openssl
/
openssl
mirror of https://github.com/openssl/openssl
1
0
Fork 0
Code Issues Releases Wiki Activity

EVP_PKEY_get_size.pod and provider-keymgmt.pod: document their relation 

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22459)
This commit is contained in:
Dr. David von Oheimb 2023-10-21 09:57:09 +02:00 committed by Hugo Landau
parent ae643b32f9
commit 0929814159
2 changed files with 10 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
doc/man3/EVP_PKEY_get_size.pod
View File

@ -22,6 +22,7 @@ EVP_PKEY_bits, EVP_PKEY_security_bits, EVP_PKEY_size
EVP_PKEY_get_size() returns the maximum suitable size for the output
buffers for almost all operations that can be done with I<pkey>.
This corresponds to the provider parameter B<OSSL_PKEY_PARAM_MAX_SIZE>.
The primary documented use is with L<EVP_SignFinal(3)> and
L<EVP_SealInit(3)>, but it isn't limited there. The returned size is
also large enough for the output buffer of L<EVP_PKEY_sign(3)>,
@ -38,9 +39,11 @@ receive that length), to avoid bugs.
EVP_PKEY_get_bits() returns the cryptographic length of the cryptosystem
to which the key in I<pkey> belongs, in bits. Note that the definition
of cryptographic length is specific to the key cryptosystem.
This length corresponds to the provider parameter B<OSSL_PKEY_PARAM_BITS>.
EVP_PKEY_get_security_bits() returns the number of security bits of the given
I<pkey>, bits of security is defined in NIST SP800-57.
This corresponds to the provider parameter B<OSSL_PKEY_PARAM_SECURITY_BITS>.
=head1 RETURN VALUES
@ -66,6 +69,7 @@ L<EVP_DigestSignFinal(3)/NOTES>.
=head1 SEE ALSO
L<provider-keymgmt(7)>,
L<EVP_SignFinal(3)>,
L<EVP_SealInit(3)>,
L<EVP_PKEY_sign(3)>,

6
doc/man7/provider-keymgmt.pod
View File

@ -380,6 +380,9 @@ the result of asymmmetric encryption / decryption (I<out> in
L<provider-asym_cipher(7)>, a derived secret (I<secret> in
L<provider-keyexch(7)>, and similar data).
Providers need to implement this parameter
in order to properly support various use cases such as CMS signing.
Because an EVP_KEYMGMT method is always tightly bound to another method
(signature, asymmetric cipher, key exchange, ...) and must be of the
same provider, this number only needs to be synchronised with the
@ -448,6 +451,9 @@ always return a constant L<OSSL_PARAM(3)> array.
=head1 SEE ALSO
L<EVP_PKEY_get_size(3)>,
L<EVP_PKEY_get_bits(3)>,
L<EVP_PKEY_get_security_bits(3)>,
L<provider(7)>,
L<EVP_PKEY-X25519(7)>, L<EVP_PKEY-X448(7)>, L<EVP_PKEY-ED25519(7)>,
L<EVP_PKEY-ED448(7)>, L<EVP_PKEY-EC(7)>, L<EVP_PKEY-RSA(7)>,