doc/man3/EVP_PKEY_set1_RSA.pod

   1 =pod
   2
   3 =head1 NAME
   4
   5 EVP_PKEY_set1_RSA, EVP_PKEY_set1_DSA, EVP_PKEY_set1_DH, EVP_PKEY_set1_EC_KEY,
   6 EVP_PKEY_get1_RSA, EVP_PKEY_get1_DSA, EVP_PKEY_get1_DH, EVP_PKEY_get1_EC_KEY,
   7 EVP_PKEY_get0_RSA, EVP_PKEY_get0_DSA, EVP_PKEY_get0_DH, EVP_PKEY_get0_EC_KEY,
   8 EVP_PKEY_assign_RSA, EVP_PKEY_assign_DSA, EVP_PKEY_assign_DH,
   9 EVP_PKEY_assign_EC_KEY, EVP_PKEY_assign_POLY1305, EVP_PKEY_assign_SIPHASH,
  10 EVP_PKEY_get0_hmac, EVP_PKEY_get0_poly1305, EVP_PKEY_get0_siphash,
  11 EVP_PKEY_get0, EVP_PKEY_type, EVP_PKEY_id, EVP_PKEY_base_id,
  12 EVP_PKEY_set1_engine, EVP_PKEY_get0_engine -
  13 EVP_PKEY assignment functions
  14
  15 =head1 SYNOPSIS
  16
  17  #include <openssl/evp.h>
  18
  19  int EVP_PKEY_id(const EVP_PKEY *pkey);
  20  int EVP_PKEY_base_id(const EVP_PKEY *pkey);
  21  int EVP_PKEY_type(int type);
  22
  23 Deprecated since OpenSSL 3.0, can be hidden entirely by defining
  24 B<OPENSSL_API_COMPAT> with a suitable version value, see
  25 L<openssl_user_macros(7)>:
  26
  27  int EVP_PKEY_set1_RSA(EVP_PKEY *pkey, RSA *key);
  28  int EVP_PKEY_set1_DSA(EVP_PKEY *pkey, DSA *key);
  29  int EVP_PKEY_set1_DH(EVP_PKEY *pkey, DH *key);
  30  int EVP_PKEY_set1_EC_KEY(EVP_PKEY *pkey, EC_KEY *key);
  31
  32  RSA *EVP_PKEY_get1_RSA(EVP_PKEY *pkey);
  33  DSA *EVP_PKEY_get1_DSA(EVP_PKEY *pkey);
  34  DH *EVP_PKEY_get1_DH(EVP_PKEY *pkey);
  35  EC_KEY *EVP_PKEY_get1_EC_KEY(EVP_PKEY *pkey);
  36
  37  const unsigned char *EVP_PKEY_get0_hmac(const EVP_PKEY *pkey, size_t *len);
  38  const unsigned char *EVP_PKEY_get0_poly1305(const EVP_PKEY *pkey, size_t *len);
  39  const unsigned char *EVP_PKEY_get0_siphash(const EVP_PKEY *pkey, size_t *len);
  40  const RSA *EVP_PKEY_get0_RSA(const EVP_PKEY *pkey);
  41  const DSA *EVP_PKEY_get0_DSA(const EVP_PKEY *pkey);
  42  const DH *EVP_PKEY_get0_DH(const EVP_PKEY *pkey);
  43  const EC_KEY *EVP_PKEY_get0_EC_KEY(const EVP_PKEY *pkey);
  44  void *EVP_PKEY_get0(const EVP_PKEY *pkey);
  45
  46  int EVP_PKEY_assign_RSA(EVP_PKEY *pkey, RSA *key);
  47  int EVP_PKEY_assign_DSA(EVP_PKEY *pkey, DSA *key);
  48  int EVP_PKEY_assign_DH(EVP_PKEY *pkey, DH *key);
  49  int EVP_PKEY_assign_EC_KEY(EVP_PKEY *pkey, EC_KEY *key);
  50  int EVP_PKEY_assign_POLY1305(EVP_PKEY *pkey, ASN1_OCTET_STRING *key);
  51  int EVP_PKEY_assign_SIPHASH(EVP_PKEY *pkey, ASN1_OCTET_STRING *key);
  52
  53  ENGINE *EVP_PKEY_get0_engine(const EVP_PKEY *pkey);
  54  int EVP_PKEY_set1_engine(EVP_PKEY *pkey, ENGINE *engine);
  55
  56 =head1 DESCRIPTION
  57
  58 EVP_PKEY_base_id() returns the type of I<pkey>. For example
  59 an RSA key will return B<EVP_PKEY_RSA>.
