[thirdparty/openssl.git] / doc / man3 / EVP_PKEY_CTX_new.pod

=pod

=head1 NAME

EVP_PKEY_CTX_new, EVP_PKEY_CTX_new_id, EVP_PKEY_CTX_new_from_name,
EVP_PKEY_CTX_new_from_pkey, EVP_PKEY_CTX_dup, EVP_PKEY_CTX_free,
EVP_PKEY_CTX_is_a
- public key algorithm context functions

=head1 SYNOPSIS

 #include <openssl/evp.h>

 EVP_PKEY_CTX *EVP_PKEY_CTX_new(EVP_PKEY *pkey, ENGINE *e);
 EVP_PKEY_CTX *EVP_PKEY_CTX_new_id(int id, ENGINE *e);
 EVP_PKEY_CTX *EVP_PKEY_CTX_new_from_name(OSSL_LIB_CTX *libctx,
                                          const char *name,
                                          const char *propquery);
 EVP_PKEY_CTX *EVP_PKEY_CTX_new_from_pkey(OSSL_LIB_CTX *libctx,
                                          EVP_PKEY *pkey,
                                          const char *propquery);
 EVP_PKEY_CTX *EVP_PKEY_CTX_dup(const EVP_PKEY_CTX *ctx);
 void EVP_PKEY_CTX_free(EVP_PKEY_CTX *ctx);
 int EVP_PKEY_CTX_is_a(EVP_PKEY_CTX *ctx, const char *keytype);

=head1 DESCRIPTION

The EVP_PKEY_CTX_new() function allocates public key algorithm context using
the I<pkey> key type and ENGINE I<e>.

The EVP_PKEY_CTX_new_id() function allocates public key algorithm context
using the key type specified by I<id> and ENGINE I<e>.

The EVP_PKEY_CTX_new_from_name() function allocates a public key algorithm
context using the library context I<libctx> (see L<OSSL_LIB_CTX(3)>), the
key type specified by I<name> and the property query I<propquery>.  None
of the arguments are duplicated, so they  must remain unchanged for the
lifetime of the returned B<EVP_PKEY_CTX> or of any of its duplicates.  Read
further about the possible names in L</NOTES> below.

The EVP_PKEY_CTX_new_from_pkey() function allocates a public key algorithm
context using the library context I<libctx> (see L<OSSL_LIB_CTX(3)>) and the
algorithm specified by I<pkey> and the property query I<propquery>. None of the
arguments are duplicated, so they must remain unchanged for the lifetime of the
returned B<EVP_PKEY_CTX> or any of its duplicates.

EVP_PKEY_CTX_new_id() and EVP_PKEY_CTX_new_from_name() are normally
used when no B<EVP_PKEY> structure is associated with the operations,
for example during parameter generation or key generation for some
algorithms.

EVP_PKEY_CTX_dup() duplicates the context I<ctx>. It is not supported for a
keygen operation.

EVP_PKEY_CTX_free() frees up the context I<ctx>.
If I<ctx> is NULL, nothing is done.

EVP_PKEY_is_a() checks if the key type associated with I<ctx> is I<keytype>.

=head1 NOTES

=head2 On B<EVP_PKEY_CTX>

The B<EVP_PKEY_CTX> structure is an opaque public key algorithm context used
by the OpenSSL high-level public key API. Contexts B<MUST NOT> be shared between
threads: that is it is not permissible to use the same context simultaneously
in two threads.

=head2 On Key Types

We mention "key type" in this manual, which is the same
as "algorithm" in most cases, allowing either term to be used
interchangeably.  There are algorithms where the I<key type> and the
I<algorithm> of the operations that use the keys are not the same,
such as EC keys being used for ECDSA and ECDH operations.

Key types are given in two different manners:

=over 4

=item Legacy NID or EVP_PKEY type

This is the I<id> used with EVP_PKEY_CTX_new_id().

These are B<EVP_PKEY_RSA>, B<EVP_PKEY_RSA_PSS>, B<EVP_PKEY_DSA>,
B<EVP_PKEY_DH>, B<EVP_PKEY_EC>, B<EVP_PKEY_SM2>, B<EVP_PKEY_X25519>,
B<EVP_PKEY_X448>, and are used by legacy methods.

=item Name strings

This is the I<name> used with EVP_PKEY_CTX_new_from_name().

These are names like "RSA", "DSA", and what's available depends on what
providers are currently accessible.

The OpenSSL providers offer a set of key types available this way, please
see L<OSSL_PROVIDER-FIPS(7)> and L<OSSL_PROVIDER-default(7)> and related
documentation for more information.

