1e71b7053SJung-uk Kim=pod 2e71b7053SJung-uk Kim 3e71b7053SJung-uk Kim=head1 NAME 4e71b7053SJung-uk Kim 5e71b7053SJung-uk KimEVP_PKEY_encrypt_init, EVP_PKEY_encrypt - encrypt using a public key algorithm 6e71b7053SJung-uk Kim 7e71b7053SJung-uk Kim=head1 SYNOPSIS 8e71b7053SJung-uk Kim 9e71b7053SJung-uk Kim #include <openssl/evp.h> 10e71b7053SJung-uk Kim 11e71b7053SJung-uk Kim int EVP_PKEY_encrypt_init(EVP_PKEY_CTX *ctx); 12e71b7053SJung-uk Kim int EVP_PKEY_encrypt(EVP_PKEY_CTX *ctx, 13e71b7053SJung-uk Kim unsigned char *out, size_t *outlen, 14e71b7053SJung-uk Kim const unsigned char *in, size_t inlen); 15e71b7053SJung-uk Kim 16e71b7053SJung-uk Kim=head1 DESCRIPTION 17e71b7053SJung-uk Kim 18e71b7053SJung-uk KimThe EVP_PKEY_encrypt_init() function initializes a public key algorithm 19e71b7053SJung-uk Kimcontext using key B<pkey> for an encryption operation. 20e71b7053SJung-uk Kim 21e71b7053SJung-uk KimThe EVP_PKEY_encrypt() function performs a public key encryption operation 22e71b7053SJung-uk Kimusing B<ctx>. The data to be encrypted is specified using the B<in> and 23e71b7053SJung-uk KimB<inlen> parameters. If B<out> is B<NULL> then the maximum size of the output 24e71b7053SJung-uk Kimbuffer is written to the B<outlen> parameter. If B<out> is not B<NULL> then 25e71b7053SJung-uk Kimbefore the call the B<outlen> parameter should contain the length of the 26e71b7053SJung-uk KimB<out> buffer, if the call is successful the encrypted data is written to 27e71b7053SJung-uk KimB<out> and the amount of data written to B<outlen>. 28e71b7053SJung-uk Kim 29e71b7053SJung-uk Kim=head1 NOTES 30e71b7053SJung-uk Kim 31e71b7053SJung-uk KimAfter the call to EVP_PKEY_encrypt_init() algorithm specific control 32e71b7053SJung-uk Kimoperations can be performed to set any appropriate parameters for the 33e71b7053SJung-uk Kimoperation. 34e71b7053SJung-uk Kim 35e71b7053SJung-uk KimThe function EVP_PKEY_encrypt() can be called more than once on the same 36e71b7053SJung-uk Kimcontext if several operations are performed using the same parameters. 37e71b7053SJung-uk Kim 38e71b7053SJung-uk Kim=head1 RETURN VALUES 39e71b7053SJung-uk Kim 40e71b7053SJung-uk KimEVP_PKEY_encrypt_init() and EVP_PKEY_encrypt() return 1 for success and 0 41e71b7053SJung-uk Kimor a negative value for failure. In particular a return value of -2 42e71b7053SJung-uk Kimindicates the operation is not supported by the public key algorithm. 