1e71b7053SJung-uk Kim=pod 2e71b7053SJung-uk Kim 3e71b7053SJung-uk Kim=head1 NAME 4e71b7053SJung-uk Kim 5*b077aed3SPierre ProncheryEVP_PKEY_decrypt_init, EVP_PKEY_decrypt_init_ex, 6*b077aed3SPierre ProncheryEVP_PKEY_decrypt - decrypt using a public key algorithm 7e71b7053SJung-uk Kim 8e71b7053SJung-uk Kim=head1 SYNOPSIS 9e71b7053SJung-uk Kim 10e71b7053SJung-uk Kim #include <openssl/evp.h> 11e71b7053SJung-uk Kim 12e71b7053SJung-uk Kim int EVP_PKEY_decrypt_init(EVP_PKEY_CTX *ctx); 13*b077aed3SPierre Pronchery int EVP_PKEY_decrypt_init_ex(EVP_PKEY_CTX *ctx, const OSSL_PARAM params[]); 14e71b7053SJung-uk Kim int EVP_PKEY_decrypt(EVP_PKEY_CTX *ctx, 15e71b7053SJung-uk Kim unsigned char *out, size_t *outlen, 16e71b7053SJung-uk Kim const unsigned char *in, size_t inlen); 17e71b7053SJung-uk Kim 18e71b7053SJung-uk Kim=head1 DESCRIPTION 19e71b7053SJung-uk Kim 20e71b7053SJung-uk KimThe EVP_PKEY_decrypt_init() function initializes a public key algorithm 21*b077aed3SPierre Proncherycontext using key I<pkey> for a decryption operation. 22*b077aed3SPierre Pronchery 23*b077aed3SPierre ProncheryThe EVP_PKEY_decrypt_init_ex() function initializes a public key algorithm 24*b077aed3SPierre Proncherycontext using key I<pkey> for a decryption operation and sets the 25*b077aed3SPierre Proncheryalgorithm specific I<params>. 26e71b7053SJung-uk Kim 27e71b7053SJung-uk KimThe EVP_PKEY_decrypt() function performs a public key decryption operation 28*b077aed3SPierre Proncheryusing I<ctx>. The data to be decrypted is specified using the I<in> and 29*b077aed3SPierre ProncheryI<inlen> parameters. If I<out> is NULL then the minimum required size of 30*b077aed3SPierre Proncherythe output buffer is written to the I<*outlen> parameter. 31*b077aed3SPierre Pronchery 32*b077aed3SPierre ProncheryIf I<out> is not NULL then before the call the I<*outlen> parameter must 33*b077aed3SPierre Proncherycontain the length of the I<out> buffer. If the call is successful the 34*b077aed3SPierre Proncherydecrypted data is written to I<out> and the amount of the decrypted data 35*b077aed3SPierre Proncherywritten to I<*outlen>, otherwise an error is returned. 36e71b7053SJung-uk Kim 37e71b7053SJung-uk Kim=head1 NOTES 38e71b7053SJung-uk Kim 39e71b7053SJung-uk KimAfter the call to EVP_PKEY_decrypt_init() algorithm specific control 40e71b7053SJung-uk Kimoperations can be performed to set any appropriate parameters for the 41*b077aed3SPierre Proncheryoperation. These operations can be included in the EVP_PKEY_decrypt_init_ex() 42*b077aed3SPierre Proncherycall. 43e71b7053SJung-uk Kim 44e71b7053SJung-uk KimThe function EVP_PKEY_decrypt() can be called more than once on the same 45e71b7053SJung-uk Kimcontext if several operations are performed using the same parameters. 46e71b7053SJung-uk Kim 47e71b7053SJung-uk Kim=head1 RETURN VALUES 48e71b7053SJung-uk Kim 49*b077aed3SPierre ProncheryEVP_PKEY_decrypt_init(), EVP_PKEY_decrypt_init_ex() and EVP_PKEY_decrypt() 50*b077aed3SPierre Proncheryreturn 1 for success and 0 or a negative value for failure. In particular a 51*b077aed3SPierre Proncheryreturn value of -2 indicates the operation is not supported by the public key 52*b077aed3SPierre Proncheryalgorithm. 