}
if (hmac_key != NULL) {
- sigkey = EVP_PKEY_new_private_key(EVP_PKEY_HMAC, impl,
- (unsigned char *)hmac_key, -1);
+ sigkey = EVP_PKEY_new_raw_private_key(EVP_PKEY_HMAC, impl,
+ (unsigned char *)hmac_key, -1);
if (sigkey == NULL)
goto end;
}
EVP_F_EVP_PKEY_KEYGEN_INIT:147:EVP_PKEY_keygen_init
EVP_F_EVP_PKEY_NEW:106:EVP_PKEY_new
EVP_F_EVP_PKEY_NEW_CMAC_KEY:193:EVP_PKEY_new_CMAC_key
-EVP_F_EVP_PKEY_NEW_PRIVATE_KEY:191:EVP_PKEY_new_private_key
-EVP_F_EVP_PKEY_NEW_PUBLIC_KEY:192:EVP_PKEY_new_public_key
+EVP_F_EVP_PKEY_NEW_RAW_PRIVATE_KEY:191:EVP_PKEY_new_raw_private_key
+EVP_F_EVP_PKEY_NEW_RAW_PUBLIC_KEY:192:EVP_PKEY_new_raw_public_key
EVP_F_EVP_PKEY_PARAMGEN:148:EVP_PKEY_paramgen
EVP_F_EVP_PKEY_PARAMGEN_INIT:149:EVP_PKEY_paramgen_init
EVP_F_EVP_PKEY_PARAM_CHECK:189:EVP_PKEY_param_check
{ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_NEW, 0), "EVP_PKEY_new"},
{ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_NEW_CMAC_KEY, 0),
"EVP_PKEY_new_CMAC_key"},
- {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_NEW_PRIVATE_KEY, 0),
- "EVP_PKEY_new_private_key"},
- {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_NEW_PUBLIC_KEY, 0),
- "EVP_PKEY_new_public_key"},
+ {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_NEW_RAW_PRIVATE_KEY, 0),
+ "EVP_PKEY_new_raw_private_key"},
+ {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_NEW_RAW_PUBLIC_KEY, 0),
+ "EVP_PKEY_new_raw_public_key"},
{ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_PARAMGEN, 0), "EVP_PKEY_paramgen"},
{ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_PARAMGEN_INIT, 0),
"EVP_PKEY_paramgen_init"},
return 1;
}
-EVP_PKEY *EVP_PKEY_new_private_key(int type, ENGINE *e,
- const unsigned char *priv,
- size_t len)
+EVP_PKEY *EVP_PKEY_new_raw_private_key(int type, ENGINE *e,
+ const unsigned char *priv,
+ size_t len)
{
EVP_PKEY *ret = EVP_PKEY_new();
}
if (ret->ameth->set_priv_key == NULL) {
- EVPerr(EVP_F_EVP_PKEY_NEW_PRIVATE_KEY,
+ EVPerr(EVP_F_EVP_PKEY_NEW_RAW_PRIVATE_KEY,
EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
goto err;
}
if (!ret->ameth->set_priv_key(ret, priv, len)) {
- EVPerr(EVP_F_EVP_PKEY_NEW_PRIVATE_KEY, EVP_R_KEY_SETUP_FAILED);
+ EVPerr(EVP_F_EVP_PKEY_NEW_RAW_PRIVATE_KEY, EVP_R_KEY_SETUP_FAILED);
goto err;
}
return NULL;
}
-EVP_PKEY *EVP_PKEY_new_public_key(int type, ENGINE *e,
- const unsigned char *pub,
- size_t len)
+EVP_PKEY *EVP_PKEY_new_raw_public_key(int type, ENGINE *e,
+ const unsigned char *pub,
+ size_t len)
{
EVP_PKEY *ret = EVP_PKEY_new();
}
if (ret->ameth->set_pub_key == NULL) {
- EVPerr(EVP_F_EVP_PKEY_NEW_PUBLIC_KEY,
+ EVPerr(EVP_F_EVP_PKEY_NEW_RAW_PUBLIC_KEY,
EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
goto err;
}
if (!ret->ameth->set_pub_key(ret, pub, len)) {
- EVPerr(EVP_F_EVP_PKEY_NEW_PUBLIC_KEY, EVP_R_KEY_SETUP_FAILED);
+ EVPerr(EVP_F_EVP_PKEY_NEW_RAW_PUBLIC_KEY, EVP_R_KEY_SETUP_FAILED);
goto err;
}
if (ctx == NULL || ctx_tmp == NULL || ctx_init == NULL)
goto err;
EVP_MD_CTX_set_flags(ctx_init, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
- mac_key = EVP_PKEY_new_private_key(EVP_PKEY_HMAC, NULL, sec, sec_len);
+ mac_key = EVP_PKEY_new_raw_private_key(EVP_PKEY_HMAC, NULL, sec, sec_len);
if (mac_key == NULL)
goto err;
if (!EVP_DigestSignInit(ctx_init, NULL, md, NULL, mac_key))
The set_priv_key() and set_pub_key() methods are used to set the raw private and
public key data for an EVP_PKEY. They MUST return 0 on error, or 1 on success.
