NAME
EVP_PKEY_set1_RSA,
EVP_PKEY_set1_DSA,
EVP_PKEY_set1_DH,
EVP_PKEY_set1_EC_KEY,
EVP_PKEY_get1_RSA,
EVP_PKEY_get1_DSA,
EVP_PKEY_get1_DH,
EVP_PKEY_get1_EC_KEY,
EVP_PKEY_get0_RSA,
EVP_PKEY_get0_DSA,
EVP_PKEY_get0_DH,
EVP_PKEY_get0_EC_KEY,
EVP_PKEY_get0_hmac,
EVP_PKEY_get0,
EVP_PKEY_assign_RSA,
EVP_PKEY_assign_DSA,
EVP_PKEY_assign_DH,
EVP_PKEY_assign_EC_KEY,
EVP_PKEY_assign_GOST,
EVP_PKEY_assign,
EVP_PKEY_base_id,
EVP_PKEY_id, EVP_PKEY_type,
EVP_PKEY_set_type,
EVP_PKEY_set_type_str —
EVP_PKEY assignment
functions
SYNOPSIS
#include
<openssl/evp.h>
int
EVP_PKEY_set1_RSA(EVP_PKEY
*pkey, RSA *key);
int
EVP_PKEY_set1_DSA(EVP_PKEY
*pkey, DSA *key);
int
EVP_PKEY_set1_DH(EVP_PKEY *pkey,
DH *key);
int
EVP_PKEY_set1_EC_KEY(EVP_PKEY
*pkey, EC_KEY *key);
RSA *
EVP_PKEY_get1_RSA(EVP_PKEY
*pkey);
DSA *
EVP_PKEY_get1_DSA(EVP_PKEY
*pkey);
DH *
EVP_PKEY_get1_DH(EVP_PKEY
*pkey);
EC_KEY *
EVP_PKEY_get1_EC_KEY(EVP_PKEY
*pkey);
RSA *
EVP_PKEY_get0_RSA(EVP_PKEY
*pkey);
DSA *
EVP_PKEY_get0_DSA(EVP_PKEY
*pkey);
DH *
EVP_PKEY_get0_DH(EVP_PKEY
*pkey);
EC_KEY *
EVP_PKEY_get0_EC_KEY(EVP_PKEY
*pkey);
const unsigned char *
EVP_PKEY_get0_hmac(const EVP_PKEY
*pkey, size_t *len);
void *
EVP_PKEY_get0(const EVP_PKEY
*pkey);
int
EVP_PKEY_assign_RSA(EVP_PKEY
*pkey, RSA *key);
int
EVP_PKEY_assign_DSA(EVP_PKEY
*pkey, DSA *key);
int
EVP_PKEY_assign_DH(EVP_PKEY
*pkey, DH *key);
int
EVP_PKEY_assign_EC_KEY(EVP_PKEY
*pkey, EC_KEY *key);
int
EVP_PKEY_assign_GOST(EVP_PKEY
*pkey, GOST_KEY *key);
int
EVP_PKEY_assign(EVP_PKEY *pkey,
int type, void *key);
int
EVP_PKEY_base_id(EVP_PKEY
*pkey);
int
EVP_PKEY_id(EVP_PKEY *pkey);
int
EVP_PKEY_type(int type);
int
EVP_PKEY_set_type(EVP_PKEY
*pkey, int type);
int
EVP_PKEY_set_type_str(EVP_PKEY
*pkey, const char *str, int
len);
DESCRIPTION
EVP_PKEY_set1_RSA(),
EVP_PKEY_set1_DSA(),
EVP_PKEY_set1_DH(),
and
EVP_PKEY_set1_EC_KEY()
set the key referenced by pkey to
key and increment the reference count of
key by 1 in case of success.
EVP_PKEY_get1_RSA(),
EVP_PKEY_get1_DSA(),
EVP_PKEY_get1_DH(),
and
EVP_PKEY_get1_EC_KEY()
return the key referenced in pkey, incrementing its
reference count by 1, or NULL if the key is not of
the correct type.
