]>
Commit | Line | Data |
---|---|---|
43f985fd PY |
1 | =pod |
2 | ||
3 | =head1 NAME | |
4 | ||
5 | EVP_PKEY_meth_new, EVP_PKEY_meth_free, EVP_PKEY_meth_copy, EVP_PKEY_meth_find, | |
6 | EVP_PKEY_meth_add0, EVP_PKEY_METHOD, | |
7 | EVP_PKEY_meth_set_init, EVP_PKEY_meth_set_copy, EVP_PKEY_meth_set_cleanup, | |
8 | EVP_PKEY_meth_set_paramgen, EVP_PKEY_meth_set_keygen, EVP_PKEY_meth_set_sign, | |
9 | EVP_PKEY_meth_set_verify, EVP_PKEY_meth_set_verify_recover, EVP_PKEY_meth_set_signctx, | |
10 | EVP_PKEY_meth_set_verifyctx, EVP_PKEY_meth_set_encrypt, EVP_PKEY_meth_set_decrypt, | |
2555285f AH |
11 | EVP_PKEY_meth_set_derive, EVP_PKEY_meth_set_ctrl, |
12 | EVP_PKEY_meth_set_digestsign, EVP_PKEY_meth_set_digestverify, | |
13 | EVP_PKEY_meth_set_check, | |
b0004708 | 14 | EVP_PKEY_meth_set_public_check, EVP_PKEY_meth_set_param_check, |
675f4cee | 15 | EVP_PKEY_meth_set_digest_custom, |
43f985fd PY |
16 | EVP_PKEY_meth_get_init, EVP_PKEY_meth_get_copy, EVP_PKEY_meth_get_cleanup, |
17 | EVP_PKEY_meth_get_paramgen, EVP_PKEY_meth_get_keygen, EVP_PKEY_meth_get_sign, | |
18 | EVP_PKEY_meth_get_verify, EVP_PKEY_meth_get_verify_recover, EVP_PKEY_meth_get_signctx, | |
19 | EVP_PKEY_meth_get_verifyctx, EVP_PKEY_meth_get_encrypt, EVP_PKEY_meth_get_decrypt, | |
2555285f AH |
20 | EVP_PKEY_meth_get_derive, EVP_PKEY_meth_get_ctrl, |
21 | EVP_PKEY_meth_get_digestsign, EVP_PKEY_meth_get_digestverify, | |
22 | EVP_PKEY_meth_get_check, | |
b0004708 | 23 | EVP_PKEY_meth_get_public_check, EVP_PKEY_meth_get_param_check, |
675f4cee | 24 | EVP_PKEY_meth_get_digest_custom, |
0822e89a | 25 | EVP_PKEY_meth_remove |
43f985fd PY |
26 | - manipulating EVP_PKEY_METHOD structure |
27 | ||
28 | =head1 SYNOPSIS | |
29 | ||
30 | #include <openssl/evp.h> | |
31 | ||
41bbba53 P |
32 | Deprecated since OpenSSL 3.0, can be hidden entirely by defining |
33 | B<OPENSSL_API_COMPAT> with a suitable version value, see | |
34 | L<openssl_user_macros(7)>: | |
35 | ||
43f985fd PY |
36 | typedef struct evp_pkey_method_st EVP_PKEY_METHOD; |
37 | ||
38 | EVP_PKEY_METHOD *EVP_PKEY_meth_new(int id, int flags); | |
39 | void EVP_PKEY_meth_free(EVP_PKEY_METHOD *pmeth); | |
40 | void EVP_PKEY_meth_copy(EVP_PKEY_METHOD *dst, const EVP_PKEY_METHOD *src); | |
41 | const EVP_PKEY_METHOD *EVP_PKEY_meth_find(int type); | |
42 | int EVP_PKEY_meth_add0(const EVP_PKEY_METHOD *pmeth); | |
0822e89a | 43 | int EVP_PKEY_meth_remove(const EVP_PKEY_METHOD *pmeth); |
43f985fd PY |
44 | |
45 | void EVP_PKEY_meth_set_init(EVP_PKEY_METHOD *pmeth, | |
46 | int (*init) (EVP_PKEY_CTX *ctx)); | |
47 | void EVP_PKEY_meth_set_copy(EVP_PKEY_METHOD *pmeth, | |
48 | int (*copy) (EVP_PKEY_CTX *dst, | |
9ac653d8 | 49 | const EVP_PKEY_CTX *src)); |
43f985fd PY |
50 | void EVP_PKEY_meth_set_cleanup(EVP_PKEY_METHOD *pmeth, |
51 | void (*cleanup) (EVP_PKEY_CTX *ctx)); | |
52 | void EVP_PKEY_meth_set_paramgen(EVP_PKEY_METHOD *pmeth, | |
