-</code></pre></div><h2 id=description>DESCRIPTION<a class=headerlink href=#description title="Permanent link">¶</a></h2><p>The EVP_PKEY_decrypt_init() function initializes a public key algorithm context using key <em>pkey</em> for a decryption operation.</p><p>The EVP_PKEY_decrypt_init_ex() function initializes a public key algorithm context using key <em>pkey</em> for a decryption operation and sets the algorithm specific <em>params</em>.</p><p>The EVP_PKEY_decrypt() function performs a public key decryption operation using <em>ctx</em>. The data to be decrypted is specified using the <em>in</em> and <em>inlen</em> parameters. If <em>out</em> is NULL then the minimum required size of the output buffer is written to the <em>*outlen</em> parameter.</p><p>If <em>out</em> is not NULL then before the call the <em>*outlen</em> parameter must contain the length of the <em>out</em> buffer. If the call is successful the decrypted data is written to <em>out</em> and the amount of the decrypted data written to <em>*outlen</em>, otherwise an error is returned.</p><h2 id=notes>NOTES<a class=headerlink href=#notes title="Permanent link">¶</a></h2><p>After the call to EVP_PKEY_decrypt_init() algorithm specific control operations can be performed to set any appropriate parameters for the operation. These operations can be included in the EVP_PKEY_decrypt_init_ex() call.</p><p>The function EVP_PKEY_decrypt() can be called more than once on the same context if several operations are performed using the same parameters.</p><h2 id=return-values>RETURN VALUES<a class=headerlink href=#return-values title="Permanent link">¶</a></h2><p>EVP_PKEY_decrypt_init(), EVP_PKEY_decrypt_init_ex() and EVP_PKEY_decrypt() return 1 for success and 0 or a negative value for failure. In particular a return value of -2 indicates the operation is not supported by the public key algorithm.</p><h2 id=warnings>WARNINGS<a class=headerlink href=#warnings title="Permanent link">¶</a></h2><p>In OpenSSL versions before 3.2.0, when used in PKCS#1 v1.5 padding, both the return value from the EVP_PKEY_decrypt() and the <strong>outlen</strong> provided information useful in mounting a Bleichenbacher attack against the used private key. They had to be processed in a side-channel free way.</p><p>Since version 3.2.0, the EVP_PKEY_decrypt() method when used with PKCS#1 v1.5 padding as implemented in the <strong>default</strong> provider implements the implicit rejection mechanism (see <strong>OSSL_PKEY_PARAM_IMPLICIT_REJECTION</strong> in <a href=../../man7/provider-asym_cipher/ >provider-asym_cipher(7)</a>). That means it doesn't return an error when it detects an error in padding, instead it returns a pseudo-randomly generated message, removing the need of side-channel secure code from applications using OpenSSL. If OpenSSL is configured to use a provider that doesn't implement implicit rejection, the code still needs to handle the returned values using side-channel free code. Side-channel free handling of the error stack can be performed using either a pair of unconditional <a href=../ERR_set_mark/ >ERR_set_mark(3)</a> and <a href=../ERR_set_mark/ >ERR_pop_to_mark(3)</a> calls or by using the <a href=../ERR_clear_error/ >ERR_clear_error(3)</a> call.</p><h2 id=examples>EXAMPLES<a class=headerlink href=#examples title="Permanent link">¶</a></h2><p>Decrypt data using OAEP (for RSA keys):</p><div class=highlight><pre><span></span><code>#include <openssl/evp.h>
0 commit comments