EVP_PKEY_get_size() returns the maximum suitable size for the output
buffers for almost all operations that can be done with I<pkey>.
+This corresponds to the provider parameter B<OSSL_PKEY_PARAM_MAX_SIZE>.
The primary documented use is with L<EVP_SignFinal(3)> and
L<EVP_SealInit(3)>, but it isn't limited there. The returned size is
also large enough for the output buffer of L<EVP_PKEY_sign(3)>,
EVP_PKEY_get_bits() returns the cryptographic length of the cryptosystem
to which the key in I<pkey> belongs, in bits. Note that the definition
of cryptographic length is specific to the key cryptosystem.
+This length corresponds to the provider parameter B<OSSL_PKEY_PARAM_BITS>.
EVP_PKEY_get_security_bits() returns the number of security bits of the given
I<pkey>, bits of security is defined in NIST SP800-57.
+This corresponds to the provider parameter B<OSSL_PKEY_PARAM_SECURITY_BITS>.
=head1 RETURN VALUES
=head1 SEE ALSO
+L<provider-keymgmt(7)>,
L<EVP_SignFinal(3)>,
L<EVP_SealInit(3)>,
L<EVP_PKEY_sign(3)>,
L<provider-asym_cipher(7)>, a derived secret (I<secret> in
L<provider-keyexch(7)>, and similar data).
+Providers need to implement this parameter
+in order to properly support various use cases such as CMS signing.
+
Because an EVP_KEYMGMT method is always tightly bound to another method
(signature, asymmetric cipher, key exchange, ...) and must be of the
same provider, this number only needs to be synchronised with the
=head1 SEE ALSO
+L<EVP_PKEY_get_size(3)>,
+L<EVP_PKEY_get_bits(3)>,
+L<EVP_PKEY_get_security_bits(3)>,
L<provider(7)>,
L<EVP_PKEY-X25519(7)>, L<EVP_PKEY-X448(7)>, L<EVP_PKEY-ED25519(7)>,
L<EVP_PKEY-ED448(7)>, L<EVP_PKEY-EC(7)>, L<EVP_PKEY-RSA(7)>,
projects / openssl.git / commitdiff