-They are called by L<EVP_PKEY_new_private_key(3)>, and
-L<EVP_PKEY_new_public_key(3)> respectively.
+They are called by L<EVP_PKEY_new_raw_private_key(3)>, and
+L<EVP_PKEY_new_raw_public_key(3)> respectively.
=head2 Functions
macro. In this case key generation is simply the process of setting up the
parameters for the key and then setting the raw key data to the value explicitly
provided by that macro. Normally applications would call
-L<EVP_PKEY_new_private_key(3)> or similar functions instead of this macro.
+L<EVP_PKEY_new_raw_private_key(3)> or similar functions instead of this macro.
The EVP_PKEY_CTX_set_mac_key() macro can be used with any of the algorithms
-supported by the L<EVP_PKEY_new_private_key(3)> function.
+supported by the L<EVP_PKEY_new_raw_private_key(3)> function.
The macro EVP_PKEY_CTX_set_rsa_padding() sets the RSA padding mode for B<ctx>.
The B<pad> parameter can take the value RSA_PKCS1_PADDING for PKCS#1 padding,
EVP_PKEY_new,
EVP_PKEY_up_ref,
EVP_PKEY_free,
-EVP_PKEY_new_private_key,
-EVP_PKEY_new_public_key,
+EVP_PKEY_new_raw_private_key,
+EVP_PKEY_new_raw_public_key,
EVP_PKEY_new_CMAC_key,
EVP_PKEY_new_mac_key
- public/private key allocation functions
int EVP_PKEY_up_ref(EVP_PKEY *key);
void EVP_PKEY_free(EVP_PKEY *key);
- EVP_PKEY *EVP_PKEY_new_private_key(int type, ENGINE *e,
- const unsigned char *key, size_t keylen);
- EVP_PKEY *EVP_PKEY_new_public_key(int type, ENGINE *e,
- const unsigned char *key, size_t keylen);
+ EVP_PKEY *EVP_PKEY_new_raw_private_key(int type, ENGINE *e,
+ const unsigned char *key, size_t keylen);
+ EVP_PKEY *EVP_PKEY_new_raw_public_key(int type, ENGINE *e,
+ const unsigned char *key, size_t keylen);
EVP_PKEY *EVP_PKEY_new_CMAC_key(ENGINE *e, const unsigned char *priv,
size_t len, const EVP_CIPHER *cipher);
EVP_PKEY *EVP_PKEY_new_mac_key(int type, ENGINE *e, const unsigned char *key,
EVP_PKEY_free() decrements the reference count of B<key> and, if the reference
count is zero, frees it up. If B<key> is NULL, nothing is done.
