xref: /freebsd/crypto/openssl/doc/man3/EVP_PKEY_copy_parameters.pod (revision 734e82fe33aa764367791a7d603b383996c6b40b)
1=pod
2
3=head1 NAME
4
5EVP_PKEY_missing_parameters, EVP_PKEY_copy_parameters, EVP_PKEY_parameters_eq,
6EVP_PKEY_cmp_parameters, EVP_PKEY_eq,
7EVP_PKEY_cmp - public key parameter and comparison functions
8
9=head1 SYNOPSIS
10
11 #include <openssl/evp.h>
12
13 int EVP_PKEY_missing_parameters(const EVP_PKEY *pkey);
14 int EVP_PKEY_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from);
15
16 int EVP_PKEY_parameters_eq(const EVP_PKEY *a, const EVP_PKEY *b);
17 int EVP_PKEY_eq(const EVP_PKEY *a, const EVP_PKEY *b);
18
19The following functions have been deprecated since OpenSSL 3.0, and can be
20hidden entirely by defining B<OPENSSL_API_COMPAT> with a suitable version value,
21see L<openssl_user_macros(7)>:
22
23 int EVP_PKEY_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b);
24 int EVP_PKEY_cmp(const EVP_PKEY *a, const EVP_PKEY *b);
25
26=head1 DESCRIPTION
27
28The function EVP_PKEY_missing_parameters() returns 1 if the public key
29parameters of B<pkey> are missing and 0 if they are present or the algorithm
30doesn't use parameters.
31
32The function EVP_PKEY_copy_parameters() copies the parameters from key
33B<from> to key B<to>. An error is returned if the parameters are missing in
34B<from> or present in both B<from> and B<to> and mismatch. If the parameters
35in B<from> and B<to> are both present and match this function has no effect.
36
37The function EVP_PKEY_parameters_eq() checks the parameters of keys
38B<a> and B<b> for equality.
39
40The function EVP_PKEY_eq() checks the keys B<a> and B<b> for equality,
41including their parameters if they are available.
42
43=head1 NOTES
44
45The main purpose of the functions EVP_PKEY_missing_parameters() and
46EVP_PKEY_copy_parameters() is to handle public keys in certificates where the
47parameters are sometimes omitted from a public key if they are inherited from
48the CA that signed it.
49
50The deprecated functions EVP_PKEY_cmp() and EVP_PKEY_cmp_parameters() differ in
51their return values compared to other _cmp() functions. They are aliases for
52EVP_PKEY_eq() and EVP_PKEY_parameters_eq().
53
54The function EVP_PKEY_cmp() previously only checked the key parameters
55(if there are any) and the public key, assuming that there always was
56a public key and that private key equality could be derived from that.
57Because it's no longer assumed that the private key in an L<EVP_PKEY(3)> is
58always accompanied by a public key, the comparison can not rely on public
59key comparison alone.
60
61Instead, EVP_PKEY_eq() (and therefore also EVP_PKEY_cmp()) now compares:
62
63=over 4
64
65=item 1.
66
67the key parameters (if there are any)
68
69=item 2.
70
71the public keys or the private keys of the two B<EVP_PKEY>s, depending on
72what they both contain.
73
74=back
75
76=begin comment
77
78Exactly what is compared is ultimately at the discretion of the provider
79that holds the key, as they will compare what makes sense to them that fits
80the selector bits they are passed.
81
82=end comment
83
84=head1 RETURN VALUES
85
86The function EVP_PKEY_missing_parameters() returns 1 if the public key
87parameters of B<pkey> are missing and 0 if they are present or the algorithm
88doesn't use parameters.
89
90These functions EVP_PKEY_copy_parameters() returns 1 for success and 0 for
91failure.
92
93The functions EVP_PKEY_cmp_parameters(), EVP_PKEY_parameters_eq(),
94EVP_PKEY_cmp() and EVP_PKEY_eq() return 1 if their
95inputs match, 0 if they don't match, -1 if the key types are different and
96-2 if the operation is not supported.
97
98=head1 SEE ALSO
99
100L<EVP_PKEY_CTX_new(3)>,
101L<EVP_PKEY_keygen(3)>
102
103=head1 HISTORY
104
105The EVP_PKEY_cmp() and EVP_PKEY_cmp_parameters() functions were deprecated in
106OpenSSL 3.0.
107
108The EVP_PKEY_eq() and EVP_PKEY_parameters_eq() were added in OpenSSL 3.0 to
109replace EVP_PKEY_cmp() and EVP_PKEY_cmp_parameters().
110
111=head1 COPYRIGHT
112
113Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved.
114
115Licensed under the Apache License 2.0 (the "License").  You may not use
116this file except in compliance with the License.  You can obtain a copy
117in the file LICENSE in the source distribution or at
118L<https://www.openssl.org/source/license.html>.
119
120=cut
121