1EVP_PKEY_meth_new(3) OpenSSL EVP_PKEY_meth_new(3)
2
3
4
6 EVP_PKEY_meth_new, EVP_PKEY_meth_free, EVP_PKEY_meth_copy,
7 EVP_PKEY_meth_find, EVP_PKEY_meth_add0, EVP_PKEY_METHOD,
8 EVP_PKEY_meth_set_init, EVP_PKEY_meth_set_copy,
9 EVP_PKEY_meth_set_cleanup, EVP_PKEY_meth_set_paramgen,
10 EVP_PKEY_meth_set_keygen, EVP_PKEY_meth_set_sign,
11 EVP_PKEY_meth_set_verify, EVP_PKEY_meth_set_verify_recover,
12 EVP_PKEY_meth_set_signctx, EVP_PKEY_meth_set_verifyctx,
13 EVP_PKEY_meth_set_encrypt, EVP_PKEY_meth_set_decrypt,
14 EVP_PKEY_meth_set_derive, EVP_PKEY_meth_set_ctrl,
15 EVP_PKEY_meth_get_init, EVP_PKEY_meth_get_copy,
16 EVP_PKEY_meth_get_cleanup, EVP_PKEY_meth_get_paramgen,
17 EVP_PKEY_meth_get_keygen, EVP_PKEY_meth_get_sign,
18 EVP_PKEY_meth_get_verify, EVP_PKEY_meth_get_verify_recover,
19 EVP_PKEY_meth_get_signctx, EVP_PKEY_meth_get_verifyctx,
20 EVP_PKEY_meth_get_encrypt, EVP_PKEY_meth_get_decrypt,
21 EVP_PKEY_meth_get_derive, EVP_PKEY_meth_get_ctrl - manipulating
22 EVP_PKEY_METHOD structure
23
25 #include <openssl/evp.h>
26
27 typedef struct evp_pkey_method_st EVP_PKEY_METHOD;
28
29 EVP_PKEY_METHOD *EVP_PKEY_meth_new(int id, int flags);
30 void EVP_PKEY_meth_free(EVP_PKEY_METHOD *pmeth);
31 void EVP_PKEY_meth_copy(EVP_PKEY_METHOD *dst, const EVP_PKEY_METHOD *src);
32 const EVP_PKEY_METHOD *EVP_PKEY_meth_find(int type);
33 int EVP_PKEY_meth_add0(const EVP_PKEY_METHOD *pmeth);
34
35 void EVP_PKEY_meth_set_init(EVP_PKEY_METHOD *pmeth,
36 int (*init) (EVP_PKEY_CTX *ctx));
37 void EVP_PKEY_meth_set_copy(EVP_PKEY_METHOD *pmeth,
38 int (*copy) (EVP_PKEY_CTX *dst,
39 EVP_PKEY_CTX *src));
40 void EVP_PKEY_meth_set_cleanup(EVP_PKEY_METHOD *pmeth,
41 void (*cleanup) (EVP_PKEY_CTX *ctx));
42 void EVP_PKEY_meth_set_paramgen(EVP_PKEY_METHOD *pmeth,
43 int (*paramgen_init) (EVP_PKEY_CTX *ctx),
44 int (*paramgen) (EVP_PKEY_CTX *ctx,
45 EVP_PKEY *pkey));
46 void EVP_PKEY_meth_set_keygen(EVP_PKEY_METHOD *pmeth,
47 int (*keygen_init) (EVP_PKEY_CTX *ctx),
48 int (*keygen) (EVP_PKEY_CTX *ctx,
49 EVP_PKEY *pkey));
50 void EVP_PKEY_meth_set_sign(EVP_PKEY_METHOD *pmeth,
51 int (*sign_init) (EVP_PKEY_CTX *ctx),
52 int (*sign) (EVP_PKEY_CTX *ctx,
53 unsigned char *sig, size_t *siglen,
54 const unsigned char *tbs,
55 size_t tbslen));
56 void EVP_PKEY_meth_set_verify(EVP_PKEY_METHOD *pmeth,
57 int (*verify_init) (EVP_PKEY_CTX *ctx),
58 int (*verify) (EVP_PKEY_CTX *ctx,
59 const unsigned char *sig,
60 size_t siglen,
61 const unsigned char *tbs,
62 size_t tbslen));
63 void EVP_PKEY_meth_set_verify_recover(EVP_PKEY_METHOD *pmeth,
