FreeBSD manual
download PDF document: d2i_DSAparams.3.pdf
D2I_RSAPRIVATEKEY(3ossl) OpenSSL D2I_RSAPRIVATEKEY(3ossl)
NAME
d2i_DSAPrivateKey, d2i_DSAPrivateKey_bio, d2i_DSAPrivateKey_fp,
d2i_DSAPublicKey, d2i_DSA_PUBKEY, d2i_DSA_PUBKEY_bio,
d2i_DSA_PUBKEY_fp, d2i_DSAparams, d2i_RSAPrivateKey,
d2i_RSAPrivateKey_bio, d2i_RSAPrivateKey_fp, d2i_RSAPublicKey,
d2i_RSAPublicKey_bio, d2i_RSAPublicKey_fp, d2i_RSA_PUBKEY,
d2i_RSA_PUBKEY_bio, d2i_RSA_PUBKEY_fp, d2i_DHparams, d2i_DHparams_bio,
d2i_DHparams_fp, d2i_ECParameters, d2i_ECPrivateKey,
d2i_ECPrivateKey_bio, d2i_ECPrivateKey_fp, d2i_EC_PUBKEY,
d2i_EC_PUBKEY_bio, d2i_EC_PUBKEY_fp, i2d_RSAPrivateKey,
i2d_RSAPrivateKey_bio, i2d_RSAPrivateKey_fp, i2d_RSAPublicKey,
i2d_RSAPublicKey_bio, i2d_RSAPublicKey_fp, i2d_RSA_PUBKEY,
i2d_RSA_PUBKEY_bio, i2d_RSA_PUBKEY_fp, i2d_DHparams, i2d_DHparams_bio,
i2d_DHparams_fp, i2d_DSAPrivateKey, i2d_DSAPrivateKey_bio,
i2d_DSAPrivateKey_fp, i2d_DSAPublicKey, i2d_DSA_PUBKEY,
i2d_DSA_PUBKEY_bio, i2d_DSA_PUBKEY_fp, i2d_DSAparams, i2d_ECParameters,
i2d_ECPrivateKey, i2d_ECPrivateKey_bio, i2d_ECPrivateKey_fp,
i2d_EC_PUBKEY, i2d_EC_PUBKEY_bio, i2d_EC_PUBKEY_fp - DEPRECATED
SYNOPSIS
The following functions have been deprecated since OpenSSL 3.0, and can
be hidden entirely by defining OPENSSL_API_COMPAT with a suitable
version value, see openssl_user_macros(7):
TYPE *d2i_TYPEPrivateKey(TYPE **a, const unsigned char **ppin, long length);
TYPE *d2i_TYPEPrivateKey_bio(BIO *bp, TYPE **a);
TYPE *d2i_TYPEPrivateKey_fp(FILE *fp, TYPE **a);
TYPE *d2i_TYPEPublicKey(TYPE **a, const unsigned char **ppin, long length);
TYPE *d2i_TYPEPublicKey_bio(BIO *bp, TYPE **a);
TYPE *d2i_TYPEPublicKey_fp(FILE *fp, TYPE **a);
TYPE *d2i_TYPEparams(TYPE **a, const unsigned char **ppin, long length);
TYPE *d2i_TYPEparams_bio(BIO *bp, TYPE **a);
TYPE *d2i_TYPEparams_fp(FILE *fp, TYPE **a);
TYPE *d2i_TYPE_PUBKEY(TYPE **a, const unsigned char **ppin, long length);
TYPE *d2i_TYPE_PUBKEY_bio(BIO *bp, TYPE **a);
TYPE *d2i_TYPE_PUBKEY_fp(FILE *fp, TYPE **a);
int i2d_TYPEPrivateKey(const TYPE *a, unsigned char **ppout);
int i2d_TYPEPrivateKey(TYPE *a, unsigned char **ppout);
int i2d_TYPEPrivateKey_fp(FILE *fp, const TYPE *a);
int i2d_TYPEPrivateKey_fp(FILE *fp, TYPE *a);
int i2d_TYPEPrivateKey_bio(BIO *bp, const TYPE *a);
int i2d_TYPEPrivateKey_bio(BIO *bp, TYPE *a);
int i2d_TYPEPublicKey(const TYPE *a, unsigned char **ppout);
int i2d_TYPEPublicKey(TYPE *a, unsigned char **ppout);
int i2d_TYPEPublicKey_fp(FILE *fp, const TYPE *a);
int i2d_TYPEPublicKey_fp(FILE *fp, TYPE *a);
int i2d_TYPEPublicKey_bio(BIO *bp, const TYPE *a);
