1=pod 2 3=head1 NAME 4 5EVP_PKEY_set1_RSA, EVP_PKEY_set1_DSA, EVP_PKEY_set1_DH, EVP_PKEY_set1_EC_KEY, 6EVP_PKEY_get1_RSA, EVP_PKEY_get1_DSA, EVP_PKEY_get1_DH, EVP_PKEY_get1_EC_KEY, 7EVP_PKEY_get0_RSA, EVP_PKEY_get0_DSA, EVP_PKEY_get0_DH, EVP_PKEY_get0_EC_KEY, 8EVP_PKEY_assign_RSA, EVP_PKEY_assign_DSA, EVP_PKEY_assign_DH, 9EVP_PKEY_assign_EC_KEY, EVP_PKEY_assign_POLY1305, EVP_PKEY_assign_SIPHASH, 10EVP_PKEY_get0_hmac, EVP_PKEY_get0_poly1305, EVP_PKEY_get0_siphash, 11EVP_PKEY_get0, EVP_PKEY_type, EVP_PKEY_get_id, EVP_PKEY_get_base_id, 12EVP_PKEY_set1_engine, EVP_PKEY_get0_engine, 13EVP_PKEY_id, EVP_PKEY_base_id - 14EVP_PKEY assignment functions 15 16=head1 SYNOPSIS 17 18 #include <openssl/evp.h> 19 20 int EVP_PKEY_get_id(const EVP_PKEY *pkey); 21 int EVP_PKEY_get_base_id(const EVP_PKEY *pkey); 22 int EVP_PKEY_type(int type); 23 24 #define EVP_PKEY_id EVP_PKEY_get_id 25 #define EVP_PKEY_base_id EVP_PKEY_get_base_id 26 27The following functions have been deprecated since OpenSSL 3.0, and can be 28hidden entirely by defining B<OPENSSL_API_COMPAT> with a suitable version value, 29see L<openssl_user_macros(7)>: 30 31 int EVP_PKEY_set1_RSA(EVP_PKEY *pkey, RSA *key); 32 int EVP_PKEY_set1_DSA(EVP_PKEY *pkey, DSA *key); 33 int EVP_PKEY_set1_DH(EVP_PKEY *pkey, DH *key); 34 int EVP_PKEY_set1_EC_KEY(EVP_PKEY *pkey, EC_KEY *key); 35 36 RSA *EVP_PKEY_get1_RSA(EVP_PKEY *pkey); 37 DSA *EVP_PKEY_get1_DSA(EVP_PKEY *pkey); 38 DH *EVP_PKEY_get1_DH(EVP_PKEY *pkey); 39 EC_KEY *EVP_PKEY_get1_EC_KEY(EVP_PKEY *pkey); 40 41 const unsigned char *EVP_PKEY_get0_hmac(const EVP_PKEY *pkey, size_t *len); 42 const unsigned char *EVP_PKEY_get0_poly1305(const EVP_PKEY *pkey, size_t *len); 43 const unsigned char *EVP_PKEY_get0_siphash(const EVP_PKEY *pkey, size_t *len); 44 const RSA *EVP_PKEY_get0_RSA(const EVP_PKEY *pkey); 45 const DSA *EVP_PKEY_get0_DSA(const EVP_PKEY *pkey); 46 const DH *EVP_PKEY_get0_DH(const EVP_PKEY *pkey); 47 const EC_KEY *EVP_PKEY_get0_EC_KEY(const EVP_PKEY *pkey); 48 void *EVP_PKEY_get0(const EVP_PKEY *pkey); 49 50 int EVP_PKEY_assign_RSA(EVP_PKEY *pkey, RSA *key); 51 int EVP_PKEY_assign_DSA(EVP_PKEY *pkey, DSA *key); 52 int EVP_PKEY_assign_DH(EVP_PKEY *pkey, DH *key); 53 int EVP_PKEY_assign_EC_KEY(EVP_PKEY *pkey, EC_KEY *key); 54 int EVP_PKEY_assign_POLY1305(EVP_PKEY *pkey, ASN1_OCTET_STRING *key); 55 int EVP_PKEY_assign_SIPHASH(EVP_PKEY *pkey, ASN1_OCTET_STRING *key); 56 57 ENGINE *EVP_PKEY_get0_engine(const EVP_PKEY *pkey); 58 int EVP_PKEY_set1_engine(EVP_PKEY *pkey, ENGINE *engine); 59 60=head1 DESCRIPTION 61 62EVP_PKEY_get_base_id() returns the type of I<pkey>. For example 63an RSA key will return B<EVP_PKEY_RSA>. 64 65EVP_PKEY_get_id() returns the actual OID associated with I<pkey>. 