1e71b7053SJung-uk Kim=pod 2e71b7053SJung-uk Kim 3e71b7053SJung-uk Kim=head1 NAME 4e71b7053SJung-uk Kim 5e71b7053SJung-uk KimEVP_PKEY_ASN1_METHOD, 6e71b7053SJung-uk KimEVP_PKEY_asn1_new, 7e71b7053SJung-uk KimEVP_PKEY_asn1_copy, 8e71b7053SJung-uk KimEVP_PKEY_asn1_free, 9e71b7053SJung-uk KimEVP_PKEY_asn1_add0, 10e71b7053SJung-uk KimEVP_PKEY_asn1_add_alias, 11e71b7053SJung-uk KimEVP_PKEY_asn1_set_public, 12e71b7053SJung-uk KimEVP_PKEY_asn1_set_private, 13e71b7053SJung-uk KimEVP_PKEY_asn1_set_param, 14e71b7053SJung-uk KimEVP_PKEY_asn1_set_free, 15e71b7053SJung-uk KimEVP_PKEY_asn1_set_ctrl, 16e71b7053SJung-uk KimEVP_PKEY_asn1_set_item, 17e71b7053SJung-uk KimEVP_PKEY_asn1_set_siginf, 18e71b7053SJung-uk KimEVP_PKEY_asn1_set_check, 19e71b7053SJung-uk KimEVP_PKEY_asn1_set_public_check, 20e71b7053SJung-uk KimEVP_PKEY_asn1_set_param_check, 21e71b7053SJung-uk KimEVP_PKEY_asn1_set_security_bits, 22e71b7053SJung-uk KimEVP_PKEY_asn1_set_set_priv_key, 23e71b7053SJung-uk KimEVP_PKEY_asn1_set_set_pub_key, 24e71b7053SJung-uk KimEVP_PKEY_asn1_set_get_priv_key, 25e71b7053SJung-uk KimEVP_PKEY_asn1_set_get_pub_key, 26e71b7053SJung-uk KimEVP_PKEY_get0_asn1 27e71b7053SJung-uk Kim- manipulating and registering EVP_PKEY_ASN1_METHOD structure 28e71b7053SJung-uk Kim 29e71b7053SJung-uk Kim=head1 SYNOPSIS 30e71b7053SJung-uk Kim 31e71b7053SJung-uk Kim #include <openssl/evp.h> 32e71b7053SJung-uk Kim 33e71b7053SJung-uk Kim typedef struct evp_pkey_asn1_method_st EVP_PKEY_ASN1_METHOD; 34e71b7053SJung-uk Kim 35e71b7053SJung-uk Kim EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_new(int id, int flags, 36e71b7053SJung-uk Kim const char *pem_str, 37e71b7053SJung-uk Kim const char *info); 38e71b7053SJung-uk Kim void EVP_PKEY_asn1_copy(EVP_PKEY_ASN1_METHOD *dst, 39e71b7053SJung-uk Kim const EVP_PKEY_ASN1_METHOD *src); 40e71b7053SJung-uk Kim void EVP_PKEY_asn1_free(EVP_PKEY_ASN1_METHOD *ameth); 41e71b7053SJung-uk Kim int EVP_PKEY_asn1_add0(const EVP_PKEY_ASN1_METHOD *ameth); 42e71b7053SJung-uk Kim int EVP_PKEY_asn1_add_alias(int to, int from); 43e71b7053SJung-uk Kim 44e71b7053SJung-uk Kim void EVP_PKEY_asn1_set_public(EVP_PKEY_ASN1_METHOD *ameth, 45e71b7053SJung-uk Kim int (*pub_decode) (EVP_PKEY *pk, 46b077aed3SPierre Pronchery const X509_PUBKEY *pub), 47e71b7053SJung-uk Kim int (*pub_encode) (X509_PUBKEY *pub, 48e71b7053SJung-uk Kim const EVP_PKEY *pk), 49e71b7053SJung-uk Kim int (*pub_cmp) (const EVP_PKEY *a, 50e71b7053SJung-uk Kim const EVP_PKEY *b), 51e71b7053SJung-uk Kim int (*pub_print) (BIO *out, 52e71b7053SJung-uk Kim const EVP_PKEY *pkey, 53e71b7053SJung-uk Kim int indent, ASN1_PCTX *pctx), 54e71b7053SJung-uk Kim int (*pkey_size) (const EVP_PKEY *pk), 55e71b7053SJung-uk Kim int (*pkey_bits) (const EVP_PKEY *pk)); 56e71b7053SJung-uk Kim void EVP_PKEY_asn1_set_private(EVP_PKEY_ASN1_METHOD *ameth, 57e71b7053SJung-uk Kim int (*priv_decode) (EVP_PKEY *pk, 58e71b7053SJung-uk Kim const PKCS8_PRIV_KEY_INFO 59e71b7053SJung-uk Kim *p8inf), 60e71b7053SJung-uk Kim int (*priv_encode) (PKCS8_PRIV_KEY_INFO *p8, 61e71b7053SJung-uk Kim const EVP_PKEY *pk), 62e71b7053SJung-uk Kim int (*priv_print) (BIO *out, 63e71b7053SJung-uk Kim const EVP_PKEY *pkey, 64e71b7053SJung-uk Kim int indent, 