=head1 NAME
-EVP_PKEY_decrypt_init, EVP_PKEY_decrypt - decrypt using a public key algorithm
+EVP_PKEY_decrypt_init, EVP_PKEY_decrypt_init_ex,
+EVP_PKEY_decrypt - decrypt using a public key algorithm
=head1 SYNOPSIS
#include <openssl/evp.h>
int EVP_PKEY_decrypt_init(EVP_PKEY_CTX *ctx);
+ int EVP_PKEY_decrypt_init_ex(EVP_PKEY_CTX *ctx, const OSSL_PARAM params[]);
int EVP_PKEY_decrypt(EVP_PKEY_CTX *ctx,
- unsigned char *out, size_t *outlen,
- const unsigned char *in, size_t inlen);
+ unsigned char *out, size_t *outlen,
+ const unsigned char *in, size_t inlen);
=head1 DESCRIPTION
The EVP_PKEY_decrypt_init() function initializes a public key algorithm
context using key B<pkey> for a decryption operation.
+The EVP_PKEY_decrypt_init_ex() function initializes a public key algorithm
+context using key B<pkey> for a decryption operation and sets the
+algorithm specific B<params>.
+
The EVP_PKEY_decrypt() function performs a public key decryption operation
using B<ctx>. The data to be decrypted is specified using the B<in> and
B<inlen> parameters. If B<out> is B<NULL> then the maximum size of the output
After the call to EVP_PKEY_decrypt_init() algorithm specific control
operations can be performed to set any appropriate parameters for the
-operation.
+operation. These operations can be included in the EVP_PKEY_decrypt_init_ex()
+call.
The function EVP_PKEY_decrypt() can be called more than once on the same
context if several operations are performed using the same parameters.
=head1 RETURN VALUES
-EVP_PKEY_decrypt_init() and EVP_PKEY_decrypt() return 1 for success and 0
-or a negative value for failure. In particular a return value of -2
-indicates the operation is not supported by the public key algorithm.
+EVP_PKEY_decrypt_init(), EVP_PKEY_decrypt_init_ex() and EVP_PKEY_decrypt()
+return 1 for success and 0 or a negative value for failure. In particular a
+return value of -2 indicates the operation is not supported by the public key
+algorithm.
-=head1 EXAMPLE
+=head1 EXAMPLES
Decrypt data using OAEP (for RSA keys):
#include <openssl/rsa.h>
EVP_PKEY_CTX *ctx;
+ ENGINE *eng;
unsigned char *out, *in;
size_t outlen, inlen;
EVP_PKEY *key;
+
/*
- * NB: assumes key in, inlen are already set up
+ * NB: assumes key, eng, in, inlen are already set up
* and that key is an RSA private key
*/
- ctx = EVP_PKEY_CTX_new(key);
+ ctx = EVP_PKEY_CTX_new(key, eng);
if (!ctx)
/* Error occurred */
if (EVP_PKEY_decrypt_init(ctx) <= 0)
=head1 HISTORY
-These functions were first added to OpenSSL 1.0.0.
+These functions were added in OpenSSL 1.0.0.
=head1 COPYRIGHT
-Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved.
-Licensed under the OpenSSL license (the "License"). You may not use
+Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
in the file LICENSE in the source distribution or at
L<https://www.openssl.org/source/license.html>.