1EVP_PKEY_SET1_RSA(3ossl) OpenSSL EVP_PKEY_SET1_RSA(3ossl)
2
3
4
6 EVP_PKEY_set1_RSA, EVP_PKEY_set1_DSA, EVP_PKEY_set1_DH,
7 EVP_PKEY_set1_EC_KEY, EVP_PKEY_get1_RSA, EVP_PKEY_get1_DSA,
8 EVP_PKEY_get1_DH, EVP_PKEY_get1_EC_KEY, EVP_PKEY_get0_RSA,
9 EVP_PKEY_get0_DSA, EVP_PKEY_get0_DH, EVP_PKEY_get0_EC_KEY,
10 EVP_PKEY_assign_RSA, EVP_PKEY_assign_DSA, EVP_PKEY_assign_DH,
11 EVP_PKEY_assign_EC_KEY, EVP_PKEY_assign_POLY1305,
12 EVP_PKEY_assign_SIPHASH, EVP_PKEY_get0_hmac, EVP_PKEY_get0_poly1305,
13 EVP_PKEY_get0_siphash, EVP_PKEY_get0, EVP_PKEY_type, EVP_PKEY_get_id,
14 EVP_PKEY_get_base_id, EVP_PKEY_set1_engine, EVP_PKEY_get0_engine,
15 EVP_PKEY_id, EVP_PKEY_base_id - EVP_PKEY assignment functions
16
18 #include <openssl/evp.h>
19
20 int EVP_PKEY_get_id(const EVP_PKEY *pkey);
21 int EVP_PKEY_get_base_id(const EVP_PKEY *pkey);
22 int EVP_PKEY_type(int type);
23
24 #define EVP_PKEY_id EVP_PKEY_get_id
25 #define EVP_PKEY_base_id EVP_PKEY_get_base_id
26
27 The following functions have been deprecated since OpenSSL 3.0, and can
28 be hidden entirely by defining OPENSSL_API_COMPAT with a suitable
29 version value, see openssl_user_macros(7):
30
31 int EVP_PKEY_set1_RSA(EVP_PKEY *pkey, RSA *key);
32 int EVP_PKEY_set1_DSA(EVP_PKEY *pkey, DSA *key);
33 int EVP_PKEY_set1_DH(EVP_PKEY *pkey, DH *key);
34 int EVP_PKEY_set1_EC_KEY(EVP_PKEY *pkey, EC_KEY *key);
35
36 RSA *EVP_PKEY_get1_RSA(EVP_PKEY *pkey);
37 DSA *EVP_PKEY_get1_DSA(EVP_PKEY *pkey);
38 DH *EVP_PKEY_get1_DH(EVP_PKEY *pkey);
39 EC_KEY *EVP_PKEY_get1_EC_KEY(EVP_PKEY *pkey);
40
41 const unsigned char *EVP_PKEY_get0_hmac(const EVP_PKEY *pkey, size_t *len);
42 const unsigned char *EVP_PKEY_get0_poly1305(const EVP_PKEY *pkey, size_t *len);
43 const unsigned char *EVP_PKEY_get0_siphash(const EVP_PKEY *pkey, size_t *len);
44 const RSA *EVP_PKEY_get0_RSA(const EVP_PKEY *pkey);
45 const DSA *EVP_PKEY_get0_DSA(const EVP_PKEY *pkey);
46 const DH *EVP_PKEY_get0_DH(const EVP_PKEY *pkey);
47 const EC_KEY *EVP_PKEY_get0_EC_KEY(const EVP_PKEY *pkey);
48 void *EVP_PKEY_get0(const EVP_PKEY *pkey);
49
50 int EVP_PKEY_assign_RSA(EVP_PKEY *pkey, RSA *key);
51 int EVP_PKEY_assign_DSA(EVP_PKEY *pkey, DSA *key);
52 int EVP_PKEY_assign_DH(EVP_PKEY *pkey, DH *key);
53 int EVP_PKEY_assign_EC_KEY(EVP_PKEY *pkey, EC_KEY *key);
54 int EVP_PKEY_assign_POLY1305(EVP_PKEY *pkey, ASN1_OCTET_STRING *key);
55 int EVP_PKEY_assign_SIPHASH(EVP_PKEY *pkey, ASN1_OCTET_STRING *key);
56
57 ENGINE *EVP_PKEY_get0_engine(const EVP_PKEY *pkey);
58 int EVP_PKEY_set1_engine(EVP_PKEY *pkey, ENGINE *engine);
59
61 EVP_PKEY_get_base_id() returns the type of pkey. For example an RSA key
62 will return EVP_PKEY_RSA.
