diff options
Diffstat (limited to 'doc/crypto/RSA_set_method.pod')
| -rw-r--r-- | doc/crypto/RSA_set_method.pod | 206 |
1 files changed, 0 insertions, 206 deletions
diff --git a/doc/crypto/RSA_set_method.pod b/doc/crypto/RSA_set_method.pod deleted file mode 100644 index 0ef078118651..000000000000 --- a/doc/crypto/RSA_set_method.pod +++ /dev/null @@ -1,206 +0,0 @@ -=pod - -=head1 NAME - -RSA_set_default_method, RSA_get_default_method, RSA_set_method, -RSA_get_method, RSA_PKCS1_SSLeay, RSA_null_method, RSA_flags, -RSA_new_method - select RSA method - -=head1 SYNOPSIS - - #include <openssl/rsa.h> - - void RSA_set_default_method(const RSA_METHOD *meth); - - RSA_METHOD *RSA_get_default_method(void); - - int RSA_set_method(RSA *rsa, const RSA_METHOD *meth); - - RSA_METHOD *RSA_get_method(const RSA *rsa); - - RSA_METHOD *RSA_PKCS1_SSLeay(void); - - RSA_METHOD *RSA_null_method(void); - - int RSA_flags(const RSA *rsa); - - RSA *RSA_new_method(RSA_METHOD *method); - -=head1 DESCRIPTION - -An B<RSA_METHOD> specifies the functions that OpenSSL uses for RSA -operations. By modifying the method, alternative implementations such as -hardware accelerators may be used. IMPORTANT: See the NOTES section for -important information about how these RSA API functions are affected by the -use of B<ENGINE> API calls. - -Initially, the default RSA_METHOD is the OpenSSL internal implementation, -as returned by RSA_PKCS1_SSLeay(). - -RSA_set_default_method() makes B<meth> the default method for all RSA -structures created later. B<NB>: This is true only whilst no ENGINE has -been set as a default for RSA, so this function is no longer recommended. - -RSA_get_default_method() returns a pointer to the current default -RSA_METHOD. However, the meaningfulness of this result is dependent on -whether the ENGINE API is being used, so this function is no longer -recommended. - -RSA_set_method() selects B<meth> to perform all operations using the key -B<rsa>. This will replace the RSA_METHOD used by the RSA key and if the -previous method was supplied by an ENGINE, the handle to that ENGINE will -be released during the change. It is possible to have RSA keys that only -work with certain RSA_METHOD implementations (eg. from an ENGINE module -that supports embedded hardware-protected keys), and in such cases -attempting to change the RSA_METHOD for the key can have unexpected -results. - -RSA_get_method() returns a pointer to the RSA_METHOD being used by B<rsa>. -This method may or may not be supplied by an ENGINE implementation, but if -it is, the return value can only be guaranteed to be valid as long as the -RSA key itself is valid and does not have its implementation changed by -RSA_set_method(). - -RSA_flags() returns the B<flags> that are set for B<rsa>'s current -RSA_METHOD. See the BUGS section. - -RSA_new_method() allocates and initializes an RSA structure so that -B<engine> will be used for the RSA operations. If B<engine> is NULL, the -default ENGINE for RSA operations is used, and if no default ENGINE is set, -the RSA_METHOD controlled by RSA_set_default_method() is used. - -RSA_flags() returns the B<flags> that are set for B<rsa>'s current method. - -RSA_new_method() allocates and initializes an B<RSA> structure so that -B<method> will be used for the RSA operations. If B<method> is B<NULL>, -the default method is used. - -=head1 THE RSA_METHOD STRUCTURE - - typedef struct rsa_meth_st - { - /* name of the implementation */ - const char *name; - - /* encrypt */ - int (*rsa_pub_enc)(int flen, unsigned char *from, - unsigned char *to, RSA *rsa, int padding); - - /* verify arbitrary data */ - int (*rsa_pub_dec)(int flen, unsigned char *from, - unsigned char *to, RSA *rsa, int padding); - - /* sign arbitrary data */ - int (*rsa_priv_enc)(int flen, unsigned char *from, - unsigned char *to, RSA *rsa, int padding); - - /* decrypt */ - int (*rsa_priv_dec)(int flen, unsigned char *from, - unsigned char *to, RSA *rsa, int padding); - - /* compute r0 = r0 ^ I mod rsa->n (May be NULL for some - implementations) */ - int (*rsa_mod_exp)(BIGNUM *r0, BIGNUM *I, RSA *rsa); - - /* compute r = a ^ p mod m (May be NULL for some implementations) */ - int (*bn_mod_exp)(BIGNUM *r, BIGNUM *a, const BIGNUM *p, - const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); - - /* called at RSA_new */ - int (*init)(RSA *rsa); - - /* called at RSA_free */ - int (*finish)(RSA *rsa); - - /* RSA_FLAG_EXT_PKEY - rsa_mod_exp is called for private key - * operations, even if p,q,dmp1,dmq1,iqmp - * are NULL - * RSA_FLAG_SIGN_VER - enable rsa_sign and rsa_verify - * RSA_METHOD_FLAG_NO_CHECK - don't check pub/private match - */ - int flags; - - char *app_data; /* ?? */ - - /* sign. For backward compatibility, this is used only - * if (flags & RSA_FLAG_SIGN_VER) - */ - int (*rsa_sign)(int type, - const unsigned char *m, unsigned int m_length, - unsigned char *sigret, unsigned int *siglen, const RSA *rsa); - /* verify. For backward compatibility, this is used only - * if (flags & RSA_FLAG_SIGN_VER) - */ - int (*rsa_verify)(int dtype, - const unsigned char *m, unsigned int m_length, - const unsigned char *sigbuf, unsigned int siglen, - const RSA *rsa); - /* keygen. If NULL builtin RSA key generation will be used */ - int (*rsa_keygen)(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb); - - } RSA_METHOD; - -=head1 RETURN VALUES - -RSA_PKCS1_SSLeay(), RSA_PKCS1_null_method(), RSA_get_default_method() -and RSA_get_method() return pointers to the respective RSA_METHODs. - -RSA_set_default_method() returns no value. - -RSA_set_method() returns a pointer to the old RSA_METHOD implementation -that was replaced. However, this return value should probably be ignored -because if it was supplied by an ENGINE, the pointer could be invalidated -at any time if the ENGINE is unloaded (in fact it could be unloaded as a -result of the RSA_set_method() function releasing its handle to the -ENGINE). For this reason, the return type may be replaced with a B<void> -declaration in a future release. - -RSA_new_method() returns NULL and sets an error code that can be obtained -by L<ERR_get_error(3)|ERR_get_error(3)> if the allocation fails. Otherwise -it returns a pointer to the newly allocated structure. - -=head1 NOTES - -As of version 0.9.7, RSA_METHOD implementations are grouped together with -other algorithmic APIs (eg. DSA_METHOD, EVP_CIPHER, etc) into B<ENGINE> -modules. If a default ENGINE is specified for RSA functionality using an -ENGINE API function, that will override any RSA defaults set using the RSA -API (ie. RSA_set_default_method()). For this reason, the ENGINE API is the -recommended way to control default implementations for use in RSA and other -cryptographic algorithms. - -=head1 BUGS - -The behaviour of RSA_flags() is a mis-feature that is left as-is for now -to avoid creating compatibility problems. RSA functionality, such as the -encryption functions, are controlled by the B<flags> value in the RSA key -itself, not by the B<flags> value in the RSA_METHOD attached to the RSA key -(which is what this function returns). If the flags element of an RSA key -is changed, the changes will be honoured by RSA functionality but will not -be reflected in the return value of the RSA_flags() function - in effect -RSA_flags() behaves more like an RSA_default_flags() function (which does -not currently exist). - -=head1 SEE ALSO - -L<rsa(3)|rsa(3)>, L<RSA_new(3)|RSA_new(3)> - -=head1 HISTORY - -RSA_new_method() and RSA_set_default_method() appeared in SSLeay 0.8. -RSA_get_default_method(), RSA_set_method() and RSA_get_method() as -well as the rsa_sign and rsa_verify components of RSA_METHOD were -added in OpenSSL 0.9.4. - -RSA_set_default_openssl_method() and RSA_get_default_openssl_method() -replaced RSA_set_default_method() and RSA_get_default_method() -respectively, and RSA_set_method() and RSA_new_method() were altered to use -B<ENGINE>s rather than B<RSA_METHOD>s during development of the engine -version of OpenSSL 0.9.6. For 0.9.7, the handling of defaults in the ENGINE -API was restructured so that this change was reversed, and behaviour of the -other functions resembled more closely the previous behaviour. The -behaviour of defaults in the ENGINE API now transparently overrides the -behaviour of defaults in the RSA API without requiring changing these -function prototypes. - -=cut |