53 | int (*paramgen_init) (EVP_PKEY_CTX *ctx), | |
54 | int (*paramgen) (EVP_PKEY_CTX *ctx, | |
55 | EVP_PKEY *pkey)); | |
56 | void EVP_PKEY_meth_set_keygen(EVP_PKEY_METHOD *pmeth, | |
57 | int (*keygen_init) (EVP_PKEY_CTX *ctx), | |
58 | int (*keygen) (EVP_PKEY_CTX *ctx, | |
59 | EVP_PKEY *pkey)); | |
60 | void EVP_PKEY_meth_set_sign(EVP_PKEY_METHOD *pmeth, | |
61 | int (*sign_init) (EVP_PKEY_CTX *ctx), | |
62 | int (*sign) (EVP_PKEY_CTX *ctx, | |
63 | unsigned char *sig, size_t *siglen, | |
64 | const unsigned char *tbs, | |
65 | size_t tbslen)); | |
66 | void EVP_PKEY_meth_set_verify(EVP_PKEY_METHOD *pmeth, | |
67 | int (*verify_init) (EVP_PKEY_CTX *ctx), | |
68 | int (*verify) (EVP_PKEY_CTX *ctx, | |
69 | const unsigned char *sig, | |
70 | size_t siglen, | |
71 | const unsigned char *tbs, | |
72 | size_t tbslen)); | |
73 | void EVP_PKEY_meth_set_verify_recover(EVP_PKEY_METHOD *pmeth, | |
74 | int (*verify_recover_init) (EVP_PKEY_CTX | |
75 | *ctx), | |
76 | int (*verify_recover) (EVP_PKEY_CTX | |
77 | *ctx, | |
78 | unsigned char | |
79 | *sig, | |
80 | size_t *siglen, | |
81 | const unsigned | |
82 | char *tbs, | |
83 | size_t tbslen)); | |
84 | void EVP_PKEY_meth_set_signctx(EVP_PKEY_METHOD *pmeth, | |
85 | int (*signctx_init) (EVP_PKEY_CTX *ctx, | |
86 | EVP_MD_CTX *mctx), | |
87 | int (*signctx) (EVP_PKEY_CTX *ctx, | |
88 | unsigned char *sig, | |
89 | size_t *siglen, | |
90 | EVP_MD_CTX *mctx)); | |
91 | void EVP_PKEY_meth_set_verifyctx(EVP_PKEY_METHOD *pmeth, | |
92 | int (*verifyctx_init) (EVP_PKEY_CTX *ctx, | |
93 | EVP_MD_CTX *mctx), | |
94 | int (*verifyctx) (EVP_PKEY_CTX *ctx, | |
95 | const unsigned char *sig, | |
96 | int siglen, | |
97 | EVP_MD_CTX *mctx)); | |
98 | void EVP_PKEY_meth_set_encrypt(EVP_PKEY_METHOD *pmeth, | |
99 | int (*encrypt_init) (EVP_PKEY_CTX *ctx), | |
100 | int (*encryptfn) (EVP_PKEY_CTX *ctx, | |
101 | unsigned char *out, | |
102 | size_t *outlen, | |
103 | const unsigned char *in, | |
104 | size_t inlen)); | |
105 | void EVP_PKEY_meth_set_decrypt(EVP_PKEY_METHOD *pmeth, | |
106 | int (*decrypt_init) (EVP_PKEY_CTX *ctx), | |
107 | int (*decrypt) (EVP_PKEY_CTX *ctx, | |
108 | unsigned char *out, | |
109 | size_t *outlen, | |
110 | const unsigned char *in, | |
111 | size_t inlen)); | |
112 | void EVP_PKEY_meth_set_derive(EVP_PKEY_METHOD *pmeth, | |
113 | int (*derive_init) (EVP_PKEY_CTX *ctx), | |
114 | int (*derive) (EVP_PKEY_CTX *ctx, | |
115 | unsigned char *key, | |
116 | size_t *keylen)); | |
117 | void EVP_PKEY_meth_set_ctrl(EVP_PKEY_METHOD *pmeth, | |
118 | int (*ctrl) (EVP_PKEY_CTX *ctx, int type, int p1, | |
119 | void *p2), | |
120 | int (*ctrl_str) (EVP_PKEY_CTX *ctx, | |
121 | const char *type, | |
122 | const char *value)); | |
2555285f AH |
123 | void EVP_PKEY_meth_set_digestsign(EVP_PKEY_METHOD *pmeth, |
124 | int (*digestsign) (EVP_MD_CTX *ctx, | |