65e71b7053SJung-uk Kim ASN1_PCTX *pctx)); 66e71b7053SJung-uk Kim void EVP_PKEY_asn1_set_param(EVP_PKEY_ASN1_METHOD *ameth, 67e71b7053SJung-uk Kim int (*param_decode) (EVP_PKEY *pkey, 68e71b7053SJung-uk Kim const unsigned char **pder, 69e71b7053SJung-uk Kim int derlen), 70e71b7053SJung-uk Kim int (*param_encode) (const EVP_PKEY *pkey, 71e71b7053SJung-uk Kim unsigned char **pder), 72e71b7053SJung-uk Kim int (*param_missing) (const EVP_PKEY *pk), 73e71b7053SJung-uk Kim int (*param_copy) (EVP_PKEY *to, 74e71b7053SJung-uk Kim const EVP_PKEY *from), 75e71b7053SJung-uk Kim int (*param_cmp) (const EVP_PKEY *a, 76e71b7053SJung-uk Kim const EVP_PKEY *b), 77e71b7053SJung-uk Kim int (*param_print) (BIO *out, 78e71b7053SJung-uk Kim const EVP_PKEY *pkey, 79e71b7053SJung-uk Kim int indent, 80e71b7053SJung-uk Kim ASN1_PCTX *pctx)); 81e71b7053SJung-uk Kim 82e71b7053SJung-uk Kim void EVP_PKEY_asn1_set_free(EVP_PKEY_ASN1_METHOD *ameth, 83e71b7053SJung-uk Kim void (*pkey_free) (EVP_PKEY *pkey)); 84e71b7053SJung-uk Kim void EVP_PKEY_asn1_set_ctrl(EVP_PKEY_ASN1_METHOD *ameth, 85e71b7053SJung-uk Kim int (*pkey_ctrl) (EVP_PKEY *pkey, int op, 86e71b7053SJung-uk Kim long arg1, void *arg2)); 87e71b7053SJung-uk Kim void EVP_PKEY_asn1_set_item(EVP_PKEY_ASN1_METHOD *ameth, 88e71b7053SJung-uk Kim int (*item_verify) (EVP_MD_CTX *ctx, 89e71b7053SJung-uk Kim const ASN1_ITEM *it, 90e71b7053SJung-uk Kim void *asn, 91e71b7053SJung-uk Kim X509_ALGOR *a, 92e71b7053SJung-uk Kim ASN1_BIT_STRING *sig, 93e71b7053SJung-uk Kim EVP_PKEY *pkey), 94e71b7053SJung-uk Kim int (*item_sign) (EVP_MD_CTX *ctx, 95e71b7053SJung-uk Kim const ASN1_ITEM *it, 96e71b7053SJung-uk Kim void *asn, 97e71b7053SJung-uk Kim X509_ALGOR *alg1, 98e71b7053SJung-uk Kim X509_ALGOR *alg2, 99e71b7053SJung-uk Kim ASN1_BIT_STRING *sig)); 100e71b7053SJung-uk Kim 101e71b7053SJung-uk Kim void EVP_PKEY_asn1_set_siginf(EVP_PKEY_ASN1_METHOD *ameth, 102e71b7053SJung-uk Kim int (*siginf_set) (X509_SIG_INFO *siginf, 103e71b7053SJung-uk Kim const X509_ALGOR *alg, 104e71b7053SJung-uk Kim const ASN1_STRING *sig)); 105e71b7053SJung-uk Kim 106e71b7053SJung-uk Kim void EVP_PKEY_asn1_set_check(EVP_PKEY_ASN1_METHOD *ameth, 107e71b7053SJung-uk Kim int (*pkey_check) (const EVP_PKEY *pk)); 108e71b7053SJung-uk Kim 109e71b7053SJung-uk Kim void EVP_PKEY_asn1_set_public_check(EVP_PKEY_ASN1_METHOD *ameth, 110e71b7053SJung-uk Kim int (*pkey_pub_check) (const EVP_PKEY *pk)); 111e71b7053SJung-uk Kim 112e71b7053SJung-uk Kim void EVP_PKEY_asn1_set_param_check(EVP_PKEY_ASN1_METHOD *ameth, 113e71b7053SJung-uk Kim int (*pkey_param_check) (const EVP_PKEY *pk)); 114e71b7053SJung-uk Kim 115e71b7053SJung-uk Kim void EVP_PKEY_asn1_set_security_bits(EVP_PKEY_ASN1_METHOD *ameth, 116e71b7053SJung-uk Kim int (*pkey_security_bits) (const EVP_PKEY 117e71b7053SJung-uk Kim *pk)); 118e71b7053SJung-uk Kim 119e71b7053SJung-uk Kim void EVP_PKEY_asn1_set_set_priv_key(EVP_PKEY_ASN1_METHOD *ameth, 120e71b7053SJung-uk Kim int (*set_priv_key) (EVP_PKEY *pk, 121e71b7053SJung-uk Kim const unsigned char 122e71b7053SJung-uk Kim *priv, 123e71b7053SJung-uk Kim size_t len)); 124e71b7053SJung-uk Kim 125e71b7053SJung-uk Kim void EVP_PKEY_asn1_set_set_pub_key(EVP_PKEY_ASN1_METHOD *ameth, 126e71b7053SJung-uk