• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1=pod
2
3=head1 NAME
4
5EVP_PKEY_set1_RSA, EVP_PKEY_set1_DSA, EVP_PKEY_set1_DH, EVP_PKEY_set1_EC_KEY,
6EVP_PKEY_get1_RSA, EVP_PKEY_get1_DSA, EVP_PKEY_get1_DH, EVP_PKEY_get1_EC_KEY,
7EVP_PKEY_get0_RSA, EVP_PKEY_get0_DSA, EVP_PKEY_get0_DH, EVP_PKEY_get0_EC_KEY,
8EVP_PKEY_assign_RSA, EVP_PKEY_assign_DSA, EVP_PKEY_assign_DH,
9EVP_PKEY_assign_EC_KEY, EVP_PKEY_assign_POLY1305, EVP_PKEY_assign_SIPHASH,
10EVP_PKEY_get0_hmac, EVP_PKEY_get0_poly1305, EVP_PKEY_get0_siphash,
11EVP_PKEY_get0, EVP_PKEY_type, EVP_PKEY_get_id, EVP_PKEY_get_base_id,
12EVP_PKEY_set1_engine, EVP_PKEY_get0_engine,
13EVP_PKEY_id, EVP_PKEY_base_id -
14EVP_PKEY assignment functions
15
16=head1 SYNOPSIS
17
18 #include <openssl/evp.h>
19
20 int EVP_PKEY_get_id(const EVP_PKEY *pkey);
21 int EVP_PKEY_get_base_id(const EVP_PKEY *pkey);
22 int EVP_PKEY_type(int type);
23
24 #define EVP_PKEY_id EVP_PKEY_get_id
25 #define EVP_PKEY_base_id EVP_PKEY_get_base_id
26
27The following functions have been deprecated since OpenSSL 3.0, and can be
28hidden entirely by defining B<OPENSSL_API_COMPAT> with a suitable version value,
29see L<openssl_user_macros(7)>:
30
31 int EVP_PKEY_set1_RSA(EVP_PKEY *pkey, RSA *key);
32 int EVP_PKEY_set1_DSA(EVP_PKEY *pkey, DSA *key);
33 int EVP_PKEY_set1_DH(EVP_PKEY *pkey, DH *key);
34 int EVP_PKEY_set1_EC_KEY(EVP_PKEY *pkey, EC_KEY *key);
35
36 RSA *EVP_PKEY_get1_RSA(EVP_PKEY *pkey);
37 DSA *EVP_PKEY_get1_DSA(EVP_PKEY *pkey);
38 DH *EVP_PKEY_get1_DH(EVP_PKEY *pkey);
39 EC_KEY *EVP_PKEY_get1_EC_KEY(EVP_PKEY *pkey);
40
41 const unsigned char *EVP_PKEY_get0_hmac(const EVP_PKEY *pkey, size_t *len);
42 const unsigned char *EVP_PKEY_get0_poly1305(const EVP_PKEY *pkey, size_t *len);
43 const unsigned char *EVP_PKEY_get0_siphash(const EVP_PKEY *pkey, size_t *len);
44 const RSA *EVP_PKEY_get0_RSA(const EVP_PKEY *pkey);
45 const DSA *EVP_PKEY_get0_DSA(const EVP_PKEY *pkey);
46 const DH *EVP_PKEY_get0_DH(const EVP_PKEY *pkey);
47 const EC_KEY *EVP_PKEY_get0_EC_KEY(const EVP_PKEY *pkey);
48 void *EVP_PKEY_get0(const EVP_PKEY *pkey);
49
50 int EVP_PKEY_assign_RSA(EVP_PKEY *pkey, RSA *key);
51 int EVP_PKEY_assign_DSA(EVP_PKEY *pkey, DSA *key);
52 int EVP_PKEY_assign_DH(EVP_PKEY *pkey, DH *key);
53 int EVP_PKEY_assign_EC_KEY(EVP_PKEY *pkey, EC_KEY *key);
54 int EVP_PKEY_assign_POLY1305(EVP_PKEY *pkey, ASN1_OCTET_STRING *key);
55 int EVP_PKEY_assign_SIPHASH(EVP_PKEY *pkey, ASN1_OCTET_STRING *key);
56
57 ENGINE *EVP_PKEY_get0_engine(const EVP_PKEY *pkey);
58 int EVP_PKEY_set1_engine(EVP_PKEY *pkey, ENGINE *engine);
59
60=head1 DESCRIPTION
61
62EVP_PKEY_get_base_id() returns the type of I<pkey>. For example
63an RSA key will return B<EVP_PKEY_RSA>.
