1 .\" Automatically generated by Pod::Man 2.12 (Pod::Simple 3.05)
4 .\" ========================================================================
5 .de Sh \" Subsection heading
13 .de Sp \" Vertical space (when we can't use .PP)
17 .de Vb \" Begin verbatim text
22 .de Ve \" End verbatim text
26 .\" Set up some character translations and predefined strings. \*(-- will
27 .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
28 .\" double quote, and \*(R" will give a right double quote. \*(C+ will
29 .\" give a nicer C++. Capital omega is used to do unbreakable dashes and
30 .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
31 .\" nothing in troff, for use with C<>.
33 .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
37 . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
38 . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
51 .\" If the F register is turned on, we'll generate index entries on stderr for
52 .\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index
53 .\" entries marked with X<> in POD. Of course, you'll have to process the
54 .\" output yourself in some meaningful fashion.
57 . tm Index:\\$1\t\\n%\t"\\$2"
63 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
64 .\" Fear. Run. Save yourself. No user-serviceable parts.
65 . \" fudge factors for nroff and troff
74 . ds #H ((1u-(\\\\n(.fu%2u))*.13m)
80 . \" simple accents for nroff and troff
90 . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
91 . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
92 . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
93 . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
94 . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
95 . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
97 . \" troff and (daisy-wheel) nroff accents
98 .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
99 .ds 8 \h'\*(#H'\(*b\h'-\*(#H'
100 .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
101 .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
102 .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
103 .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
104 .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
105 .ds ae a\h'-(\w'a'u*4/10)'e
106 .ds Ae A\h'-(\w'A'u*4/10)'E
107 . \" corrections for vroff
108 .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
109 .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
110 . \" for low resolution devices (crt and lpr)
111 .if \n(.H>23 .if \n(.V>19 \
124 .\" ========================================================================
126 .IX Title "RSA_set_method 3"
127 .TH RSA_set_method 3 "2007-10-24" "0.9.8g" "OpenSSL"
128 .\" For nroff, turn off justification. Always turn off hyphenation; it makes
129 .\" way too many mistakes in technical documents.
133 RSA_set_default_method, RSA_get_default_method, RSA_set_method,
134 RSA_get_method, RSA_PKCS1_SSLeay, RSA_null_method, RSA_flags,
135 RSA_new_method \- select RSA method
137 .IX Header "SYNOPSIS"
139 \& #include <openssl/rsa.h>
141 \& void RSA_set_default_method(const RSA_METHOD *meth);
143 \& RSA_METHOD *RSA_get_default_method(void);
145 \& int RSA_set_method(RSA *rsa, const RSA_METHOD *meth);
147 \& RSA_METHOD *RSA_get_method(const RSA *rsa);
149 \& RSA_METHOD *RSA_PKCS1_SSLeay(void);
151 \& RSA_METHOD *RSA_null_method(void);
153 \& int RSA_flags(const RSA *rsa);
155 \& RSA *RSA_new_method(RSA_METHOD *method);
158 .IX Header "DESCRIPTION"
159 An \fB\s-1RSA_METHOD\s0\fR specifies the functions that OpenSSL uses for \s-1RSA\s0
160 operations. By modifying the method, alternative implementations such as
161 hardware accelerators may be used. \s-1IMPORTANT:\s0 See the \s-1NOTES\s0 section for
162 important information about how these \s-1RSA\s0 \s-1API\s0 functions are affected by the
163 use of \fB\s-1ENGINE\s0\fR \s-1API\s0 calls.
165 Initially, the default \s-1RSA_METHOD\s0 is the OpenSSL internal implementation,
166 as returned by \fIRSA_PKCS1_SSLeay()\fR.
168 \&\fIRSA_set_default_method()\fR makes \fBmeth\fR the default method for all \s-1RSA\s0
169 structures created later. \fB\s-1NB\s0\fR: This is true only whilst no \s-1ENGINE\s0 has
170 been set as a default for \s-1RSA\s0, so this function is no longer recommended.
172 \&\fIRSA_get_default_method()\fR returns a pointer to the current default
173 \&\s-1RSA_METHOD\s0. However, the meaningfulness of this result is dependant on
174 whether the \s-1ENGINE\s0 \s-1API\s0 is being used, so this function is no longer
177 \&\fIRSA_set_method()\fR selects \fBmeth\fR to perform all operations using the key
178 \&\fBrsa\fR. This will replace the \s-1RSA_METHOD\s0 used by the \s-1RSA\s0 key and if the
179 previous method was supplied by an \s-1ENGINE\s0, the handle to that \s-1ENGINE\s0 will
180 be released during the change. It is possible to have \s-1RSA\s0 keys that only
181 work with certain \s-1RSA_METHOD\s0 implementations (eg. from an \s-1ENGINE\s0 module
182 that supports embedded hardware-protected keys), and in such cases
183 attempting to change the \s-1RSA_METHOD\s0 for the key can have unexpected
186 \&\fIRSA_get_method()\fR returns a pointer to the \s-1RSA_METHOD\s0 being used by \fBrsa\fR.
