1 files changed, 0 insertions, 347 deletions
diff --git a/src/lib/libcrypto/man/EVP_PKEY_new.3 b/src/lib/libcrypto/man/EVP_PKEY_new.3
deleted file mode 100644
index 3b1ef029c3..0000000000
--- a/src/lib/libcrypto/man/EVP_PKEY_new.3
+++ /dev/null
@@ -1,347 +0,0 @@
-.\" $OpenBSD: EVP_PKEY_new.3,v 1.26 2024/12/10 15:10:26 schwarze Exp $
-.\" full merge up to: OpenSSL 4dcfdfce May 27 11:50:05 2020 +0100
-.\"
-.\" This file is a derived work.
-.\" The changes are covered by the following Copyright and license:
-.\"
-.\" Copyright (c) 2022, 2024 Ingo Schwarze <schwarze@openbsd.org>
-.\"
-.\" Permission to use, copy, modify, and distribute this software for any
-.\" purpose with or without fee is hereby granted, provided that the above
-.\" copyright notice and this permission notice appear in all copies.
-.\"
-.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
-.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
-.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
-.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
-.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
-.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
-.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-.\"
-.\" The original file was written by Dr. Stephen Henson <steve@openssl.org>
-.\" and Matt Caswell <matt@openssl.org>.
-.\" Copyright (c) 2002, 2018, 2020 The OpenSSL Project.  All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in
-.\"    the documentation and/or other materials provided with the
-.\"    distribution.
-.\"
-.\" 3. All advertising materials mentioning features or use of this
-.\"    software must display the following acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-.\"
-.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-.\"    endorse or promote products derived from this software without
-.\"    prior written permission. For written permission, please contact
-.\"    openssl-core@openssl.org.
-.\"
-.\" 5. Products derived from this software may not be called "OpenSSL"
-.\"    nor may "OpenSSL" appear in their names without prior written
-.\"    permission of the OpenSSL Project.
-.\"
-.\" 6. Redistributions of any form whatsoever must retain the following
-.\"    acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
-.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-.\" OF THE POSSIBILITY OF SUCH DAMAGE.
-.\"
-.Dd $Mdocdate: December 10 2024 $
-.Dt EVP_PKEY_NEW 3
-.Os
-.Sh NAME
-.Nm EVP_PKEY_new ,
-.Nm EVP_PKEY_up_ref ,
-.Nm EVP_PKEY_free ,
-.Nm EVP_PKEY_new_raw_private_key ,
-.Nm EVP_PKEY_new_raw_public_key ,
-.Nm EVP_PKEY_new_mac_key ,
-.Nm EVP_PKEY_get_raw_private_key ,
-.Nm EVP_PKEY_get_raw_public_key
-.Nd public and private key allocation and raw key handling functions
-.Sh SYNOPSIS
-.In openssl/evp.h
-.Ft EVP_PKEY *
-.Fn EVP_PKEY_new void
-.Ft int
-.Fo EVP_PKEY_up_ref
-.Fa "EVP_PKEY *pkey"
-.Fc
-.Ft void
-.Fo EVP_PKEY_free
-.Fa "EVP_PKEY *pkey"
-.Fc
-.Ft EVP_PKEY *
-.Fo EVP_PKEY_new_raw_private_key
-.Fa "int type"
-.Fa "ENGINE *engine"
-.Fa "const unsigned char *rawpriv"
-.Fa "size_t rawlen"
-.Fc
-.Ft EVP_PKEY *
-.Fo EVP_PKEY_new_raw_public_key
-.Fa "int type"
-.Fa "ENGINE *engine"
-.Fa "const unsigned char *rawpub"
-.Fa "size_t rawlen"
-.Fc
-.Ft EVP_PKEY *
-.Fo EVP_PKEY_new_mac_key
-.Fa "int type"
-.Fa "ENGINE *engine"
-.Fa "const unsigned char *rawpriv"
-.Fa "int rawlen"
-.Fc
-.Ft int
-.Fo EVP_PKEY_get_raw_private_key
-.Fa "const EVP_PKEY *pkey"
-.Fa "unsigned char *rawpriv"
-.Fa "size_t *rawlen"
-.Fc
-.Ft int
-.Fo EVP_PKEY_get_raw_public_key
-.Fa "const EVP_PKEY *pkey"
-.Fa "unsigned char *rawpub"
-.Fa "size_t *rawlen"
-.Fc
-.Sh DESCRIPTION
-The
-.Vt EVP_PKEY
-structure is used by various OpenSSL functions which require a general
-private or public key without reference to any particular algorithm.