64 int (*verify_recover_init) (EVP_PKEY_CTX
65 *ctx),
66 int (*verify_recover) (EVP_PKEY_CTX
67 *ctx,
68 unsigned char
69 *sig,
70 size_t *siglen,
71 const unsigned
72 char *tbs,
73 size_t tbslen));
74 void EVP_PKEY_meth_set_signctx(EVP_PKEY_METHOD *pmeth,
75 int (*signctx_init) (EVP_PKEY_CTX *ctx,
76 EVP_MD_CTX *mctx),
77 int (*signctx) (EVP_PKEY_CTX *ctx,
78 unsigned char *sig,
79 size_t *siglen,
80 EVP_MD_CTX *mctx));
81 void EVP_PKEY_meth_set_verifyctx(EVP_PKEY_METHOD *pmeth,
82 int (*verifyctx_init) (EVP_PKEY_CTX *ctx,
83 EVP_MD_CTX *mctx),
84 int (*verifyctx) (EVP_PKEY_CTX *ctx,
85 const unsigned char *sig,
86 int siglen,
87 EVP_MD_CTX *mctx));
88 void EVP_PKEY_meth_set_encrypt(EVP_PKEY_METHOD *pmeth,
89 int (*encrypt_init) (EVP_PKEY_CTX *ctx),
90 int (*encryptfn) (EVP_PKEY_CTX *ctx,
91 unsigned char *out,
92 size_t *outlen,
93 const unsigned char *in,
94 size_t inlen));
95 void EVP_PKEY_meth_set_decrypt(EVP_PKEY_METHOD *pmeth,
96 int (*decrypt_init) (EVP_PKEY_CTX *ctx),
97 int (*decrypt) (EVP_PKEY_CTX *ctx,
98 unsigned char *out,
99 size_t *outlen,
100 const unsigned char *in,
101 size_t inlen));
102 void EVP_PKEY_meth_set_derive(EVP_PKEY_METHOD *pmeth,
103 int (*derive_init) (EVP_PKEY_CTX *ctx),
104 int (*derive) (EVP_PKEY_CTX *ctx,
105 unsigned char *key,
106 size_t *keylen));
107 void EVP_PKEY_meth_set_ctrl(EVP_PKEY_METHOD *pmeth,
108 int (*ctrl) (EVP_PKEY_CTX *ctx, int type, int p1,
109 void *p2),
110 int (*ctrl_str) (EVP_PKEY_CTX *ctx,
111 const char *type,
112 const char *value));
113
114 void EVP_PKEY_meth_get_init(EVP_PKEY_METHOD *pmeth,
115 int (**pinit) (EVP_PKEY_CTX *ctx));
116 void EVP_PKEY_meth_get_copy(EVP_PKEY_METHOD *pmeth,
117 int (**pcopy) (EVP_PKEY_CTX *dst,
118 EVP_PKEY_CTX *src));
119 void EVP_PKEY_meth_get_cleanup(EVP_PKEY_METHOD *pmeth,
120 void (**pcleanup) (EVP_PKEY_CTX *ctx));
121 void EVP_PKEY_meth_get_paramgen(EVP_PKEY_METHOD *pmeth,
122 int (**pparamgen_init) (EVP_PKEY_CTX *ctx),
123 int (**pparamgen) (EVP_PKEY_CTX *ctx,
124 EVP_PKEY *pkey));
125 void EVP_PKEY_meth_get_keygen(EVP_PKEY_METHOD *pmeth,
126 int (**pkeygen_init) (EVP_PKEY_CTX *ctx),
127 int (**pkeygen) (EVP_PKEY_CTX *ctx,
128 EVP_PKEY *pkey));
129 void EVP_PKEY_meth_get_sign(EVP_PKEY_METHOD *pmeth,
130 int (**psign_init) (EVP_PKEY_CTX *ctx),
131 int (**psign) (EVP_PKEY_CTX *ctx,
132 unsigned char *sig, size_t *siglen,
133 const unsigned char *tbs,
134 size_t tbslen));
135 void EVP_PKEY_meth_get_verify(EVP_PKEY_METHOD *pmeth,
136 int (**pverify_init) (EVP_PKEY_CTX *ctx),
137 int (**pverify) (EVP_PKEY_CTX *ctx,