66Historically keys using the same algorithm could use different OIDs. 67For example an RSA key could use the OIDs corresponding to 68the NIDs B<NID_rsaEncryption> (equivalent to B<EVP_PKEY_RSA>) or 69B<NID_rsa> (equivalent to B<EVP_PKEY_RSA2>). The use of 70alternative non-standard OIDs is now rare so B<EVP_PKEY_RSA2> et al are not 71often seen in practice. 72 73EVP_PKEY_type() returns the underlying type of the NID I<type>. For example 74EVP_PKEY_type(EVP_PKEY_RSA2) will return B<EVP_PKEY_RSA>. 75 76EVP_PKEY_set1_RSA(), EVP_PKEY_set1_DSA(), EVP_PKEY_set1_DH() and 77EVP_PKEY_set1_EC_KEY() set the key referenced by I<pkey> to I<key>. These 78functions are deprecated. Applications should instead use 79L<EVP_PKEY_fromdata(3)>. 80 81EVP_PKEY_assign_RSA(), EVP_PKEY_assign_DSA(), EVP_PKEY_assign_DH(), 82EVP_PKEY_assign_EC_KEY(), EVP_PKEY_assign_POLY1305() and 83EVP_PKEY_assign_SIPHASH() set the referenced key to I<key> however these use 84the supplied I<key> internally and so I<key> will be freed when the parent 85I<pkey> is freed. These macros are deprecated. Applications should instead read 86an EVP_PKEY directly using the OSSL_DECODER APIs (see 87L<OSSL_DECODER_CTX_new_for_pkey(3)>), or construct an EVP_PKEY from data using 88L<EVP_PKEY_fromdata(3)>. 89 90EVP_PKEY_get1_RSA(), EVP_PKEY_get1_DSA(), EVP_PKEY_get1_DH() and 91EVP_PKEY_get1_EC_KEY() return the referenced key in I<pkey> or NULL if the 92key is not of the correct type. The returned key must be freed after use. 93These functions are deprecated. Applications should instead use the EVP_PKEY 94directly where possible. If access to the low level key parameters is required 95then applications should use L<EVP_PKEY_get_params(3)> and other similar 96functions. To write an EVP_PKEY out use the OSSL_ENCODER APIs (see 97L<OSSL_ENCODER_CTX_new_for_pkey(3)>). 98 99EVP_PKEY_get0_hmac(), EVP_PKEY_get0_poly1305(), EVP_PKEY_get0_siphash(), 100EVP_PKEY_get0_RSA(), EVP_PKEY_get0_DSA(), EVP_PKEY_get0_DH() and 101EVP_PKEY_get0_EC_KEY() return the referenced key in I<pkey> or NULL if the 102key is not of the correct type. The reference count of the returned key is 103B<not> incremented and so the key must not be freed after use. These functions 104are deprecated. Applications should instead use the EVP_PKEY directly where 105possible. If access to the low level key parameters is required then 106applications should use L<EVP_PKEY_get_params(3)> and other similar functions. 107To write an EVP_PKEY out use the OSSL_ENCODER APIs (see 108L<OSSL_ENCODER_CTX_new_for_pkey(3)>). EVP_PKEY_get0() returns a pointer to the 109legacy key or NULL if the key is not legacy. 