-.Pp
-The
-.Fn EVP_PKEY_new
-function allocates an empty
-.Vt EVP_PKEY
-structure.
-The reference count is set to 1.
-To add a private or public key to it, use the functions described in
-.Xr EVP_PKEY_set1_RSA 3 .
-.Pp
-.Fn EVP_PKEY_up_ref
-increments the reference count of
-.Fa pkey
-by 1.
-.Pp
-.Fn EVP_PKEY_free
-decrements the reference count of
-.Fa pkey
-by 1, and if the reference count reaches zero, frees it up.
-If
-.Fa pkey
-is a
-.Dv NULL
-pointer, no action occurs.
-.Pp
-.Fn EVP_PKEY_new_raw_private_key
-allocates a new
-.Vt EVP_PKEY .
-The NID of a public key algorithm that supports raw private keys, i.e.\&
-.Dv EVP_PKEY_HMAC ,
-.Dv EVP_PKEY_X25519 ,
-or
-.Dv EVP_PKEY_ED25519 ,
-is provided in the
-.Fa type
-argument and
-.Fa rawlen
-bytes of raw private key data of that type in
-.Fa rawpriv .
-The public key data is automatically derived from the given private
-key data, if appropriate for the algorithm type.
-The
-.Fa ENGINE *engine
-argument is always ignored and passing
-.Dv NULL
-is recommended.
-.Pp
-.Fn EVP_PKEY_new_raw_public_key
-works in the same way as
-.Fn EVP_PKEY_new_raw_private_key
-except that
-.Fa rawpub
-points to the raw public key data.
-The
-.Vt EVP_PKEY
-structure is initialised without any private key information.
-Algorithm types that support raw public keys are
-.Dv EVP_PKEY_X25519
-and
-.Dv EVP_PKEY_ED25519 .
-.Pp
-.Fn EVP_PKEY_new_mac_key
-is a deprecated function that achieves the same effect as
-.Fn EVP_PKEY_new_raw_private_key
-in a more complicated way and only works with a
-.Fa type
-of
-.Dv EVP_PKEY_HMAC .
-.Pp
-.Fn EVP_PKEY_get_raw_private_key
-writes up to
-.Pf * Fa rawlen
-bytes of raw private key data to the buffer starting at
-.Fa rawpriv
-and stores the number of bytes written in
-.Pf * Fa rawlen .
-The calling application is responsible for ensuring that the buffer
-is large enough to receive the private key data.
-If the
-.Fa rawpriv
-argument is
-.Dv NULL ,
-the number of bytes required to hold the key is stored in
-.Pf * Fa rawlen .
-This function only works for algorithms that support raw private keys.
-Currently these are
-.Dv EVP_PKEY_HMAC ,
-.Dv EVP_PKEY_X25519 ,
-and
-.Dv EVP_PKEY_ED25519 .
-.Pp
-.Fn EVP_PKEY_get_raw_public_key
-is similar to
-.Fn EVP_PKEY_get_raw_private_key
-except that it writes raw public key data.
-This function only works for algorithms that support raw public keys.
-Currently these are
-.Dv EVP_PKEY_X25519
-and
-.Dv EVP_PKEY_ED25519 .
-.Sh RETURN VALUES
-.Fn EVP_PKEY_new ,
-.Fn EVP_PKEY_new_raw_private_key ,
-.Fn EVP_PKEY_new_raw_public_key ,
-and
-.Fn EVP_PKEY_new_mac_key
-return either the newly allocated
-.Vt EVP_PKEY
-structure or
-.Dv NULL
-if an error occurred.
-.Pp
-.Fn EVP_PKEY_up_ref ,
-.Fn EVP_PKEY_get_raw_private_key ,
-and
-.Fn EVP_PKEY_get_raw_public_key
-return 1 for success or 0 for failure.