63
64 EVP_PKEY_get_id() returns the actual OID associated with pkey.
65 Historically keys using the same algorithm could use different OIDs.
66 For example an RSA key could use the OIDs corresponding to the NIDs
67 NID_rsaEncryption (equivalent to EVP_PKEY_RSA) or NID_rsa (equivalent
68 to EVP_PKEY_RSA2). The use of alternative non-standard OIDs is now rare
69 so EVP_PKEY_RSA2 et al are not often seen in practice.
70
71 EVP_PKEY_type() returns the underlying type of the NID type. For
72 example EVP_PKEY_type(EVP_PKEY_RSA2) will return EVP_PKEY_RSA.
73
74 EVP_PKEY_set1_RSA(), EVP_PKEY_set1_DSA(), EVP_PKEY_set1_DH() and
75 EVP_PKEY_set1_EC_KEY() set the key referenced by pkey to key. These
76 functions are deprecated. Applications should instead use
77 EVP_PKEY_fromdata(3).
78
79 EVP_PKEY_assign_RSA(), EVP_PKEY_assign_DSA(), EVP_PKEY_assign_DH(),
80 EVP_PKEY_assign_EC_KEY(), EVP_PKEY_assign_POLY1305() and
81 EVP_PKEY_assign_SIPHASH() set the referenced key to key however these
82 use the supplied key internally and so key will be freed when the
83 parent pkey is freed. These macros are deprecated. Applications should
84 instead read an EVP_PKEY directly using the OSSL_DECODER APIs (see
85 OSSL_DECODER_CTX_new_for_pkey(3)), or construct an EVP_PKEY from data
86 using EVP_PKEY_fromdata(3).
87
88 EVP_PKEY_get1_RSA(), EVP_PKEY_get1_DSA(), EVP_PKEY_get1_DH() and
89 EVP_PKEY_get1_EC_KEY() return the referenced key in pkey or NULL if the
90 key is not of the correct type. The returned key must be freed after
91 use. These functions are deprecated. Applications should instead use
92 the EVP_PKEY directly where possible. If access to the low level key
93 parameters is required then applications should use
94 EVP_PKEY_get_params(3) and other similar functions. To write an
95 EVP_PKEY out use the OSSL_ENCODER APIs (see
96 OSSL_ENCODER_CTX_new_for_pkey(3)).
97
98 EVP_PKEY_get0_hmac(), EVP_PKEY_get0_poly1305(),
99 EVP_PKEY_get0_siphash(), EVP_PKEY_get0_RSA(), EVP_PKEY_get0_DSA(),
100 EVP_PKEY_get0_DH() and EVP_PKEY_get0_EC_KEY() return the referenced key
101 in pkey or NULL if the key is not of the correct type. The reference
102 count of the returned key is not incremented and so the key must not be
103 freed after use. These functions are deprecated. Applications should
104 instead use the EVP_PKEY directly where possible. If access to the low
105 level key parameters is required then applications should use
106 EVP_PKEY_get_params(3) and other similar functions. To write an
107 EVP_PKEY out use the OSSL_ENCODER APIs (see
108 OSSL_ENCODER_CTX_new_for_pkey(3)). EVP_PKEY_get0() returns a pointer to
109 the legacy key or NULL if the key is not legacy.
