summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/lib/libcrypto/man/EVP_PKEY_size.325
1 files changed, 19 insertions, 6 deletions
diff --git a/src/lib/libcrypto/man/EVP_PKEY_size.3 b/src/lib/libcrypto/man/EVP_PKEY_size.3
index 3070aee017..b45cda7f91 100644
--- a/src/lib/libcrypto/man/EVP_PKEY_size.3
+++ b/src/lib/libcrypto/man/EVP_PKEY_size.3
@@ -1,10 +1,10 @@
1.\" $OpenBSD: EVP_PKEY_size.3,v 1.1 2022/07/13 19:10:40 schwarze Exp $ 1.\" $OpenBSD: EVP_PKEY_size.3,v 1.2 2023/09/12 15:29:03 schwarze Exp $
2.\" full merge up to: OpenSSL eed9d03b Jan 8 11:04:15 2020 +0100 2.\" full merge up to: OpenSSL eed9d03b Jan 8 11:04:15 2020 +0100
3.\" 3.\"
4.\" This file is a derived work. 4.\" This file is a derived work.
5.\" The changes are covered by the following Copyright and license: 5.\" The changes are covered by the following Copyright and license:
6.\" 6.\"
7.\" Copyright (c) 2022 Ingo Schwarze <schwarze@openbsd.org> 7.\" Copyright (c) 2022, 2023 Ingo Schwarze <schwarze@openbsd.org>
8.\" 8.\"
9.\" Permission to use, copy, modify, and distribute this software for any 9.\" Permission to use, copy, modify, and distribute this software for any
10.\" purpose with or without fee is hereby granted, provided that the above 10.\" purpose with or without fee is hereby granted, provided that the above
@@ -65,7 +65,7 @@
65.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 65.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
66.\" OF THE POSSIBILITY OF SUCH DAMAGE. 66.\" OF THE POSSIBILITY OF SUCH DAMAGE.
67.\" 67.\"
68.Dd $Mdocdate: July 13 2022 $ 68.Dd $Mdocdate: September 12 2023 $
69.Dt EVP_PKEY_SIZE 3 69.Dt EVP_PKEY_SIZE 3
70.Os 70.Os
71.Sh NAME 71.Sh NAME
@@ -137,17 +137,26 @@ where it's desirable to know the upper limit in advance.
137By default, 137By default,
138.Fn EVP_PKEY_size 138.Fn EVP_PKEY_size
139is supported for the following algorithms: 139is supported for the following algorithms:
140.Bl -column GOST01 "EVP_MAX_BLOCK_LENGTH = 32" 140.Bl -column ED25519 "EVP_MAX_BLOCK_LENGTH = 32"
141.It Ta same result as from: 141.It Ta same result as from:
142.It CMAC Ta Dv EVP_MAX_BLOCK_LENGTH No = 32 142.It CMAC Ta Dv EVP_MAX_BLOCK_LENGTH No = 32
143.It DH Ta Xr DH_size 3 143.It DH Ta Xr DH_size 3
144.It DSA Ta Xr DSA_size 3 144.It DSA Ta Xr DSA_size 3
145.It EC Ta Xr ECDSA_size 3 145.It EC Ta Xr ECDSA_size 3
146.It ED25519 Ta 64, but see below
146.It GOST01 Ta 64 or 128 147.It GOST01 Ta 64 or 128
147.It HMAC Ta Dv EVP_MAX_MD_SIZE No = 64 148.It HMAC Ta Dv EVP_MAX_MD_SIZE No = 64
148.It RSA Ta Xr RSA_size 3 149.It RSA Ta Xr RSA_size 3
150.It X25519 Ta Dv X25519_KEYLEN No = 32
149.El 151.El
150.Pp 152.Pp
153For
154.Dv EVP_PKEY_ED25519 ,
155the situation is special: while the key size is
156.Dv ED25519_KEYLEN No = 32 bytes ,
157.Fn EVP_PKEY_size
158returns 64 because the signature is longer than the keys.
159.Pp
151The application program can support additional algorithms by calling 160The application program can support additional algorithms by calling
152.Xr EVP_PKEY_asn1_set_public 3 . 161.Xr EVP_PKEY_asn1_set_public 3 .
153.Pp 162.Pp
@@ -157,14 +166,16 @@ returns the cryptographic length of the cryptosystem to which the key in
157belongs, in bits. 166belongs, in bits.
158The definition of cryptographic length is specific to the key cryptosystem. 167The definition of cryptographic length is specific to the key cryptosystem.
159By default, the following algorithms are supported: 168By default, the following algorithms are supported:
160.Bl -column GOST01 "the public domain parameter p" DSA_bits(3) 169.Bl -column ED25519 "the public domain parameter p" DSA_bits(3)
161.It Ta cryptographic length = Ta same result as from: 170.It Ta cryptographic length = Ta same result as from:
162.It Ta significant bits in ... Ta 171.It Ta significant bits in ... Ta
163.It DH Ta the public domain parameter Fa p Ta Xr DH_bits 3 172.It DH Ta the public domain parameter Fa p Ta Xr DH_bits 3
164.It DSA Ta the public domain parameter Fa p Ta Xr DSA_bits 3 173.It DSA Ta the public domain parameter Fa p Ta Xr DSA_bits 3
165.It EC Ta the order of the group Ta Xr EC_GROUP_order_bits 3 174.It EC Ta the order of the group Ta Xr EC_GROUP_order_bits 3
175.It ED25519 Ta 253 Ta \(em
166.It GOST01 Ta 256 or 512 Ta \(em 176.It GOST01 Ta 256 or 512 Ta \(em
167.It RSA Ta the public modulus Ta Xr RSA_bits 3 177.It RSA Ta the public modulus Ta Xr RSA_bits 3
178.It X25519 Ta 253 Ta \(em
168.El 179.El
169.Pp 180.Pp
170The application program can support additional algorithms by calling 181The application program can support additional algorithms by calling
@@ -175,13 +186,15 @@ returns the security strength measured in bits of the given
175.Fa pkey 186.Fa pkey
176as defined in NIST SP800-57. 187as defined in NIST SP800-57.
177By default, the following algorithms are supported: 188By default, the following algorithms are supported:
178.Bl -column GOST01 DSA_security_bits(3) 189.Bl -column ED25519 DSA_security_bits(3)
179.It Ta same result as from: 190.It Ta same result as from:
180.It DH Ta Xr DH_security_bits 3 191.It DH Ta Xr DH_security_bits 3
181.It DSA Ta Xr DSA_security_bits 3 192.It DSA Ta Xr DSA_security_bits 3
182.It EC Ta Xr EC_GROUP_order_bits 3 divided by 2 193.It EC Ta Xr EC_GROUP_order_bits 3 divided by 2
194.It ED25519 Ta 128
183.It GOST01 Ta not supported, return value is \-2 195.It GOST01 Ta not supported, return value is \-2
184.It RSA Ta Xr RSA_security_bits 3 196.It RSA Ta Xr RSA_security_bits 3
197.It X25519 Ta 128
185.El 198.El
186.Pp 199.Pp
187For EC keys, if the result is greater than 80, it is rounded down 200For EC keys, if the result is greater than 80, it is rounded down
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-11-01 09:56:57 +0000