110 111Note that if an EVP_PKEY was not constructed using one of the deprecated 112functions such as EVP_PKEY_set1_RSA(), EVP_PKEY_set1_DSA(), EVP_PKEY_set1_DH() 113or EVP_PKEY_set1_EC_KEY(), or via the similarly named B<EVP_PKEY_assign> macros 114described above then the internal key will be managed by a provider (see 115L<provider(7)>). In that case the key returned by EVP_PKEY_get1_RSA(), 116EVP_PKEY_get1_DSA(), EVP_PKEY_get1_DH(), EVP_PKEY_get1_EC_KEY(), 117EVP_PKEY_get0_hmac(), EVP_PKEY_get0_poly1305(), EVP_PKEY_get0_siphash(), 118EVP_PKEY_get0_RSA(), EVP_PKEY_get0_DSA(), EVP_PKEY_get0_DH() or 119EVP_PKEY_get0_EC_KEY() will be a cached copy of the provider's key. Subsequent 120updates to the provider's key will not be reflected back in the cached copy, and 121updates made by an application to the returned key will not be reflected back in 122the provider's key. Subsequent calls to EVP_PKEY_get1_RSA(), 123EVP_PKEY_get1_DSA(), EVP_PKEY_get1_DH() and EVP_PKEY_get1_EC_KEY() will always 124return the cached copy returned by the first call. 125 126EVP_PKEY_get0_engine() returns a reference to the ENGINE handling I<pkey>. This 127function is deprecated. Applications should use providers instead of engines 128(see L<provider(7)> for details). 129 130EVP_PKEY_set1_engine() sets the ENGINE handling I<pkey> to I<engine>. It 131must be called after the key algorithm and components are set up. 132If I<engine> does not include an B<EVP_PKEY_METHOD> for I<pkey> an 133error occurs. This function is deprecated. Applications should use providers 134instead of engines (see L<provider(7)> for details). 135 136=head1 WARNINGS 137 138The following functions are only reliable with B<EVP_PKEY>s that have 139been assigned an internal key with EVP_PKEY_assign_*(): 140 141EVP_PKEY_get_id(), EVP_PKEY_get_base_id(), EVP_PKEY_type() 142 143For EVP_PKEY key type checking purposes, L<EVP_PKEY_is_a(3)> is more generic. 144 145The keys returned from the functions EVP_PKEY_get0_RSA(), EVP_PKEY_get0_DSA(), 146EVP_PKEY_get0_DH() and EVP_PKEY_get0_EC_KEY() were changed to have a "const" 147return type in OpenSSL 3.0. As described above the keys returned may be cached 148copies of the key held in a provider. Due to this, and unlike in earlier 149versions of OpenSSL, they should be considered read-only copies of the key. 150Updates to these keys will not be reflected back in the provider side key. The 151EVP_PKEY_get1_RSA(), EVP_PKEY_get1_DSA(), EVP_PKEY_get1_DH() and 152EVP_PKEY_get1_EC_KEY() functions were not changed to have a "const" return type 153in order that applications can "free" the return value. However applications 154should still consider them as read-only copies. 155 156=head1 NOTES 157 158In accordance with the OpenSSL naming convention the key obtained 159from or assigned to the I<pkey> using the B<1> functions must be 160freed as well as I<pkey>. 161 162EVP_PKEY_assign_RSA(), EVP_PKEY_assign_DSA(), EVP_PKEY_assign_DH(), 163EVP_PKEY_assign_EC_KEY(), EVP_PKEY_assign_POLY1305() 164and EVP_PKEY_assign_SIPHASH() are implemented as macros. 165 166EVP_PKEY_assign_EC_KEY() looks at the curve name id to determine if 167the passed B<EC_KEY> is an L<SM2(7)> key, and will set the B<EVP_PKEY> 168type to B<EVP_PKEY_SM2> in that case, instead of B<EVP_PKEY_EC>. 