1.\" $OpenBSD: EVP_PKEY_decrypt.3,v 1.10 2024/12/06 14:27:49 schwarze Exp $ 2.\" full merge up to: OpenSSL 48e5119a Jan 19 10:49:22 2018 +0100 3.\" 4.\" This file was written by Dr. Stephen Henson <steve@openssl.org>. 5.\" Copyright (c) 2006, 2009, 2013, 2018 The OpenSSL Project. 6.\" All rights reserved. 7.\" 8.\" Redistribution and use in source and binary forms, with or without 9.\" modification, are permitted provided that the following conditions 10.\" are met: 11.\" 12.\" 1. Redistributions of source code must retain the above copyright 13.\" notice, this list of conditions and the following disclaimer. 14.\" 15.\" 2. Redistributions in binary form must reproduce the above copyright 16.\" notice, this list of conditions and the following disclaimer in 17.\" the documentation and/or other materials provided with the 18.\" distribution. 19.\" 20.\" 3. All advertising materials mentioning features or use of this 21.\" software must display the following acknowledgment: 22.\" "This product includes software developed by the OpenSSL Project 23.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" 24.\" 25.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 26.\" endorse or promote products derived from this software without 27.\" prior written permission. For written permission, please contact 28.\" openssl-core@openssl.org. 29.\" 30.\" 5. Products derived from this software may not be called "OpenSSL" 31.\" nor may "OpenSSL" appear in their names without prior written 32.\" permission of the OpenSSL Project. 33.\" 34.\" 6. Redistributions of any form whatsoever must retain the following 35.\" acknowledgment: 36.\" "This product includes software developed by the OpenSSL Project 37.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" 38.\" 39.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 40.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 41.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 42.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 43.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 44.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 45.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 46.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 47.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 48.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 49.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 50.\" OF THE POSSIBILITY OF SUCH DAMAGE. 51.\" 52.Dd $Mdocdate: December 6 2024 $ 53.Dt EVP_PKEY_DECRYPT 3 54.Os 55.Sh NAME 56.Nm EVP_PKEY_decrypt_init , 57.Nm EVP_PKEY_decrypt 58.Nd decrypt using a public key algorithm 59.Sh SYNOPSIS 60.In openssl/evp.h 61.Ft int 62.Fo EVP_PKEY_decrypt_init 63.Fa "EVP_PKEY_CTX *ctx" 64.Fc 65.Ft int 66.Fo EVP_PKEY_decrypt 67.Fa "EVP_PKEY_CTX *ctx" 68.Fa "unsigned char *out" 69.Fa "size_t *outlen" 70.Fa "const unsigned char *in" 71.Fa "size_t inlen" 72.Fc 73.Sh DESCRIPTION 74The 75.Fn EVP_PKEY_decrypt_init 76function initializes a public key algorithm context using key 77.Fa ctx->pkey 78for a decryption operation. 79.Pp 80The 81.Fn EVP_PKEY_decrypt 82function performs a public key decryption operation using 83.Fa ctx . 84The data to be decrypted is specified using the 85.Fa in 86and 87.Fa inlen 88parameters. 89If 90.Fa out 91is 92.Dv NULL 93then the maximum size of the output buffer is written to the 94.Fa outlen 95parameter. 96If 97.Fa out 98is not 99.Dv NULL 100then before the call the 101.Fa outlen 102parameter should contain the length of the 103.Fa out 104buffer. 105If the call is successful, the decrypted data is written to 106.Fa out 107and the amount of data written to 108.Fa outlen . 109.Pp 110After the call to 111.Fn EVP_PKEY_decrypt_init , 112algorithm specific control operations can be performed to set any 113appropriate parameters for the operation. 114.Pp 115The function 116.Fn EVP_PKEY_decrypt 117can be called more than once on the same context if several operations 118are performed using the same parameters. 119.Sh RETURN VALUES 120.Fn EVP_PKEY_decrypt_init 121and 122.Fn EVP_PKEY_decrypt 123return 1 for success and 0 or a negative value for failure. 124In particular, a return value of -2 indicates the operation is not 125supported by the public key algorithm. 126.Sh EXAMPLES 127Decrypt data using OAEP (for RSA keys): 128.Bd -literal -offset indent 129#include <openssl/evp.h> 130#include <openssl/rsa.h> 131 132EVP_PKEY_CTX *ctx; 133unsigned char *out, *in; 134size_t outlen, inlen; 135EVP_PKEY *key; 136 137/* 138 * Assumes that key, in, and inlen are already set up 139 * and that key is an RSA private key. 140 */ 141ctx = EVP_PKEY_CTX_new(key, NULL); 142if (!ctx) 143 /* Error occurred */ 144if (EVP_PKEY_decrypt_init(ctx) <= 0) 145 /* Error */ 146if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_OAEP_PADDING) <= 0) 147 /* Error */ 148 149/* Determine buffer length */ 150if (EVP_PKEY_decrypt(ctx, NULL, &outlen, in, inlen) <= 0) 151 /* Error */ 152 153out = malloc(outlen); 154 155if (!out) 156 /* malloc failure */ 157 158if (EVP_PKEY_decrypt(ctx, out, &outlen, in, inlen) <= 0) 159 /* Error */ 160 161/* Decrypted data is outlen bytes written to buffer out */ 162.Ed 163.Sh SEE ALSO 164.Xr EVP_PKEY_CTX_new 3 , 165.Xr EVP_PKEY_derive 3 , 166.Xr EVP_PKEY_encrypt 3 , 167.Xr EVP_PKEY_sign 3 , 168.Xr EVP_PKEY_verify 3 , 169.Xr EVP_PKEY_verify_recover 3 170.Sh HISTORY 171.Fn EVP_PKEY_decrypt_init 172and 173.Fn EVP_PKEY_decrypt 174first appeared in OpenSSL 1.0.0 and have been available since 175.Ox 4.9 . 176