Kim int (*set_pub_key) (EVP_PKEY *pk, 127e71b7053SJung-uk Kim const unsigned char *pub, 128e71b7053SJung-uk Kim size_t len)); 129e71b7053SJung-uk Kim 130e71b7053SJung-uk Kim void EVP_PKEY_asn1_set_get_priv_key(EVP_PKEY_ASN1_METHOD *ameth, 131e71b7053SJung-uk Kim int (*get_priv_key) (const EVP_PKEY *pk, 132e71b7053SJung-uk Kim unsigned char *priv, 133e71b7053SJung-uk Kim size_t *len)); 134e71b7053SJung-uk Kim 135e71b7053SJung-uk Kim void EVP_PKEY_asn1_set_get_pub_key(EVP_PKEY_ASN1_METHOD *ameth, 136e71b7053SJung-uk Kim int (*get_pub_key) (const EVP_PKEY *pk, 137e71b7053SJung-uk Kim unsigned char *pub, 138e71b7053SJung-uk Kim size_t *len)); 139e71b7053SJung-uk Kim 140e71b7053SJung-uk Kim const EVP_PKEY_ASN1_METHOD *EVP_PKEY_get0_asn1(const EVP_PKEY *pkey); 141e71b7053SJung-uk Kim 142e71b7053SJung-uk Kim=head1 DESCRIPTION 143e71b7053SJung-uk Kim 144e71b7053SJung-uk KimB<EVP_PKEY_ASN1_METHOD> is a structure which holds a set of ASN.1 145e71b7053SJung-uk Kimconversion, printing and information methods for a specific public key 146e71b7053SJung-uk Kimalgorithm. 147e71b7053SJung-uk Kim 148e71b7053SJung-uk KimThere are two places where the B<EVP_PKEY_ASN1_METHOD> objects are 149e71b7053SJung-uk Kimstored: one is a built-in array representing the standard methods for 150e71b7053SJung-uk Kimdifferent algorithms, and the other one is a stack of user-defined 151e71b7053SJung-uk Kimapplication-specific methods, which can be manipulated by using 152e71b7053SJung-uk KimL<EVP_PKEY_asn1_add0(3)>. 153e71b7053SJung-uk Kim 154e71b7053SJung-uk Kim=head2 Methods 155e71b7053SJung-uk Kim 156e71b7053SJung-uk KimThe methods are the underlying implementations of a particular public 157e71b7053SJung-uk Kimkey algorithm present by the B<EVP_PKEY> object. 158e71b7053SJung-uk Kim 159b077aed3SPierre Pronchery int (*pub_decode) (EVP_PKEY *pk, const X509_PUBKEY *pub); 160e71b7053SJung-uk Kim int (*pub_encode) (X509_PUBKEY *pub, const EVP_PKEY *pk); 161e71b7053SJung-uk Kim int (*pub_cmp) (const EVP_PKEY *a, const EVP_PKEY *b); 162e71b7053SJung-uk Kim int (*pub_print) (BIO *out, const EVP_PKEY *pkey, int indent, 163e71b7053SJung-uk Kim ASN1_PCTX *pctx); 164e71b7053SJung-uk Kim 165e71b7053SJung-uk KimThe pub_decode() and pub_encode() methods are called to decode / 166e71b7053SJung-uk Kimencode B<X509_PUBKEY> ASN.1 parameters to / from B<pk>. 167e71b7053SJung-uk KimThey MUST return 0 on error, 1 on success. 168e71b7053SJung-uk KimThey're called by L<X509_PUBKEY_get0(3)> and L<X509_PUBKEY_set(3)>. 169e71b7053SJung-uk Kim 170e71b7053SJung-uk KimThe pub_cmp() method is called when two public keys are to be 171e71b7053SJung-uk Kimcompared. 172e71b7053SJung-uk KimIt MUST return 1 when the keys are equal, 0 otherwise. 173b077aed3SPierre ProncheryIt's called by L<EVP_PKEY_eq(3)>. 174e71b7053SJung-uk Kim 175e71b7053SJung-uk KimThe pub_print() method is called to print a public key in humanly 176e71b7053SJung-uk Kimreadable text to B<out>, indented B<indent> spaces. 177e71b7053SJung-uk KimIt MUST return 0 on error, 1 on success. 178e71b7053SJung-uk KimIt's called by L<EVP_PKEY_print_public(3)>. 