EVP_PKEY_is_a.pod 2.8 KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929394
  1. =pod
  2. =head1 NAME
  3. EVP_PKEY_is_a, EVP_PKEY_can_sign, EVP_PKEY_typenames_do_all,
  4. EVP_PKEY_get0_first_alg_name
  5. - key type and capabilities functions
  6. =head1 SYNOPSIS
  7. #include <openssl/evp.h>
  8. int EVP_PKEY_is_a(const EVP_PKEY *pkey, const char *name);
  9. int EVP_PKEY_can_sign(const EVP_PKEY *pkey);
  10. void EVP_PKEY_typenames_do_all(const EVP_PKEY *pkey,
  11. void (*fn)(const char *name, void *data),
  12. void *data);
  13. const char *EVP_PKEY_get0_first_alg_name(const EVP_PKEY *key);
  14. =head1 DESCRIPTION
  15. EVP_PKEY_is_a() checks if the key type of I<pkey> is I<name>.
  16. EVP_PKEY_can_sign() checks if the functionality for the key type of
  17. I<pkey> supports signing. No other check is done, such as whether
  18. I<pkey> contains a private key.
  19. EVP_PKEY_typenames_do_all() traverses all names for I<pkey>'s key type, and
  20. calls I<fn> with each name and I<data>. For example, an RSA B<EVP_PKEY> may
  21. be named both C<RSA> and C<rsaEncryption>.
  22. The order of the names is undefined.
  23. EVP_PKEY_get0_first_alg_name() returns the first algorithm name that is found
  24. for the given I<pkey>. Note that the I<pkey> may have multiple synonyms
  25. associated with it. In this case it is undefined which one will be returned.
  26. Ownership of the returned string is retained by the I<pkey> object and should
  27. not be freed by the caller.
  28. =head1 RETURN VALUES
  29. EVP_PKEY_is_a() returns 1 if I<pkey> has the key type I<name>,
  30. otherwise 0.
  31. EVP_PKEY_can_sign() returns 1 if the I<pkey> key type functionality
  32. supports signing, otherwise 0.
  33. EVP_PKEY_get0_first_alg_name() returns the name that is found or NULL on error.
  34. =head1 EXAMPLES
  35. =head2 EVP_PKEY_is_a()
  36. The loaded providers and what key types they support will ultimately
  37. determine what I<name> is possible to use with EVP_PKEY_is_a(). We do know
  38. that the default provider supports RSA, DH, DSA and EC keys, so we can use
  39. this as an crude example:
  40. #include <openssl/evp.h>
  41. ...
  42. /* |pkey| is an EVP_PKEY* */
  43. if (EVP_PKEY_is_a(pkey, "RSA")) {
  44. BIGNUM *modulus = NULL;
  45. if (EVP_PKEY_get_bn_param(pkey, "n", &modulus))
  46. /* do whatever with the modulus */
  47. BN_free(modulus);
  48. }
  49. =head2 EVP_PKEY_can_sign()
  50. #include <openssl/evp.h>
  51. ...
  52. /* |pkey| is an EVP_PKEY* */
  53. if (!EVP_PKEY_can_sign(pkey)) {
  54. fprintf(stderr, "Not a signing key!");
  55. exit(1);
  56. }
  57. /* Sign something... */
  58. =head1 HISTORY
  59. The functions described here were added in OpenSSL 3.0.
  60. =head1 COPYRIGHT
  61. Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
  62. Licensed under the Apache License 2.0 (the "License"). You may not use
  63. this file except in compliance with the License. You can obtain a copy
  64. in the file LICENSE in the source distribution or at
  65. L<https://www.openssl.org/source/license.html>.
  66. =cut