xref: /openbsd-src/lib/libcrypto/man/EVP_PKEY_new.3 (revision fc405d53b73a2d73393cb97f684863d17b583e38) 
1.\" $OpenBSD: EVP_PKEY_new.3,v 1.18 2022/12/14 22:37:07 schwarze Exp $
2.\" full merge up to: OpenSSL 4dcfdfce May 27 11:50:05 2020 +0100
3.\"
4.\" This file is a derived work.
5.\" The changes are covered by the following Copyright and license:
6.\"
7.\" Copyright (c) 2022 Ingo Schwarze <schwarze@openbsd.org>
8.\"
9.\" Permission to use, copy, modify, and distribute this software for any
10.\" purpose with or without fee is hereby granted, provided that the above
11.\" copyright notice and this permission notice appear in all copies.
12.\"
13.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
14.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
15.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
16.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
17.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
18.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
19.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20.\"
21.\" The original file was written by Dr. Stephen Henson <steve@openssl.org>
22.\" and Matt Caswell <matt@openssl.org>.
23.\" Copyright (c) 2002, 2018, 2020 The OpenSSL Project.  All rights reserved.
24.\"
25.\" Redistribution and use in source and binary forms, with or without
26.\" modification, are permitted provided that the following conditions
27.\" are met:
28.\"
29.\" 1. Redistributions of source code must retain the above copyright
30.\"    notice, this list of conditions and the following disclaimer.
31.\"
32.\" 2. Redistributions in binary form must reproduce the above copyright
33.\"    notice, this list of conditions and the following disclaimer in
34.\"    the documentation and/or other materials provided with the
35.\"    distribution.
36.\"
37.\" 3. All advertising materials mentioning features or use of this
38.\"    software must display the following acknowledgment:
39.\"    "This product includes software developed by the OpenSSL Project
40.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
41.\"
42.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
43.\"    endorse or promote products derived from this software without
44.\"    prior written permission. For written permission, please contact
45.\"    openssl-core@openssl.org.
46.\"
47.\" 5. Products derived from this software may not be called "OpenSSL"
48.\"    nor may "OpenSSL" appear in their names without prior written
49.\"    permission of the OpenSSL Project.
50.\"
51.\" 6. Redistributions of any form whatsoever must retain the following
52.\"    acknowledgment:
53.\"    "This product includes software developed by the OpenSSL Project
54.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
55.\"
56.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
57.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
58.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
59.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
60.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
61.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
62.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
63.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
64.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
65.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
66.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
67.\" OF THE POSSIBILITY OF SUCH DAMAGE.
68.\"
69.Dd $Mdocdate: December 14 2022 $
70.Dt EVP_PKEY_NEW 3
71.Os
72.Sh NAME
73.Nm EVP_PKEY_new ,
74.Nm EVP_PKEY_up_ref ,
75.Nm EVP_PKEY_free ,
76.Nm EVP_PKEY_new_raw_private_key ,
77.Nm EVP_PKEY_new_raw_public_key ,
78.Nm EVP_PKEY_new_CMAC_key ,
79.Nm EVP_PKEY_new_mac_key ,
80.Nm EVP_PKEY_get_raw_private_key ,
81.Nm EVP_PKEY_get_raw_public_key
82.Nd public and private key allocation and raw key handling functions
83.Sh SYNOPSIS
84.In openssl/evp.h
85.Ft EVP_PKEY *
86.Fn EVP_PKEY_new void
87.Ft int
88.Fo EVP_PKEY_up_ref
89.Fa "EVP_PKEY *pkey"
90.Fc
91.Ft void
92.Fo EVP_PKEY_free
93.Fa "EVP_PKEY *pkey"
94.Fc
95.Ft EVP_PKEY *
96.Fo EVP_PKEY_new_raw_private_key
97.Fa "int type"
98.Fa "ENGINE *e"
99.Fa "const unsigned char *rawpriv"
100.Fa "size_t rawlen"
101.Fc
102.Ft EVP_PKEY *
103.Fo EVP_PKEY_new_raw_public_key
104.Fa "int type"
105.Fa "ENGINE *e"
106.Fa "const unsigned char *rawpub"
107.Fa "size_t rawlen"
108.Fc
109.Ft EVP_PKEY *
110.Fo EVP_PKEY_new_CMAC_key
111.Fa "ENGINE *e"
112.Fa "const unsigned char *rawpriv"
113.Fa "size_t rawlen"
114.Fa "const EVP_CIPHER *cipher"
115.Fc
116.Ft EVP_PKEY *
117.Fo EVP_PKEY_new_mac_key
118.Fa "int type"
119.Fa "ENGINE *e"
120.Fa "const unsigned char *rawpriv"
121.Fa "int rawlen"
122.Fc
123.Ft int
124.Fo EVP_PKEY_get_raw_private_key
125.Fa "const EVP_PKEY *pkey"
126.Fa "unsigned char *rawpriv"
127.Fa "size_t *rawlen"
128.Fc
129.Ft int
130.Fo EVP_PKEY_get_raw_public_key
131.Fa "const EVP_PKEY *pkey"
132.Fa "unsigned char *rawpub"
133.Fa "size_t *rawlen"
134.Fc
135.Sh DESCRIPTION
136The
137.Vt EVP_PKEY
138structure is used by various OpenSSL functions which require a general
139private or public key without reference to any particular algorithm.
140.Pp
141The
142.Fn EVP_PKEY_new
143function allocates an empty
144.Vt EVP_PKEY
145structure.
146The reference count is set to 1.
147To add a private or public key to it, use the functions described in
148.Xr EVP_PKEY_set1_RSA 3 .
149.Pp
150.Fn EVP_PKEY_up_ref
151increments the reference count of
152.Fa pkey
153by 1.