179e71b7053SJung-uk Kim 180e71b7053SJung-uk Kim int (*priv_decode) (EVP_PKEY *pk, const PKCS8_PRIV_KEY_INFO *p8inf); 181e71b7053SJung-uk Kim int (*priv_encode) (PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pk); 182e71b7053SJung-uk Kim int (*priv_print) (BIO *out, const EVP_PKEY *pkey, int indent, 183e71b7053SJung-uk Kim ASN1_PCTX *pctx); 184e71b7053SJung-uk Kim 185e71b7053SJung-uk KimThe priv_decode() and priv_encode() methods are called to decode / 186e71b7053SJung-uk Kimencode B<PKCS8_PRIV_KEY_INFO> form private key to / from B<pk>. 187e71b7053SJung-uk KimThey MUST return 0 on error, 1 on success. 188e71b7053SJung-uk KimThey're called by L<EVP_PKCS82PKEY(3)> and L<EVP_PKEY2PKCS8(3)>. 189e71b7053SJung-uk Kim 190e71b7053SJung-uk KimThe priv_print() method is called to print a private key in humanly 191e71b7053SJung-uk Kimreadable text to B<out>, indented B<indent> spaces. 192e71b7053SJung-uk KimIt MUST return 0 on error, 1 on success. 193e71b7053SJung-uk KimIt's called by L<EVP_PKEY_print_private(3)>. 194e71b7053SJung-uk Kim 195e71b7053SJung-uk Kim int (*pkey_size) (const EVP_PKEY *pk); 196e71b7053SJung-uk Kim int (*pkey_bits) (const EVP_PKEY *pk); 197e71b7053SJung-uk Kim int (*pkey_security_bits) (const EVP_PKEY *pk); 198e71b7053SJung-uk Kim 199e71b7053SJung-uk KimThe pkey_size() method returns the key size in bytes. 200b077aed3SPierre ProncheryIt's called by L<EVP_PKEY_get_size(3)>. 201e71b7053SJung-uk Kim 202e71b7053SJung-uk KimThe pkey_bits() method returns the key size in bits. 203b077aed3SPierre ProncheryIt's called by L<EVP_PKEY_get_bits(3)>. 204e71b7053SJung-uk Kim 205e71b7053SJung-uk Kim int (*param_decode) (EVP_PKEY *pkey, 206e71b7053SJung-uk Kim const unsigned char **pder, int derlen); 207e71b7053SJung-uk Kim int (*param_encode) (const EVP_PKEY *pkey, unsigned char **pder); 208e71b7053SJung-uk Kim int (*param_missing) (const EVP_PKEY *pk); 209e71b7053SJung-uk Kim int (*param_copy) (EVP_PKEY *to, const EVP_PKEY *from); 210e71b7053SJung-uk Kim int (*param_cmp) (const EVP_PKEY *a, const EVP_PKEY *b); 211e71b7053SJung-uk Kim int (*param_print) (BIO *out, const EVP_PKEY *pkey, int indent, 212e71b7053SJung-uk Kim ASN1_PCTX *pctx); 213e71b7053SJung-uk Kim 214e71b7053SJung-uk KimThe param_decode() and param_encode() methods are called to decode / 215e71b7053SJung-uk Kimencode DER formatted parameters to / from B<pk>. 216e71b7053SJung-uk KimThey MUST return 0 on error, 1 on success. 217e71b7053SJung-uk KimThey're called by L<PEM_read_bio_Parameters(3)> and the B<file:> 218e71b7053SJung-uk KimL<OSSL_STORE_LOADER(3)>. 219e71b7053SJung-uk Kim 220e71b7053SJung-uk KimThe param_missing() method returns 0 if a key parameter is missing, 221e71b7053SJung-uk Kimotherwise 1. 222e71b7053SJung-uk KimIt's called by L<EVP_PKEY_missing_parameters(3)>. 223e71b7053SJung-uk Kim 224e71b7053SJung-uk KimThe param_copy() method copies key parameters from B<from> to B<to>. 225e71b7053SJung-uk KimIt MUST return 0 on error, 1 on success. 226e71b7053SJung-uk KimIt's called by L<EVP_PKEY_copy_parameters(3)>. 227e71b7053SJung-uk Kim 228e71b7053SJung-uk KimThe param_cmp() method compares the parameters of keys B<a> and B<b>. 229e71b7053SJung-uk KimIt MUST return 1 when the keys are equal, 0 when not equal, or a 230e71b7053SJung-uk Kimnegative number on error. 