 
-EVP_PKEY_up_ref() was first added to OpenSSL 1.1.0.
+EVP_PKEY_up_ref() was first added to OpenSSL 1.1.0. EVP_PKEY_new_private_key(),
+EVP_PKEY_new_public_key() and EVP_PKEY_new_CMAC_key() were first added to
+OpenSSL 1.1.1.
 
 =head1 COPYRIGHT
 
diff --git a/util/private.num b/util/private.num
index 6c1a0ef32f..dea5cc2677 100644
--- a/util/private.num
+++ b/util/private.num
@@ -173,6 +173,7 @@ EVP_MD_CTX_type                         define
 EVP_OpenUpdate                          define
 EVP_PKEY_CTX_add1_hkdf_info             define
 EVP_PKEY_CTX_add1_tls1_prf_seed         define
+EVP_PKEY_CTX_get_signature_md           define
 EVP_PKEY_CTX_hkdf_mode                  define
 EVP_PKEY_CTX_set1_hkdf_key              define
 EVP_PKEY_CTX_set1_hkdf_salt             define
@@ -185,6 +186,7 @@ EVP_PKEY_CTX_set_dsa_paramgen_bits      define
 EVP_PKEY_CTX_set_ec_param_enc           define
 EVP_PKEY_CTX_set_ec_paramgen_curve_nid  define
 EVP_PKEY_CTX_set_hkdf_md                define
+EVP_PKEY_CTX_set_mac_key                define
 EVP_PKEY_CTX_set_rsa_keygen_pubexp      define
 EVP_PKEY_CTX_set_rsa_padding            define
 EVP_PKEY_CTX_set_rsa_pss_saltlen        define