1 .\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05)
4 .\" ========================================================================
5 .de Sh \" Subsection heading
13 .de Sp \" Vertical space (when we can't use .PP)
17 .de Vb \" Begin verbatim text
22 .de Ve \" End verbatim text
26 .\" Set up some character translations and predefined strings. \*(-- will
27 .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
28 .\" double quote, and \*(R" will give a right double quote. \*(C+ will
29 .\" give a nicer C++. Capital omega is used to do unbreakable dashes and
30 .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
31 .\" nothing in troff, for use with C<>.
33 .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
37 . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
38 . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
51 .\" Escape single quotes in literal strings from groff's Unicode transform.
55 .\" If the F register is turned on, we'll generate index entries on stderr for
56 .\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index
57 .\" entries marked with X<> in POD. Of course, you'll have to process the
58 .\" output yourself in some meaningful fashion.
61 . tm Index:\\$1\t\\n%\t"\\$2"
71 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
72 .\" Fear. Run. Save yourself. No user-serviceable parts.
73 . \" fudge factors for nroff and troff
82 . ds #H ((1u-(\\\\n(.fu%2u))*.13m)
88 . \" simple accents for nroff and troff
98 . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
99 . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
100 . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
101 . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
102 . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
103 . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
105 . \" troff and (daisy-wheel) nroff accents
106 .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
107 .ds 8 \h'\*(#H'\(*b\h'-\*(#H'
108 .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
109 .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
110 .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
111 .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
112 .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
113 .ds ae a\h'-(\w'a'u*4/10)'e
114 .ds Ae A\h'-(\w'A'u*4/10)'E
115 . \" corrections for vroff
116 .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
117 .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
118 . \" for low resolution devices (crt and lpr)
119 .if \n(.H>23 .if \n(.V>19 \
132 .\" ========================================================================
134 .IX Title "RSA_set_method 3"
135 .TH RSA_set_method 3 "2009-04-11" "0.9.8k" "OpenSSL"
136 .\" For nroff, turn off justification. Always turn off hyphenation; it makes
137 .\" way too many mistakes in technical documents.
141 RSA_set_default_method, RSA_get_default_method, RSA_set_method,
142 RSA_get_method, RSA_PKCS1_SSLeay, RSA_null_method, RSA_flags,
143 RSA_new_method \- select RSA method
145 .IX Header "SYNOPSIS"
147 \& #include <openssl/rsa.h>
149 \& void RSA_set_default_method(const RSA_METHOD *meth);
151 \& RSA_METHOD *RSA_get_default_method(void);
153 \& int RSA_set_method(RSA *rsa, const RSA_METHOD *meth);
155 \& RSA_METHOD *RSA_get_method(const RSA *rsa);
157 \& RSA_METHOD *RSA_PKCS1_SSLeay(void);
159 \& RSA_METHOD *RSA_null_method(void);
161 \& int RSA_flags(const RSA *rsa);
163 \& RSA *RSA_new_method(RSA_METHOD *method);
166 .IX Header "DESCRIPTION"
167 An \fB\s-1RSA_METHOD\s0\fR specifies the functions that OpenSSL uses for \s-1RSA\s0
168 operations. By modifying the method, alternative implementations such as
169 hardware accelerators may be used. \s-1IMPORTANT:\s0 See the \s-1NOTES\s0 section for
170 important information about how these \s-1RSA\s0 \s-1API\s0 functions are affected by the
171 use of \fB\s-1ENGINE\s0\fR \s-1API\s0 calls.
173 Initially, the default \s-1RSA_METHOD\s0 is the OpenSSL internal implementation,
174 as returned by \fIRSA_PKCS1_SSLeay()\fR.
176 \&\fIRSA_set_default_method()\fR makes \fBmeth\fR the default method for all \s-1RSA\s0
177 structures created later. \fB\s-1NB\s0\fR: This is true only whilst no \s-1ENGINE\s0 has
178 been set as a default for \s-1RSA\s0, so this function is no longer recommended.
