Methods

The methods implement the particular public key algorithm represented by the EVP_PKEY_CTX object.

int (*init)(EVP_PKEY_CTX *ctx) 
int (*copy)(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src) 
void (*cleanup)(EVP_PKEY_CTX *ctx)

The init() method is called by EVP_PKEY_CTX_new(3) and EVP_PKEY_CTX_new_id(3) to initialize the algorithm-specific data when a new EVP_PKEY_CTX is created. The cleanup() method is called by EVP_PKEY_CTX_free(3) when an EVP_PKEY_CTX is freed. The copy() method is called by EVP_PKEY_CTX_dup(3) when an EVP_PKEY_CTX is duplicated.

int (*paramgen_init)(EVP_PKEY_CTX *ctx) 
int (*paramgen)(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)

The paramgen_init() and paramgen() methods deal with key parameter generation. They are called by EVP_PKEY_paramgen_init(3) and EVP_PKEY_paramgen(3) to handle the parameter generation process.

int (*keygen_init)(EVP_PKEY_CTX *ctx) 
int (*keygen)(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)

The keygen_init() and keygen() methods are used to generate a key for the specified algorithm. They are called by EVP_PKEY_keygen_init(3) and EVP_PKEY_keygen(3).

int (*sign_init)(EVP_PKEY_CTX *ctx) 
int (*sign)(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, const unsigned char *tbs, size_t tbslen);

The sign_init() and sign() methods are used to generate the signature of a piece of data using a private key. They are called by EVP_PKEY_sign_init(3) and EVP_PKEY_sign(3).

int (*verify_init)(EVP_PKEY_CTX *ctx) 
int (*verify)(EVP_PKEY_CTX *ctx, const unsigned char *sig, size_t siglen, const unsigned char *tbs, size_t tbslen);

The verify_init() and verify() methods are used to verify whether a signature is valid. They are called by EVP_PKEY_verify_init(3) and EVP_PKEY_verify(3).

int (*verify_recover_init)(EVP_PKEY_CTX *ctx) 
int (*verify_recover)(EVP_PKEY_CTX *ctx, unsigned char *rout, size_t *routlen, const unsigned char *sig, size_t siglen);

The verify_recover_init() and verify_recover() methods are used to verify a signature and then recover the digest from the signature (for instance, a signature that was generated by the RSA signing algorithm). They are called by EVP_PKEY_verify_recover_init(3) and EVP_PKEY_verify_recover(3).

int (*signctx_init)(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx) 
int (*signctx)(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, EVP_MD_CTX *mctx);

The signctx_init() and signctx() methods are used to sign a digest represented by an EVP_MD_CTX object. They are called by the EVP_DigestSignInit(3) functions.

int (*verifyctx_init)(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx) 
int (*verifyctx)(EVP_PKEY_CTX *ctx, const unsigned char *sig, int siglen, EVP_MD_CTX *mctx);

The verifyctx_init() and verifyctx() methods are used to verify a signature against the data in an EVP_MD_CTX object. They are called by the EVP_DigestVerifyInit(3) functions.

int (*encrypt_init)(EVP_PKEY_CTX *ctx) 
int (*encrypt)(EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen, const unsigned char *in, size_t inlen);

The encrypt_init() and encrypt() methods are used to encrypt a piece of data. They are called by EVP_PKEY_encrypt_init(3) and EVP_PKEY_encrypt(3).

int (*decrypt_init)(EVP_PKEY_CTX *ctx) 
int (*decrypt)(EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen, const unsigned char *in, size_t inlen);

The decrypt_init() and decrypt() methods are used to decrypt a piece of data. They are called by EVP_PKEY_decrypt_init(3) and EVP_PKEY_decrypt(3).

int (*derive_init)(EVP_PKEY_CTX *ctx) 
int (*derive)(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen);

The derive_init() and derive() methods are used to derive the shared secret from a public key algorithm (for instance, the DH algorithm). They are called by EVP_PKEY_derive_init(3) and EVP_PKEY_derive(3).

int (*ctrl)(EVP_PKEY_CTX *ctx, int type, int p1, void *p2); 
int (*ctrl_str)(EVP_PKEY_CTX *ctx, const char *type, const char *value);

The ctrl() and ctrl_str() methods are used to adjust algorithm-specific settings. See EVP_PKEY_CTX_ctrl(3) for details.

int (*check)(EVP_PKEY *pkey) 
int (*public_check)(EVP_PKEY *pkey) 
int (*param_check)(EVP_PKEY *pkey)

These methods are used to validate a key pair, the public component, and the parameters for the given pkey, respectively. They are called by EVP_PKEY_check(3), EVP_PKEY_public_check(3), and EVP_PKEY_param_check(3), respectively.

Functions

EVP_PKEY_meth_new() creates a new EVP_PKEY_METHOD object with the given id and flags. The following flags are supported:

EVP_PKEY_FLAG_AUTOARGLEN

Automatically calculate the maximum size of the output buffer in corresponding EVP methods by the EVP framework. Thus the implementations of these methods don't need to care about handling the case of returning output buffer size by themselves. For details on the output buffer size, refer to EVP_PKEY_sign(3).

EVP_PKEY_FLAG_SIGCTX_CUSTOM

Indicate that the signctx() method of an EVP_PKEY_METHOD is always called by the EVP framework while doing a digest signing operation by calling EVP_DigestSignFinal(3).

EVP_PKEY_meth_free() frees pmeth. EVP_PKEY_meth_copy() copies src to dst. EVP_PKEY_meth_find() finds an EVP_PKEY_METHOD object with the given id. This function first searches through the user-defined method objects and then through the built-in objects. EVP_PKEY_meth_add0() adds pmeth to the stack of user defined methods. The EVP_PKEY_meth_set_*() functions set the corresponding fields of pmeth to the arguments passed. EVP_PKEY_CTX_get_data() retrieves algorithm- and implementation-specific private key data from ctx. Public key algorithm implementations typically allocate and initialize this data automatically in their init() function. EVP_PKEY_CTX_set_data() transfers ownership of the given data to ctx, replacing the existing algorithm- and implementation-specific private key data. It is the responsibility of the caller to free the existing data before calling this function.