125 | unsigned char *sig, | |
126 | size_t *siglen, | |
127 | const unsigned char *tbs, | |
128 | size_t tbslen)); | |
129 | void EVP_PKEY_meth_set_digestverify(EVP_PKEY_METHOD *pmeth, | |
130 | int (*digestverify) (EVP_MD_CTX *ctx, | |
131 | const unsigned char *sig, | |
132 | size_t siglen, | |
133 | const unsigned char *tbs, | |
134 | size_t tbslen)); | |
2aee35d3 PY |
135 | void EVP_PKEY_meth_set_check(EVP_PKEY_METHOD *pmeth, |
136 | int (*check) (EVP_PKEY *pkey)); | |
b0004708 PY |
137 | void EVP_PKEY_meth_set_public_check(EVP_PKEY_METHOD *pmeth, |
138 | int (*check) (EVP_PKEY *pkey)); | |
139 | void EVP_PKEY_meth_set_param_check(EVP_PKEY_METHOD *pmeth, | |
140 | int (*check) (EVP_PKEY *pkey)); | |
675f4cee PY |
141 | void EVP_PKEY_meth_set_digest_custom(EVP_PKEY_METHOD *pmeth, |
142 | int (*digest_custom) (EVP_PKEY_CTX *ctx, | |
143 | EVP_MD_CTX *mctx)); | |
43f985fd | 144 | |
693be9a2 | 145 | void EVP_PKEY_meth_get_init(const EVP_PKEY_METHOD *pmeth, |
43f985fd | 146 | int (**pinit) (EVP_PKEY_CTX *ctx)); |
693be9a2 | 147 | void EVP_PKEY_meth_get_copy(const EVP_PKEY_METHOD *pmeth, |
43f985fd PY |
148 | int (**pcopy) (EVP_PKEY_CTX *dst, |
149 | EVP_PKEY_CTX *src)); | |
693be9a2 | 150 | void EVP_PKEY_meth_get_cleanup(const EVP_PKEY_METHOD *pmeth, |
43f985fd | 151 | void (**pcleanup) (EVP_PKEY_CTX *ctx)); |
693be9a2 | 152 | void EVP_PKEY_meth_get_paramgen(const EVP_PKEY_METHOD *pmeth, |
43f985fd PY |
153 | int (**pparamgen_init) (EVP_PKEY_CTX *ctx), |
154 | int (**pparamgen) (EVP_PKEY_CTX *ctx, | |
155 | EVP_PKEY *pkey)); | |
693be9a2 | 156 | void EVP_PKEY_meth_get_keygen(const EVP_PKEY_METHOD *pmeth, |
43f985fd PY |
157 | int (**pkeygen_init) (EVP_PKEY_CTX *ctx), |
158 | int (**pkeygen) (EVP_PKEY_CTX *ctx, | |
159 | EVP_PKEY *pkey)); | |
693be9a2 | 160 | void EVP_PKEY_meth_get_sign(const EVP_PKEY_METHOD *pmeth, |
43f985fd PY |
161 | int (**psign_init) (EVP_PKEY_CTX *ctx), |
162 | int (**psign) (EVP_PKEY_CTX *ctx, | |
163 | unsigned char *sig, size_t *siglen, | |
164 | const unsigned char *tbs, | |
165 | size_t tbslen)); | |
693be9a2 | 166 | void EVP_PKEY_meth_get_verify(const EVP_PKEY_METHOD *pmeth, |
43f985fd PY |
167 | int (**pverify_init) (EVP_PKEY_CTX *ctx), |
168 | int (**pverify) (EVP_PKEY_CTX *ctx, | |
169 | const unsigned char *sig, | |
170 | size_t siglen, | |
171 | const unsigned char *tbs, | |
172 | size_t tbslen)); | |
693be9a2 | 173 | void EVP_PKEY_meth_get_verify_recover(const EVP_PKEY_METHOD *pmeth, |
43f985fd PY |
174 | int (**pverify_recover_init) (EVP_PKEY_CTX |
175 | *ctx), | |
176 | int (**pverify_recover) (EVP_PKEY_CTX | |
177 | *ctx, | |
178 | unsigned char | |
179 | *sig, | |
180 | size_t *siglen, | |
181 | const unsigned | |
182 | char *tbs, | |
183 | size_t tbslen)); | |
693be9a2 | 184 | void EVP_PKEY_meth_get_signctx(const EVP_PKEY_METHOD *pmeth, |
43f985fd PY |
185 | int (**psignctx_init) (EVP_PKEY_CTX *ctx, |