231b077aed3SPierre ProncheryIt's called by L<EVP_PKEY_parameters_eq(3)>. 232e71b7053SJung-uk Kim 233e71b7053SJung-uk KimThe param_print() method prints the private key parameters in humanly 234e71b7053SJung-uk Kimreadable text to B<out>, indented B<indent> spaces. 235e71b7053SJung-uk KimIt MUST return 0 on error, 1 on success. 236e71b7053SJung-uk KimIt's called by L<EVP_PKEY_print_params(3)>. 237e71b7053SJung-uk Kim 238e71b7053SJung-uk Kim int (*sig_print) (BIO *out, 239e71b7053SJung-uk Kim const X509_ALGOR *sigalg, const ASN1_STRING *sig, 240e71b7053SJung-uk Kim int indent, ASN1_PCTX *pctx); 241e71b7053SJung-uk Kim 242e71b7053SJung-uk KimThe sig_print() method prints a signature in humanly readable text to 243e71b7053SJung-uk KimB<out>, indented B<indent> spaces. 244e71b7053SJung-uk KimB<sigalg> contains the exact signature algorithm. 245e71b7053SJung-uk KimIf the signature in B<sig> doesn't correspond to what this method 246e71b7053SJung-uk Kimexpects, X509_signature_dump() must be used as a last resort. 247e71b7053SJung-uk KimIt MUST return 0 on error, 1 on success. 248e71b7053SJung-uk KimIt's called by L<X509_signature_print(3)>. 249e71b7053SJung-uk Kim 250e71b7053SJung-uk Kim void (*pkey_free) (EVP_PKEY *pkey); 251e71b7053SJung-uk Kim 252e71b7053SJung-uk KimThe pkey_free() method helps freeing the internals of B<pkey>. 253e71b7053SJung-uk KimIt's called by L<EVP_PKEY_free(3)>, L<EVP_PKEY_set_type(3)>, 254e71b7053SJung-uk KimL<EVP_PKEY_set_type_str(3)>, and L<EVP_PKEY_assign(3)>. 255e71b7053SJung-uk Kim 256e71b7053SJung-uk Kim int (*pkey_ctrl) (EVP_PKEY *pkey, int op, long arg1, void *arg2); 257e71b7053SJung-uk Kim 258e71b7053SJung-uk KimThe pkey_ctrl() method adds extra algorithm specific control. 259e71b7053SJung-uk KimIt's called by L<EVP_PKEY_get_default_digest_nid(3)>, 260b077aed3SPierre ProncheryL<EVP_PKEY_set1_encoded_public_key(3)>, 261b077aed3SPierre ProncheryL<EVP_PKEY_get1_encoded_public_key(3)>, L<PKCS7_SIGNER_INFO_set(3)>, 262e71b7053SJung-uk KimL<PKCS7_RECIP_INFO_set(3)>, ... 263e71b7053SJung-uk Kim 264e71b7053SJung-uk Kim int (*old_priv_decode) (EVP_PKEY *pkey, 265e71b7053SJung-uk Kim const unsigned char **pder, int derlen); 266e71b7053SJung-uk Kim int (*old_priv_encode) (const EVP_PKEY *pkey, unsigned char **pder); 267e71b7053SJung-uk Kim 268e71b7053SJung-uk KimThe old_priv_decode() and old_priv_encode() methods decode / encode 269e71b7053SJung-uk Kimthey private key B<pkey> from / to a DER formatted array. 270e71b7053SJung-uk KimThese are exclusively used to help decoding / encoding older (pre 271e71b7053SJung-uk KimPKCS#8) PEM formatted encrypted private keys. 272e71b7053SJung-uk Kimold_priv_decode() MUST return 0 on error, 1 on success. 273e71b7053SJung-uk Kimold_priv_encode() MUST the return same kind of values as 274e71b7053SJung-uk Kimi2d_PrivateKey(). 275e71b7053SJung-uk KimThey're called by L<d2i_PrivateKey(3)> and L<i2d_PrivateKey(3)>. 