-.Sh EXAMPLES
-The following code digests a message with HMAC-SHA256:
-.Bd -literal -offset indent
-/* Bogus key: would normally be set from another source */
-const unsigned char *key = "key";
-const size_t key_len = strlen(key);
-const char *msg = "The quick brown fox jumps over the lazy dog";
-const size_t msg_len = strlen(msg);
-unsigned char *out_mac;
-size_t out_len, i;
-EVP_PKEY *pkey;
-EVP_MD_CTX *md_ctx;
-pkey = EVP_PKEY_new_raw_private_key(EVP_PKEY_HMAC, NULL,
-    key, key_len);
-if (pkey == NULL)
-        err(1, "EVP_PKEY_new_raw_private_key");
-md_ctx = EVP_MD_CTX_new();
-if (md_ctx == NULL)
-        err(1, "EVP_MD_CTX_new");
-if (EVP_DigestSignInit(md_ctx, NULL, EVP_sha256(), NULL, pkey) == 0)
-        err(1, "EVP_DigestSignInit");
-if (EVP_DigestSign(md_ctx, NULL, &out_len, msg, msg_len) == 0)
-        err(1, "EVP_DigestSign(NULL)");
-if ((out_mac = calloc(1, out_len)) == NULL)
-        err(1, "calloc");
-if (EVP_DigestSign(md_ctx, out_mac, &out_len, msg, msg_len) == 0)
-        err(1, "EVP_DigestSign(MAC)");
-EVP_MD_CTX_free(md_ctx);
-EVP_PKEY_free(pkey);
-printf(" MAC = ");
-for (i = 0; i < out_len; i++)
-        printf("%02x", out_mac[i]);
-printf("\en");
-free(out_mac);
-.Ed
-.Pp
-Even though the type name
-.Vt EVP_PKEY
-was originally intended to stand for
-.Dq private key
-and the
-.Xr EVP_DigestSignInit 3
-API was designed for digital signatures in the context of public key
-cryptography, both are also used here because a MAC also requires a key,
-even though that is a symmetric key.
-.Pp
-The same code can be used for signing with Ed25519 by making the key
-.Dv ED25519_PRIVATE_KEY_LENGTH No = 32
-bytes long, replacing
-.Dv EVP_PKEY_HMAC
-with
-.Dv EVP_PKEY_ED25519 ,
-and replacing the call to
-.Xr EVP_sha256 3
-with
-.Dv NULL .
-.Sh SEE ALSO
-.Xr CMAC_Init 3 ,
-.Xr d2i_PrivateKey 3 ,
-.Xr evp 3 ,
-.Xr EVP_PKCS82PKEY 3 ,
-.Xr EVP_PKEY_cmp 3 ,
-.Xr EVP_PKEY_CTX_new 3 ,
-.Xr EVP_PKEY_get_default_digest_nid 3 ,
-.Xr EVP_PKEY_new_CMAC_key 3 ,
-.Xr EVP_PKEY_print_private 3 ,
-.Xr EVP_PKEY_set1_RSA 3 ,
-.Xr EVP_PKEY_size 3 ,
-.Xr X509_get_pubkey_parameters 3
-.Sh HISTORY
-.Fn EVP_PKEY_new
-and
-.Fn EVP_PKEY_free
-first appeared in SSLeay 0.6.0 and have been available since
-.Ox 2.4 .
-.Pp
-.Fn EVP_PKEY_new_mac_key
-first appeared in OpenSSL 1.0.0 and has been available since
-.Ox 4.9 .
-.Pp
-.Fn EVP_PKEY_up_ref
-first appeared in OpenSSL 1.1.0 and has been available since
-.Ox 6.3 .
-.Pp
-.Fn EVP_PKEY_new_raw_private_key ,
-.Fn EVP_PKEY_new_raw_public_key ,
-.Fn EVP_PKEY_get_raw_private_key ,
-and
-.Fn EVP_PKEY_get_raw_public_key
-first appeared in OpenSSL 1.1.1 and have been available since
-.Ox 7.3 .

diff --git a/src/lib/libcrypto/man/EVP_PKEY_new.3 b/src/lib/libcrypto/man/EVP_PKEY_new.3 deleted file mode 100644 index 3b1ef029c3..0000000000 --- a/src/lib/libcrypto/man/EVP_PKEY_new.3 +++ /dev/null
@@ -1,347 +0,0 @@
1	.\" $OpenBSD: EVP_PKEY_new.3,v 1.26 2024/12/10 15:10:26 schwarze Exp $
2	.\" full merge up to: OpenSSL 4dcfdfce May 27 11:50:05 2020 +0100
3	.\"
4	.\" This file is a derived work.