EVP_PKEY_get0_RSA(),
EVP_PKEY_get0_DSA(),
EVP_PKEY_get0_DH(),
EVP_PKEY_get0_EC_KEY(),
and
EVP_PKEY_get0()
are identical except that they do not increment the reference count.
Consequently, the returned key must not be freed by the caller.
EVP_PKEY_get0_hmac()
returns an internal pointer to the key referenced in
pkey and sets *len to its length
in bytes. The returned pointer must not be freed by the caller. If
pkey is not of the correct type,
NULL is returned and the content of
*len becomes unspecified.
EVP_PKEY_assign_RSA(),
EVP_PKEY_assign_DSA(),
EVP_PKEY_assign_DH(),
EVP_PKEY_assign_EC_KEY(),
EVP_PKEY_assign_GOST(),
and
EVP_PKEY_assign()
also set the referenced key to key; however these use
the supplied key internally without incrementing its
reference count, such that key will be freed when the
parent pkey is freed. If the key
is of the wrong type, these functions report success even though
pkey ends up in a corrupted state. Even the functions
explicitly containing the type in their name are
not type
safe because they are implemented as macros. The following types are
supported: EVP_PKEY_RSA,
EVP_PKEY_DSA, EVP_PKEY_DH,
EVP_PKEY_EC, and
EVP_PKEY_GOSTR01.
EVP_PKEY_base_id()
returns the type of pkey according to the following
table:
| return value | PEM type string | |
EVP_PKEY_CMAC |
= NID_cmac |
CMAC |
EVP_PKEY_DH |
= NID_dhKeyAgreement |
DH |
EVP_PKEY_DSA |
= NID_dsa |
DSA |
EVP_PKEY_EC |
= NID_X9_62_id_ecPublicKey |
EC |
EVP_PKEY_GOSTIMIT |
= NID_id_Gost28147_89_MAC |
GOST-MAC |
EVP_PKEY_GOSTR01 |
= NID_id_GostR3410_2001 |
GOST2001 |
EVP_PKEY_HMAC |
= NID_hmac |
HMAC |
EVP_PKEY_RSA |
= NID_rsaEncryption |
RSA |
EVP_PKEY_RSA_PSS |
= NID_rsassaPss |
RSA-PSS |
Application programs can support additional key types by calling EVP_PKEY_asn1_add0(3).
EVP_PKEY_id()
returns the actual OID associated with pkey.
Historically keys using the same algorithm could use different OIDs. The
following deprecated aliases are still supported:
| return value | alias for | |
EVP_PKEY_DSA1 |
= NID_dsa_2 |
DSA |
EVP_PKEY_DSA2 |
= NID_dsaWithSHA |
DSA |
EVP_PKEY_DSA3 |
= NID_dsaWithSHA1 |
DSA |
EVP_PKEY_DSA4 |
= NID_dsaWithSHA1_2 |
DSA |
EVP_PKEY_GOSTR12_256 |
= NID_id_tc26_gost3410_2012_256 |
GOST2001 |
EVP_PKEY_GOSTR12_512 |
= NID_id_tc26_gost3410_2012_512 |
GOST2001 |
EVP_PKEY_RSA2 |
= NID_rsa |
RSA |
Application programs can support additional alternative OIDs by calling EVP_PKEY_asn1_add_alias(3).
Most applications wishing to know a key
type will simply call
EVP_PKEY_base_id()
and will not care about the actual type, which will be identical in almost
all cases.
EVP_PKEY_type()
returns the underlying type of the NID type. For
example,
EVP_PKEY_type(EVP_PKEY_RSA2)
will return EVP_PKEY_RSA.
EVP_PKEY_set_type()
frees the key referenced in pkey, if any, and sets the
key type of pkey to type without
referencing a new key from pkey yet. For
type, any of the possible return values of
EVP_PKEY_base_id() and
EVP_PKEY_id() can be passed.
