xref: /freebsd/crypto/openssl/doc/man3/EVP_PKEY_decrypt.pod (revision da327cd22e88f26f6cab9d4c45805b512139aa11) 
1e71b7053SJung-uk Kim=pod
2e71b7053SJung-uk Kim
3e71b7053SJung-uk Kim=head1 NAME
4e71b7053SJung-uk Kim
5e71b7053SJung-uk KimEVP_PKEY_decrypt_init, EVP_PKEY_decrypt - decrypt using a public key algorithm
6e71b7053SJung-uk Kim
7e71b7053SJung-uk Kim=head1 SYNOPSIS
8e71b7053SJung-uk Kim
9e71b7053SJung-uk Kim #include <openssl/evp.h>
10e71b7053SJung-uk Kim
11e71b7053SJung-uk Kim int EVP_PKEY_decrypt_init(EVP_PKEY_CTX *ctx);
12e71b7053SJung-uk Kim int EVP_PKEY_decrypt(EVP_PKEY_CTX *ctx,
13e71b7053SJung-uk Kim                      unsigned char *out, size_t *outlen,
14e71b7053SJung-uk Kim                      const unsigned char *in, size_t inlen);
15e71b7053SJung-uk Kim
16e71b7053SJung-uk Kim=head1 DESCRIPTION
17e71b7053SJung-uk Kim
18e71b7053SJung-uk KimThe EVP_PKEY_decrypt_init() function initializes a public key algorithm
19e71b7053SJung-uk Kimcontext using key B<pkey> for a decryption operation.
20e71b7053SJung-uk Kim
21e71b7053SJung-uk KimThe EVP_PKEY_decrypt() function performs a public key decryption operation
22e71b7053SJung-uk Kimusing B<ctx>. The data to be decrypted is specified using the B<in> and
23e71b7053SJung-uk KimB<inlen> parameters. If B<out> is B<NULL> then the maximum size of the output
24e71b7053SJung-uk Kimbuffer is written to the B<outlen> parameter. If B<out> is not B<NULL> then
25e71b7053SJung-uk Kimbefore the call the B<outlen> parameter should contain the length of the
26e71b7053SJung-uk KimB<out> buffer, if the call is successful the decrypted data is written to
27e71b7053SJung-uk KimB<out> and the amount of data written to B<outlen>.
28e71b7053SJung-uk Kim
29e71b7053SJung-uk Kim=head1 NOTES
30e71b7053SJung-uk Kim
31e71b7053SJung-uk KimAfter the call to EVP_PKEY_decrypt_init() algorithm specific control
32e71b7053SJung-uk Kimoperations can be performed to set any appropriate parameters for the
33e71b7053SJung-uk Kimoperation.
34e71b7053SJung-uk Kim
35e71b7053SJung-uk KimThe function EVP_PKEY_decrypt() can be called more than once on the same
36e71b7053SJung-uk Kimcontext if several operations are performed using the same parameters.
37e71b7053SJung-uk Kim
38e71b7053SJung-uk Kim=head1 RETURN VALUES
39e71b7053SJung-uk Kim
40e71b7053SJung-uk KimEVP_PKEY_decrypt_init() and EVP_PKEY_decrypt() return 1 for success and 0
41e71b7053SJung-uk Kimor a negative value for failure. In particular a return value of -2
42e71b7053SJung-uk Kimindicates the operation is not supported by the public key algorithm.
43e71b7053SJung-uk Kim
44*da327cd2SJung-uk Kim=head1 EXAMPLES
45e71b7053SJung-uk Kim
46e71b7053SJung-uk KimDecrypt data using OAEP (for RSA keys):
47e71b7053SJung-uk Kim
48e71b7053SJung-uk Kim #include <openssl/evp.h>
49e71b7053SJung-uk Kim #include <openssl/rsa.h>
50e71b7053SJung-uk Kim
51e71b7053SJung-uk Kim EVP_PKEY_CTX *ctx;
52e71b7053SJung-uk Kim ENGINE *eng;
53e71b7053SJung-uk Kim unsigned char *out, *in;
54e71b7053SJung-uk Kim size_t outlen, inlen;
55e71b7053SJung-uk Kim EVP_PKEY *key;
56e71b7053SJung-uk Kim
57e71b7053SJung-uk Kim /*
58e71b7053SJung-uk Kim  * NB: assumes key, eng, in, inlen are already set up
59e71b7053SJung-uk Kim  * and that key is an RSA private key
60e71b7053SJung-uk Kim  */
61e71b7053SJung-uk Kim ctx = EVP_PKEY_CTX_new(key, eng);
62e71b7053SJung-uk Kim if (!ctx)
63e71b7053SJung-uk Kim     /* Error occurred */
64e71b7053SJung-uk Kim if (EVP_PKEY_decrypt_init(ctx) <= 0)
65e71b7053SJung-uk Kim     /* Error */
66e71b7053SJung-uk Kim if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_OAEP_PADDING) <= 0)
67e71b7053SJung-uk Kim     /* Error */
68e71b7053SJung-uk Kim
69e71b7053SJung-uk Kim /* Determine buffer length */
70e71b7053SJung-uk Kim if (EVP_PKEY_decrypt(ctx, NULL, &outlen, in, inlen) <= 0)
71e71b7053SJung-uk Kim     /* Error */
72e71b7053SJung-uk Kim
73e71b7053SJung-uk Kim out = OPENSSL_malloc(outlen);
74e71b7053SJung-uk Kim
75e71b7053SJung-uk Kim if (!out)
76e71b7053SJung-uk Kim     /* malloc failure */
77e71b7053SJung-uk Kim
78e71b7053SJung-uk Kim if (EVP_PKEY_decrypt(ctx, out, &outlen, in, inlen) <= 0)
79e71b7053SJung-uk Kim     /* Error */
80e71b7053SJung-uk Kim
81e71b7053SJung-uk Kim /* Decrypted data is outlen bytes written to buffer out */
82e71b7053SJung-uk Kim
83e71b7053SJung-uk Kim=head1 SEE ALSO
84e71b7053SJung-uk Kim
85e71b7053SJung-uk KimL<EVP_PKEY_CTX_new(3)>,
86e71b7053SJung-uk KimL<EVP_PKEY_encrypt(3)>,
87e71b7053SJung-uk KimL<EVP_PKEY_sign(3)>,
88e71b7053SJung-uk KimL<EVP_PKEY_verify(3)>,
89e71b7053SJung-uk KimL<EVP_PKEY_verify_recover(3)>,
90e71b7053SJung-uk KimL<EVP_PKEY_derive(3)>
91e71b7053SJung-uk Kim
92e71b7053SJung-uk Kim=head1 HISTORY
93e71b7053SJung-uk Kim
946935a639SJung-uk KimThese functions were added in OpenSSL 1.0.0.
95e71b7053SJung-uk Kim
96e71b7053SJung-uk Kim=head1 COPYRIGHT
97e71b7053SJung-uk Kim
98*da327cd2SJung-uk KimCopyright 2006-2019 The OpenSSL Project Authors. All Rights Reserved.
99e71b7053SJung-uk Kim
100e71b7053SJung-uk KimLicensed under the OpenSSL license (the "License").  You may not use
101e71b7053SJung-uk Kimthis file except in compliance with the License.  You can obtain a copy
102e71b7053SJung-uk Kimin the file LICENSE in the source distribution or at
103e71b7053SJung-uk KimL<https://www.openssl.org/source/license.html>.
104e71b7053SJung-uk Kim
105e71b7053SJung-uk Kim=cut
106