EVP_PKEY_asn1_new(3) - OpenBSD manual pages

NAME

EVP_PKEY_asn1_new, EVP_PKEY_asn1_copy, EVP_PKEY_asn1_free, EVP_PKEY_asn1_add0, EVP_PKEY_asn1_add_alias, EVP_PKEY_asn1_set_public, EVP_PKEY_asn1_set_private, EVP_PKEY_asn1_set_param, EVP_PKEY_asn1_set_free, EVP_PKEY_asn1_set_ctrl, EVP_PKEY_asn1_set_check, EVP_PKEY_asn1_set_public_check, EVP_PKEY_asn1_set_param_check, EVP_PKEY_asn1_set_security_bits — manipulating and registering an EVP_PKEY_ASN1_METHOD structure

SYNOPSIS

#include <openssl/evp.h>

EVP_PKEY_ASN1_METHOD *
EVP_PKEY_asn1_new(int id, int flags, const char *pem_str, const char *info);

void
EVP_PKEY_asn1_copy(EVP_PKEY_ASN1_METHOD *dst, const EVP_PKEY_ASN1_METHOD *src);

void
EVP_PKEY_asn1_free(EVP_PKEY_ASN1_METHOD *ameth);

int
EVP_PKEY_asn1_add0(const EVP_PKEY_ASN1_METHOD *ameth);

int
EVP_PKEY_asn1_add_alias(int to, int from);

void
EVP_PKEY_asn1_set_public(EVP_PKEY_ASN1_METHOD *ameth, int (*pub_decode)(EVP_PKEY *pk, X509_PUBKEY *pub), int (*pub_encode)(X509_PUBKEY *pub, const EVP_PKEY *pk), int (*pub_cmp)(const EVP_PKEY *a, const EVP_PKEY *b), int (*pub_print)(BIO *out, const EVP_PKEY *pkey, int indent, ASN1_PCTX *pctx), int (*pkey_size)(const EVP_PKEY *pk), int (*pkey_bits)(const EVP_PKEY *pk));

void
EVP_PKEY_asn1_set_private(EVP_PKEY_ASN1_METHOD *ameth, int (*priv_decode)(EVP_PKEY *pk, const PKCS8_PRIV_KEY_INFO *p8inf), int (*priv_encode)(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pk), int (*priv_print)(BIO *out, const EVP_PKEY *pkey, int indent, ASN1_PCTX *pctx));

void
EVP_PKEY_asn1_set_param(EVP_PKEY_ASN1_METHOD *ameth, int (*param_decode)(EVP_PKEY *pkey, const unsigned char **pder, int derlen), int (*param_encode)(const EVP_PKEY *pkey, unsigned char **pder), int (*param_missing)(const EVP_PKEY *pk), int (*param_copy)(EVP_PKEY *to, const EVP_PKEY *from), int (*param_cmp)(const EVP_PKEY *a, const EVP_PKEY *b), int (*param_print)(BIO *out, const EVP_PKEY *pkey, int indent, ASN1_PCTX *pctx));

void
EVP_PKEY_asn1_set_free(EVP_PKEY_ASN1_METHOD *ameth, void (*pkey_free)(EVP_PKEY *pkey));

void
EVP_PKEY_asn1_set_ctrl(EVP_PKEY_ASN1_METHOD *ameth, int (*pkey_ctrl)(EVP_PKEY *pkey, int op, long arg1, void *arg2));

void
EVP_PKEY_asn1_set_check(EVP_PKEY_ASN1_METHOD *ameth, int (*pkey_check)(const EVP_PKEY *pk));

void
EVP_PKEY_asn1_set_public_check(EVP_PKEY_ASN1_METHOD *ameth, int (*pkey_public_check)(const EVP_PKEY *pk));

void
EVP_PKEY_asn1_set_param_check(EVP_PKEY_ASN1_METHOD *ameth, int (*pkey_param_check)(const EVP_PKEY *pk));

void
EVP_PKEY_asn1_set_security_bits(EVP_PKEY_ASN1_METHOD *ameth, int (*pkey_security_bits)(const EVP_PKEY *pkey));

DESCRIPTION

EVP_PKEY_ASN1_METHOD is a structure which holds a set of ASN.1 conversion, printing and information methods for a specific public key algorithm.