=back

=head1 RETURN VALUES

EVP_PKEY_CTX_new(), EVP_PKEY_CTX_new_id() and EVP_PKEY_CTX_dup() return either
the newly allocated B<EVP_PKEY_CTX> structure or B<NULL> if an error occurred.

EVP_PKEY_CTX_free() does not return a value.

EVP_PKEY_CTX_is_a() returns 1 for true and 0 for false.

=head1 SEE ALSO

L<EVP_PKEY_new(3)>

=head1 HISTORY

The EVP_PKEY_CTX_new(), EVP_PKEY_CTX_new_id(), EVP_PKEY_CTX_dup() and
EVP_PKEY_CTX_free() functions were added in OpenSSL 1.0.0.

The EVP_PKEY_CTX_new_from_name() and EVP_PKEY_CTX_new_from_pkey() functions were
added in OpenSSL 3.0.

=head1 COPYRIGHT

Copyright 2006-2020 The OpenSSL Project Authors. All Rights Reserved.

Licensed under the Apache License 2.0 (the "License").  You may not use
this file except in compliance with the License.  You can obtain a copy
in the file LICENSE in the source distribution or at
L<https://www.openssl.org/source/license.html>.

=cut
Commit	Line	Data
5165148f DSH	1	=pod
	2
	3	=head1 NAME
	4
e683582b	5	EVP_PKEY_CTX_new, EVP_PKEY_CTX_new_id, EVP_PKEY_CTX_new_from_name,
6179dfc7 RL	6	EVP_PKEY_CTX_new_from_pkey, EVP_PKEY_CTX_dup, EVP_PKEY_CTX_free,
6179dfc7 RL	7	EVP_PKEY_CTX_is_a
a07c17ef	8	- public key algorithm context functions
5165148f DSH	9
	10	=head1 SYNOPSIS
	11
	12	#include <openssl/evp.h>
	13
	14	EVP_PKEY_CTX EVP_PKEY_CTX_new(EVP_PKEY pkey, ENGINE *e);
	15	EVP_PKEY_CTX EVP_PKEY_CTX_new_id(int id, ENGINE e);
b4250010	16	EVP_PKEY_CTX EVP_PKEY_CTX_new_from_name(OSSL_LIB_CTX libctx,
e683582b SL	17	const char *name,
e683582b SL	18	const char *propquery);
b4250010	19	EVP_PKEY_CTX EVP_PKEY_CTX_new_from_pkey(OSSL_LIB_CTX libctx,
a64a143f JB	20	EVP_PKEY *pkey,
a64a143f JB	21	const char *propquery);
9fdcc21f	22	EVP_PKEY_CTX EVP_PKEY_CTX_dup(const EVP_PKEY_CTX ctx);
5165148f	23	void EVP_PKEY_CTX_free(EVP_PKEY_CTX *ctx);
6179dfc7	24	int EVP_PKEY_CTX_is_a(EVP_PKEY_CTX ctx, const char keytype);
5165148f DSH	25
	26	=head1 DESCRIPTION
	27
	28	The EVP_PKEY_CTX_new() function allocates public key algorithm context using
f23bc0b7	29	the I<pkey> key type and ENGINE I<e>.
5165148f DSH	30
5165148f DSH	31	The EVP_PKEY_CTX_new_id() function allocates public key algorithm context
f23bc0b7	32	using the key type specified by I<id> and ENGINE I<e>.
a07c17ef	33
e683582b	34	The EVP_PKEY_CTX_new_from_name() function allocates a public key algorithm
b4250010	35	context using the library context I<libctx> (see L<OSSL_LIB_CTX(3)>), the
f23bc0b7	36	key type specified by I<name> and the property query I<propquery>. None
3ee348b0	37	of the arguments are duplicated, so they must remain unchanged for the
ccb47dbf RL	38	lifetime of the returned B<EVP_PKEY_CTX> or of any of its duplicates. Read
ccb47dbf RL	39	further about the possible names in L</NOTES> below.
a07c17ef	40
e683582b	41	The EVP_PKEY_CTX_new_from_pkey() function allocates a public key algorithm
b4250010	42	context using the library context I<libctx> (see L<OSSL_LIB_CTX(3)>) and the
2ee4a50a MC	43	algorithm specified by I<pkey> and the property query I<propquery>. None of the
	44	arguments are duplicated, so they must remain unchanged for the lifetime of the
	45	returned B<EVP_PKEY_CTX> or any of its duplicates.
e683582b SL	46
e683582b SL	47	EVP_PKEY_CTX_new_id() and EVP_PKEY_CTX_new_from_name() are normally
a07c17ef RL	48	used when no B<EVP_PKEY> structure is associated with the operations,