5	.\" The changes are covered by the following Copyright and license:
6	.\"
7	.\" Copyright (c) 2022, 2024 Ingo Schwarze <schwarze@openbsd.org>
8	.\"
9	.\" Permission to use, copy, modify, and distribute this software for any
10	.\" purpose with or without fee is hereby granted, provided that the above
11	.\" copyright notice and this permission notice appear in all copies.
12	.\"
13	.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
14	.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
15	.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
16	.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
17	.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
18	.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
19	.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20	.\"
21	.\" The original file was written by Dr. Stephen Henson <steve@openssl.org>
22	.\" and Matt Caswell <matt@openssl.org>.
23	.\" Copyright (c) 2002, 2018, 2020 The OpenSSL Project. All rights reserved.
24	.\"
25	.\" Redistribution and use in source and binary forms, with or without
26	.\" modification, are permitted provided that the following conditions
27	.\" are met:
28	.\"
29	.\" 1. Redistributions of source code must retain the above copyright
30	.\" notice, this list of conditions and the following disclaimer.
31	.\"
32	.\" 2. Redistributions in binary form must reproduce the above copyright
33	.\" notice, this list of conditions and the following disclaimer in
34	.\" the documentation and/or other materials provided with the
35	.\" distribution.
36	.\"
37	.\" 3. All advertising materials mentioning features or use of this
38	.\" software must display the following acknowledgment:
39	.\" "This product includes software developed by the OpenSSL Project
40	.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
41	.\"
42	.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
43	.\" endorse or promote products derived from this software without
44	.\" prior written permission. For written permission, please contact
45	.\" openssl-core@openssl.org.
46	.\"
47	.\" 5. Products derived from this software may not be called "OpenSSL"
48	.\" nor may "OpenSSL" appear in their names without prior written
49	.\" permission of the OpenSSL Project.
50	.\"
51	.\" 6. Redistributions of any form whatsoever must retain the following
52	.\" acknowledgment:
53	.\" "This product includes software developed by the OpenSSL Project
54	.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)"
55	.\"
56	.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
57	.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
58	.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
59	.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
60	.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
61	.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
62	.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
63	.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
64	.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
65	.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
66	.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
67	.\" OF THE POSSIBILITY OF SUCH DAMAGE.
68	.\"
69	.Dd $Mdocdate: December 10 2024 $
70	.Dt EVP_PKEY_NEW 3
71	.Os
72	.Sh NAME
73	.Nm EVP_PKEY_new ,
74	.Nm EVP_PKEY_up_ref ,
75	.Nm EVP_PKEY_free ,
76	.Nm EVP_PKEY_new_raw_private_key ,
77	.Nm EVP_PKEY_new_raw_public_key ,
78	.Nm EVP_PKEY_new_mac_key ,
79	.Nm EVP_PKEY_get_raw_private_key ,
80	.Nm EVP_PKEY_get_raw_public_key
81	.Nd public and private key allocation and raw key handling functions
82	.Sh SYNOPSIS
83	.In openssl/evp.h
84	.Ft EVP_PKEY *
85	.Fn EVP_PKEY_new void
86	.Ft int
87	.Fo EVP_PKEY_up_ref
88	.Fa "EVP_PKEY *pkey"
89	.Fc
90	.Ft void
91	.Fo EVP_PKEY_free
92	.Fa "EVP_PKEY *pkey"
93	.Fc
94	.Ft EVP_PKEY *
95	.Fo EVP_PKEY_new_raw_private_key
96	.Fa "int type"
97	.Fa "ENGINE *engine"
98	.Fa "const unsigned char *rawpriv"
99	.Fa "size_t rawlen"
100	.Fc
101	.Ft EVP_PKEY *
102	.Fo EVP_PKEY_new_raw_public_key
103	.Fa "int type"
104	.Fa "ENGINE *engine"
105	.Fa "const unsigned char *rawpub"
106	.Fa "size_t rawlen"
107	.Fc
108	.Ft EVP_PKEY *
109	.Fo EVP_PKEY_new_mac_key
110	.Fa "int type"
111	.Fa "ENGINE *engine"
112	.Fa "const unsigned char *rawpriv"
113	.Fa "int rawlen"
114	.Fc
115	.Ft int
116	.Fo EVP_PKEY_get_raw_private_key
117	.Fa "const EVP_PKEY *pkey"
118	.Fa "unsigned char *rawpriv"
119	.Fa "size_t *rawlen"
120	.Fc
121	.Ft int
122	.Fo EVP_PKEY_get_raw_public_key
123	.Fa "const EVP_PKEY *pkey"
124	.Fa "unsigned char *rawpub"
125	.Fa "size_t *rawlen"
126	.Fc
127	.Sh DESCRIPTION
128	The
129	.Vt EVP_PKEY
130	structure is used by various OpenSSL functions which require a general
131	private or public key without reference to any particular algorithm.