There are two places where the EVP_PKEY_ASN1_METHOD objects are stored: one is a built-in array representing the standard methods for different algorithms, and the other one is a stack of user-defined application-specific methods, which can be manipulated by using EVP_PKEY_asn1_add0().

Methods

The methods are the underlying implementations of a particular public key algorithm present by the EVP_PKEY object.

int (*pub_decode)(EVP_PKEY *pk, X509_PUBKEY *pub)
int (*pub_encode)(X509_PUBKEY *pub, const EVP_PKEY *pk)

Decode and encode X509_PUBKEY ASN.1 parameters to and from pk. These methods must return 0 on error and 1 on success. They are called by X509_PUBKEY_get(3) and X509_PUBKEY_set(3).

int (*pub_cmp)(const EVP_PKEY *a, const EVP_PKEY *b)

Compare two public keys. This method must return 1 when the keys are equal and 0 otherwise. It is called by EVP_PKEY_cmp(3).

int (*pub_print)(BIO *out, const EVP_PKEY *pkey, int indent, ASN1_PCTX *pctx);

Print a public key in humanly readable text to out, indented indent spaces. This method must return 0 on error and 1 on success. It is called by EVP_PKEY_print_public(3).

int (*priv_decode)(EVP_PKEY *pk, const PKCS8_PRIV_KEY_INFO *p8inf)
int (*priv_encode)(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pk)

Decode and encode PKCS8_PRIV_KEY_INFO form private key to and from pk. These methods must return 0 on error, 1 on success. They are called by EVP_PKCS82PKEY(3) and EVP_PKEY2PKCS8(3).

int (*priv_print)(BIO *out, const EVP_PKEY *pkey, int indent, ASN1_PCTX *pctx);

Print a private key in humanly readable text to out, indented indent spaces. This method must return 0 on error and 1 on success. It is called by EVP_PKEY_print_private(3).

int (*pkey_size)(const EVP_PKEY *pk)

Returns the key size in bytes. This method is called by EVP_PKEY_size(3).

int (*pkey_bits)(const EVP_PKEY *pk)

Returns the key size in bits. This method is called by EVP_PKEY_bits(3).

int (*param_decode)(EVP_PKEY *pkey, const unsigned char **pder, int derlen);
int (*param_encode)(const EVP_PKEY *pkey, unsigned char **pder);

Decode and encode DER formatted parameters to and from pk. These methods must return 0 on error and 1 on success. They are called by PEM_read_bio_Parameters().

int (*param_missing)(const EVP_PKEY *pk)

Return 0 if a key parameter is missing or 1 otherwise. This method is called by EVP_PKEY_missing_parameters(3).

int (*param_copy)(EVP_PKEY *to, const EVP_PKEY *from)

Copy key parameters from from to to. This method must return 0 on error and 1 on success. It is called by EVP_PKEY_copy_parameters(3).

int (*param_cmp)(const EVP_PKEY *a, const EVP_PKEY *b)

Compare the parameters of the keys a and b. This method must return 1 when the keys are equal, 0 when not equal, and a negative number on error. It is called by EVP_PKEY_cmp_parameters(3).

int (*param_print)(BIO *out, const EVP_PKEY *pkey, int indent, ASN1_PCTX *pctx);

Print the private key parameters in humanly readable text to out, indented indent spaces. This method must return 0 on error and 1 on success. It is called by EVP_PKEY_print_params(3).

void (*pkey_free)(EVP_PKEY *pkey)

Free the internals of pkey. This method is called by EVP_PKEY_free(3), EVP_PKEY_set_type(3), EVP_PKEY_set_type_str(3), and EVP_PKEY_assign(3).

int (*pkey_ctrl)(EVP_PKEY *pkey, int op, long arg1, void *arg2);

Add extra algorithm specific control.