	49	for example during parameter generation or key generation for some
	50	algorithms.
5165148f	51
ac7750bb SL	52	EVP_PKEY_CTX_dup() duplicates the context I<ctx>. It is not supported for a
ac7750bb SL	53	keygen operation.
5165148f	54
028687c0 RL	55	EVP_PKEY_CTX_free() frees up the context I<ctx>.
028687c0 RL	56	If I<ctx> is NULL, nothing is done.
5165148f	57
6179dfc7 RL	58	EVP_PKEY_is_a() checks if the key type associated with I<ctx> is I<keytype>.
6179dfc7 RL	59
5165148f DSH	60	=head1 NOTES
5165148f DSH	61
ccb47dbf	62	=head2 On B<EVP_PKEY_CTX>
f23bc0b7	63
5165148f	64	The B<EVP_PKEY_CTX> structure is an opaque public key algorithm context used
8c1cbc72	65	by the OpenSSL high-level public key API. Contexts B<MUST NOT> be shared between
5165148f DSH	66	threads: that is it is not permissible to use the same context simultaneously
	67	in two threads.
	68
ccb47dbf	69	=head2 On Key Types
f23bc0b7 RL	70
	71	We mention "key type" in this manual, which is the same
	72	as "algorithm" in most cases, allowing either term to be used
	73	interchangeably. There are algorithms where the I<key type> and the
	74	I<algorithm> of the operations that use the keys are not the same,
	75	such as EC keys being used for ECDSA and ECDH operations.
	76
ccb47dbf RL	77	Key types are given in two different manners:
	78
	79	=over 4
	80
	81	=item Legacy NID or EVP_PKEY type
	82
	83	This is the I<id> used with EVP_PKEY_CTX_new_id().
	84
	85	These are B<EVP_PKEY_RSA>, B<EVP_PKEY_RSA_PSS>, B<EVP_PKEY_DSA>,
	86	B<EVP_PKEY_DH>, B<EVP_PKEY_EC>, B<EVP_PKEY_SM2>, B<EVP_PKEY_X25519>,
	87	B<EVP_PKEY_X448>, and are used by legacy methods.
	88
	89	=item Name strings
	90
	91	This is the I<name> used with EVP_PKEY_CTX_new_from_name().
	92
	93	These are names like "RSA", "DSA", and what's available depends on what
	94	providers are currently accessible.
	95
	96	The OpenSSL providers offer a set of key types available this way, please
	97	see L<OSSL_PROVIDER-FIPS(7)> and L<OSSL_PROVIDER-default(7)> and related
	98	documentation for more information.
	99
f23bc0b7 RL	100	=back
f23bc0b7 RL	101
5165148f DSH	102	=head1 RETURN VALUES
5165148f DSH	103
ac7750bb	104	EVP_PKEY_CTX_new(), EVP_PKEY_CTX_new_id() and EVP_PKEY_CTX_dup() return either
6926be0b	105	the newly allocated B<EVP_PKEY_CTX> structure or B<NULL> if an error occurred.
5165148f DSH	106
	107	EVP_PKEY_CTX_free() does not return a value.
	108
6179dfc7 RL	109	EVP_PKEY_CTX_is_a() returns 1 for true and 0 for false.
6179dfc7 RL	110
5165148f DSH	111	=head1 SEE ALSO
5165148f DSH	112
9b86974e	113	L<EVP_PKEY_new(3)>
5165148f DSH	114
	115	=head1 HISTORY
	116
e683582b SL	117	The EVP_PKEY_CTX_new(), EVP_PKEY_CTX_new_id(), EVP_PKEY_CTX_dup() and
	118	EVP_PKEY_CTX_free() functions were added in OpenSSL 1.0.0.
	119
	120	The EVP_PKEY_CTX_new_from_name() and EVP_PKEY_CTX_new_from_pkey() functions were
	121	added in OpenSSL 3.0.
5165148f	122
e2f92610 RS	123	=head1 COPYRIGHT
e2f92610 RS	124
33388b44	125	Copyright 2006-2020 The OpenSSL Project Authors. All Rights Reserved.
e2f92610	126
4746f25a	127	Licensed under the Apache License 2.0 (the "License"). You may not use
e2f92610 RS	128	this file except in compliance with the License. You can obtain a copy
	129	in the file LICENSE in the source distribution or at
	130	L<https://www.openssl.org/source/license.html>.
	131
	132	=cut