138 const unsigned char *sig,
139 size_t siglen,
140 const unsigned char *tbs,
141 size_t tbslen));
142 void EVP_PKEY_meth_get_verify_recover(EVP_PKEY_METHOD *pmeth,
143 int (**pverify_recover_init) (EVP_PKEY_CTX
144 *ctx),
145 int (**pverify_recover) (EVP_PKEY_CTX
146 *ctx,
147 unsigned char
148 *sig,
149 size_t *siglen,
150 const unsigned
151 char *tbs,
152 size_t tbslen));
153 void EVP_PKEY_meth_get_signctx(EVP_PKEY_METHOD *pmeth,
154 int (**psignctx_init) (EVP_PKEY_CTX *ctx,
155 EVP_MD_CTX *mctx),
156 int (**psignctx) (EVP_PKEY_CTX *ctx,
157 unsigned char *sig,
158 size_t *siglen,
159 EVP_MD_CTX *mctx));
160 void EVP_PKEY_meth_get_verifyctx(EVP_PKEY_METHOD *pmeth,
161 int (**pverifyctx_init) (EVP_PKEY_CTX *ctx,
162 EVP_MD_CTX *mctx),
163 int (**pverifyctx) (EVP_PKEY_CTX *ctx,
164 const unsigned char *sig,
165 int siglen,
166 EVP_MD_CTX *mctx));
167 void EVP_PKEY_meth_get_encrypt(EVP_PKEY_METHOD *pmeth,
168 int (**pencrypt_init) (EVP_PKEY_CTX *ctx),
169 int (**pencryptfn) (EVP_PKEY_CTX *ctx,
170 unsigned char *out,
171 size_t *outlen,
172 const unsigned char *in,
173 size_t inlen));
174 void EVP_PKEY_meth_get_decrypt(EVP_PKEY_METHOD *pmeth,
175 int (**pdecrypt_init) (EVP_PKEY_CTX *ctx),
176 int (**pdecrypt) (EVP_PKEY_CTX *ctx,
177 unsigned char *out,
178 size_t *outlen,
179 const unsigned char *in,
180 size_t inlen));
181 void EVP_PKEY_meth_get_derive(EVP_PKEY_METHOD *pmeth,
182 int (**pderive_init) (EVP_PKEY_CTX *ctx),
183 int (**pderive) (EVP_PKEY_CTX *ctx,
184 unsigned char *key,
185 size_t *keylen));
186 void EVP_PKEY_meth_get_ctrl(EVP_PKEY_METHOD *pmeth,
187 int (**pctrl) (EVP_PKEY_CTX *ctx, int type, int p1,
188 void *p2),
189 int (**pctrl_str) (EVP_PKEY_CTX *ctx,
190 const char *type,
191 const char *value));
192
194 EVP_PKEY_METHOD is a structure which holds a set of methods for a
195 specific public key cryptographic algorithm. Those methods are usually
196 used to perform different jobs, such as generating a key, signing or
197 verifying, encrypting or decrypting, etc.
198
199 There are two places where the EVP_PKEY_METHOD objects are stored: one
200 is a built-in static array representing the standard methods for
201 different algorithms, and the other one is a stack of user-defined
202 application-specific methods, which can be manipulated by using
203 EVP_PKEY_meth_add0(3).
204
205 The EVP_PKEY_METHOD objects are usually referenced by EVP_PKEY_CTX
206 objects.
207
208 Methods
209 The methods are the underlying implementations of a particular public
210 key algorithm present by the EVP_PKEY_CTX object.