  60
  61 EVP_PKEY_id() returns the actual OID associated with I<pkey>. Historically keys
  62 using the same algorithm could use different OIDs. For example an RSA key could
  63 use the OIDs corresponding to the NIDs B<NID_rsaEncryption> (equivalent to
  64 B<EVP_PKEY_RSA>) or B<NID_rsa> (equivalent to B<EVP_PKEY_RSA2>). The use of
  65 alternative non-standard OIDs is now rare so B<EVP_PKEY_RSA2> et al are not
  66 often seen in practice.
  67
  68 EVP_PKEY_type() returns the underlying type of the NID I<type>. For example
  69 EVP_PKEY_type(EVP_PKEY_RSA2) will return B<EVP_PKEY_RSA>.
  70
  71 EVP_PKEY_set1_RSA(), EVP_PKEY_set1_DSA(), EVP_PKEY_set1_DH() and
  72 EVP_PKEY_set1_EC_KEY() set the key referenced by I<pkey> to I<key>. These
  73 functions are deprecated. Applications should instead use
  74 L<EVP_PKEY_fromdata(3)>.
  75
  76 EVP_PKEY_assign_RSA(), EVP_PKEY_assign_DSA(), EVP_PKEY_assign_DH(),
  77 EVP_PKEY_assign_EC_KEY(), EVP_PKEY_assign_POLY1305() and
  78 EVP_PKEY_assign_SIPHASH() set the referenced key to I<key> however these use
  79 the supplied I<key> internally and so I<key> will be freed when the parent
  80 I<pkey> is freed. These macros are deprecated. Applications should instead read
  81 an EVP_PKEY directly using the OSSL_DECODER APIs (see
  82 L<OSSL_DECODER_CTX_new_for_pkey(3)>), or construct an EVP_PKEY from data using
  83 L<EVP_PKEY_fromdata(3)>.
  84
  85 EVP_PKEY_get1_RSA(), EVP_PKEY_get1_DSA(), EVP_PKEY_get1_DH() and
  86 EVP_PKEY_get1_EC_KEY() return the referenced key in I<pkey> or NULL if the
  87 key is not of the correct type. The returned key must be freed after use.
  88 These functions are deprecated. Applications should instead use the EVP_PKEY
  89 directly where possible. If access to the low level key parameters is required
  90 then applications should use L<EVP_PKEY_get_params(3)> and other similar
  91 functions. To write an EVP_PKEY out use the OSSL_ENCODER APIs (see
  92 L<OSSL_ENCODER_CTX_new_for_pkey(3)>).
  93
  94 EVP_PKEY_get0_hmac(), EVP_PKEY_get0_poly1305(), EVP_PKEY_get0_siphash(),
  95 EVP_PKEY_get0_RSA(), EVP_PKEY_get0_DSA(), EVP_PKEY_get0_DH() and
  96 EVP_PKEY_get0_EC_KEY() return the referenced key in I<pkey> or NULL if the
  97 key is not of the correct type. The reference count of the returned key is
  98 B<not> incremented and so the key must not be freed after use. These functions
  99 are deprecated. Applications should instead use the EVP_PKEY directly where
 100 possible. If access to the low level key parameters is required then
 101 applications should use L<EVP_PKEY_get_params(3)> and other similar functions.
 102 To write an EVP_PKEY out use the OSSL_ENCODER APIs (see
 103 L<OSSL_ENCODER_CTX_new_for_pkey(3)>). EVP_PKEY_get0() returns a pointer to the
 104 legacy key or NULL if the key is not legacy.