169 170Most applications wishing to know a key type will simply call 171EVP_PKEY_get_base_id() and will not care about the actual type: 172which will be identical in almost all cases. 173 174Previous versions of this document suggested using EVP_PKEY_type(pkey->type) 175to determine the type of a key. Since B<EVP_PKEY> is now opaque this 176is no longer possible: the equivalent is EVP_PKEY_get_base_id(pkey). 177 178EVP_PKEY_set1_engine() is typically used by an ENGINE returning an HSM 179key as part of its routine to load a private key. 180 181=head1 RETURN VALUES 182 183EVP_PKEY_set1_RSA(), EVP_PKEY_set1_DSA(), EVP_PKEY_set1_DH() and 184EVP_PKEY_set1_EC_KEY() return 1 for success or 0 for failure. 185 186EVP_PKEY_get1_RSA(), EVP_PKEY_get1_DSA(), EVP_PKEY_get1_DH() and 187EVP_PKEY_get1_EC_KEY() return the referenced key or NULL if 188an error occurred. 189 190EVP_PKEY_assign_RSA(), EVP_PKEY_assign_DSA(), EVP_PKEY_assign_DH(), 191EVP_PKEY_assign_EC_KEY(), EVP_PKEY_assign_POLY1305() 192and EVP_PKEY_assign_SIPHASH() return 1 for success and 0 for failure. 193 194EVP_PKEY_get_base_id(), EVP_PKEY_get_id() and EVP_PKEY_type() return a key 195type or B<NID_undef> (equivalently B<EVP_PKEY_NONE>) on error. 196 197EVP_PKEY_set1_engine() returns 1 for success and 0 for failure. 198 199=head1 SEE ALSO 200 201L<EVP_PKEY_new(3)>, L<SM2(7)> 202 203=head1 HISTORY 204 205The EVP_PKEY_id() and EVP_PKEY_base_id() functions were renamed to 206include C<get> in their names in OpenSSL 3.0, respectively. The old names 207are kept as non-deprecated alias macros. 208 209EVP_PKEY_set1_RSA, EVP_PKEY_set1_DSA, EVP_PKEY_set1_DH, EVP_PKEY_set1_EC_KEY, 210EVP_PKEY_get1_RSA, EVP_PKEY_get1_DSA, EVP_PKEY_get1_DH, EVP_PKEY_get1_EC_KEY, 211EVP_PKEY_get0_RSA, EVP_PKEY_get0_DSA, EVP_PKEY_get0_DH, EVP_PKEY_get0_EC_KEY, 212EVP_PKEY_assign_RSA, EVP_PKEY_assign_DSA, EVP_PKEY_assign_DH, 213EVP_PKEY_assign_EC_KEY, EVP_PKEY_assign_POLY1305, EVP_PKEY_assign_SIPHASH, 214EVP_PKEY_get0_hmac, EVP_PKEY_get0_poly1305, EVP_PKEY_get0_siphash, 215EVP_PKEY_set1_engine and EVP_PKEY_get0_engine were deprecated in OpenSSL 3.0. 216 217The return value from EVP_PKEY_get0_RSA, EVP_PKEY_get0_DSA, EVP_PKEY_get0_DH, 218EVP_PKEY_get0_EC_KEY were made const in OpenSSL 3.0. 219 220The function EVP_PKEY_set_alias_type() was previously documented on this page. 221It was removed in OpenSSL 3.0. 222 223=head1 COPYRIGHT 224 225Copyright 2002-2021 The OpenSSL Project Authors. All Rights Reserved. 226 227Licensed under the Apache License 2.0 (the "License"). You may not use 228this file except in compliance with the License. You can obtain a copy 229in the file LICENSE in the source distribution or at 230L<https://www.openssl.org/source/license.html>. 231 232=cut 233