53e71b7053SJung-uk Kim 54da327cd2SJung-uk Kim=head1 EXAMPLES 55e71b7053SJung-uk Kim 56e71b7053SJung-uk KimDecrypt data using OAEP (for RSA keys): 57e71b7053SJung-uk Kim 58e71b7053SJung-uk Kim #include <openssl/evp.h> 59e71b7053SJung-uk Kim #include <openssl/rsa.h> 60e71b7053SJung-uk Kim 61e71b7053SJung-uk Kim EVP_PKEY_CTX *ctx; 62e71b7053SJung-uk Kim ENGINE *eng; 63e71b7053SJung-uk Kim unsigned char *out, *in; 64e71b7053SJung-uk Kim size_t outlen, inlen; 65e71b7053SJung-uk Kim EVP_PKEY *key; 66e71b7053SJung-uk Kim 67e71b7053SJung-uk Kim /* 68e71b7053SJung-uk Kim * NB: assumes key, eng, in, inlen are already set up 69e71b7053SJung-uk Kim * and that key is an RSA private key 70e71b7053SJung-uk Kim */ 71e71b7053SJung-uk Kim ctx = EVP_PKEY_CTX_new(key, eng); 72e71b7053SJung-uk Kim if (!ctx) 73e71b7053SJung-uk Kim /* Error occurred */ 74e71b7053SJung-uk Kim if (EVP_PKEY_decrypt_init(ctx) <= 0) 75e71b7053SJung-uk Kim /* Error */ 76*b077aed3SPierre Pronchery if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_OAEP_PADDING) <= 0) 77e71b7053SJung-uk Kim /* Error */ 78e71b7053SJung-uk Kim 79e71b7053SJung-uk Kim /* Determine buffer length */ 80e71b7053SJung-uk Kim if (EVP_PKEY_decrypt(ctx, NULL, &outlen, in, inlen) <= 0) 81e71b7053SJung-uk Kim /* Error */ 82e71b7053SJung-uk Kim 83e71b7053SJung-uk Kim out = OPENSSL_malloc(outlen); 84e71b7053SJung-uk Kim 85e71b7053SJung-uk Kim if (!out) 86e71b7053SJung-uk Kim /* malloc failure */ 87e71b7053SJung-uk Kim 88e71b7053SJung-uk Kim if (EVP_PKEY_decrypt(ctx, out, &outlen, in, inlen) <= 0) 89e71b7053SJung-uk Kim /* Error */ 90e71b7053SJung-uk Kim 91e71b7053SJung-uk Kim /* Decrypted data is outlen bytes written to buffer out */ 92e71b7053SJung-uk Kim 93e71b7053SJung-uk Kim=head1 SEE ALSO 94e71b7053SJung-uk Kim 95e71b7053SJung-uk KimL<EVP_PKEY_CTX_new(3)>, 96e71b7053SJung-uk KimL<EVP_PKEY_encrypt(3)>, 97e71b7053SJung-uk KimL<EVP_PKEY_sign(3)>, 98e71b7053SJung-uk KimL<EVP_PKEY_verify(3)>, 99e71b7053SJung-uk KimL<EVP_PKEY_verify_recover(3)>, 100e71b7053SJung-uk KimL<EVP_PKEY_derive(3)> 101e71b7053SJung-uk Kim 102e71b7053SJung-uk Kim=head1 HISTORY 103e71b7053SJung-uk Kim 1046935a639SJung-uk KimThese functions were added in OpenSSL 1.0.0. 105e71b7053SJung-uk Kim 106e71b7053SJung-uk Kim=head1 COPYRIGHT 107e71b7053SJung-uk Kim 108*b077aed3SPierre ProncheryCopyright 2006-2022 The OpenSSL Project Authors. All Rights Reserved. 109e71b7053SJung-uk Kim 110*b077aed3SPierre ProncheryLicensed under the Apache License 2.0 (the "License"). You may not use 111e71b7053SJung-uk Kimthis file except in compliance with the License. You can obtain a copy 112e71b7053SJung-uk Kimin the file LICENSE in the source distribution or at 113e71b7053SJung-uk KimL<https://www.openssl.org/source/license.html>. 114e71b7053SJung-uk Kim 115e71b7053SJung-uk Kim=cut 116