document sizes for ED25519 and X25519,

including the constants ED25519_KEYLEN and X25519_KEYLEN

diff --git a/lib/libcrypto/man/EVP_PKEY_size.3 b/lib/libcrypto/man/EVP_PKEY_size.3
index 3070aee..b45cda7 100644 (file)
--- a/lib/libcrypto/man/EVP_PKEY_size.3
+++ b/lib/libcrypto/man/EVP_PKEY_size.3
@@ -1,10 +1,10 @@
-.\" $OpenBSD: EVP_PKEY_size.3,v 1.1 2022/07/13 19:10:40 schwarze Exp $
+.\" $OpenBSD: EVP_PKEY_size.3,v 1.2 2023/09/12 15:29:03 schwarze Exp $
 .\" full merge up to: OpenSSL eed9d03b Jan 8 11:04:15 2020 +0100
 .\"
 .\" This file is a derived work.
 .\" The changes are covered by the following Copyright and license:
 .\"
-.\" Copyright (c) 2022 Ingo Schwarze <schwarze@openbsd.org>
+.\" Copyright (c) 2022, 2023 Ingo Schwarze <schwarze@openbsd.org>
 .\"
 .\" Permission to use, copy, modify, and distribute this software for any
 .\" purpose with or without fee is hereby granted, provided that the above
@@ -65,7 +65,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: July 13 2022 $
+.Dd $Mdocdate: September 12 2023 $
 .Dt EVP_PKEY_SIZE 3
 .Os
 .Sh NAME
@@ -137,17 +137,26 @@ where it's desirable to know the upper limit in advance.
 By default,
 .Fn EVP_PKEY_size
 is supported for the following algorithms:
-.Bl -column GOST01 "EVP_MAX_BLOCK_LENGTH = 32"
+.Bl -column ED25519 "EVP_MAX_BLOCK_LENGTH = 32"
 .It        Ta same result as from:
 .It CMAC   Ta Dv EVP_MAX_BLOCK_LENGTH No = 32
 .It DH     Ta Xr DH_size 3
 .It DSA    Ta Xr DSA_size 3
 .It EC     Ta Xr ECDSA_size 3
+.It ED25519 Ta 64, but see below
 .It GOST01 Ta 64 or 128
 .It HMAC   Ta Dv EVP_MAX_MD_SIZE No = 64
 .It RSA    Ta Xr RSA_size 3
+.It X25519 Ta Dv X25519_KEYLEN No = 32
 .El
 .Pp
+For
+.Dv EVP_PKEY_ED25519 ,
+the situation is special: while the key size is
+.Dv ED25519_KEYLEN No = 32 bytes ,
+.Fn EVP_PKEY_size
+returns 64 because the signature is longer than the keys.
+.Pp
 The application program can support additional algorithms by calling
 .Xr EVP_PKEY_asn1_set_public 3 .
 .Pp
@@ -157,14 +166,16 @@ returns the cryptographic length of the cryptosystem to which the key in
 belongs, in bits.
 The definition of cryptographic length is specific to the key cryptosystem.
 By default, the following algorithms are supported:
-.Bl -column GOST01 "the public domain parameter p" DSA_bits(3)
+.Bl -column ED25519 "the public domain parameter p" DSA_bits(3)
 .It        Ta cryptographic length = Ta same result as from:
 .It        Ta significant bits in ... Ta
 .It DH     Ta the public domain parameter Fa p Ta Xr DH_bits 3
 .It DSA    Ta the public domain parameter Fa p Ta Xr DSA_bits 3
 .It EC     Ta the order of the group Ta Xr EC_GROUP_order_bits 3
+.It ED25519 Ta 253 Ta \(em
 .It GOST01 Ta 256 or 512 Ta \(em
 .It RSA    Ta the public modulus Ta Xr RSA_bits 3
+.It X25519 Ta 253 Ta \(em
 .El
 .Pp
 The application program can support additional algorithms by calling
@@ -175,13 +186,15 @@ returns the security strength measured in bits of the given
 .Fa pkey
 as defined in NIST SP800-57.
 By default, the following algorithms are supported:
-.Bl -column GOST01 DSA_security_bits(3)
+.Bl -column ED25519 DSA_security_bits(3)
 .It        Ta same result as from:
 .It DH     Ta Xr DH_security_bits 3
 .It DSA    Ta Xr DSA_security_bits 3
 .It EC     Ta Xr EC_GROUP_order_bits 3 divided by 2
+.It ED25519 Ta 128
 .It GOST01 Ta not supported, return value is \-2
 .It RSA    Ta Xr RSA_security_bits 3
+.It X25519 Ta 128
 .El
 .Pp
 For EC keys, if the result is greater than 80, it is rounded down