int i2d_TYPEPublicKey_bio(BIO *bp, TYPE *a);
int i2d_TYPEparams(const TYPE *a, unsigned char **ppout);
int i2d_TYPEparams(TYPE *a, unsigned char **ppout);
int i2d_TYPEparams_fp(FILE *fp, const TYPE *a);
int i2d_TYPEparams_fp(FILE *fp, TYPE *a);
int i2d_TYPEparams_bio(BIO *bp, const TYPE *a);
int i2d_TYPEparams_bio(BIO *bp, TYPE *a);
int i2d_TYPE_PUBKEY(const TYPE *a, unsigned char **ppout);
All functions described here are deprecated. Please use
OSSL_DECODER(3) instead of the d2i functions and OSSL_ENCODER(3)
instead of the i2d functions. See "Migration" below.
In the description here, TTYYPPEE is used a placeholder for any of the
OpenSSL datatypes, such as RSA. The function parameters ppin and ppout
are generally either both named pp in the headers, or in and out.
All the functions here behave the way that's described in d2i_X509(3).
Please note that not all functions in the synopsis are available for
all key types. For example, there are no d2i_RSAparams() or
i2d_RSAparams(), because the PKCS#1 RSA structure doesn't include any
key parameters.
d2i_TTYYPPEEPrivateKey() and derivates thereof decode DER encoded TTYYPPEE
private key data organized in a type specific structure.
d2i_TTYYPPEEPublicKey() and derivates thereof decode DER encoded TTYYPPEE
public key data organized in a type specific structure.
d2i_TTYYPPEEparams() and derivates thereof decode DER encoded TTYYPPEE key
parameters organized in a type specific structure.
d2i_TTYYPPEE_PUBKEY() and derivates thereof decode DER encoded TTYYPPEE public
key data organized in a SubjectPublicKeyInfo structure.
i2d_TTYYPPEEPrivateKey() and derivates thereof encode the private key TTYYPPEE
data into a type specific DER encoded structure.
i2d_TTYYPPEEPublicKey() and derivates thereof encode the public key TTYYPPEE
data into a type specific DER encoded structure.
i2d_TTYYPPEEparams() and derivates thereof encode the TTYYPPEE key parameters
data into a type specific DER encoded structure.
i2d_TTYYPPEE_PUBKEY() and derivates thereof encode the public key TTYYPPEE data
into a DER encoded SubjectPublicKeyInfo structure.
For example, d2i_RSAPrivateKey() and d2i_RSAPublicKey() expects the
structure defined by PKCS#1. Similarly, i2d_RSAPrivateKey() and
i2d_RSAPublicKey() produce DER encoded string organized according to
PKCS#1.
Migration
Migration from the diverse TTYYPPEEs requires using corresponding new
OpenSSL types. For all TTYYPPEEs described here, the corresponding new
type is EVP_PKEY. The rest of this section assumes that this has been
done, exactly how to do that is described elsewhere.
