diff options
| -rw-r--r-- | doc/man3/EVP_PKEY_get_size.pod | 4 | ||||
| -rw-r--r-- | doc/man7/provider-keymgmt.pod | 6 |
2 files changed, 10 insertions, 0 deletions
diff --git a/doc/man3/EVP_PKEY_get_size.pod b/doc/man3/EVP_PKEY_get_size.pod index 37bb9bb4c4..44b91cb00e 100644 --- a/doc/man3/EVP_PKEY_get_size.pod +++ b/doc/man3/EVP_PKEY_get_size.pod @@ -22,6 +22,7 @@ EVP_PKEY_bits, EVP_PKEY_security_bits, EVP_PKEY_size EVP_PKEY_get_size() returns the maximum suitable size for the output buffers for almost all operations that can be done with I<pkey>. +This corresponds to the provider parameter B<OSSL_PKEY_PARAM_MAX_SIZE>. The primary documented use is with L<EVP_SignFinal(3)> and L<EVP_SealInit(3)>, but it isn't limited there. The returned size is also large enough for the output buffer of L<EVP_PKEY_sign(3)>, @@ -38,9 +39,11 @@ receive that length), to avoid bugs. EVP_PKEY_get_bits() returns the cryptographic length of the cryptosystem to which the key in I<pkey> belongs, in bits. Note that the definition of cryptographic length is specific to the key cryptosystem. +This length corresponds to the provider parameter B<OSSL_PKEY_PARAM_BITS>. EVP_PKEY_get_security_bits() returns the number of security bits of the given I<pkey>, bits of security is defined in NIST SP800-57. +This corresponds to the provider parameter B<OSSL_PKEY_PARAM_SECURITY_BITS>. =head1 RETURN VALUES @@ -66,6 +69,7 @@ L<EVP_DigestSignFinal(3)/NOTES>. =head1 SEE ALSO +L<provider-keymgmt(7)>, L<EVP_SignFinal(3)>, L<EVP_SealInit(3)>, L<EVP_PKEY_sign(3)>, diff --git a/doc/man7/provider-keymgmt.pod b/doc/man7/provider-keymgmt.pod index d5c628a93d..f8d04bfd0b 100644 --- a/doc/man7/provider-keymgmt.pod +++ b/doc/man7/provider-keymgmt.pod @@ -380,6 +380,9 @@ the result of asymmmetric encryption / decryption (I<out> in L<provider-asym_cipher(7)>, a derived secret (I<secret> in L<provider-keyexch(7)>, and similar data). +Providers need to implement this parameter +in order to properly support various use cases such as CMS signing. + Because an EVP_KEYMGMT method is always tightly bound to another method (signature, asymmetric cipher, key exchange, ...) and must be of the same provider, this number only needs to be synchronised with the @@ -448,6 +451,9 @@ always return a constant L<OSSL_PARAM(3)> array. =head1 SEE ALSO +L<EVP_PKEY_get_size(3)>, +L<EVP_PKEY_get_bits(3)>, +L<EVP_PKEY_get_security_bits(3)>, L<provider(7)>, L<EVP_PKEY-X25519(7)>, L<EVP_PKEY-X448(7)>, L<EVP_PKEY-ED25519(7)>, L<EVP_PKEY-ED448(7)>, L<EVP_PKEY-EC(7)>, L<EVP_PKEY-RSA(7)>, |