64
65EVP_PKEY_get_id() returns the actual OID associated with I<pkey>.
66Historically keys using the same algorithm could use different OIDs.
67For example an RSA key could use the OIDs corresponding to
68the NIDs B<NID_rsaEncryption> (equivalent to B<EVP_PKEY_RSA>) or
69B<NID_rsa> (equivalent to B<EVP_PKEY_RSA2>). The use of
70alternative non-standard OIDs is now rare so B<EVP_PKEY_RSA2> et al are not
71often seen in practice.
72
73EVP_PKEY_type() returns the underlying type of the NID I<type>. For example
74EVP_PKEY_type(EVP_PKEY_RSA2) will return B<EVP_PKEY_RSA>.
75
76EVP_PKEY_set1_RSA(), EVP_PKEY_set1_DSA(), EVP_PKEY_set1_DH() and
77EVP_PKEY_set1_EC_KEY() set the key referenced by I<pkey> to I<key>. These
78functions are deprecated. Applications should instead use
79L<EVP_PKEY_fromdata(3)>.
80
81EVP_PKEY_assign_RSA(), EVP_PKEY_assign_DSA(), EVP_PKEY_assign_DH(),
82EVP_PKEY_assign_EC_KEY(), EVP_PKEY_assign_POLY1305() and
83EVP_PKEY_assign_SIPHASH() set the referenced key to I<key> however these use
84the supplied I<key> internally and so I<key> will be freed when the parent
85I<pkey> is freed. These macros are deprecated. Applications should instead read
86an EVP_PKEY directly using the OSSL_DECODER APIs (see
87L<OSSL_DECODER_CTX_new_for_pkey(3)>), or construct an EVP_PKEY from data using
88L<EVP_PKEY_fromdata(3)>.
89
90EVP_PKEY_get1_RSA(), EVP_PKEY_get1_DSA(), EVP_PKEY_get1_DH() and
91EVP_PKEY_get1_EC_KEY() return the referenced key in I<pkey> or NULL if the
92key is not of the correct type. The returned key must be freed after use.
93These functions are deprecated. Applications should instead use the EVP_PKEY
94directly where possible. If access to the low level key parameters is required
95then applications should use L<EVP_PKEY_get_params(3)> and other similar
96functions. To write an EVP_PKEY out use the OSSL_ENCODER APIs (see
97L<OSSL_ENCODER_CTX_new_for_pkey(3)>).
98
99EVP_PKEY_get0_hmac(), EVP_PKEY_get0_poly1305(), EVP_PKEY_get0_siphash(),
100EVP_PKEY_get0_RSA(), EVP_PKEY_get0_DSA(), EVP_PKEY_get0_DH() and
101EVP_PKEY_get0_EC_KEY() return the referenced key in I<pkey> or NULL if the
102key is not of the correct type. The reference count of the returned key is
103B<not> incremented and so the key must not be freed after use. These functions
104are deprecated. Applications should instead use the EVP_PKEY directly where
105possible. If access to the low level key parameters is required then
106applications should use L<EVP_PKEY_get_params(3)> and other similar functions.