-EVP_PKEY_new_private_key() allocates a new B<EVP_PKEY>. If B<e> is non-NULL then
-the new B<EVP_PKEY> structure is associated with the engine B<e>. The B<type>
-argument indicates what kind of key this is. The value should be a NID for a
-public key algorithm that supports raw private keys, i.e. one of
+EVP_PKEY_new_raw_private_key() allocates a new B<EVP_PKEY>. If B<e> is non-NULL
+then the new B<EVP_PKEY> structure is associated with the engine B<e>. The
+B<type> argument indicates what kind of key this is. The value should be a NID
+for a public key algorithm that supports raw private keys, i.e. one of
B<EVP_PKEY_HMAC>, B<EVP_PKEY_POLY1305>, B<EVP_PKEY_SIPHASH>, B<EVP_PKEY_X25519>,
B<EVP_PKEY_ED25519>, B<EVP_PKEY_X448> or B<EVP_PKEY_ED448>. B<key> points to the
raw private key data for this B<EVP_PKEY> which should be of length B<keylen>.
will be automatically derived from the given private key data (if appropriate
for the algorithm type).
-EVP_PKEY_new_public_key() works in the same way as EVP_PKEY_new_private_key()
-except that B<key> points to the raw public key data. The B<EVP_PKEY> structure
-will be initialised without any private key information. Algorithm types that
-support raw public keys are B<EVP_PKEY_X25519>, B<EVP_PKEY_ED25519>,
-B<EVP_PKEY_X448> or B<EVP_PKEY_ED448>.
+EVP_PKEY_new_raw_public_key() works in the same way as
+EVP_PKEY_new_raw_private_key() except that B<key> points to the raw public key
+data. The B<EVP_PKEY> structure will be initialised without any private key
+information. Algorithm types that support raw public keys are
+B<EVP_PKEY_X25519>, B<EVP_PKEY_ED25519>, B<EVP_PKEY_X448> or B<EVP_PKEY_ED448>.
-EVP_PKEY_new_CMAC_key() works in the same way as EVP_PKEY_new_private_key()
+EVP_PKEY_new_CMAC_key() works in the same way as EVP_PKEY_new_raw_private_key()
except it is only for the B<EVP_PKEY_CMAC> algorithm type. In addition to the
raw private key data, it also takes a cipher algorithm to be used during
creation of a CMAC in the B<cipher> argument.
-EVP_PKEY_new_mac_key() works in the same way as EVP_PKEY_new_private_key(). New
-applications should use EVP_PKEY_new_private_key() instead.
+EVP_PKEY_new_mac_key() works in the same way as EVP_PKEY_new_raw_private_key().
+New applications should use EVP_PKEY_new_raw_private_key() instead.
=head1 NOTES
=head1 RETURN VALUES
-EVP_PKEY_new(), EVP_PKEY_new_private_key(), EVP_PKEY_new_public_key(),
+EVP_PKEY_new(), EVP_PKEY_new_raw_private_key(), EVP_PKEY_new_raw_public_key(),
EVP_PKEY_new_CMAC_key() and EVP_PKEY_new_mac_key() return either the newly
allocated B<EVP_PKEY> structure or B<NULL> if an error occurred.
EVP_PKEY_new() and EVP_PKEY_free() exist in all versions of OpenSSL.
-EVP_PKEY_up_ref() was first added to OpenSSL 1.1.0. EVP_PKEY_new_private_key(),
-EVP_PKEY_new_public_key() and EVP_PKEY_new_CMAC_key() were first added to
-OpenSSL 1.1.1.
+EVP_PKEY_up_ref() was first added to OpenSSL 1.1.0.
+EVP_PKEY_new_raw_private_key(), EVP_PKEY_new_raw_public_key() and
+EVP_PKEY_new_CMAC_key() were first added to OpenSSL 1.1.1.
=head1 COPYRIGHT
EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_ED448, NULL);
Ed25519 or Ed448 private keys can be set directly using
-L<EVP_PKEY_new_private_key(3)> or loaded from a PKCS#8 private key file using
-L<PEM_read_bio_PrivateKey(3)> (or similar function). Completely new keys can
-also be generated (see the example below). Setting a private key also sets the
-associated public key.
+L<EVP_PKEY_new_raw_private_key(3)> or loaded from a PKCS#8 private key file
+using L<PEM_read_bio_PrivateKey(3)> (or similar function). Completely new keys
+can also be generated (see the example below). Setting a private key also sets
+the associated public key.
Ed25519 or Ed448 public keys can be set directly using
-L<EVP_PKEY_new_public_key(3)> or loaded from a SubjectPublicKeyInfo structure
-in a PEM file using L<PEM_read_bio_PUBKEY(3)> (or similar function).