186 | EVP_MD_CTX *mctx), | |
187 | int (**psignctx) (EVP_PKEY_CTX *ctx, | |
188 | unsigned char *sig, | |
189 | size_t *siglen, | |
190 | EVP_MD_CTX *mctx)); | |
693be9a2 | 191 | void EVP_PKEY_meth_get_verifyctx(const EVP_PKEY_METHOD *pmeth, |
43f985fd PY |
192 | int (**pverifyctx_init) (EVP_PKEY_CTX *ctx, |
193 | EVP_MD_CTX *mctx), | |
194 | int (**pverifyctx) (EVP_PKEY_CTX *ctx, | |
195 | const unsigned char *sig, | |
196 | int siglen, | |
197 | EVP_MD_CTX *mctx)); | |
693be9a2 | 198 | void EVP_PKEY_meth_get_encrypt(const EVP_PKEY_METHOD *pmeth, |
43f985fd PY |
199 | int (**pencrypt_init) (EVP_PKEY_CTX *ctx), |
200 | int (**pencryptfn) (EVP_PKEY_CTX *ctx, | |
201 | unsigned char *out, | |
202 | size_t *outlen, | |
203 | const unsigned char *in, | |
204 | size_t inlen)); | |
693be9a2 | 205 | void EVP_PKEY_meth_get_decrypt(const EVP_PKEY_METHOD *pmeth, |
43f985fd PY |
206 | int (**pdecrypt_init) (EVP_PKEY_CTX *ctx), |
207 | int (**pdecrypt) (EVP_PKEY_CTX *ctx, | |
208 | unsigned char *out, | |
209 | size_t *outlen, | |
210 | const unsigned char *in, | |
211 | size_t inlen)); | |
693be9a2 | 212 | void EVP_PKEY_meth_get_derive(const EVP_PKEY_METHOD *pmeth, |
43f985fd PY |
213 | int (**pderive_init) (EVP_PKEY_CTX *ctx), |
214 | int (**pderive) (EVP_PKEY_CTX *ctx, | |
215 | unsigned char *key, | |
216 | size_t *keylen)); | |
693be9a2 | 217 | void EVP_PKEY_meth_get_ctrl(const EVP_PKEY_METHOD *pmeth, |
43f985fd PY |
218 | int (**pctrl) (EVP_PKEY_CTX *ctx, int type, int p1, |
219 | void *p2), | |
220 | int (**pctrl_str) (EVP_PKEY_CTX *ctx, | |
221 | const char *type, | |
222 | const char *value)); | |
c6fcd88f | 223 | void EVP_PKEY_meth_get_digestsign(const EVP_PKEY_METHOD *pmeth, |
2555285f AH |
224 | int (**digestsign) (EVP_MD_CTX *ctx, |
225 | unsigned char *sig, | |
226 | size_t *siglen, | |
227 | const unsigned char *tbs, | |
228 | size_t tbslen)); | |
c6fcd88f | 229 | void EVP_PKEY_meth_get_digestverify(const EVP_PKEY_METHOD *pmeth, |
2555285f AH |
230 | int (**digestverify) (EVP_MD_CTX *ctx, |
231 | const unsigned char *sig, | |
232 | size_t siglen, | |
233 | const unsigned char *tbs, | |
234 | size_t tbslen)); | |
693be9a2 | 235 | void EVP_PKEY_meth_get_check(const EVP_PKEY_METHOD *pmeth, |
2aee35d3 | 236 | int (**pcheck) (EVP_PKEY *pkey)); |
693be9a2 | 237 | void EVP_PKEY_meth_get_public_check(const EVP_PKEY_METHOD *pmeth, |
b0004708 | 238 | int (**pcheck) (EVP_PKEY *pkey)); |
693be9a2 | 239 | void EVP_PKEY_meth_get_param_check(const EVP_PKEY_METHOD *pmeth, |
b0004708 | 240 | int (**pcheck) (EVP_PKEY *pkey)); |
c6fcd88f | 241 | void EVP_PKEY_meth_get_digest_custom(const EVP_PKEY_METHOD *pmeth, |
675f4cee PY |
242 | int (**pdigest_custom) (EVP_PKEY_CTX *ctx, |
243 | EVP_MD_CTX *mctx)); | |
43f985fd PY |
244 | |
245 | =head1 DESCRIPTION | |
246 | ||
41bbba53 P |
247 | All of the functions described on this page are deprecated. |