There are two migration paths:
o Replace b<d2i_TYPEPrivateKey()> with d2i_PrivateKey(3),
b<d2i_TYPEPublicKey()> with d2i_PublicKey(3), b<d2i_TYPEparams()>
with d2i_KeyParams(3), b<d2i_TYPE_PUBKEY()> with d2i_PUBKEY(3),
b<i2d_TYPEPrivateKey()> with i2d_PrivateKey(3),
b<i2d_TYPEPublicKey()> with i2d_PublicKey(3), b<i2d_TYPEparams()>
with i2d_KeyParams(3), b<i2d_TYPE_PUBKEY()> with i2d_PUBKEY(3). A
caveat is that i2d_PrivateKey(3) may output a DER encoded PKCS#8
Migrating ii22dd functions to OOSSSSLL_EENNCCOODDEERR
The exact OSSL_ENCODER(3) output is driven by arguments rather than by
function names. The sample code to get DER encoded output in a type
specific structure is uniform, the only things that vary are the
selection of what part of the EVP_PKEY should be output, and the
structure. The i2d functions names can therefore be translated into
two variables, selection and structure as follows:
i2d_TTYYPPEEPrivateKey() translates into:
int selection = EVP_PKEY_KEYPAIR;
const char *structure = "type-specific";
i2d_TTYYPPEEPublicKey() translates into:
int selection = EVP_PKEY_PUBLIC_KEY;
const char *structure = "type-specific";
i2d_TTYYPPEEparams() translates into:
int selection = EVP_PKEY_PARAMETERS;
const char *structure = "type-specific";
i2d_TTYYPPEE_PUBKEY() translates into:
int selection = EVP_PKEY_PUBLIC_KEY;
const char *structure = "SubjectPublicKeyInfo";
The following sample code does the rest of the work:
unsigned char *p = buffer; /* |buffer| is supplied by the caller */
size_t len = buffer_size; /* assumed be the size of |buffer| */
OSSL_ENCODER_CTX *ctx =
OSSL_ENCODER_CTX_new_for_pkey(pkey, selection, "DER", structure,
NULL, NULL);
if (ctx == NULL) {
/* fatal error handling */
}
if (OSSL_ENCODER_CTX_get_num_encoders(ctx) == 0) {
OSSL_ENCODER_CTX_free(ctx);
/* non-fatal error handling */
}
if (!OSSL_ENCODER_to_data(ctx, &p, &len)) {
OSSL_ENCODER_CTX_free(ctx);
/* error handling */
}
OSSL_ENCODER_CTX_free(ctx);
NOTES
The letters i and d in i2d_TTYYPPEE() stand for "internal" (that is, an
internal C structure) and "DER" respectively. So i2d_TTYYPPEE() converts
from internal to DER.
The functions can also understand BER forms.
The actual TYPE structure passed to i2d_TTYYPPEE() must be a valid
populated TTYYPPEE structure -- it cannot simply be fed with an empty
structure such as that returned by TYPE_new().
The encoded data is in binary form and may contain embedded zeros.
Therefore, any FILE pointers or BIOs should be opened in binary mode.
Functions such as strlen() will not return the correct length of the
The following points about the data types might be useful:
DSA_PUBKEY
Represents a DSA public key using a SubjectPublicKeyInfo structure.
DSAPublicKey, DSAPrivateKey
Use a non-standard OpenSSL format and should be avoided; use
DSA_PUBKEY, PEM_write_PrivateKey(3), or similar instead.
RETURN VALUES
d2i_TTYYPPEE(), d2i_TTYYPPEE_bio() and d2i_TTYYPPEE_fp() return a valid TTYYPPEE
structure or NULL if an error occurs. If the "reuse" capability has
been used with a valid structure being passed in via a, then the object
is freed in the event of error and *a is set to NULL.
i2d_TTYYPPEE() returns the number of bytes successfully encoded or a
negative value if an error occurs.
i2d_TTYYPPEE_bio() and i2d_TTYYPPEE_fp() return 1 for success and 0 if an error
occurs.
SEE ALSO
OSSL_ENCODER(3), OSSL_DECODER(3), d2i_PrivateKey(3), d2i_PublicKey(3),
d2i_KeyParams(3), d2i_PUBKEY(3), i2d_PrivateKey(3), i2d_PublicKey(3),
i2d_KeyParams(3), i2d_PUBKEY(3)
COPYRIGHT
Copyright 2020-2023 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
in the file LICENSE in the source distribution or at
<https://www.openssl.org/source/license.html>.
3.0.11 2023-09-19 D2I_RSAPRIVATEKEY(3ossl)