154.Pp
155.Fn EVP_PKEY_free
156decrements the reference count of
157.Fa pkey
158by 1, and if the reference count reaches zero, frees it up.
159If
160.Fa pkey
161is a
162.Dv NULL
163pointer, no action occurs.
164.Pp
165.Fn EVP_PKEY_new_raw_private_key
166allocates a new
167.Vt EVP_PKEY .
168If
169.Fa e
170is
171.Pf non- Dv NULL ,
172the new structure is associated with the engine
173.Fa e .
174The NID of a public key algorithm that supports raw private keys, i.e.\&
175.Dv EVP_PKEY_HMAC ,
176.Dv EVP_PKEY_X25519 ,
177or
178.Dv EVP_PKEY_ED25519 ,
179is provided in the
180.Fa type
181argument and
182.Fa rawlen
183bytes of raw private key data of that type in
184.Fa rawpriv .
185The public key data is automatically derived from the given private
186key data, if appropriate for the algorithm type.
187.Pp
188.Fn EVP_PKEY_new_raw_public_key
189works in the same way as
190.Fn EVP_PKEY_new_raw_private_key
191except that
192.Fa rawpub
193points to the raw public key data.
194The
195.Vt EVP_PKEY
196structure is initialised without any private key information.
197Algorithm types that support raw public keys are
198.Dv EVP_PKEY_X25519
199and
200.Dv EVP_PKEY_ED25519 .
201.Pp
202.Fn EVP_PKEY_new_CMAC_key
203works in the same way as
204.Fn EVP_PKEY_new_raw_private_key
205except that it only handles the
206.Dv EVP_PKEY_CMAC
207algorithm type.
208The additional
209.Fa cipher
210argument specifies the cipher algorithm
211to be used during the creation of the CMAC.
212It should be a standard encryption only cipher.
213For example, AEAD and XTS ciphers should not be used.
214.Pp
215.Fn EVP_PKEY_new_mac_key
216is a deprecated function that works in the same way as
217.Fn EVP_PKEY_new_raw_private_key .
218.Pp
219.Fn EVP_PKEY_get_raw_private_key
220writes up to
221.Pf * Fa rawlen
222bytes of raw private key data to the buffer starting at
223.Fa rawpriv
224and stores the number of bytes written in
225.Pf * Fa rawlen .
226The calling application is responsible for ensuring that the buffer
227is large enough to receive the private key data.
228If the
229.Fa rawpriv
230argument is
231.Dv NULL ,
232the number of bytes required to hold the key is stored in
233.Pf * Fa rawlen .
234This function only works for algorithms that support raw private keys.
235Currently these are
236.Dv EVP_PKEY_HMAC ,
237.Dv EVP_PKEY_X25519 ,
238and
239.Dv EVP_PKEY_ED25519 .
240.Pp
241.Fn EVP_PKEY_get_raw_public_key
242is similar to
243.Fn EVP_PKEY_get_raw_private_key
244except that it writes raw public key data.
245This function only works for algorithms that support raw public keys.
246Currently these are
247.Dv EVP_PKEY_X25519
248and
249.Dv EVP_PKEY_ED25519 .
250.Sh RETURN VALUES
251.Fn EVP_PKEY_new ,
252.Fn EVP_PKEY_new_raw_private_key ,
253.Fn EVP_PKEY_new_raw_public_key ,
254.Fn EVP_PKEY_new_CMAC_key ,
255and
256.Fn EVP_PKEY_new_mac_key
257return either the newly allocated
258.Vt EVP_PKEY
259structure or
260.Dv NULL
261if an error occurred.
262.Pp
263.Fn EVP_PKEY_up_ref ,
264.Fn EVP_PKEY_get_raw_private_key ,
265and
266.Fn EVP_PKEY_get_raw_public_key
267return 1 for success or 0 for failure.
268.Sh SEE ALSO
269.Xr CMAC_Init 3 ,
270.Xr d2i_PrivateKey 3 ,
271.Xr evp 3 ,
272.Xr EVP_PKCS82PKEY 3 ,
273.Xr EVP_PKEY_add1_attr 3 ,
274.Xr EVP_PKEY_asn1_new 3 ,
275.Xr EVP_PKEY_check 3 ,
276.Xr EVP_PKEY_cmp 3 ,
277.Xr EVP_PKEY_CTX_new 3 ,
278.Xr EVP_PKEY_get_default_digest_nid 3 ,
279.Xr EVP_PKEY_meth_new 3 ,
280.Xr EVP_PKEY_print_private 3 ,
281.Xr EVP_PKEY_set1_RSA 3 ,
282.Xr EVP_PKEY_size 3 ,
283.Xr X509_get_pubkey_parameters 3
284.Sh HISTORY
285.Fn EVP_PKEY_new
286and
287.Fn EVP_PKEY_free
288first appeared in SSLeay 0.6.0 and have been available since
289.Ox 2.4 .
290.Pp
291.Fn EVP_PKEY_new_CMAC_key
292first appeared in OpenSSL 1.1.1 and has been available since
293.Ox 6.9 .
294.Pp
295.Fn EVP_PKEY_new_mac_key
296first appeared in OpenSSL 1.0.0 and has been available since
297.Ox 4.9 .
298.Pp
299.Fn EVP_PKEY_up_ref
300first appeared in OpenSSL 1.1.0 and has been available since
301.Ox 6.3 .
302.Pp
303.Fn EVP_PKEY_new_raw_private_key ,
304.Fn EVP_PKEY_new_raw_public_key ,
305.Fn EVP_PKEY_get_raw_private_key ,
306and
307.Fn EVP_PKEY_get_raw_public_key
308first appeared in OpenSSL 1.1.1 and have been available since
309.Ox 7.3 .
310