110
111 Note that if an EVP_PKEY was not constructed using one of the
112 deprecated functions such as EVP_PKEY_set1_RSA(), EVP_PKEY_set1_DSA(),
113 EVP_PKEY_set1_DH() or EVP_PKEY_set1_EC_KEY(), or via the similarly
114 named EVP_PKEY_assign macros described above then the internal key will
115 be managed by a provider (see provider(7)). In that case the key
116 returned by EVP_PKEY_get1_RSA(), EVP_PKEY_get1_DSA(),
117 EVP_PKEY_get1_DH(), EVP_PKEY_get1_EC_KEY(), EVP_PKEY_get0_hmac(),
118 EVP_PKEY_get0_poly1305(), EVP_PKEY_get0_siphash(), EVP_PKEY_get0_RSA(),
119 EVP_PKEY_get0_DSA(), EVP_PKEY_get0_DH() or EVP_PKEY_get0_EC_KEY() will
120 be a cached copy of the provider's key. Subsequent updates to the
121 provider's key will not be reflected back in the cached copy, and
122 updates made by an application to the returned key will not be
123 reflected back in the provider's key. Subsequent calls to
124 EVP_PKEY_get1_RSA(), EVP_PKEY_get1_DSA(), EVP_PKEY_get1_DH() and
125 EVP_PKEY_get1_EC_KEY() will always return the cached copy returned by
126 the first call.
127
128 EVP_PKEY_get0_engine() returns a reference to the ENGINE handling pkey.
129 This function is deprecated. Applications should use providers instead
130 of engines (see provider(7) for details).
131
132 EVP_PKEY_set1_engine() sets the ENGINE handling pkey to engine. It must
133 be called after the key algorithm and components are set up. If engine
134 does not include an EVP_PKEY_METHOD for pkey an error occurs. This
135 function is deprecated. Applications should use providers instead of
136 engines (see provider(7) for details).
137
139 The following functions are only reliable with EVP_PKEYs that have been
140 assigned an internal key with EVP_PKEY_assign_*():
141
142 EVP_PKEY_get_id(), EVP_PKEY_get_base_id(), EVP_PKEY_type()
143
144 For EVP_PKEY key type checking purposes, EVP_PKEY_is_a(3) is more
145 generic.
146
147 The keys returned from the functions EVP_PKEY_get0_RSA(),
148 EVP_PKEY_get0_DSA(), EVP_PKEY_get0_DH() and EVP_PKEY_get0_EC_KEY() were
149 changed to have a "const" return type in OpenSSL 3.0. As described
150 above the keys returned may be cached copies of the key held in a
151 provider. Due to this, and unlike in earlier versions of OpenSSL, they
152 should be considered read-only copies of the key. Updates to these
153 keys will not be reflected back in the provider side key. The
154 EVP_PKEY_get1_RSA(), EVP_PKEY_get1_DSA(), EVP_PKEY_get1_DH() and
155 EVP_PKEY_get1_EC_KEY() functions were not changed to have a "const"
156 return type in order that applications can "free" the return value.
157 However applications should still consider them as read-only copies.
158
160 In accordance with the OpenSSL naming convention the key obtained from
161 or assigned to the pkey using the 1 functions must be freed as well as
162 pkey.
163
164 EVP_PKEY_assign_RSA(), EVP_PKEY_assign_DSA(), EVP_PKEY_assign_DH(),
165 EVP_PKEY_assign_EC_KEY(), EVP_PKEY_assign_POLY1305() and
166 EVP_PKEY_assign_SIPHASH() are implemented as macros.
167
168 EVP_PKEY_assign_EC_KEY() looks at the curve name id to determine if the
169 passed EC_KEY is an SM2(7) key, and will set the EVP_PKEY type to
170 EVP_PKEY_SM2 in that case, instead of EVP_PKEY_EC.
171
172 Most applications wishing to know a key type will simply call
173 EVP_PKEY_get_base_id() and will not care about the actual type: which
174 will be identical in almost all cases.