+L<EVP_PKEY_new_raw_public_key(3)> or loaded from a SubjectPublicKeyInfo
+
structure in a PEM file using L<PEM_read_bio_PUBKEY(3)> (or similar function).
=head1 EXAMPLE
EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_X448, NULL);
X25519 or X448 private keys can be set directly using
-L<EVP_PKEY_new_private_key(3)> or loaded from a PKCS#8 private key file using
-L<PEM_read_bio_PrivateKey(3)> (or similar function). Completely new keys can
-also be generated (see the example below). Setting a private key also sets the
-associated public key.
+L<EVP_PKEY_new_raw_private_key(3)> or loaded from a PKCS#8 private key file
+using L<PEM_read_bio_PrivateKey(3)> (or similar function). Completely new keys
+can also be generated (see the example below). Setting a private key also sets
+the associated public key.
X25519 or X448 public keys can be set directly using
-L<EVP_PKEY_new_public_key(3)> or loaded from a SubjectPublicKeyInfo structure
-in a PEM file using L<PEM_read_bio_PUBKEY(3)> (or similar function).
+L<EVP_PKEY_new_raw_public_key(3)> or loaded from a SubjectPublicKeyInfo
+
structure in a PEM file using L<PEM_read_bio_PUBKEY(3)> (or similar function).
=head1 EXAMPLE
EVP_PKEY *EVP_PKEY_new_mac_key(int type, ENGINE *e,
const unsigned char *key, int keylen);
-EVP_PKEY *EVP_PKEY_new_private_key(int type, ENGINE *e,
- const unsigned char *priv,
- size_t len);
-EVP_PKEY *EVP_PKEY_new_public_key(int type, ENGINE *e,
- const unsigned char *pub,
- size_t len);
+EVP_PKEY *EVP_PKEY_new_raw_private_key(int type, ENGINE *e,
+ const unsigned char *priv,
+ size_t len);
+EVP_PKEY *EVP_PKEY_new_raw_public_key(int type, ENGINE *e,
+ const unsigned char *pub,
+ size_t len);
EVP_PKEY *EVP_PKEY_new_CMAC_key(ENGINE *e, const unsigned char *priv,
size_t len, const EVP_CIPHER *cipher);
# define EVP_F_EVP_PKEY_KEYGEN_INIT 147
# define EVP_F_EVP_PKEY_NEW 106
# define EVP_F_EVP_PKEY_NEW_CMAC_KEY 193
-# define EVP_F_EVP_PKEY_NEW_PRIVATE_KEY 191
-# define EVP_F_EVP_PKEY_NEW_PUBLIC_KEY 192
+# define EVP_F_EVP_PKEY_NEW_RAW_PRIVATE_KEY 191
+# define EVP_F_EVP_PKEY_NEW_RAW_PUBLIC_KEY 192
# define EVP_F_EVP_PKEY_PARAMGEN 148
# define EVP_F_EVP_PKEY_PARAMGEN_INIT 149
# define EVP_F_EVP_PKEY_PARAM_CHECK 189
goto err;
}
- mackey = EVP_PKEY_new_private_key(EVP_PKEY_HMAC, NULL, finishedkey,
- hashsize);
+ mackey = EVP_PKEY_new_raw_private_key(EVP_PKEY_HMAC, NULL, finishedkey,
+ hashsize);
if (mackey == NULL) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PSK_DO_BINDER,
ERR_R_INTERNAL_ERROR);
/* Verify the HMAC of the cookie */
hctx = EVP_MD_CTX_create();
- pkey = EVP_PKEY_new_private_key(EVP_PKEY_HMAC, NULL,
- s->session_ctx->ext.cookie_hmac_key,
- sizeof(s->session_ctx->ext.cookie_hmac_key));
+ pkey = EVP_PKEY_new_raw_private_key(EVP_PKEY_HMAC, NULL,
+ s->session_ctx->ext.cookie_hmac_key,