132	.Pp
133	The
134	.Fn EVP_PKEY_new
135	function allocates an empty
136	.Vt EVP_PKEY
137	structure.
138	The reference count is set to 1.
139	To add a private or public key to it, use the functions described in
140	.Xr EVP_PKEY_set1_RSA 3 .
141	.Pp
142	.Fn EVP_PKEY_up_ref
143	increments the reference count of
144	.Fa pkey
145	by 1.
146	.Pp
147	.Fn EVP_PKEY_free
148	decrements the reference count of
149	.Fa pkey
150	by 1, and if the reference count reaches zero, frees it up.
151	If
152	.Fa pkey
153	is a
154	.Dv NULL
155	pointer, no action occurs.
156	.Pp
157	.Fn EVP_PKEY_new_raw_private_key
158	allocates a new
159	.Vt EVP_PKEY .
160	The NID of a public key algorithm that supports raw private keys, i.e.\&
161	.Dv EVP_PKEY_HMAC ,
162	.Dv EVP_PKEY_X25519 ,
163	or
164	.Dv EVP_PKEY_ED25519 ,
165	is provided in the
166	.Fa type
167	argument and
168	.Fa rawlen
169	bytes of raw private key data of that type in
170	.Fa rawpriv .
171	The public key data is automatically derived from the given private
172	key data, if appropriate for the algorithm type.
173	The
174	.Fa ENGINE *engine
175	argument is always ignored and passing
176	.Dv NULL
177	is recommended.
178	.Pp
179	.Fn EVP_PKEY_new_raw_public_key
180	works in the same way as
181	.Fn EVP_PKEY_new_raw_private_key
182	except that
183	.Fa rawpub
184	points to the raw public key data.
185	The
186	.Vt EVP_PKEY
187	structure is initialised without any private key information.
188	Algorithm types that support raw public keys are
189	.Dv EVP_PKEY_X25519
190	and
191	.Dv EVP_PKEY_ED25519 .
192	.Pp
193	.Fn EVP_PKEY_new_mac_key
194	is a deprecated function that achieves the same effect as
195	.Fn EVP_PKEY_new_raw_private_key
196	in a more complicated way and only works with a
197	.Fa type
198	of
199	.Dv EVP_PKEY_HMAC .
200	.Pp
201	.Fn EVP_PKEY_get_raw_private_key
202	writes up to
203	.Pf * Fa rawlen
204	bytes of raw private key data to the buffer starting at
205	.Fa rawpriv
206	and stores the number of bytes written in
207	.Pf * Fa rawlen .
208	The calling application is responsible for ensuring that the buffer
209	is large enough to receive the private key data.
210	If the
211	.Fa rawpriv
212	argument is
213	.Dv NULL ,
214	the number of bytes required to hold the key is stored in
215	.Pf * Fa rawlen .
216	This function only works for algorithms that support raw private keys.
217	Currently these are
218	.Dv EVP_PKEY_HMAC ,
219	.Dv EVP_PKEY_X25519 ,
220	and
221	.Dv EVP_PKEY_ED25519 .
222	.Pp
223	.Fn EVP_PKEY_get_raw_public_key
224	is similar to
225	.Fn EVP_PKEY_get_raw_private_key
226	except that it writes raw public key data.
227	This function only works for algorithms that support raw public keys.
228	Currently these are
229	.Dv EVP_PKEY_X25519
230	and
231	.Dv EVP_PKEY_ED25519 .
232	.Sh RETURN VALUES
233	.Fn EVP_PKEY_new ,
234	.Fn EVP_PKEY_new_raw_private_key ,
235	.Fn EVP_PKEY_new_raw_public_key ,
236	and
237	.Fn EVP_PKEY_new_mac_key
238	return either the newly allocated
239	.Vt EVP_PKEY
240	structure or
241	.Dv NULL
242	if an error occurred.
243	.Pp
244	.Fn EVP_PKEY_up_ref ,
245	.Fn EVP_PKEY_get_raw_private_key ,
246	and
247	.Fn EVP_PKEY_get_raw_public_key
248	return 1 for success or 0 for failure.