EVP_PKEY_set_type_str()
frees the key referenced in pkey, if any, and sets the
key type of pkey according to the PEM type string
given by the first len bytes of
str. If len is -1, the
strlen(3) of str is used instead. The PEM type
strings supported by default are listed in the table above. This function
does not reference a new key from pkey.
If pkey is a
NULL pointer,
EVP_PKEY_set_type()
and EVP_PKEY_set_type_str() check that a matching
key type exists but do not change any object.
In accordance with the OpenSSL naming convention, the key obtained from or assigned to pkey using the 1 functions must be freed as well as pkey.
RETURN VALUES
EVP_PKEY_set1_RSA(),
EVP_PKEY_set1_DSA(),
EVP_PKEY_set1_DH(),
EVP_PKEY_set1_EC_KEY(),
EVP_PKEY_assign_RSA(),
EVP_PKEY_assign_DSA(),
EVP_PKEY_assign_DH(),
EVP_PKEY_assign_EC_KEY(),
EVP_PKEY_assign_GOST(),
EVP_PKEY_assign(),
EVP_PKEY_set_type(), and
EVP_PKEY_set_type_str() return 1 for success or 0
for failure.
EVP_PKEY_get1_RSA(),
EVP_PKEY_get1_DSA(),
EVP_PKEY_get1_DH(),
EVP_PKEY_get1_EC_KEY(),
EVP_PKEY_get0_RSA(),
EVP_PKEY_get0_DSA(),
EVP_PKEY_get0_DH(),
EVP_PKEY_get0_EC_KEY(),
EVP_PKEY_get0_hmac(), and
EVP_PKEY_get0() return the referenced key or
NULL if an error occurred. For
EVP_PKEY_get0(), the return value points to an
RSA, DSA,
DH, EC_KEY,
GOST_KEY, or ASN1_OCTET_STRING
object depending on the type of pkey.
EVP_PKEY_base_id(),
EVP_PKEY_id(), and
EVP_PKEY_type() return a key type or
NID_undef (equivalently
EVP_PKEY_NONE) on error.
SEE ALSO
DH_new(3), DSA_new(3), EC_KEY_new(3), EVP_PKEY_get0_asn1(3), EVP_PKEY_new(3), RSA_new(3)
HISTORY
EVP_PKEY_assign_RSA(),
EVP_PKEY_assign_DSA(),
EVP_PKEY_assign_DH(),
EVP_PKEY_assign(), and
EVP_PKEY_type() first appeared in SSLeay 0.8.0 and
have been available since OpenBSD 2.4.
EVP_PKEY_set1_RSA(),
EVP_PKEY_set1_DSA(),
EVP_PKEY_set1_DH(),
EVP_PKEY_get1_RSA(),
EVP_PKEY_get1_DSA(), and
EVP_PKEY_get1_DH() first appeared in OpenSSL 0.9.5
and have been available since OpenBSD 2.7.
EVP_PKEY_set1_EC_KEY(),
EVP_PKEY_get1_EC_KEY(), and
EVP_PKEY_assign_EC_KEY() first appeared in OpenSSL
0.9.8 and have been available since OpenBSD 4.5.
EVP_PKEY_get0(),
EVP_PKEY_base_id(),
EVP_PKEY_id(),
EVP_PKEY_set_type(), and
EVP_PKEY_set_type_str() first appeared in OpenSSL
1.0.0 and have been available since OpenBSD 4.9.
EVP_PKEY_assign_GOST() first appeared in
OpenBSD 5.7.
EVP_PKEY_get0_RSA(),
EVP_PKEY_get0_DSA(),
EVP_PKEY_get0_DH(), and
EVP_PKEY_get0_EC_KEY() first appeared in OpenSSL
1.1.0 and have been available since OpenBSD 6.3.
EVP_PKEY_get0_hmac() first appeared in
OpenSSL 1.1.0 and has been available since OpenBSD
6.5.