276e71b7053SJung-uk Kim 277e71b7053SJung-uk Kim int (*item_verify) (EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn, 278e71b7053SJung-uk Kim X509_ALGOR *a, ASN1_BIT_STRING *sig, EVP_PKEY *pkey); 279e71b7053SJung-uk Kim int (*item_sign) (EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn, 280e71b7053SJung-uk Kim X509_ALGOR *alg1, X509_ALGOR *alg2, 281e71b7053SJung-uk Kim ASN1_BIT_STRING *sig); 282e71b7053SJung-uk Kim 283e71b7053SJung-uk KimThe item_sign() and item_verify() methods make it possible to have 284e71b7053SJung-uk Kimalgorithm specific signatures and verification of them. 285e71b7053SJung-uk Kim 286e71b7053SJung-uk Kimitem_sign() MUST return one of: 287e71b7053SJung-uk Kim 288e71b7053SJung-uk Kim=over 4 289e71b7053SJung-uk Kim 290e71b7053SJung-uk Kim=item <=0 291e71b7053SJung-uk Kim 292e71b7053SJung-uk Kimerror 293e71b7053SJung-uk Kim 294e71b7053SJung-uk Kim=item Z<>1 295e71b7053SJung-uk Kim 296e71b7053SJung-uk Kimitem_sign() did everything, OpenSSL internals just needs to pass the 297e71b7053SJung-uk Kimsignature length back. 298e71b7053SJung-uk Kim 299e71b7053SJung-uk Kim=item Z<>2 300e71b7053SJung-uk Kim 301e71b7053SJung-uk Kimitem_sign() did nothing, OpenSSL internal standard routines are 302e71b7053SJung-uk Kimexpected to continue with the default signature production. 303e71b7053SJung-uk Kim 304e71b7053SJung-uk Kim=item Z<>3 305e71b7053SJung-uk Kim 306e71b7053SJung-uk Kimitem_sign() set the algorithm identifier B<algor1> and B<algor2>, 307e71b7053SJung-uk KimOpenSSL internals should just sign using those algorithms. 308e71b7053SJung-uk Kim 309e71b7053SJung-uk Kim=back 310e71b7053SJung-uk Kim 311e71b7053SJung-uk Kimitem_verify() MUST return one of: 312e71b7053SJung-uk Kim 313e71b7053SJung-uk Kim=over 4 314e71b7053SJung-uk Kim 315e71b7053SJung-uk Kim=item <=0 316e71b7053SJung-uk Kim 317e71b7053SJung-uk Kimerror 318e71b7053SJung-uk Kim 319e71b7053SJung-uk Kim=item Z<>1 320e71b7053SJung-uk Kim 321e71b7053SJung-uk Kimitem_sign() did everything, OpenSSL internals just needs to pass the 322e71b7053SJung-uk Kimsignature length back. 323e71b7053SJung-uk Kim 324e71b7053SJung-uk Kim=item Z<>2 325e71b7053SJung-uk Kim 326e71b7053SJung-uk Kimitem_sign() did nothing, OpenSSL internal standard routines are 327e71b7053SJung-uk Kimexpected to continue with the default signature production. 328e71b7053SJung-uk Kim 329e71b7053SJung-uk Kim=back 330e71b7053SJung-uk Kim 331e71b7053SJung-uk Kimitem_verify() and item_sign() are called by L<ASN1_item_verify(3)> and 332e71b7053SJung-uk KimL<ASN1_item_sign(3)>, and by extension, L<X509_verify(3)>, 333e71b7053SJung-uk KimL<X509_REQ_verify(3)>, L<X509_sign(3)>, L<X509_REQ_sign(3)>, ... 334e71b7053SJung-uk Kim 335e71b7053SJung-uk Kim int (*siginf_set) (X509_SIG_INFO *siginf, const X509_ALGOR *alg, 336e71b7053SJung-uk Kim const ASN1_STRING *sig); 337e71b7053SJung-uk Kim 338e71b7053SJung-uk KimThe siginf_set() method is used to set custom B<X509_SIG_INFO> 339e71b7053SJung-uk Kimparameters. 340e71b7053SJung-uk KimIt MUST return 0 on error, or 1 on success. 341e71b7053SJung-uk KimIt's called as part of L<X509_check_purpose(3)>, L<X509_check_ca(3)> 342e71b7053SJung-uk Kimand L<X509_check_issued(3)>. 343e71b7053SJung-uk Kim 344e71b7053SJung-uk Kim int (*pkey_check) (const EVP_PKEY *pk); 345e71b7053SJung-uk Kim int (*pkey_public_check) (const EVP_PKEY *pk); 346e71b7053SJung-uk Kim int (*pkey_param_check) (const EVP_PKEY *pk); 347e71b7053SJung-uk Kim 348e71b7053SJung-uk KimThe pkey_check(), pkey_public_check() and pkey_param_check() methods are used 349e71b7053SJung-uk Kimto check the validity of B<pk> for key-pair, public component and parameters, 350e71b7053SJung-uk Kimrespectively. 