248 | Applications should instead use the OSSL_PROVIDER APIs. | |
249 | ||
43f985fd PY |
250 | B<EVP_PKEY_METHOD> is a structure which holds a set of methods for a |
251 | specific public key cryptographic algorithm. Those methods are usually | |
252 | used to perform different jobs, such as generating a key, signing or | |
253 | verifying, encrypting or decrypting, etc. | |
254 | ||
255 | There are two places where the B<EVP_PKEY_METHOD> objects are stored: one | |
256 | is a built-in static array representing the standard methods for different | |
257 | algorithms, and the other one is a stack of user-defined application-specific | |
258 | methods, which can be manipulated by using L<EVP_PKEY_meth_add0(3)>. | |
259 | ||
260 | The B<EVP_PKEY_METHOD> objects are usually referenced by B<EVP_PKEY_CTX> | |
261 | objects. | |
262 | ||
263 | =head2 Methods | |
264 | ||
265 | The methods are the underlying implementations of a particular public key | |
266 | algorithm present by the B<EVP_PKEY_CTX> object. | |
267 | ||
268 | int (*init) (EVP_PKEY_CTX *ctx); | |
9ac653d8 | 269 | int (*copy) (EVP_PKEY_CTX *dst, const EVP_PKEY_CTX *src); |
43f985fd PY |
270 | void (*cleanup) (EVP_PKEY_CTX *ctx); |
271 | ||
272 | The init() method is called to initialize algorithm-specific data when a new | |
273 | B<EVP_PKEY_CTX> is created. As opposed to init(), the cleanup() method is called | |
274 | when an B<EVP_PKEY_CTX> is freed. The copy() method is called when an B<EVP_PKEY_CTX> | |
275 | is being duplicated. Refer to L<EVP_PKEY_CTX_new(3)>, L<EVP_PKEY_CTX_new_id(3)>, | |
276 | L<EVP_PKEY_CTX_free(3)> and L<EVP_PKEY_CTX_dup(3)>. | |
277 | ||
278 | int (*paramgen_init) (EVP_PKEY_CTX *ctx); | |
279 | int (*paramgen) (EVP_PKEY_CTX *ctx, EVP_PKEY *pkey); | |
280 | ||
281 | The paramgen_init() and paramgen() methods deal with key parameter generation. | |
282 | They are called by L<EVP_PKEY_paramgen_init(3)> and L<EVP_PKEY_paramgen(3)> to | |
283 | handle the parameter generation process. | |
284 | ||
285 | int (*keygen_init) (EVP_PKEY_CTX *ctx); | |
286 | int (*keygen) (EVP_PKEY_CTX *ctx, EVP_PKEY *pkey); | |
287 | ||
288 | The keygen_init() and keygen() methods are used to generate the actual key for | |
289 | the specified algorithm. They are called by L<EVP_PKEY_keygen_init(3)> and | |
290 | L<EVP_PKEY_keygen(3)>. | |
291 | ||
292 | int (*sign_init) (EVP_PKEY_CTX *ctx); | |
293 | int (*sign) (EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, | |
294 | const unsigned char *tbs, size_t tbslen); | |
295 | ||
296 | The sign_init() and sign() methods are used to generate the signature of a | |
297 | piece of data using a private key. They are called by L<EVP_PKEY_sign_init(3)> | |
298 | and L<EVP_PKEY_sign(3)>. | |
299 | ||
300 | int (*verify_init) (EVP_PKEY_CTX *ctx); | |
301 | int (*verify) (EVP_PKEY_CTX *ctx, | |
