1238384Sjkim=pod 2238384Sjkim 3238384Sjkim=head1 NAME 4238384Sjkim 5238384SjkimEVP_PKEY_decrypt_init, EVP_PKEY_decrypt - decrypt using a public key algorithm 6238384Sjkim 7238384Sjkim=head1 SYNOPSIS 8238384Sjkim 9238384Sjkim #include <openssl/evp.h> 10238384Sjkim 11238384Sjkim int EVP_PKEY_decrypt_init(EVP_PKEY_CTX *ctx); 12238384Sjkim int EVP_PKEY_decrypt(EVP_PKEY_CTX *ctx, 13238384Sjkim unsigned char *out, size_t *outlen, 14238384Sjkim const unsigned char *in, size_t inlen); 15238384Sjkim 16238384Sjkim=head1 DESCRIPTION 17238384Sjkim 18238384SjkimThe EVP_PKEY_decrypt_init() function initializes a public key algorithm 19238384Sjkimcontext using key B<pkey> for a decryption operation. 20238384Sjkim 21238384SjkimThe EVP_PKEY_decrypt() function performs a public key decryption operation 22238384Sjkimusing B<ctx>. The data to be decrypted is specified using the B<in> and 23238384SjkimB<inlen> parameters. If B<out> is B<NULL> then the maximum size of the output 24238384Sjkimbuffer is written to the B<outlen> parameter. If B<out> is not B<NULL> then 25238384Sjkimbefore the call the B<outlen> parameter should contain the length of the 26238384SjkimB<out> buffer, if the call is successful the decrypted data is written to 27238384SjkimB<out> and the amount of data written to B<outlen>. 28238384Sjkim 29238384Sjkim=head1 NOTES 30238384Sjkim 31238384SjkimAfter the call to EVP_PKEY_decrypt_init() algorithm specific control 32238384Sjkimoperations can be performed to set any appropriate parameters for the 33238384Sjkimoperation. 34238384Sjkim 35238384SjkimThe function EVP_PKEY_decrypt() can be called more than once on the same 36238384Sjkimcontext if several operations are performed using the same parameters. 37238384Sjkim 38238384Sjkim=head1 RETURN VALUES 39238384Sjkim 40238384SjkimEVP_PKEY_decrypt_init() and EVP_PKEY_decrypt() return 1 for success and 0 41238384Sjkimor a negative value for failure. In particular a return value of -2 42238384Sjkimindicates the operation is not supported by the public key algorithm. 43238384Sjkim 44238384Sjkim=head1 EXAMPLE 45238384Sjkim 46238384SjkimDecrypt data using OAEP (for RSA keys): 47238384Sjkim 48238384Sjkim #include <openssl/evp.h> 49238384Sjkim #include <openssl/rsa.h> 50238384Sjkim 51238384Sjkim EVP_PKEY_CTX *ctx; 52238384Sjkim unsigned char *out, *in; 53238384Sjkim size_t outlen, inlen; 54238384Sjkim EVP_PKEY *key; 55238384Sjkim /* NB: assumes key in, inlen are already set up 56238384Sjkim * and that key is an RSA private key 57238384Sjkim */ 58238384Sjkim ctx = EVP_PKEY_CTX_new(key); 59238384Sjkim if (!ctx) 60238384Sjkim /* Error occurred */ 61238384Sjkim if (EVP_PKEY_decrypt_init(ctx) <= 0) 62238384Sjkim /* Error */ 63238384Sjkim if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_OAEP_PADDING) <= 0) 64238384Sjkim /* Error */ 65238384Sjkim 66238384Sjkim /* Determine buffer length */ 67238384Sjkim if (EVP_PKEY_decrypt(ctx, NULL, &outlen, in, inlen) <= 0) 68238384Sjkim /* Error */ 69238384Sjkim 70238384Sjkim out = OPENSSL_malloc(outlen); 71238384Sjkim 72238384Sjkim if (!out) 73238384Sjkim /* malloc failure */ 74238384Sjkim 75238384Sjkim if (EVP_PKEY_decrypt(ctx, out, &outlen, in, inlen) <= 0) 76238384Sjkim /* Error */ 77238384Sjkim 78238384Sjkim /* Decrypted data is outlen bytes written to buffer out */ 79238384Sjkim 80238384Sjkim=head1 SEE ALSO 81238384Sjkim 82238384SjkimL<EVP_PKEY_CTX_new(3)|EVP_PKEY_CTX_new(3)>, 83238384SjkimL<EVP_PKEY_encrypt(3)|EVP_PKEY_encrypt(3)>, 84238384SjkimL<EVP_PKEY_sign(3)|EVP_PKEY_sign(3)>, 85238384SjkimL<EVP_PKEY_verify(3)|EVP_PKEY_verify(3)>, 86246772SjkimL<EVP_PKEY_verify_recover(3)|EVP_PKEY_verify_recover(3)>, 87238384SjkimL<EVP_PKEY_derive(3)|EVP_PKEY_derive(3)> 88238384Sjkim 89238384Sjkim=head1 HISTORY 90238384Sjkim 91238384SjkimThese functions were first added to OpenSSL 1.0.0. 92238384Sjkim 93238384Sjkim=cut 94