249	.Sh EXAMPLES
250	The following code digests a message with HMAC-SHA256:
251	.Bd -literal -offset indent
252	/* Bogus key: would normally be set from another source */
253	const unsigned char *key = "key";
254	const size_t key_len = strlen(key);
255
256	const char *msg = "The quick brown fox jumps over the lazy dog";
257	const size_t msg_len = strlen(msg);
258
259	unsigned char *out_mac;
260	size_t out_len, i;
261
262	EVP_PKEY *pkey;
263	EVP_MD_CTX *md_ctx;
264
265	pkey = EVP_PKEY_new_raw_private_key(EVP_PKEY_HMAC, NULL,
266	key, key_len);
267	if (pkey == NULL)
268	err(1, "EVP_PKEY_new_raw_private_key");
269
270	md_ctx = EVP_MD_CTX_new();
271	if (md_ctx == NULL)
272	err(1, "EVP_MD_CTX_new");
273
274	if (EVP_DigestSignInit(md_ctx, NULL, EVP_sha256(), NULL, pkey) == 0)
275	err(1, "EVP_DigestSignInit");
276	if (EVP_DigestSign(md_ctx, NULL, &out_len, msg, msg_len) == 0)
277	err(1, "EVP_DigestSign(NULL)");
278	if ((out_mac = calloc(1, out_len)) == NULL)
279	err(1, "calloc");
280	if (EVP_DigestSign(md_ctx, out_mac, &out_len, msg, msg_len) == 0)
281	err(1, "EVP_DigestSign(MAC)");
282
283	EVP_MD_CTX_free(md_ctx);
284	EVP_PKEY_free(pkey);
285
286	printf(" MAC = ");
287	for (i = 0; i < out_len; i++)
288	printf("%02x", out_mac[i]);
289	printf("\en");
290	free(out_mac);
291	.Ed
292	.Pp
293	Even though the type name
294	.Vt EVP_PKEY
295	was originally intended to stand for
296	.Dq private key
297	and the
298	.Xr EVP_DigestSignInit 3
299	API was designed for digital signatures in the context of public key
300	cryptography, both are also used here because a MAC also requires a key,
301	even though that is a symmetric key.
302	.Pp
303	The same code can be used for signing with Ed25519 by making the key
304	.Dv ED25519_PRIVATE_KEY_LENGTH No = 32
305	bytes long, replacing
306	.Dv EVP_PKEY_HMAC
307	with
308	.Dv EVP_PKEY_ED25519 ,
309	and replacing the call to
310	.Xr EVP_sha256 3
311	with
312	.Dv NULL .
313	.Sh SEE ALSO
314	.Xr CMAC_Init 3 ,
315	.Xr d2i_PrivateKey 3 ,
316	.Xr evp 3 ,
317	.Xr EVP_PKCS82PKEY 3 ,
318	.Xr EVP_PKEY_cmp 3 ,
319	.Xr EVP_PKEY_CTX_new 3 ,
320	.Xr EVP_PKEY_get_default_digest_nid 3 ,
321	.Xr EVP_PKEY_new_CMAC_key 3 ,
322	.Xr EVP_PKEY_print_private 3 ,
323	.Xr EVP_PKEY_set1_RSA 3 ,
324	.Xr EVP_PKEY_size 3 ,
325	.Xr X509_get_pubkey_parameters 3
326	.Sh HISTORY
327	.Fn EVP_PKEY_new
328	and
329	.Fn EVP_PKEY_free
330	first appeared in SSLeay 0.6.0 and have been available since
331	.Ox 2.4 .
332	.Pp
333	.Fn EVP_PKEY_new_mac_key
334	first appeared in OpenSSL 1.0.0 and has been available since
335	.Ox 4.9 .
336	.Pp
337	.Fn EVP_PKEY_up_ref
338	first appeared in OpenSSL 1.1.0 and has been available since
339	.Ox 6.3 .
340	.Pp
341	.Fn EVP_PKEY_new_raw_private_key ,
342	.Fn EVP_PKEY_new_raw_public_key ,
343	.Fn EVP_PKEY_get_raw_private_key ,
344	and
345	.Fn EVP_PKEY_get_raw_public_key
346	first appeared in OpenSSL 1.1.1 and have been available since
347	.Ox 7.3 .