302 | const unsigned char *sig, size_t siglen, | |
303 | const unsigned char *tbs, size_t tbslen); | |
304 | ||
305 | The verify_init() and verify() methods are used to verify whether a signature is | |
306 | valid. They are called by L<EVP_PKEY_verify_init(3)> and L<EVP_PKEY_verify(3)>. | |
307 | ||
308 | int (*verify_recover_init) (EVP_PKEY_CTX *ctx); | |
309 | int (*verify_recover) (EVP_PKEY_CTX *ctx, | |
310 | unsigned char *rout, size_t *routlen, | |
311 | const unsigned char *sig, size_t siglen); | |
312 | ||
313 | The verify_recover_init() and verify_recover() methods are used to verify a | |
314 | signature and then recover the digest from the signature (for instance, a | |
315 | signature that was generated by RSA signing algorithm). They are called by | |
316 | L<EVP_PKEY_verify_recover_init(3)> and L<EVP_PKEY_verify_recover(3)>. | |
317 | ||
318 | int (*signctx_init) (EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx); | |
319 | int (*signctx) (EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, | |
320 | EVP_MD_CTX *mctx); | |
321 | ||
322 | The signctx_init() and signctx() methods are used to sign a digest present by | |
323 | a B<EVP_MD_CTX> object. They are called by the EVP_DigestSign functions. See | |
260a16f3 | 324 | L<EVP_DigestSignInit(3)> for details. |
43f985fd PY |
325 | |
326 | int (*verifyctx_init) (EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx); | |
327 | int (*verifyctx) (EVP_PKEY_CTX *ctx, const unsigned char *sig, int siglen, | |
328 | EVP_MD_CTX *mctx); | |
329 | ||
330 | The verifyctx_init() and verifyctx() methods are used to verify a signature | |
331 | against the data in a B<EVP_MD_CTX> object. They are called by the various | |
260a16f3 | 332 | EVP_DigestVerify functions. See L<EVP_DigestVerifyInit(3)> for details. |
43f985fd PY |
333 | |
334 | int (*encrypt_init) (EVP_PKEY_CTX *ctx); | |
335 | int (*encrypt) (EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen, | |
336 | const unsigned char *in, size_t inlen); | |
337 | ||
338 | The encrypt_init() and encrypt() methods are used to encrypt a piece of data. | |
339 | They are called by L<EVP_PKEY_encrypt_init(3)> and L<EVP_PKEY_encrypt(3)>. | |
340 | ||
341 | int (*decrypt_init) (EVP_PKEY_CTX *ctx); | |
342 | int (*decrypt) (EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen, | |
343 | const unsigned char *in, size_t inlen); | |
344 | ||
345 | The decrypt_init() and decrypt() methods are used to decrypt a piece of data. | |
346 | They are called by L<EVP_PKEY_decrypt_init(3)> and L<EVP_PKEY_decrypt(3)>. | |
347 | ||
348 | int (*derive_init) (EVP_PKEY_CTX *ctx); | |
349 | int (*derive) (EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen); | |
350 | ||
351 | The derive_init() and derive() methods are used to derive the shared secret | |
352 | from a public key algorithm (for instance, the DH algorithm). They are called by | |