107To write an EVP_PKEY out use the OSSL_ENCODER APIs (see
108L<OSSL_ENCODER_CTX_new_for_pkey(3)>). EVP_PKEY_get0() returns a pointer to the
109legacy key or NULL if the key is not legacy.
110
111Note that if an EVP_PKEY was not constructed using one of the deprecated
112functions such as EVP_PKEY_set1_RSA(), EVP_PKEY_set1_DSA(), EVP_PKEY_set1_DH()
113or EVP_PKEY_set1_EC_KEY(), or via the similarly named B<EVP_PKEY_assign> macros
114described above then the internal key will be managed by a provider (see
115L<provider(7)>). In that case the key returned by EVP_PKEY_get1_RSA(),
116EVP_PKEY_get1_DSA(), EVP_PKEY_get1_DH(), EVP_PKEY_get1_EC_KEY(),
117EVP_PKEY_get0_hmac(), EVP_PKEY_get0_poly1305(), EVP_PKEY_get0_siphash(),
118EVP_PKEY_get0_RSA(), EVP_PKEY_get0_DSA(), EVP_PKEY_get0_DH() or
119EVP_PKEY_get0_EC_KEY() will be a cached copy of the provider's key. Subsequent
120updates to the provider's key will not be reflected back in the cached copy, and
121updates made by an application to the returned key will not be reflected back in
122the provider's key. Subsequent calls to EVP_PKEY_get1_RSA(),
123EVP_PKEY_get1_DSA(), EVP_PKEY_get1_DH() and EVP_PKEY_get1_EC_KEY() will always
124return the cached copy returned by the first call.
125
126EVP_PKEY_get0_engine() returns a reference to the ENGINE handling I<pkey>. This
127function is deprecated. Applications should use providers instead of engines
128(see L<provider(7)> for details).
129
130EVP_PKEY_set1_engine() sets the ENGINE handling I<pkey> to I<engine>. It
131must be called after the key algorithm and components are set up.
132If I<engine> does not include an B<EVP_PKEY_METHOD> for I<pkey> an
133error occurs. This function is deprecated. Applications should use providers
134instead of engines (see L<provider(7)> for details).
135
136=head1 WARNINGS
137
138The following functions are only reliable with B<EVP_PKEY>s that have
139been assigned an internal key with EVP_PKEY_assign_*():
140
141EVP_PKEY_get_id(), EVP_PKEY_get_base_id(), EVP_PKEY_type()
142
143For EVP_PKEY key type checking purposes, L<EVP_PKEY_is_a(3)> is more generic.
144
145The keys returned from the functions EVP_PKEY_get0_RSA(), EVP_PKEY_get0_DSA(),
146EVP_PKEY_get0_DH() and EVP_PKEY_get0_EC_KEY() were changed to have a "const"
147return type in OpenSSL 3.0. As described above the keys returned may be cached
148copies of the key held in a provider. Due to this, and unlike in earlier
149versions of OpenSSL, they should be considered read-only copies of the key.
150Updates to these keys will not be reflected back in the provider side key. The
151EVP_PKEY_get1_RSA(), EVP_PKEY_get1_DSA(), EVP_PKEY_get1_DH() and
152EVP_PKEY_get1_EC_KEY() functions were not changed to have a "const" return type
153in order that applications can "free" the return value. However applications
154should still consider them as read-only copies.
155
156=head1 NOTES
157
158In accordance with the OpenSSL naming convention the key obtained
159from or assigned to the I<pkey> using the B<1> functions must be
160freed as well as I<pkey>.
161
162EVP_PKEY_assign_RSA(), EVP_PKEY_assign_DSA(), EVP_PKEY_assign_DH(),
163EVP_PKEY_assign_EC_KEY(), EVP_PKEY_assign_POLY1305()
164and EVP_PKEY_assign_SIPHASH() are implemented as macros.
165
166EVP_PKEY_assign_EC_KEY() looks at the curve name id to determine if
167the passed B<EC_KEY> is an L<SM2(7)> key, and will set the B<EVP_PKEY>
168type to B<EVP_PKEY_SM2> in that case, instead of B<EVP_PKEY_EC>.