351e71b7053SJung-uk KimThey MUST return 0 for an invalid key, or 1 for a valid key. 352e71b7053SJung-uk KimThey are called by L<EVP_PKEY_check(3)>, L<EVP_PKEY_public_check(3)> and 353e71b7053SJung-uk KimL<EVP_PKEY_param_check(3)> respectively. 354e71b7053SJung-uk Kim 355e71b7053SJung-uk Kim int (*set_priv_key) (EVP_PKEY *pk, const unsigned char *priv, size_t len); 356e71b7053SJung-uk Kim int (*set_pub_key) (EVP_PKEY *pk, const unsigned char *pub, size_t len); 357e71b7053SJung-uk Kim 358e71b7053SJung-uk KimThe set_priv_key() and set_pub_key() methods are used to set the raw private and 359e71b7053SJung-uk Kimpublic key data for an EVP_PKEY. They MUST return 0 on error, or 1 on success. 360e71b7053SJung-uk KimThey are called by L<EVP_PKEY_new_raw_private_key(3)>, and 361e71b7053SJung-uk KimL<EVP_PKEY_new_raw_public_key(3)> respectively. 362e71b7053SJung-uk Kim 363b077aed3SPierre Pronchery size_t (*dirty) (const EVP_PKEY *pk); 364b077aed3SPierre Pronchery void *(*export_to) (const EVP_PKEY *pk, EVP_KEYMGMT *keymgmt); 365b077aed3SPierre Pronchery 366b077aed3SPierre Proncherydirty_cnt() returns the internal key's dirty count. 367b077aed3SPierre ProncheryThis can be used to synchronise different copies of the same keys. 368b077aed3SPierre Pronchery 369b077aed3SPierre ProncheryThe export_to() method exports the key material from the given key to 370b077aed3SPierre Proncherya provider, through the L<EVP_KEYMGMT(3)> interface, if that provider 371b077aed3SPierre Proncherysupports importing key material. 372b077aed3SPierre Pronchery 373e71b7053SJung-uk Kim=head2 Functions 374e71b7053SJung-uk Kim 375e71b7053SJung-uk KimEVP_PKEY_asn1_new() creates and returns a new B<EVP_PKEY_ASN1_METHOD> 376e71b7053SJung-uk Kimobject, and associates the given B<id>, B<flags>, B<pem_str> and 377e71b7053SJung-uk KimB<info>. 378e71b7053SJung-uk KimB<id> is a NID, B<pem_str> is the PEM type string, B<info> is a 379e71b7053SJung-uk Kimdescriptive string. 380e71b7053SJung-uk KimThe following B<flags> are supported: 381e71b7053SJung-uk Kim 382e71b7053SJung-uk Kim ASN1_PKEY_SIGPARAM_NULL 383e71b7053SJung-uk Kim 384e71b7053SJung-uk KimIf B<ASN1_PKEY_SIGPARAM_NULL> is set, then the signature algorithm 385e71b7053SJung-uk Kimparameters are given the type B<V_ASN1_NULL> by default, otherwise 386e71b7053SJung-uk Kimthey will be given the type B<V_ASN1_UNDEF> (i.e. the parameter is 387e71b7053SJung-uk Kimomitted). 388e71b7053SJung-uk KimSee L<X509_ALGOR_set0(3)> for more information. 389e71b7053SJung-uk Kim 390e71b7053SJung-uk KimEVP_PKEY_asn1_copy() copies an B<EVP_PKEY_ASN1_METHOD> object from 391e71b7053SJung-uk KimB<src> to B<dst>. 392e71b7053SJung-uk KimThis function is not thread safe, it's recommended to only use this 393e71b7053SJung-uk Kimwhen initializing the application. 394e71b7053SJung-uk Kim 395e71b7053SJung-uk KimEVP_PKEY_asn1_free() frees an existing B<EVP_PKEY_ASN1_METHOD> pointed 396*a7148ab3SEnji Cooperby B<ameth>. If the argument is NULL, nothing is done. 397e71b7053SJung-uk Kim 398e71b7053SJung-uk KimEVP_PKEY_asn1_add0() adds B<ameth> to the user defined stack of 399e71b7053SJung-uk Kimmethods unless another B<EVP_PKEY_ASN1_METHOD> with the same NID is 400e71b7053SJung-uk Kimalready there. 