180 \&\fIRSA_get_default_method()\fR returns a pointer to the current default
181 \&\s-1RSA_METHOD\s0. However, the meaningfulness of this result is dependent on
182 whether the \s-1ENGINE\s0 \s-1API\s0 is being used, so this function is no longer
185 \&\fIRSA_set_method()\fR selects \fBmeth\fR to perform all operations using the key
186 \&\fBrsa\fR. This will replace the \s-1RSA_METHOD\s0 used by the \s-1RSA\s0 key and if the
187 previous method was supplied by an \s-1ENGINE\s0, the handle to that \s-1ENGINE\s0 will
188 be released during the change. It is possible to have \s-1RSA\s0 keys that only
189 work with certain \s-1RSA_METHOD\s0 implementations (eg. from an \s-1ENGINE\s0 module
190 that supports embedded hardware-protected keys), and in such cases
191 attempting to change the \s-1RSA_METHOD\s0 for the key can have unexpected
194 \&\fIRSA_get_method()\fR returns a pointer to the \s-1RSA_METHOD\s0 being used by \fBrsa\fR.
195 This method may or may not be supplied by an \s-1ENGINE\s0 implementation, but if
196 it is, the return value can only be guaranteed to be valid as long as the
197 \&\s-1RSA\s0 key itself is valid and does not have its implementation changed by
198 \&\fIRSA_set_method()\fR.
200 \&\fIRSA_flags()\fR returns the \fBflags\fR that are set for \fBrsa\fR's current
201 \&\s-1RSA_METHOD\s0. See the \s-1BUGS\s0 section.
203 \&\fIRSA_new_method()\fR allocates and initializes an \s-1RSA\s0 structure so that
204 \&\fBengine\fR will be used for the \s-1RSA\s0 operations. If \fBengine\fR is \s-1NULL\s0, the
205 default \s-1ENGINE\s0 for \s-1RSA\s0 operations is used, and if no default \s-1ENGINE\s0 is set,
206 the \s-1RSA_METHOD\s0 controlled by \fIRSA_set_default_method()\fR is used.
208 \&\fIRSA_flags()\fR returns the \fBflags\fR that are set for \fBrsa\fR's current method.
210 \&\fIRSA_new_method()\fR allocates and initializes an \fB\s-1RSA\s0\fR structure so that
211 \&\fBmethod\fR will be used for the \s-1RSA\s0 operations. If \fBmethod\fR is \fB\s-1NULL\s0\fR,
212 the default method is used.
213 .SH "THE RSA_METHOD STRUCTURE"
214 .IX Header "THE RSA_METHOD STRUCTURE"
216 \& typedef struct rsa_meth_st
218 \& /* name of the implementation */
222 \& int (*rsa_pub_enc)(int flen, unsigned char *from,
223 \& unsigned char *to, RSA *rsa, int padding);
225 \& /* verify arbitrary data */
226 \& int (*rsa_pub_dec)(int flen, unsigned char *from,
227 \& unsigned char *to, RSA *rsa, int padding);
229 \& /* sign arbitrary data */
230 \& int (*rsa_priv_enc)(int flen, unsigned char *from,
231 \& unsigned char *to, RSA *rsa, int padding);
234 \& int (*rsa_priv_dec)(int flen, unsigned char *from,
235 \& unsigned char *to, RSA *rsa, int padding);
237 \& /* compute r0 = r0 ^ I mod rsa\->n (May be NULL for some
238 \& implementations) */
239 \& int (*rsa_mod_exp)(BIGNUM *r0, BIGNUM *I, RSA *rsa);
241 \& /* compute r = a ^ p mod m (May be NULL for some implementations) */
242 \& int (*bn_mod_exp)(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
243 \& const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
245 \& /* called at RSA_new */
246 \& int (*init)(RSA *rsa);
248 \& /* called at RSA_free */
249 \& int (*finish)(RSA *rsa);
251 \& /* RSA_FLAG_EXT_PKEY \- rsa_mod_exp is called for private key
252 \& * operations, even if p,q,dmp1,dmq1,iqmp
254 \& * RSA_FLAG_SIGN_VER \- enable rsa_sign and rsa_verify
255 \& * RSA_METHOD_FLAG_NO_CHECK \- don\*(Aqt check pub/private match
259 \& char *app_data; /* ?? */
261 \& /* sign. For backward compatibility, this is used only
262 \& * if (flags & RSA_FLAG_SIGN_VER)
264 \& int (*rsa_sign)(int type, unsigned char *m, unsigned int m_len,
265 \& unsigned char *sigret, unsigned int *siglen, RSA *rsa);
267 \& /* verify. For backward compatibility, this is used only
268 \& * if (flags & RSA_FLAG_SIGN_VER)
270 \& int (*rsa_verify)(int type, unsigned char *m, unsigned int m_len,
271 \& unsigned char *sigbuf, unsigned int siglen, RSA *rsa);
276 .IX Header "RETURN VALUES"
277 \&\fIRSA_PKCS1_SSLeay()\fR, \fIRSA_PKCS1_null_method()\fR, \fIRSA_get_default_method()\fR
278 and \fIRSA_get_method()\fR return pointers to the respective RSA_METHODs.