175
176 Previous versions of this document suggested using
177 EVP_PKEY_type(pkey->type) to determine the type of a key. Since
178 EVP_PKEY is now opaque this is no longer possible: the equivalent is
179 EVP_PKEY_get_base_id(pkey).
180
181 EVP_PKEY_set1_engine() is typically used by an ENGINE returning an HSM
182 key as part of its routine to load a private key.
183
185 EVP_PKEY_set1_RSA(), EVP_PKEY_set1_DSA(), EVP_PKEY_set1_DH() and
186 EVP_PKEY_set1_EC_KEY() return 1 for success or 0 for failure.
187
188 EVP_PKEY_get1_RSA(), EVP_PKEY_get1_DSA(), EVP_PKEY_get1_DH() and
189 EVP_PKEY_get1_EC_KEY() return the referenced key or NULL if an error
190 occurred.
191
192 EVP_PKEY_assign_RSA(), EVP_PKEY_assign_DSA(), EVP_PKEY_assign_DH(),
193 EVP_PKEY_assign_EC_KEY(), EVP_PKEY_assign_POLY1305() and
194 EVP_PKEY_assign_SIPHASH() return 1 for success and 0 for failure.
195
196 EVP_PKEY_get_base_id(), EVP_PKEY_get_id() and EVP_PKEY_type() return a
197 key type or NID_undef (equivalently EVP_PKEY_NONE) on error.
198
199 EVP_PKEY_set1_engine() returns 1 for success and 0 for failure.
200
202 EVP_PKEY_new(3), SM2(7)
203
205 The EVP_PKEY_id() and EVP_PKEY_base_id() functions were renamed to
206 include "get" in their names in OpenSSL 3.0, respectively. The old
207 names are kept as non-deprecated alias macros.
208
209 EVP_PKEY_set1_RSA, EVP_PKEY_set1_DSA, EVP_PKEY_set1_DH,
210 EVP_PKEY_set1_EC_KEY, EVP_PKEY_get1_RSA, EVP_PKEY_get1_DSA,
211 EVP_PKEY_get1_DH, EVP_PKEY_get1_EC_KEY, EVP_PKEY_get0_RSA,
212 EVP_PKEY_get0_DSA, EVP_PKEY_get0_DH, EVP_PKEY_get0_EC_KEY,
213 EVP_PKEY_assign_RSA, EVP_PKEY_assign_DSA, EVP_PKEY_assign_DH,
214 EVP_PKEY_assign_EC_KEY, EVP_PKEY_assign_POLY1305,
215 EVP_PKEY_assign_SIPHASH, EVP_PKEY_get0_hmac, EVP_PKEY_get0_poly1305,
216 EVP_PKEY_get0_siphash, EVP_PKEY_set1_engine and EVP_PKEY_get0_engine
217 were deprecated in OpenSSL 3.0.
218
219 The return value from EVP_PKEY_get0_RSA, EVP_PKEY_get0_DSA,
220 EVP_PKEY_get0_DH, EVP_PKEY_get0_EC_KEY were made const in OpenSSL 3.0.
221
222 The function EVP_PKEY_set_alias_type() was previously documented on
223 this page. It was removed in OpenSSL 3.0.
224
226 Copyright 2002-2021 The OpenSSL Project Authors. All Rights Reserved.
227
228 Licensed under the Apache License 2.0 (the "License"). You may not use
229 this file except in compliance with the License. You can obtain a copy
230 in the file LICENSE in the source distribution or at
231 <https://www.openssl.org/source/license.html>.
232
233
234
2353.0.5 2022-07-05 EVP_PKEY_SET1_RSA(3ossl)