If the op argument is ASN1_PKEY_CTRL_DEFAULT_MD_NID, the pkey_ctrl method is supposed to write the message digest NID for public key signature operations with the given pkey to *arg2 as documented in the EVP_PKEY_get_default_digest_nid(3) manual page.

The pkey_ctrl method is also called by PKCS7_SIGNER_INFO_set(), PKCS7_RECIP_INFO_set(), and other functions.

int (*pkey_check)(const EVP_PKEY *pk)
int (*pkey_public_check)(const EVP_PKEY *pk)
int (*pkey_param_check)(const EVP_PKEY *pk)

Check the validity of pk for key-pair, public component, and parameters, respectively. These methods must return 0 for an invalid key or 1 for a valid key. They are called by EVP_PKEY_check(3), EVP_PKEY_public_check(3), and EVP_PKEY_param_check(3), respectively.

int (*pkey_security_bits)(const EVP_PKEY *pkey)

Return the security strength measured in bits of pkey. It is called by EVP_PKEY_security_bits(3).

Functions

EVP_PKEY_asn1_new() creates and returns a new EVP_PKEY_ASN1_METHOD object, marks it as dynamically allocated, and associates the given id, flags, pem_str and info. id is a NID, pem_str is the PEM type string, info is a descriptive string. If ASN1_PKEY_SIGPARAM_NULL is set in flags, the signature algorithm parameters are given the type V_ASN1_NULL by default, otherwise they will be given the type V_ASN1_UNDEF (i.e. the parameter is omitted). See X509_ALGOR_set0(3) for more information.

EVP_PKEY_asn1_copy() copies all function pointers from src to dst. The data in dst that can be set with EVP_PKEY_asn1_new() — NIDs, flags, and strings — remains unchanged. This function is not thread safe, it is recommended to only use this when initializing the application.

EVP_PKEY_asn1_free() frees the dynamically allocated ameth including all memory it refers to. If ameth is NULL of not marked as dynamically allocated, no action occurs.

EVP_PKEY_asn1_add0() adds ameth to the user defined stack of methods unless another EVP_PKEY_ASN1_METHOD with the same NID is already there. This function is not thread safe, it is recommended to only use this when initializing the application.

EVP_PKEY_asn1_add_alias() creates an alias with the NID to for the EVP_PKEY_ASN1_METHOD with NID from unless another EVP_PKEY_ASN1_METHOD with the same NID is already added. This function is not thread safe, it's recommended to only use this when initializing the application.

EVP_PKEY_asn1_set_public(), EVP_PKEY_asn1_set_private(), EVP_PKEY_asn1_set_param(), EVP_PKEY_asn1_set_free(), EVP_PKEY_asn1_set_ctrl(), EVP_PKEY_asn1_set_check(), EVP_PKEY_asn1_set_public_check(), EVP_PKEY_asn1_set_param_check(), and EVP_PKEY_asn1_set_security_bits() set the diverse methods of the given EVP_PKEY_ASN1_METHOD object.

RETURN VALUES

EVP_PKEY_asn1_new() returns a pointer to the new EVP_PKEY_ASN1_METHOD object or NULL if memory allocation fails.

EVP_PKEY_asn1_add0() and EVP_PKEY_asn1_add_alias() return 0 on error or 1 on success.

HISTORY

EVP_PKEY_asn1_new(), EVP_PKEY_asn1_copy(), EVP_PKEY_asn1_free(), EVP_PKEY_asn1_add0(), EVP_PKEY_asn1_add_alias(), EVP_PKEY_asn1_set_public(), EVP_PKEY_asn1_set_private(), EVP_PKEY_asn1_set_param(), EVP_PKEY_asn1_set_free(), and EVP_PKEY_asn1_set_ctrl() first appeared in OpenSSL 1.0.0 and have been available since OpenBSD 4.9.

EVP_PKEY_asn1_set_check(), EVP_PKEY_asn1_set_public_check(), and EVP_PKEY_asn1_set_param_check() first appeared in OpenSSL 1.1.1 and have been available since OpenBSD 7.1.

EVP_PKEY_asn1_set_security_bits() first appeared in OpenSSL 1.1.0 and has been available since OpenBSD 7.2.

OpenBSD manual page server