353 | L<EVP_PKEY_derive_init(3)> and L<EVP_PKEY_derive(3)>. | |
354 | ||
355 | int (*ctrl) (EVP_PKEY_CTX *ctx, int type, int p1, void *p2); | |
356 | int (*ctrl_str) (EVP_PKEY_CTX *ctx, const char *type, const char *value); | |
357 | ||
358 | The ctrl() and ctrl_str() methods are used to adjust algorithm-specific | |
260a16f3 | 359 | settings. See L<EVP_PKEY_CTX_ctrl(3)> and related functions for details. |
43f985fd PY |
360 | |
361 | int (*digestsign) (EVP_MD_CTX *ctx, unsigned char *sig, size_t *siglen, | |
362 | const unsigned char *tbs, size_t tbslen); | |
363 | int (*digestverify) (EVP_MD_CTX *ctx, const unsigned char *sig, | |
364 | size_t siglen, const unsigned char *tbs, | |
365 | size_t tbslen); | |
366 | ||
367 | The digestsign() and digestverify() methods are used to generate or verify | |
260a16f3 | 368 | a signature in a one-shot mode. They could be called by L<EVP_DigestSign(3)> |
43f985fd PY |
369 | and L<EVP_DigestVerify(3)>. |
370 | ||
2aee35d3 | 371 | int (*check) (EVP_PKEY *pkey); |
b0004708 PY |
372 | int (*public_check) (EVP_PKEY *pkey); |
373 | int (*param_check) (EVP_PKEY *pkey); | |
2aee35d3 | 374 | |
b0004708 PY |
375 | The check(), public_check() and param_check() methods are used to validate a |
376 | key-pair, the public component and parameters respectively for a given B<pkey>. | |
377 | They could be called by L<EVP_PKEY_check(3)>, L<EVP_PKEY_public_check(3)> and | |
378 | L<EVP_PKEY_param_check(3)> respectively. | |
2aee35d3 | 379 | |
675f4cee PY |
380 | int (*digest_custom) (EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx); |
381 | ||
382 | The digest_custom() method is used to generate customized digest content before | |
383 | the real message is passed to functions like L<EVP_DigestSignUpdate(3)> or | |
384 | L<EVP_DigestVerifyInit(3)>. This is usually required by some public key | |
385 | signature algorithms like SM2 which requires a hashed prefix to the message to | |
f922dac8 PY |
386 | be signed. The digest_custom() function will be called by L<EVP_DigestSignInit(3)> |
387 | and L<EVP_DigestVerifyInit(3)>. | |
675f4cee | 388 | |
43f985fd PY |
389 | =head2 Functions |
390 | ||
391 | EVP_PKEY_meth_new() creates and returns a new B<EVP_PKEY_METHOD> object, | |
392 | and associates the given B<id> and B<flags>. The following flags are | |
393 | supported: | |
394 | ||
395 | EVP_PKEY_FLAG_AUTOARGLEN | |
396 | EVP_PKEY_FLAG_SIGCTX_CUSTOM | |
397 | ||
398 | If an B<EVP_PKEY_METHOD> is set with the B<EVP_PKEY_FLAG_AUTOARGLEN> flag, the | |
399 | maximum size of the output buffer will be automatically calculated or checked | |
400 | in corresponding EVP methods by the EVP framework. Thus the implementations of | |
401 | these methods don't need to care about handling the case of returning output | |
402 | buffer size by themselves. For details on the output buffer size, refer to | |
