=item B<-kdf algorithm>
-Use key derivation function B<algorithm>. Note: additional paramers
-will normally have to be set and the KDF output length for this to work.
+Use key derivation function B<algorithm>. The supported algorithms are
+at present B<TLS1-PRF> and B<HKDF>.
+Note: additional paramers and the KDF output length will normally have to be
+set for this to work. See L<EVP_PKEY_HKDF(3)> and L<EVP_PKEY_TLS1_PRF(3)>
+for the supported string parameters of each algorithm.
=item B<-kdflen length>
-Set the ouput length for KDF.
+Set the output length for KDF.
=item B<-pkeyopt opt:value>
When used with the B<-engine> option, it specifies to also use
engine B<id> for crypto operations.
-
=back
=head1 NOTES
=head1 SEE ALSO
L<genpkey(1)>, L<pkey(1)>, L<rsautl(1)>
-L<dgst(1)>, L<rsa(1)>, L<genrsa(1)>
+L<dgst(1)>, L<rsa(1)>, L<genrsa(1)>,
+L<EVP_PKEY_HKDF(3)>, L<EVP_PKEY_TLS1_PRF(3)>
=head1 DESCRIPTION
-The EVP_PKEY_HKDF alogorithm implements the HKDF key derivation function.
+The EVP_PKEY_HKDF algorithm implements the HKDF key derivation function.
HKDF follows the "extract-then-expand" paradigm, where the KDF logically
consists of two modules. The first stage takes the input keying material
and "extracts" from it a fixed-length pseudorandom key K. The second stage
buffer B<info>. If a value is already set, it is appended to the existing
value.
+=head1 STRING CTRLS
+
+HKDF also supports string based control operations via
+L<EVP_PKEY_CTX_ctrl_str(3)>.
+The B<type> parameter "md" uses the supplied B<value> as the name of the digest
+algorithm to use.
+The B<type> parameters "salt", "key" and "info" use the supplied B<value>
+parameter as a B<seed>, B<key> or B<info> value.
+The names "hexsalt", "hexkey" and "hexinfo" are similar except they take a hex
+string which is converted to binary.
+
=head1 NOTES
All these functions are implemented as macros.
The total length of the info buffer cannot exceed 1024 bytes in length: this
should be more than enough for any normal use of HKDF.
-The output length of the KDF is specified by the length parameter in the
-EVP_PKEY_derive() function. Since the output length is variable, setting
-the buffer to B<NULL> is not meaningful for HKDF.
+The output length of the KDF is specified via the length parameter to the
+L<EVP_PKEY_derive(3)> function.
+Since the HKDF output length is variable, passing a B<NULL> buffer as a means
+to obtain the requisite length is not meaningful with HKDF.
+Instead, the caller must allocate a buffer of the desired length, and pass that
+buffer to L<EVP_PKEY_derive(3)> along with (a pointer initialized to) the
+desired length.
Optimised versions of HKDF can be implemented in an ENGINE.
=head1 SEE ALSO
L<EVP_PKEY_CTX_new(3)>,
-L<EVP_PKEY_derive(3)>,
+L<EVP_PKEY_CTX_ctrl_str(3)>,
+L<EVP_PKEY_derive(3)>
=cut
=head1 STRING CTRLS
The TLS PRF also supports string based control operations using
-EVP_PKEY_CTX_ctrl_str(). The B<type> parameters "secret" and "seed" use
-the supplied B<value> parameter as a secret or seed value. The names
-"hexsecret" and "hexseed" are similar except they take a hex string which
-is converted to binary.
+L<EVP_PKEY_CTX_ctrl_str(3)>.
+The B<type> parameter "md" uses the supplied B<value> as the name of the digest
+algorithm to use.
+The B<type> parameters "secret" and "seed" use the supplied B<value> parameter
+as a secret or seed value.
+The names "hexsecret" and "hexseed" are similar except they take a hex string
+which is converted to binary.
=head1 NOTES
=head1 SEE ALSO
L<EVP_PKEY_CTX_new(3)>,
-L<EVP_PKEY_CTX_ctrl(3)>,
+L<EVP_PKEY_CTX_ctrl_str(3)>,
L<EVP_PKEY_derive(3)>
=cut