401e71b7053SJung-uk KimThis function is not thread safe, it's recommended to only use this 402e71b7053SJung-uk Kimwhen initializing the application. 403e71b7053SJung-uk Kim 404e71b7053SJung-uk KimEVP_PKEY_asn1_add_alias() creates an alias with the NID B<to> for the 405e71b7053SJung-uk KimB<EVP_PKEY_ASN1_METHOD> with NID B<from> unless another 406e71b7053SJung-uk KimB<EVP_PKEY_ASN1_METHOD> with the same NID is already added. 407e71b7053SJung-uk KimThis function is not thread safe, it's recommended to only use this 408e71b7053SJung-uk Kimwhen initializing the application. 409e71b7053SJung-uk Kim 410e71b7053SJung-uk KimEVP_PKEY_asn1_set_public(), EVP_PKEY_asn1_set_private(), 411e71b7053SJung-uk KimEVP_PKEY_asn1_set_param(), EVP_PKEY_asn1_set_free(), 412e71b7053SJung-uk KimEVP_PKEY_asn1_set_ctrl(), EVP_PKEY_asn1_set_item(), 413e71b7053SJung-uk KimEVP_PKEY_asn1_set_siginf(), EVP_PKEY_asn1_set_check(), 414e71b7053SJung-uk KimEVP_PKEY_asn1_set_public_check(), EVP_PKEY_asn1_set_param_check(), 415e71b7053SJung-uk KimEVP_PKEY_asn1_set_security_bits(), EVP_PKEY_asn1_set_set_priv_key(), 416e71b7053SJung-uk KimEVP_PKEY_asn1_set_set_pub_key(), EVP_PKEY_asn1_set_get_priv_key() and 417e71b7053SJung-uk KimEVP_PKEY_asn1_set_get_pub_key() set the diverse methods of the given 418e71b7053SJung-uk KimB<EVP_PKEY_ASN1_METHOD> object. 419e71b7053SJung-uk Kim 420e71b7053SJung-uk KimEVP_PKEY_get0_asn1() finds the B<EVP_PKEY_ASN1_METHOD> associated 421e71b7053SJung-uk Kimwith the key B<pkey>. 422e71b7053SJung-uk Kim 423e71b7053SJung-uk Kim=head1 RETURN VALUES 424e71b7053SJung-uk Kim 425e71b7053SJung-uk KimEVP_PKEY_asn1_new() returns NULL on error, or a pointer to an 426e71b7053SJung-uk KimB<EVP_PKEY_ASN1_METHOD> object otherwise. 427e71b7053SJung-uk Kim 428e71b7053SJung-uk KimEVP_PKEY_asn1_add0() and EVP_PKEY_asn1_add_alias() return 0 on error, 429e71b7053SJung-uk Kimor 1 on success. 430e71b7053SJung-uk Kim 431e71b7053SJung-uk KimEVP_PKEY_get0_asn1() returns NULL on error, or a pointer to a constant 432e71b7053SJung-uk KimB<EVP_PKEY_ASN1_METHOD> object otherwise. 433e71b7053SJung-uk Kim 434b077aed3SPierre Pronchery=head1 HISTORY 435b077aed3SPierre Pronchery 436b077aed3SPierre ProncheryThe signature of the I<pub_decode> functional argument of 437b077aed3SPierre ProncheryEVP_PKEY_asn1_set_public() has changed in OpenSSL 3.0 so its I<pub> 438b077aed3SPierre Proncheryparameter is now constified. 439b077aed3SPierre Pronchery 440e71b7053SJung-uk Kim=head1 COPYRIGHT 441e71b7053SJung-uk Kim 442*a7148ab3SEnji CooperCopyright 2017-2024 The OpenSSL Project Authors. All Rights Reserved. 443e71b7053SJung-uk Kim 444b077aed3SPierre ProncheryLicensed under the Apache License 2.0 (the "License"). You may not use 445e71b7053SJung-uk Kimthis file except in compliance with the License. You can obtain a copy 446e71b7053SJung-uk Kimin the file LICENSE in the source distribution or at 447e71b7053SJung-uk KimL<https://www.openssl.org/source/license.html>. 448e71b7053SJung-uk Kim 449e71b7053SJung-uk Kim=cut 450