 105
 106 Note that if an EVP_PKEY was not constructed using one of the deprecated
 107 functions such as EVP_PKEY_set1_RSA(), EVP_PKEY_set1_DSA(), EVP_PKEY_set1_DH()
 108 or EVP_PKEY_set1_EC_KEY(), or via the similarly named B<EVP_PKEY_assign> macros
 109 described above then the internal key will be managed by a provider (see
 110 L<provider(7)>). In that case the key returned by EVP_PKEY_get1_RSA(),
 111 EVP_PKEY_get1_DSA(), EVP_PKEY_get1_DH(), EVP_PKEY_get1_EC_KEY(),
 112 EVP_PKEY_get0_hmac(), EVP_PKEY_get0_poly1305(), EVP_PKEY_get0_siphash(),
 113 EVP_PKEY_get0_RSA(), EVP_PKEY_get0_DSA(), EVP_PKEY_get0_DH() or
 114 EVP_PKEY_get0_EC_KEY() will be a cached copy of the provider's key. Subsequent
 115 updates to the provider's key will not be reflected back in the cached copy, and
 116 updates made by an application to the returned key will not be reflected back in
 117 the provider's key. Subsequent calls to EVP_PKEY_get1_RSA(),
 118 EVP_PKEY_get1_DSA(), EVP_PKEY_get1_DH() and EVP_PKEY_get1_EC_KEY() will always
 119 return the cached copy returned by the first call.
 120
 121 EVP_PKEY_get0_engine() returns a reference to the ENGINE handling I<pkey>. This
 122 function is deprecated. Applications should use providers instead of engines
 123 (see L<provider(7)> for details).
 124
 125 EVP_PKEY_set1_engine() sets the ENGINE handling I<pkey> to I<engine>. It
 126 must be called after the key algorithm and components are set up.
 127 If I<engine> does not include an B<EVP_PKEY_METHOD> for I<pkey> an
 128 error occurs. This function is deprecated. Applications should use providers
 129 instead of engines (see L<provider(7)> for details).
 130
 131 =head1 WARNINGS
 132
 133 The following functions are only reliable with B<EVP_PKEY>s that have
 134 been assigned an internal key with EVP_PKEY_assign_*():
 135
 136 EVP_PKEY_id(), EVP_PKEY_base_id(), EVP_PKEY_type()
 137
 138 For EVP_PKEY key type checking purposes, L<EVP_PKEY_is_a(3)> is more generic.
 139
 140 The keys returned from the functions EVP_PKEY_get0_RSA(), EVP_PKEY_get0_DSA(),
 141 EVP_PKEY_get0_DH() and EVP_PKEY_get0_EC_KEY() were changed to have a "const"
 142 return type in OpenSSL 3.0. As described above the keys returned may be cached
 143 copies of the key held in a provider. Due to this, and unlike in earlier
 144 versions of OpenSSL, they should be considered read-only copies of the key.
 145 Updates to these keys will not be reflected back in the provider side key. The
 146 EVP_PKEY_get1_RSA(), EVP_PKEY_get1_DSA(), EVP_PKEY_get1_DH() and
 147 EVP_PKEY_get1_EC_KEY() functions were not changed to have a "const" return type
 148 in order that applications can "free" the return value. However applications
 149 should still consider them as read-only copies.
 150
 151 =head1 NOTES
 152
 153 In accordance with the OpenSSL naming convention the key obtained
 154 from or assigned to the I<pkey> using the B<1> functions must be
 155 freed as well as I<pkey>.
 156
 157 EVP_PKEY_assign_RSA(), EVP_PKEY_assign_DSA(), EVP_PKEY_assign_DH(),
 158 EVP_PKEY_assign_EC_KEY(), EVP_PKEY_assign_POLY1305()
 159 and EVP_PKEY_assign_SIPHASH() are implemented as macros.