211
212 int (*init) (EVP_PKEY_CTX *ctx);
213 int (*copy) (EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src);
214 void (*cleanup) (EVP_PKEY_CTX *ctx);
215
216 The init() method is called to initialize algorithm-specific data when
217 a new EVP_PKEY_CTX is created. As opposed to init(), the cleanup()
218 method is called when an EVP_PKEY_CTX is freed. The copy() method is
219 called when an EVP_PKEY_CTX is being duplicated. Refer to
220 EVP_PKEY_CTX_new(3), EVP_PKEY_CTX_new_id(3), EVP_PKEY_CTX_free(3) and
221 EVP_PKEY_CTX_dup(3).
222
223 int (*paramgen_init) (EVP_PKEY_CTX *ctx);
224 int (*paramgen) (EVP_PKEY_CTX *ctx, EVP_PKEY *pkey);
225
226 The paramgen_init() and paramgen() methods deal with key parameter
227 generation. They are called by EVP_PKEY_paramgen_init(3) and
228 EVP_PKEY_paramgen(3) to handle the parameter generation process.
229
230 int (*keygen_init) (EVP_PKEY_CTX *ctx);
231 int (*keygen) (EVP_PKEY_CTX *ctx, EVP_PKEY *pkey);
232
233 The keygen_init() and keygen() methods are used to generate the actual
234 key for the specified algorithm. They are called by
235 EVP_PKEY_keygen_init(3) and EVP_PKEY_keygen(3).
236
237 int (*sign_init) (EVP_PKEY_CTX *ctx);
238 int (*sign) (EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
239 const unsigned char *tbs, size_t tbslen);
240
241 The sign_init() and sign() methods are used to generate the signature
242 of a piece of data using a private key. They are called by
243 EVP_PKEY_sign_init(3) and EVP_PKEY_sign(3).
244
245 int (*verify_init) (EVP_PKEY_CTX *ctx);
246 int (*verify) (EVP_PKEY_CTX *ctx,
247 const unsigned char *sig, size_t siglen,
248 const unsigned char *tbs, size_t tbslen);
249
250 The verify_init() and verify() methods are used to verify whether a
251 signature is valid. They are called by EVP_PKEY_verify_init(3) and
252 EVP_PKEY_verify(3).
253
254 int (*verify_recover_init) (EVP_PKEY_CTX *ctx);
255 int (*verify_recover) (EVP_PKEY_CTX *ctx,
256 unsigned char *rout, size_t *routlen,
257 const unsigned char *sig, size_t siglen);
258
259 The verify_recover_init() and verify_recover() methods are used to
260 verify a signature and then recover the digest from the signature (for
261 instance, a signature that was generated by RSA signing algorithm).
262 They are called by EVP_PKEY_verify_recover_init(3) and
263 EVP_PKEY_verify_recover(3).
264
265 int (*signctx_init) (EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx);
266 int (*signctx) (EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
267 EVP_MD_CTX *mctx);
268
269 The signctx_init() and signctx() methods are used to sign a digest
270 present by a EVP_MD_CTX object. They are called by the EVP_DigestSign
271 functions. See EVP_DigestSignInit(3) for detail.
272
273 int (*verifyctx_init) (EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx);
274 int (*verifyctx) (EVP_PKEY_CTX *ctx, const unsigned char *sig, int siglen,
275 EVP_MD_CTX *mctx);
276
277 The verifyctx_init() and verifyctx() methods are used to verify a
278 signature against the data in a EVP_MD_CTX object. They are called by
279 the various EVP_DigestVerify functions. See EVP_DigestVerifyInit(3) for
280 detail.
281
282 int (*encrypt_init) (EVP_PKEY_CTX *ctx);
283 int (*encrypt) (EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen,
284 const unsigned char *in, size_t inlen);
285
286 The encrypt_init() and encrypt() methods are used to encrypt a piece of
287 data. They are called by EVP_PKEY_encrypt_init(3) and
288 EVP_PKEY_encrypt(3).
289
290 int (*decrypt_init) (EVP_PKEY_CTX *ctx);
291 int (*decrypt) (EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen,
292 const unsigned char *in, size_t inlen);
293
294 The decrypt_init() and decrypt() methods are used to decrypt a piece of
295 data. They are called by EVP_PKEY_decrypt_init(3) and
296 EVP_PKEY_decrypt(3).
297
298 int (*derive_init) (EVP_PKEY_CTX *ctx);
299 int (*derive) (EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen);
300
301 The derive_init() and derive() methods are used to derive the shared
302 secret from a public key algorithm (for instance, the DH algorithm).
