=head1 RETURN VALUES
EVP_PKEY_decrypt_init() and EVP_PKEY_decrypt() return 1 for success and 0
-or a negative value for failure.
+or a negative value for failure. In particular a return value of -2
+indicates the operation is not supported by the public key algorithm.
=head1 EXAMPLE
Decrypt data using OAEP (for RSA keys):
-[to be added]
+ #include <openssl/evp.h>
+ #include <openssl/rsa.h>
+
+ EVP_PKEY_CTX *ctx;
+ unsigned char *out, *in;
+ size_t outlen, inlen;
+ EVP_PKEY *key;
+ /* NB: assumes key in, inlen are already set up
+ * and that key is an RSA private key
+ */
+ ctx = EVP_PKEY_CTX_new(key);
+ if (!ctx)
+ /* Error occurred */
+ if (EVP_PKEY_decrypt_init(ctx) <= 0)
+ /* Error */
+ if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_OAEP_PADDING) <= 0)
+ /* Error */
+
+ /* Determine buffer length */
+ if (EVP_PKEY_decrypt(ctx, NULL, &outlen, in, inlen) <= 0)
+ /* Error */
+
+ out = OPENSSL_malloc(outlen);
+
+ if (!out)
+ /* malloc failure */
+
+ if (EVP_PKEY_decrypt(ctx, out, &outlen, in, inlen) <= 0)
+ /* Error */
+
+ /* Decrypted data is outlen bytes written to buffer out */
=head1 SEE ALSO