1.\" $OpenBSD: X509_get_pubkey.3,v 1.7 2019/06/14 13:59:32 schwarze Exp $ 2.\" selective merge up to: OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400 3.\" 4.\" This file was written by Dr. Stephen Henson <steve@openssl.org>. 5.\" Copyright (c) 2015 The OpenSSL Project. All rights reserved. 6.\" 7.\" Redistribution and use in source and binary forms, with or without 8.\" modification, are permitted provided that the following conditions 9.\" are met: 10.\" 11.\" 1. Redistributions of source code must retain the above copyright 12.\" notice, this list of conditions and the following disclaimer. 13.\" 14.\" 2. Redistributions in binary form must reproduce the above copyright 15.\" notice, this list of conditions and the following disclaimer in 16.\" the documentation and/or other materials provided with the 17.\" distribution. 18.\" 19.\" 3. All advertising materials mentioning features or use of this 20.\" software must display the following acknowledgment: 21.\" "This product includes software developed by the OpenSSL Project 22.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" 23.\" 24.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 25.\" endorse or promote products derived from this software without 26.\" prior written permission. For written permission, please contact 27.\" openssl-core@openssl.org. 28.\" 29.\" 5. Products derived from this software may not be called "OpenSSL" 30.\" nor may "OpenSSL" appear in their names without prior written 31.\" permission of the OpenSSL Project. 32.\" 33.\" 6. Redistributions of any form whatsoever must retain the following 34.\" acknowledgment: 35.\" "This product includes software developed by the OpenSSL Project 36.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" 37.\" 38.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 39.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 40.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 41.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 42.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 43.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 44.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 45.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 46.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 47.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 48.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 49.\" OF THE POSSIBILITY OF SUCH DAMAGE. 50.\" 51.Dd $Mdocdate: June 14 2019 $ 52.Dt X509_GET_PUBKEY 3 53.Os 54.Sh NAME 55.Nm X509_get_pubkey , 56.Nm X509_get0_pubkey , 57.Nm X509_set_pubkey , 58.Nm X509_get_X509_PUBKEY , 59.Nm X509_REQ_get_pubkey , 60.Nm X509_REQ_set_pubkey 61.Nd get or set certificate or certificate request public key 62.Sh SYNOPSIS 63.In openssl/x509.h 64.Ft EVP_PKEY * 65.Fo X509_get_pubkey 66.Fa "X509 *x" 67.Fc 68.Ft EVP_PKEY * 69.Fo X509_get0_pubkey 70.Fa "const X509 *x" 71.Fc 72.Ft int 73.Fo X509_set_pubkey 74.Fa "X509 *x" 75.Fa "EVP_PKEY *pkey" 76.Fc 77.Ft X509_PUBKEY * 78.Fo X509_get_X509_PUBKEY 79.Fa "X509 *x" 80.Fc 81.Ft EVP_PKEY * 82.Fo X509_REQ_get_pubkey 83.Fa "X509_REQ *req" 84.Fc 85.Ft int 86.Fo X509_REQ_set_pubkey 87.Fa "X509_REQ *x" 88.Fa "EVP_PKEY *pkey" 89.Fc 90.Sh DESCRIPTION 91.Fn X509_get_pubkey 92attempts to decode the public key for certificate 93.Fa x . 94If successful it returns the public key as an 95.Vt EVP_PKEY 96pointer with its reference count incremented: this means the returned 97key must be freed up after use. 98.Fn X509_get0_pubkey 99is similar except that it does not increment the reference count 100of the returned 101.Vt EVP_PKEY , 102so it must not be freed up after use. 103.Pp 104.Fn X509_get_X509_PUBKEY 105returns an internal pointer to the 106.Vt X509_PUBKEY 107structure which encodes the certificate of 108.Fa x . 109The returned value must not be freed up after use. 110.Fn X509_get_X509_PUBKEY 111is implemented as a macro. 112.Pp 113.Fn X509_set_pubkey 114attempts to set the public key for certificate 115.Fa x 116to 117.Fa pkey . 118The key 119.Fa pkey 120should be freed up after use. 121.Pp 122.Fn X509_REQ_get_pubkey 123and 124.Fn X509_REQ_set_pubkey 125are similar but operate on certificate request 126.Fa req . 127.Pp 128The first time a public key is decoded, the 129.Vt EVP_PKEY 130structure is cached in the certificate or certificate request itself. 131Subsequent calls return the cached structure with its reference count 132incremented to improve performance. 133.Sh RETURN VALUES 134.Fn X509_get_pubkey , 135.Fn X509_get0_pubkey , 136.Fn X509_get_X509_PUBKEY , 137and 138.Fn X509_REQ_get_pubkey 139return a public key or 140.Dv NULL 141if an error occurred. 142.Pp 143.Fn X509_set_pubkey 144and 145.Fn X509_REQ_set_pubkey 146return 1 for success or 0 for failure. 147.Pp 148In some cases of failure of 149.Fn X509_get0_pubkey , 150.Fn X509_set_pubkey , 151.Fn X509_REQ_get_pubkey , 152and 153.Fn X509_REQ_set_pubkey , 154the reason can be determined with 155.Xr ERR_get_error 3 . 156.Sh SEE ALSO 157.Xr d2i_X509 3 , 158.Xr X509_CRL_get0_by_serial 3 , 159.Xr X509_NAME_add_entry_by_txt 3 , 160.Xr X509_NAME_ENTRY_get_object 3 , 161.Xr X509_NAME_get_index_by_NID 3 , 162.Xr X509_NAME_print_ex 3 , 163.Xr X509_new 3 , 164.Xr X509_PUBKEY_new 3 , 165.Xr X509_REQ_new 3 , 166.Xr X509_sign 3 , 167.Xr X509_verify_cert 3 , 168.Xr X509V3_get_d2i 3 169.Sh HISTORY 170.Fn X509_get_pubkey , 171.Fn X509_set_pubkey , 172.Fn X509_REQ_get_pubkey , 173and 174.Fn X509_REQ_set_pubkey 175first appeared in SSLeay 0.6.5. 176.Fn X509_get_X509_PUBKEY 177first appeared in SSLeay 0.8.0. 178These functions have been available since 179.Ox 2.4 . 180.Pp 181.Fn X509_get0_pubkey 182first appeared in OpenSSL 1.1.0 and has been available since 183.Ox 6.3 . 184