403 | L<EVP_PKEY_sign(3)>. | |
404 | ||
405 | The B<EVP_PKEY_FLAG_SIGCTX_CUSTOM> is used to indicate the signctx() method | |
406 | of an B<EVP_PKEY_METHOD> is always called by the EVP framework while doing a | |
407 | digest signing operation by calling L<EVP_DigestSignFinal(3)>. | |
408 | ||
409 | EVP_PKEY_meth_free() frees an existing B<EVP_PKEY_METHOD> pointed by | |
410 | B<pmeth>. | |
411 | ||
412 | EVP_PKEY_meth_copy() copies an B<EVP_PKEY_METHOD> object from B<src> | |
413 | to B<dst>. | |
414 | ||
415 | EVP_PKEY_meth_find() finds an B<EVP_PKEY_METHOD> object with the B<id>. | |
416 | This function first searches through the user-defined method objects and | |
417 | then the built-in objects. | |
418 | ||
419 | EVP_PKEY_meth_add0() adds B<pmeth> to the user defined stack of methods. | |
420 | ||
0822e89a | 421 | EVP_PKEY_meth_remove() removes an B<EVP_PKEY_METHOD> object added by |
a8f730d5 | 422 | EVP_PKEY_meth_add0(). |
0822e89a | 423 | |
43f985fd PY |
424 | The EVP_PKEY_meth_set functions set the corresponding fields of |
425 | B<EVP_PKEY_METHOD> structure with the arguments passed. | |
426 | ||
427 | The EVP_PKEY_meth_get functions get the corresponding fields of | |
428 | B<EVP_PKEY_METHOD> structure to the arguments provided. | |
429 | ||
430 | =head1 RETURN VALUES | |
431 | ||
432 | EVP_PKEY_meth_new() returns a pointer to a new B<EVP_PKEY_METHOD> | |
433 | object or returns NULL on error. | |
434 | ||
435 | EVP_PKEY_meth_free() and EVP_PKEY_meth_copy() do not return values. | |
436 | ||
437 | EVP_PKEY_meth_find() returns a pointer to the found B<EVP_PKEY_METHOD> | |
438 | object or returns NULL if not found. | |
439 | ||
440 | EVP_PKEY_meth_add0() returns 1 if method is added successfully or 0 | |
441 | if an error occurred. | |
442 | ||
0822e89a PY |
443 | EVP_PKEY_meth_remove() returns 1 if method is removed successfully or |
444 | 0 if an error occurred. | |
445 | ||
43f985fd PY |
446 | All EVP_PKEY_meth_set and EVP_PKEY_meth_get functions have no return |
447 | values. For the 'get' functions, function pointers are returned by | |
448 | arguments. | |
449 | ||
41bbba53 P |
450 | =head1 HISTORY |
451 | ||
452 | All of these functions were deprecated in OpenSSL 3.0. | |
453 | ||
9ac653d8 TM |
454 | The signature of the I<copy> functional argument of EVP_PKEY_meth_set_copy() |
455 | has changed in OpenSSL 3.0 so its I<src> parameter is now constified. | |
456 | ||
43f985fd PY |
457 | =head1 COPYRIGHT |
458 | ||
aff636a4 | 459 | Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved. |
43f985fd | 460 | |
4746f25a | 461 | Licensed under the Apache License 2.0 (the "License"). You may not use |
43f985fd PY |
462 | this file except in compliance with the License. You can obtain a copy |
463 | in the file LICENSE in the source distribution or at | |
464 | L<https://www.openssl.org/source/license.html>. | |
465 | ||
466 | =cut |