280 \&\fIRSA_set_default_method()\fR returns no value.
282 \&\fIRSA_set_method()\fR returns a pointer to the old \s-1RSA_METHOD\s0 implementation
283 that was replaced. However, this return value should probably be ignored
284 because if it was supplied by an \s-1ENGINE\s0, the pointer could be invalidated
285 at any time if the \s-1ENGINE\s0 is unloaded (in fact it could be unloaded as a
286 result of the \fIRSA_set_method()\fR function releasing its handle to the
287 \&\s-1ENGINE\s0). For this reason, the return type may be replaced with a \fBvoid\fR
288 declaration in a future release.
290 \&\fIRSA_new_method()\fR returns \s-1NULL\s0 and sets an error code that can be obtained
291 by \fIERR_get_error\fR\|(3) if the allocation fails. Otherwise
292 it returns a pointer to the newly allocated structure.
295 As of version 0.9.7, \s-1RSA_METHOD\s0 implementations are grouped together with
296 other algorithmic APIs (eg. \s-1DSA_METHOD\s0, \s-1EVP_CIPHER\s0, etc) into \fB\s-1ENGINE\s0\fR
297 modules. If a default \s-1ENGINE\s0 is specified for \s-1RSA\s0 functionality using an
298 \&\s-1ENGINE\s0 \s-1API\s0 function, that will override any \s-1RSA\s0 defaults set using the \s-1RSA\s0
299 \&\s-1API\s0 (ie. \fIRSA_set_default_method()\fR). For this reason, the \s-1ENGINE\s0 \s-1API\s0 is the
300 recommended way to control default implementations for use in \s-1RSA\s0 and other
301 cryptographic algorithms.
304 The behaviour of \fIRSA_flags()\fR is a mis-feature that is left as-is for now
305 to avoid creating compatibility problems. \s-1RSA\s0 functionality, such as the
306 encryption functions, are controlled by the \fBflags\fR value in the \s-1RSA\s0 key
307 itself, not by the \fBflags\fR value in the \s-1RSA_METHOD\s0 attached to the \s-1RSA\s0 key
308 (which is what this function returns). If the flags element of an \s-1RSA\s0 key
309 is changed, the changes will be honoured by \s-1RSA\s0 functionality but will not
310 be reflected in the return value of the \fIRSA_flags()\fR function \- in effect
311 \&\fIRSA_flags()\fR behaves more like an \fIRSA_default_flags()\fR function (which does
312 not currently exist).
314 .IX Header "SEE ALSO"
315 \&\fIrsa\fR\|(3), \fIRSA_new\fR\|(3)
318 \&\fIRSA_new_method()\fR and \fIRSA_set_default_method()\fR appeared in SSLeay 0.8.
319 \&\fIRSA_get_default_method()\fR, \fIRSA_set_method()\fR and \fIRSA_get_method()\fR as
320 well as the rsa_sign and rsa_verify components of \s-1RSA_METHOD\s0 were
321 added in OpenSSL 0.9.4.
323 \&\fIRSA_set_default_openssl_method()\fR and \fIRSA_get_default_openssl_method()\fR
324 replaced \fIRSA_set_default_method()\fR and \fIRSA_get_default_method()\fR
325 respectively, and \fIRSA_set_method()\fR and \fIRSA_new_method()\fR were altered to use
326 \&\fB\s-1ENGINE\s0\fRs rather than \fB\s-1RSA_METHOD\s0\fRs during development of the engine
327 version of OpenSSL 0.9.6. For 0.9.7, the handling of defaults in the \s-1ENGINE\s0
328 \&\s-1API\s0 was restructured so that this change was reversed, and behaviour of the
329 other functions resembled more closely the previous behaviour. The
330 behaviour of defaults in the \s-1ENGINE\s0 \s-1API\s0 now transparently overrides the
331 behaviour of defaults in the \s-1RSA\s0 \s-1API\s0 without requiring changing these