Add a paragraph about HMAC because that algorithm also involves

parameters that can be controlled with EVP_PKEY_CTX_ctrl(3). But rather than providing a detailed despription, instead point to what application programs should use instead and explain why using the control constant directly would be a particularly bad idea in this case.
author: schwarze <> 2024-12-10 14:54:20 +0000
committer: schwarze <> 2024-12-10 14:54:20 +0000
commit: 47870e67919cab2f6c5b5113dfa69eeb8d750c35 (patch)
tree: 455f6d5f507bf69235a86e16106498733a993416 /src
parent: 6a8ed742e0a0ded152f6a6186e2274ea63b965b5 (diff)
download: openbsd-47870e67919cab2f6c5b5113dfa69eeb8d750c35.tar.gz
openbsd-47870e67919cab2f6c5b5113dfa69eeb8d750c35.tar.bz2
openbsd-47870e67919cab2f6c5b5113dfa69eeb8d750c35.zip
1 files changed, 15 insertions, 3 deletions
diff --git a/src/lib/libcrypto/man/EVP_PKEY_CTX_ctrl.3 b/src/lib/libcrypto/man/EVP_PKEY_CTX_ctrl.3
index fe70acd03d..137e576c46 100644
--- a/src/lib/libcrypto/man/EVP_PKEY_CTX_ctrl.3
+++ b/src/lib/libcrypto/man/EVP_PKEY_CTX_ctrl.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: EVP_PKEY_CTX_ctrl.3,v 1.27 2024/12/06 14:27:49 schwarze Exp $
+.\" $OpenBSD: EVP_PKEY_CTX_ctrl.3,v 1.28 2024/12/10 14:54:20 schwarze Exp $
 .\" full merge up to: OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400
 .\" selective merge up to: OpenSSL 24a535ea Sep 22 13:14:20 2020 +0100
 .\" Parts were split out into RSA_pkey_ctx_ctrl(3).
@@ -6,7 +6,7 @@
 .\" This file is a derived work.
 .\" The changes are covered by the following Copyright and license:
 .\"
-.\" Copyright (c) 2019, 2023 Ingo Schwarze <schwarze@openbsd.org>
+.\" Copyright (c) 2019, 2023, 2024 Ingo Schwarze <schwarze@openbsd.org>
 .\"
 .\" Permission to use, copy, modify, and distribute this software for any
 .\" purpose with or without fee is hereby granted, provided that the above
@@ -69,7 +69,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: December 6 2024 $
+.Dd $Mdocdate: December 10 2024 $
 .Dt EVP_PKEY_CTX_CTRL 3
 .Os
 .Sh NAME
@@ -484,6 +484,18 @@ and
 .Xr EVP_DigestSign 3
 as usual.
 .El
+.Ss HMAC parameters
+Application programs normally implement HMAC as described in
+.Xr EVP_PKEY_new_raw_private_key 3 .
+While it is possible to instead use
+.Dv EVP_PKEY_CTRL_SET_MAC_KEY
+directly, similar to the above description for CMAC,
+that is strongly discouraged.
+It's essentially what the deprecated function
+.Xr EVP_PKEY_new_mac_key 3
+does internally, and compared to the direct approach with
+.Xr EVP_PKEY_new_raw_private_key 3 ,
+it requires a lot of cumbersome and unnecessary work.
 .Ss Other parameters
 The
 .Fn EVP_PKEY_CTX_set1_id ,
author	schwarze <>	2024-12-10 14:54:20 +0000
committer	schwarze <>	2024-12-10 14:54:20 +0000
commit	47870e67919cab2f6c5b5113dfa69eeb8d750c35 (patch)
tree	455f6d5f507bf69235a86e16106498733a993416 /src
parent	6a8ed742e0a0ded152f6a6186e2274ea63b965b5 (diff)
download	openbsd-47870e67919cab2f6c5b5113dfa69eeb8d750c35.tar.gz openbsd-47870e67919cab2f6c5b5113dfa69eeb8d750c35.tar.bz2 openbsd-47870e67919cab2f6c5b5113dfa69eeb8d750c35.zip

diff --git a/src/lib/libcrypto/man/EVP_PKEY_CTX_ctrl.3 b/src/lib/libcrypto/man/EVP_PKEY_CTX_ctrl.3 index fe70acd03d..137e576c46 100644 --- a/src/lib/libcrypto/man/EVP_PKEY_CTX_ctrl.3 +++ b/src/lib/libcrypto/man/EVP_PKEY_CTX_ctrl.3
@@ -1,4 +1,4 @@
1	.\" $OpenBSD: EVP_PKEY_CTX_ctrl.3,v 1.27 2024/12/06 14:27:49 schwarze Exp $	1	.\" $OpenBSD: EVP_PKEY_CTX_ctrl.3,v 1.28 2024/12/10 14:54:20 schwarze Exp $
2	.\" full merge up to: OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400	2	.\" full merge up to: OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400
3	.\" selective merge up to: OpenSSL 24a535ea Sep 22 13:14:20 2020 +0100	3	.\" selective merge up to: OpenSSL 24a535ea Sep 22 13:14:20 2020 +0100
4	.\" Parts were split out into RSA_pkey_ctx_ctrl(3).	4	.\" Parts were split out into RSA_pkey_ctx_ctrl(3).
@@ -6,7 +6,7 @@
6	.\" This file is a derived work.	6	.\" This file is a derived work.
7	.\" The changes are covered by the following Copyright and license:	7	.\" The changes are covered by the following Copyright and license:
8	.\"	8	.\"
9	.\" Copyright (c) 2019, 2023 Ingo Schwarze <schwarze@openbsd.org>	9	.\" Copyright (c) 2019, 2023, 2024 Ingo Schwarze <schwarze@openbsd.org>
10	.\"	10	.\"
11	.\" Permission to use, copy, modify, and distribute this software for any	11	.\" Permission to use, copy, modify, and distribute this software for any
12	.\" purpose with or without fee is hereby granted, provided that the above	12	.\" purpose with or without fee is hereby granted, provided that the above
@@ -69,7 +69,7 @@
69	.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED	69	.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
70	.\" OF THE POSSIBILITY OF SUCH DAMAGE.	70	.\" OF THE POSSIBILITY OF SUCH DAMAGE.
71	.\"	71	.\"
72	.Dd $Mdocdate: December 6 2024 $	72	.Dd $Mdocdate: December 10 2024 $
73	.Dt EVP_PKEY_CTX_CTRL 3	73	.Dt EVP_PKEY_CTX_CTRL 3
74	.Os	74	.Os
75	.Sh NAME	75	.Sh NAME
@@ -484,6 +484,18 @@ and
484	.Xr EVP_DigestSign 3	484	.Xr EVP_DigestSign 3
485	as usual.	485	as usual.
486	.El	486	.El
		487	.Ss HMAC parameters
		488	Application programs normally implement HMAC as described in
		489	.Xr EVP_PKEY_new_raw_private_key 3 .
		490	While it is possible to instead use
		491	.Dv EVP_PKEY_CTRL_SET_MAC_KEY
		492	directly, similar to the above description for CMAC,
		493	that is strongly discouraged.
		494	It's essentially what the deprecated function
		495	.Xr EVP_PKEY_new_mac_key 3
		496	does internally, and compared to the direct approach with
		497	.Xr EVP_PKEY_new_raw_private_key 3 ,
		498	it requires a lot of cumbersome and unnecessary work.
487	.Ss Other parameters	499	.Ss Other parameters
488	The	500	The
489	.Fn EVP_PKEY_CTX_set1_id ,	501	.Fn EVP_PKEY_CTX_set1_id ,