169
170Most applications wishing to know a key type will simply call
171EVP_PKEY_get_base_id() and will not care about the actual type:
172which will be identical in almost all cases.
173
174Previous versions of this document suggested using EVP_PKEY_type(pkey->type)
175to determine the type of a key. Since B<EVP_PKEY> is now opaque this
176is no longer possible: the equivalent is EVP_PKEY_get_base_id(pkey).
177
178EVP_PKEY_set1_engine() is typically used by an ENGINE returning an HSM
179key as part of its routine to load a private key.
180
181=head1 RETURN VALUES
182
183EVP_PKEY_set1_RSA(), EVP_PKEY_set1_DSA(), EVP_PKEY_set1_DH() and
184EVP_PKEY_set1_EC_KEY() return 1 for success or 0 for failure.
185
186EVP_PKEY_get1_RSA(), EVP_PKEY_get1_DSA(), EVP_PKEY_get1_DH() and
187EVP_PKEY_get1_EC_KEY() return the referenced key or NULL if
188an error occurred.
189
190EVP_PKEY_assign_RSA(), EVP_PKEY_assign_DSA(), EVP_PKEY_assign_DH(),
191EVP_PKEY_assign_EC_KEY(), EVP_PKEY_assign_POLY1305()
192and EVP_PKEY_assign_SIPHASH() return 1 for success and 0 for failure.
193
194EVP_PKEY_get_base_id(), EVP_PKEY_get_id() and EVP_PKEY_type() return a key
195type or B<NID_undef> (equivalently B<EVP_PKEY_NONE>) on error.
196
197EVP_PKEY_set1_engine() returns 1 for success and 0 for failure.
198
199=head1 SEE ALSO
200
201L<EVP_PKEY_new(3)>, L<SM2(7)>
202
203=head1 HISTORY
204
205The EVP_PKEY_id() and EVP_PKEY_base_id() functions were renamed to
206include C<get> in their names in OpenSSL 3.0, respectively. The old names
207are kept as non-deprecated alias macros.
208
209EVP_PKEY_set1_RSA, EVP_PKEY_set1_DSA, EVP_PKEY_set1_DH, EVP_PKEY_set1_EC_KEY,
210EVP_PKEY_get1_RSA, EVP_PKEY_get1_DSA, EVP_PKEY_get1_DH, EVP_PKEY_get1_EC_KEY,
211EVP_PKEY_get0_RSA, EVP_PKEY_get0_DSA, EVP_PKEY_get0_DH, EVP_PKEY_get0_EC_KEY,
212EVP_PKEY_assign_RSA, EVP_PKEY_assign_DSA, EVP_PKEY_assign_DH,
213EVP_PKEY_assign_EC_KEY, EVP_PKEY_assign_POLY1305, EVP_PKEY_assign_SIPHASH,
214EVP_PKEY_get0_hmac, EVP_PKEY_get0_poly1305, EVP_PKEY_get0_siphash,
215EVP_PKEY_set1_engine and EVP_PKEY_get0_engine were deprecated in OpenSSL 3.0.
216
217The return value from EVP_PKEY_get0_RSA, EVP_PKEY_get0_DSA, EVP_PKEY_get0_DH,
218EVP_PKEY_get0_EC_KEY were made const in OpenSSL 3.0.
219
220The function EVP_PKEY_set_alias_type() was previously documented on this page.
221It was removed in OpenSSL 3.0.
222
223=head1 COPYRIGHT
224
225Copyright 2002-2021 The OpenSSL Project Authors. All Rights Reserved.
226
227Licensed under the Apache License 2.0 (the "License").  You may not use
228this file except in compliance with the License.  You can obtain a copy
229in the file LICENSE in the source distribution or at
230L<https://www.openssl.org/source/license.html>.
231
232=cut
233