Ything-RepoMirrors/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2026-01-25 02:56:43 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
master
openssl/doc/man7/EVP_PKEY-HMAC.pod
Norbert Pocs adc73bfcb3 Docs: Clean up ENGINE mentions 
Engines are removed and the documentation should reflect that, even with
deprecated and legacy API.

Resolves: https://github.com/openssl/project/issues/1366

Signed-off-by: Norbert Pocs <norbertp@openssl.org>

Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Saša Nedvědický <sashan@openssl.org>
Reviewed-by: Saša Nedvědický <sashan@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29305)
2025-12-04 07:32:18 -05:00

97 lines
2.6 KiB
Plaintext
Raw Permalink Blame History

=pod
=head1 NAME
EVP_PKEY-HMAC, EVP_KEYMGMT-HMAC, EVP_PKEY-Siphash, EVP_KEYMGMT-Siphash,
EVP_PKEY-Poly1305, EVP_KEYMGMT-Poly1305, EVP_PKEY-CMAC, EVP_KEYMGMT-CMAC
- EVP_PKEY legacy MAC keytypes and algorithm support
=head1 DESCRIPTION
The B<HMAC> and B<CMAC> key types are implemented in OpenSSL's default and FIPS
providers. Additionally the B<Siphash> and B<Poly1305> key types are implemented
in the default provider. Performing MAC operations via an EVP_PKEY
is considered legacy and are only available for backwards compatibility purposes
and for a restricted set of algorithms. The preferred way of performing MAC
operations is via the EVP_MAC APIs. See L<EVP_MAC_init(3)>.
For further details on using EVP_PKEY based MAC keys see
L<EVP_SIGNATURE-HMAC(7)>, L<EVP_SIGNATURE-Siphash(7)>,
L<EVP_SIGNATURE-Poly1305(7)> or L<EVP_SIGNATURE-CMAC(7)>.
=head2 Common MAC parameters
All the B<MAC> keytypes support the following parameters.
=over 4
=item "priv" (B<OSSL_PKEY_PARAM_PRIV_KEY>) <octet string>
The MAC key value.
=item "properties" (B<OSSL_PKEY_PARAM_PROPERTIES>) <UTF8 string>
A property query string to be used when any algorithms are fetched.
=back
=head2 CMAC parameters
As well as the parameters described above, the B<CMAC> keytype additionally
supports the following parameters.
=over 4
=item "cipher" (B<OSSL_PKEY_PARAM_CIPHER>) <UTF8 string>
The name of a cipher to be used when generating the MAC.
=back
=head2 Common MAC key generation parameters
MAC key generation is unusual in that no new key is actually generated. Instead
a new provider side key object is created with the supplied raw key value. This
is done for backwards compatibility with previous versions of OpenSSL.
=over 4
=item "priv" (B<OSSL_PKEY_PARAM_PRIV_KEY>) <octet string>
The MAC key value.
=back
=head2 CMAC key generation parameters
In addition to the common MAC key generation parameters, the CMAC key generation
additionally recognises the following.
=over 4
=item "cipher" (B<OSSL_PKEY_PARAM_CIPHER>) <UTF8 string>
The name of a cipher to be used when generating the MAC.
=back
=head1 SEE ALSO
L<EVP_KEYMGMT(3)>, L<EVP_PKEY(3)>, L<provider-keymgmt(7)>
=head1 HISTORY
The CMAC parameter I<engine> (B<OSSL_PKEY_PARAM_ENGINE>) was removed in
OpenSSL 4.0.
=head1 COPYRIGHT
Copyright 2020-2025 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
in the file LICENSE in the source distribution or at
L<https://www.openssl.org/source/license.html>.
=cut
Reference in New Issue View Git Blame Copy Permalink