+ sizeof(s->session_ctx->ext
+ .cookie_hmac_key));
if (hctx == NULL || pkey == NULL) {
EVP_MD_CTX_free(hctx);
EVP_PKEY_free(pkey);
/* HMAC the cookie */
hctx = EVP_MD_CTX_create();
- pkey = EVP_PKEY_new_private_key(EVP_PKEY_HMAC, NULL,
- s->session_ctx->ext.cookie_hmac_key,
- sizeof(s->session_ctx->ext.cookie_hmac_key));
+ pkey = EVP_PKEY_new_raw_private_key(EVP_PKEY_HMAC, NULL,
+ s->session_ctx->ext.cookie_hmac_key,
+ sizeof(s->session_ctx->ext
+ .cookie_hmac_key));
if (hctx == NULL || pkey == NULL) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_STOC_COOKIE,
ERR_R_MALLOC_FAILURE);
if (!(EVP_CIPHER_flags(c) & EVP_CIPH_FLAG_AEAD_CIPHER)) {
/* TODO(size_t): Convert this function */
- mac_key = EVP_PKEY_new_private_key(mac_type, NULL,
- mac_secret, (int)*mac_secret_size);
+ mac_key = EVP_PKEY_new_raw_private_key(mac_type, NULL, mac_secret,
+ (int)*mac_secret_size);
if (mac_key == NULL
|| EVP_DigestSignInit(mac_ctx, NULL, m, NULL, mac_key) <= 0) {
EVP_PKEY_free(mac_key);
}
if (str == s->method->ssl3_enc->server_finished_label)
- key = EVP_PKEY_new_private_key(EVP_PKEY_HMAC, NULL,
- s->server_finished_secret, hashlen);
+ key = EVP_PKEY_new_raw_private_key(EVP_PKEY_HMAC, NULL,
+ s->server_finished_secret, hashlen);
else
- key = EVP_PKEY_new_private_key(EVP_PKEY_HMAC, NULL,
- s->client_finished_secret, hashlen);
+ key = EVP_PKEY_new_raw_private_key(EVP_PKEY_HMAC, NULL,
+ s->client_finished_secret, hashlen);
if (key == NULL
|| ctx == NULL
key = EVP_PKEY_new_CMAC_key(NULL, expected->key, expected->key_len,
EVP_get_cipherbyname(expected->alg));
else
- key = EVP_PKEY_new_private_key(expected->type, NULL, expected->key,
- expected->key_len);
+ key = EVP_PKEY_new_raw_private_key(expected->type, NULL, expected->key,
+ expected->key_len);
if (key == NULL) {
t->err = "MAC_KEY_CREATE_ERROR";
goto err;
return 0;
}
if (klist == &private_keys)
- pkey = EVP_PKEY_new_private_key(nid, NULL, keybin, keylen);
+ pkey = EVP_PKEY_new_raw_private_key(nid, NULL, keybin, keylen);
else
- pkey = EVP_PKEY_new_public_key(nid, NULL, keybin, keylen);
+ pkey = EVP_PKEY_new_raw_public_key(nid, NULL, keybin, keylen);
if (pkey == NULL) {
TEST_info("Can't read %s data", pp->key);
OPENSSL_free(keybin);
OSSL_STORE_SEARCH_free 4464 1_1_1 EXIST::FUNCTION:
OSSL_STORE_SEARCH_get0_digest 4465 1_1_1 EXIST::FUNCTION:
RAND_DRBG_set_reseed_defaults 4466 1_1_1 EXIST::FUNCTION:
-EVP_PKEY_new_private_key 4467 1_1_1 EXIST::FUNCTION:
-EVP_PKEY_new_public_key 4468 1_1_1 EXIST::FUNCTION:
+EVP_PKEY_new_raw_private_key 4467 1_1_1 EXIST::FUNCTION:
+EVP_PKEY_new_raw_public_key 4468 1_1_1 EXIST::FUNCTION:
EVP_PKEY_new_CMAC_key 4469 1_1_1 EXIST::FUNCTION:
EVP_PKEY_asn1_set_set_priv_key 4470 1_1_1 EXIST::FUNCTION:
EVP_PKEY_asn1_set_set_pub_key 4471 1_1_1 EXIST::FUNCTION:
projects / openssl / commitdiff