43e71b7053SJung-uk Kim 44*da327cd2SJung-uk Kim=head1 EXAMPLES 45e71b7053SJung-uk Kim 46e71b7053SJung-uk KimEncrypt data using OAEP (for RSA keys). See also L<PEM_read_PUBKEY(3)> or 47e71b7053SJung-uk KimL<d2i_X509(3)> for means to load a public key. You may also simply 48e71b7053SJung-uk Kimset 'eng = NULL;' to start with the default OpenSSL RSA implementation: 49e71b7053SJung-uk Kim 50e71b7053SJung-uk Kim #include <openssl/evp.h> 51e71b7053SJung-uk Kim #include <openssl/rsa.h> 52e71b7053SJung-uk Kim #include <openssl/engine.h> 53e71b7053SJung-uk Kim 54e71b7053SJung-uk Kim EVP_PKEY_CTX *ctx; 55e71b7053SJung-uk Kim ENGINE *eng; 56e71b7053SJung-uk Kim unsigned char *out, *in; 57e71b7053SJung-uk Kim size_t outlen, inlen; 58e71b7053SJung-uk Kim EVP_PKEY *key; 59e71b7053SJung-uk Kim 60e71b7053SJung-uk Kim /* 61e71b7053SJung-uk Kim * NB: assumes eng, key, in, inlen are already set up, 62e71b7053SJung-uk Kim * and that key is an RSA public key 63e71b7053SJung-uk Kim */ 64e71b7053SJung-uk Kim ctx = EVP_PKEY_CTX_new(key, eng); 65e71b7053SJung-uk Kim if (!ctx) 66e71b7053SJung-uk Kim /* Error occurred */ 67e71b7053SJung-uk Kim if (EVP_PKEY_encrypt_init(ctx) <= 0) 68e71b7053SJung-uk Kim /* Error */ 69e71b7053SJung-uk Kim if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_OAEP_PADDING) <= 0) 70e71b7053SJung-uk Kim /* Error */ 71e71b7053SJung-uk Kim 72e71b7053SJung-uk Kim /* Determine buffer length */ 73e71b7053SJung-uk Kim if (EVP_PKEY_encrypt(ctx, NULL, &outlen, in, inlen) <= 0) 74e71b7053SJung-uk Kim /* Error */ 75e71b7053SJung-uk Kim 76e71b7053SJung-uk Kim out = OPENSSL_malloc(outlen); 77e71b7053SJung-uk Kim 78e71b7053SJung-uk Kim if (!out) 79e71b7053SJung-uk Kim /* malloc failure */ 80e71b7053SJung-uk Kim 81e71b7053SJung-uk Kim if (EVP_PKEY_encrypt(ctx, out, &outlen, in, inlen) <= 0) 82e71b7053SJung-uk Kim /* Error */ 83e71b7053SJung-uk Kim 84e71b7053SJung-uk Kim /* Encrypted data is outlen bytes written to buffer out */ 85e71b7053SJung-uk Kim 86e71b7053SJung-uk Kim=head1 SEE ALSO 87e71b7053SJung-uk Kim 88e71b7053SJung-uk KimL<d2i_X509(3)>, 89e71b7053SJung-uk KimL<ENGINE_by_id(3)>, 90e71b7053SJung-uk KimL<EVP_PKEY_CTX_new(3)>, 91e71b7053SJung-uk KimL<EVP_PKEY_decrypt(3)>, 92e71b7053SJung-uk KimL<EVP_PKEY_sign(3)>, 93e71b7053SJung-uk KimL<EVP_PKEY_verify(3)>, 94e71b7053SJung-uk KimL<EVP_PKEY_verify_recover(3)>, 95e71b7053SJung-uk KimL<EVP_PKEY_derive(3)> 96e71b7053SJung-uk Kim 97e71b7053SJung-uk Kim=head1 HISTORY 98e71b7053SJung-uk Kim 996935a639SJung-uk KimThese functions were added in OpenSSL 1.0.0. 100e71b7053SJung-uk Kim 101e71b7053SJung-uk Kim=head1 COPYRIGHT 102e71b7053SJung-uk Kim 103*da327cd2SJung-uk KimCopyright 2006-2019 The OpenSSL Project Authors. All Rights Reserved. 104e71b7053SJung-uk Kim 105e71b7053SJung-uk KimLicensed under the OpenSSL license (the "License"). You may not use 106e71b7053SJung-uk Kimthis file except in compliance with the License. You can obtain a copy 107e71b7053SJung-uk Kimin the file LICENSE in the source distribution or at 108e71b7053SJung-uk KimL<https://www.openssl.org/source/license.html>. 109e71b7053SJung-uk Kim 110e71b7053SJung-uk Kim=cut 111