Need Help for Code Changes to Upgrade from OpenSSL 1.0.2 to 3.0

Matt Caswell matt at
Mon Oct 25 08:53:14 UTC 2021

On 25/10/2021 05:45, Paramashivaiah, Sunil wrote:
> Hi All,
>          I need get APIs for accessing the members of  EVP_PKEY. Please 
> suggest APIs to get following members of EVP_PKEY
> evpkey->type , evpkey->pkey.rsa , pubKey->>group.

EVP_PKEY_get_id() will get you the `evpkey->type` value. But note that 
in the provider world an external provider could add key types that are 
unknown to libcrypto. "EVP_PKEY_is_a" is a more future proof way to go.


if (EVP_PKEY_is_a(pkey, "RSA")) ...;
if (EVP_PKEY_is_a(pkey, "EC")) ...;

The "evppkey->pkey.rsa" value can be obtained via EVP_PKEY_get0_RSA() 
but note that this is deprecated. You are encouraged to not use the RSA 
structure at all in 3.0 (all the functions that take an RSA structure 
are deprecated). So you should look at what you are trying to do with 
evpkey->pkey.rsa and refactor things to not need it. Why do you want this?

Similar comments apply to "pubkey->". You can get the EC_KEY 
object using EVP_PKEY_get0_EC_KEY() but this is deprecated. You can get 
the group from an EC_KEY using EC_KEY_get0_group() - but this is also 
deprecated. Instead you might consider getting the "group name" for the 
EC key which will tell you what curve is in use, e.g.

EVP_PKEY_get_utf8_string_param(pkey, OSSL_PKEY_PARAM_GROUP_NAME,
                                NULL, 0, &namesize);
name = OPENSSL_malloc(namesize + 1);
EVP_PKEY_get_utf8_string_param(pkey, OSSL_PKEY_PARAM_GROUP_NAME,
                                name, namesize + 1, 0);


> Thanks and Regards,
> Sunil
> Notice: This e-mail together with any attachments may contain 
> information of Ribbon Communications Inc. and its Affiliates that is 
> confidential and/or proprietary for the sole use of the intended 
> recipient. Any review, disclosure, reliance or distribution by others or 
> forwarding without express permission is strictly prohibited. If you are 
> not the intended recipient, please notify the sender immediately and 
> then delete all copies, including any attachments.

More information about the openssl-users mailing list