 160
 161 EVP_PKEY_assign_EC_KEY() looks at the curve name id to determine if
 162 the passed B<EC_KEY> is an L<SM2(7)> key, and will set the B<EVP_PKEY>
 163 type to B<EVP_PKEY_SM2> in that case, instead of B<EVP_PKEY_EC>.
 164
 165 Most applications wishing to know a key type will simply call
 166 EVP_PKEY_base_id() and will not care about the actual type:
 167 which will be identical in almost all cases.
 168
 169 Previous versions of this document suggested using EVP_PKEY_type(pkey->type)
 170 to determine the type of a key. Since B<EVP_PKEY> is now opaque this
 171 is no longer possible: the equivalent is EVP_PKEY_base_id(pkey).
 172
 173 EVP_PKEY_set1_engine() is typically used by an ENGINE returning an HSM
 174 key as part of its routine to load a private key.
 175
 176 =head1 RETURN VALUES
 177
 178 EVP_PKEY_set1_RSA(), EVP_PKEY_set1_DSA(), EVP_PKEY_set1_DH() and
 179 EVP_PKEY_set1_EC_KEY() return 1 for success or 0 for failure.
 180
 181 EVP_PKEY_get1_RSA(), EVP_PKEY_get1_DSA(), EVP_PKEY_get1_DH() and
 182 EVP_PKEY_get1_EC_KEY() return the referenced key or NULL if
 183 an error occurred.
 184
 185 EVP_PKEY_assign_RSA(), EVP_PKEY_assign_DSA(), EVP_PKEY_assign_DH(),
 186 EVP_PKEY_assign_EC_KEY(), EVP_PKEY_assign_POLY1305()
 187 and EVP_PKEY_assign_SIPHASH() return 1 for success and 0 for failure.
 188
 189 EVP_PKEY_base_id(), EVP_PKEY_id() and EVP_PKEY_type() return a key
 190 type or B<NID_undef> (equivalently B<EVP_PKEY_NONE>) on error.
 191
 192 EVP_PKEY_set1_engine() returns 1 for success and 0 for failure.
 193
 194 =head1 SEE ALSO
 195
 196 L<EVP_PKEY_new(3)>, L<SM2(7)>
 197
 198 =head1 HISTORY
 199
 200 EVP_PKEY_set1_RSA, EVP_PKEY_set1_DSA, EVP_PKEY_set1_DH, EVP_PKEY_set1_EC_KEY,
 201 EVP_PKEY_get1_RSA, EVP_PKEY_get1_DSA, EVP_PKEY_get1_DH, EVP_PKEY_get1_EC_KEY,
 202 EVP_PKEY_get0_RSA, EVP_PKEY_get0_DSA, EVP_PKEY_get0_DH, EVP_PKEY_get0_EC_KEY,
 203 EVP_PKEY_assign_RSA, EVP_PKEY_assign_DSA, EVP_PKEY_assign_DH,
 204 EVP_PKEY_assign_EC_KEY, EVP_PKEY_assign_POLY1305, EVP_PKEY_assign_SIPHASH,
 205 EVP_PKEY_get0_hmac, EVP_PKEY_get0_poly1305, EVP_PKEY_get0_siphash,
 206 EVP_PKEY_set1_engine and EVP_PKEY_get0_engine were deprecated in OpenSSL 3.0.
 207
 208 The return value from EVP_PKEY_get0_RSA, EVP_PKEY_get0_DSA, EVP_PKEY_get0_DH,
 209 EVP_PKEY_get0_EC_KEY were made const in OpenSSL 3.0.
 210
 211 The function EVP_PKEY_set_alias_type() was previously documented on this page.
 212 It was removed in OpenSSL 3.0.
 213
 214 =head1 COPYRIGHT
 215
 216 Copyright 2002-2021 The OpenSSL Project Authors. All Rights Reserved.
 217
 218 Licensed under the Apache License 2.0 (the "License").  You may not use
 219 this file except in compliance with the License.  You can obtain a copy
 220 in the file LICENSE in the source distribution or at
 221 L<https://www.openssl.org/source/license.html>.
 222
 223 =cut