xref: /freebsd/crypto/openssl/doc/man3/EVP_PKEY_CTX_new.pod (revision e7be843b4a162e68651d3911f0357ed464915629) 
1=pod
2
3=head1 NAME
4
5EVP_PKEY_CTX_new, EVP_PKEY_CTX_new_id, EVP_PKEY_CTX_new_from_name,
6EVP_PKEY_CTX_new_from_pkey, EVP_PKEY_CTX_dup, EVP_PKEY_CTX_free,
7EVP_PKEY_CTX_is_a
8- public key algorithm context functions
9
10=head1 SYNOPSIS
11
12 #include <openssl/evp.h>
13
14 EVP_PKEY_CTX *EVP_PKEY_CTX_new(EVP_PKEY *pkey, ENGINE *e);
15 EVP_PKEY_CTX *EVP_PKEY_CTX_new_id(int id, ENGINE *e);
16 EVP_PKEY_CTX *EVP_PKEY_CTX_new_from_name(OSSL_LIB_CTX *libctx,
17                                          const char *name,
18                                          const char *propquery);
19 EVP_PKEY_CTX *EVP_PKEY_CTX_new_from_pkey(OSSL_LIB_CTX *libctx,
20                                          EVP_PKEY *pkey,
21                                          const char *propquery);
22 EVP_PKEY_CTX *EVP_PKEY_CTX_dup(const EVP_PKEY_CTX *ctx);
23 void EVP_PKEY_CTX_free(EVP_PKEY_CTX *ctx);
24 int EVP_PKEY_CTX_is_a(EVP_PKEY_CTX *ctx, const char *keytype);
25
26=head1 DESCRIPTION
27
28The EVP_PKEY_CTX_new() function allocates public key algorithm context using
29the I<pkey> key type and ENGINE I<e>.
30
31The EVP_PKEY_CTX_new_id() function allocates public key algorithm context
32using the key type specified by I<id> and ENGINE I<e>.
33
34The EVP_PKEY_CTX_new_from_name() function allocates a public key algorithm
35context using the library context I<libctx> (see L<OSSL_LIB_CTX(3)>), the
36key type specified by I<name> and the property query I<propquery>.  None
37of the arguments are duplicated, so they  must remain unchanged for the
38lifetime of the returned B<EVP_PKEY_CTX> or of any of its duplicates.  Read
39further about the possible names in L</NOTES> below.
40
41The EVP_PKEY_CTX_new_from_pkey() function allocates a public key algorithm
42context using the library context I<libctx> (see L<OSSL_LIB_CTX(3)>) and the
43algorithm specified by I<pkey> and the property query I<propquery>. None of the
44arguments are duplicated, so they must remain unchanged for the lifetime of the
45returned B<EVP_PKEY_CTX> or any of its duplicates.
46
47EVP_PKEY_CTX_new_id() and EVP_PKEY_CTX_new_from_name() are normally
48used when no B<EVP_PKEY> structure is associated with the operations,
49for example during parameter generation or key generation for some
50algorithms.
51
52EVP_PKEY_CTX_dup() duplicates the context I<ctx>.
53It is not supported for a keygen operation.
54It is however possible to duplicate a context freshly created via any of the
55above C<new> functions, provided L<EVP_PKEY_keygen_init(3)> has not yet been
56called on the source context, and then use the copy for key generation.
57
58EVP_PKEY_CTX_free() frees up the context I<ctx>.
59If I<ctx> is NULL, nothing is done.
60
61EVP_PKEY_is_a() checks if the key type associated with I<ctx> is I<keytype>.
62
63=head1 NOTES
64
65=head2 On B<EVP_PKEY_CTX>
66
67The B<EVP_PKEY_CTX> structure is an opaque public key algorithm context used
68by the OpenSSL high-level public key API. Contexts B<MUST NOT> be shared between
69threads: that is it is not permissible to use the same context simultaneously
70in two threads.
71
72=head2 On Key Types
73
74We mention "key type" in this manual, which is the same
75as "algorithm" in most cases, allowing either term to be used
76interchangeably.  There are algorithms where the I<key type> and the
77I<algorithm> of the operations that use the keys are not the same,
78such as EC keys being used for ECDSA and ECDH operations.
79
80Key types are given in two different manners:
81
82=over 4
83
84=item Legacy NID or EVP_PKEY type
85
86This is the I<id> used with EVP_PKEY_CTX_new_id().
87
88These are B<EVP_PKEY_RSA>, B<EVP_PKEY_RSA_PSS>, B<EVP_PKEY_DSA>,
89B<EVP_PKEY_DH>, B<EVP_PKEY_EC>, B<EVP_PKEY_SM2>, B<EVP_PKEY_X25519>,
90B<EVP_PKEY_X448>, and are used by legacy methods.
91
92=item Name strings
93
94This is the I<name> used with EVP_PKEY_CTX_new_from_name().
95
96These are names like "RSA", "DSA", and what's available depends on what
97providers are currently accessible.
98
99The OpenSSL providers offer a set of key types available this way, please
100see L<OSSL_PROVIDER-FIPS(7)> and L<OSSL_PROVIDER-default(7)> and related
101documentation for more information.
102
103=back
104
105=head1 RETURN VALUES
106
107EVP_PKEY_CTX_new(), EVP_PKEY_CTX_new_id() and EVP_PKEY_CTX_dup() return either
108the newly allocated B<EVP_PKEY_CTX> structure or B<NULL> if an error occurred.
109
110EVP_PKEY_CTX_free() does not return a value.
111
112EVP_PKEY_CTX_is_a() returns 1 for true and 0 for false.
113
114=head1 SEE ALSO
115
116L<EVP_PKEY_new(3)>
117
118=head1 HISTORY
119
120The EVP_PKEY_CTX_new(), EVP_PKEY_CTX_new_id(), EVP_PKEY_CTX_dup() and
121EVP_PKEY_CTX_free() functions were added in OpenSSL 1.0.0.
122
123The EVP_PKEY_CTX_new_from_name() and EVP_PKEY_CTX_new_from_pkey() functions were
124added in OpenSSL 3.0.
125
126=head1 COPYRIGHT
127
128Copyright 2006-2025 The OpenSSL Project Authors. All Rights Reserved.
129
130Licensed under the Apache License 2.0 (the "License").  You may not use
131this file except in compliance with the License.  You can obtain a copy
132in the file LICENSE in the source distribution or at
133L<https://www.openssl.org/source/license.html>.
134
135=cut
136