303 They are called by EVP_PKEY_derive_init(3) and EVP_PKEY_derive(3).
304
305 int (*ctrl) (EVP_PKEY_CTX *ctx, int type, int p1, void *p2);
306 int (*ctrl_str) (EVP_PKEY_CTX *ctx, const char *type, const char *value);
307
308 The ctrl() and ctrl_str() methods are used to adjust algorithm-specific
309 settings. See EVP_PKEY_CTX_ctrl(3) and related functions for detail.
310
311 int (*digestsign) (EVP_MD_CTX *ctx, unsigned char *sig, size_t *siglen,
312 const unsigned char *tbs, size_t tbslen);
313 int (*digestverify) (EVP_MD_CTX *ctx, const unsigned char *sig,
314 size_t siglen, const unsigned char *tbs,
315 size_t tbslen);
316
317 The digestsign() and digestverify() methods are used to generate or
318 verify a signature in a one-shot mode. They could be called by
319 EVP_DigetSign(3) and EVP_DigestVerify(3).
320
321 Functions
322 EVP_PKEY_meth_new() creates and returns a new EVP_PKEY_METHOD object,
323 and associates the given id and flags. The following flags are
324 supported:
325
326 EVP_PKEY_FLAG_AUTOARGLEN
327 EVP_PKEY_FLAG_SIGCTX_CUSTOM
328
329 If an EVP_PKEY_METHOD is set with the EVP_PKEY_FLAG_AUTOARGLEN flag,
330 the maximum size of the output buffer will be automatically calculated
331 or checked in corresponding EVP methods by the EVP framework. Thus the
332 implementations of these methods don't need to care about handling the
333 case of returning output buffer size by themselves. For details on the
334 output buffer size, refer to EVP_PKEY_sign(3).
335
336 The EVP_PKEY_FLAG_SIGCTX_CUSTOM is used to indicate the signctx()
337 method of an EVP_PKEY_METHOD is always called by the EVP framework
338 while doing a digest signing operation by calling
339 EVP_DigestSignFinal(3).
340
341 EVP_PKEY_meth_free() frees an existing EVP_PKEY_METHOD pointed by
342 pmeth.
343
344 EVP_PKEY_meth_copy() copies an EVP_PKEY_METHOD object from src to dst.
345
346 EVP_PKEY_meth_find() finds an EVP_PKEY_METHOD object with the id. This
347 function first searches through the user-defined method objects and
348 then the built-in objects.
349
350 EVP_PKEY_meth_add0() adds pmeth to the user defined stack of methods.
351
352 The EVP_PKEY_meth_set functions set the corresponding fields of
353 EVP_PKEY_METHOD structure with the arguments passed.
354
355 The EVP_PKEY_meth_get functions get the corresponding fields of
356 EVP_PKEY_METHOD structure to the arguments provided.
357
359 EVP_PKEY_meth_new() returns a pointer to a new EVP_PKEY_METHOD object
360 or returns NULL on error.
361
362 EVP_PKEY_meth_free() and EVP_PKEY_meth_copy() do not return values.
363
364 EVP_PKEY_meth_find() returns a pointer to the found EVP_PKEY_METHOD
365 object or returns NULL if not found.
366
367 EVP_PKEY_meth_add0() returns 1 if method is added successfully or 0 if
368 an error occurred.
369
370 All EVP_PKEY_meth_set and EVP_PKEY_meth_get functions have no return
371 values. For the 'get' functions, function pointers are returned by
372 arguments.
373
375 Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
376
377 Licensed under the OpenSSL license (the "License"). You may not use
378 this file except in compliance with the License. You can obtain a copy
379 in the file LICENSE in the source distribution or at
380 <https://www.openssl.org/source/license.html>.
381
382
383
3841.0.2o 2020-08-01 EVP_PKEY_meth_new(3)