187 This method may or may not be supplied by an \s-1ENGINE\s0 implementation, but if
188 it is, the return value can only be guaranteed to be valid as long as the
189 \&\s-1RSA\s0 key itself is valid and does not have its implementation changed by
190 \&\fIRSA_set_method()\fR.
192 \&\fIRSA_flags()\fR returns the \fBflags\fR that are set for \fBrsa\fR's current
193 \&\s-1RSA_METHOD\s0. See the \s-1BUGS\s0 section.
195 \&\fIRSA_new_method()\fR allocates and initializes an \s-1RSA\s0 structure so that
196 \&\fBengine\fR will be used for the \s-1RSA\s0 operations. If \fBengine\fR is \s-1NULL\s0, the
197 default \s-1ENGINE\s0 for \s-1RSA\s0 operations is used, and if no default \s-1ENGINE\s0 is set,
198 the \s-1RSA_METHOD\s0 controlled by \fIRSA_set_default_method()\fR is used.
200 \&\fIRSA_flags()\fR returns the \fBflags\fR that are set for \fBrsa\fR's current method.
202 \&\fIRSA_new_method()\fR allocates and initializes an \fB\s-1RSA\s0\fR structure so that
203 \&\fBmethod\fR will be used for the \s-1RSA\s0 operations. If \fBmethod\fR is \fB\s-1NULL\s0\fR,
204 the default method is used.
205 .SH "THE RSA_METHOD STRUCTURE"
206 .IX Header "THE RSA_METHOD STRUCTURE"
208 \& typedef struct rsa_meth_st
210 \& /* name of the implementation */
214 \& int (*rsa_pub_enc)(int flen, unsigned char *from,
215 \& unsigned char *to, RSA *rsa, int padding);
217 \& /* verify arbitrary data */
218 \& int (*rsa_pub_dec)(int flen, unsigned char *from,
219 \& unsigned char *to, RSA *rsa, int padding);
221 \& /* sign arbitrary data */
222 \& int (*rsa_priv_enc)(int flen, unsigned char *from,
223 \& unsigned char *to, RSA *rsa, int padding);
226 \& int (*rsa_priv_dec)(int flen, unsigned char *from,
227 \& unsigned char *to, RSA *rsa, int padding);
229 \& /* compute r0 = r0 ^ I mod rsa\->n (May be NULL for some
230 \& implementations) */
231 \& int (*rsa_mod_exp)(BIGNUM *r0, BIGNUM *I, RSA *rsa);
233 \& /* compute r = a ^ p mod m (May be NULL for some implementations) */
234 \& int (*bn_mod_exp)(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
235 \& const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
237 \& /* called at RSA_new */
238 \& int (*init)(RSA *rsa);
240 \& /* called at RSA_free */
241 \& int (*finish)(RSA *rsa);
243 \& /* RSA_FLAG_EXT_PKEY \- rsa_mod_exp is called for private key
244 \& * operations, even if p,q,dmp1,dmq1,iqmp
246 \& * RSA_FLAG_SIGN_VER \- enable rsa_sign and rsa_verify
247 \& * RSA_METHOD_FLAG_NO_CHECK \- don't check pub/private match
251 \& char *app_data; /* ?? */
253 \& /* sign. For backward compatibility, this is used only
254 \& * if (flags & RSA_FLAG_SIGN_VER)
256 \& int (*rsa_sign)(int type, unsigned char *m, unsigned int m_len,
257 \& unsigned char *sigret, unsigned int *siglen, RSA *rsa);
259 \& /* verify. For backward compatibility, this is used only
260 \& * if (flags & RSA_FLAG_SIGN_VER)
262 \& int (*rsa_verify)(int type, unsigned char *m, unsigned int m_len,
263 \& unsigned char *sigbuf, unsigned int siglen, RSA *rsa);
268 .IX Header "RETURN VALUES"
269 \&\fIRSA_PKCS1_SSLeay()\fR, \fIRSA_PKCS1_null_method()\fR, \fIRSA_get_default_method()\fR
270 and \fIRSA_get_method()\fR return pointers to the respective RSA_METHODs.
272 \&\fIRSA_set_default_method()\fR returns no value.
274 \&\fIRSA_set_method()\fR returns a pointer to the old \s-1RSA_METHOD\s0 implementation
275 that was replaced. However, this return value should probably be ignored
276 because if it was supplied by an \s-1ENGINE\s0, the pointer could be invalidated
277 at any time if the \s-1ENGINE\s0 is unloaded (in fact it could be unloaded as a
278 result of the \fIRSA_set_method()\fR function releasing its handle to the
279 \&\s-1ENGINE\s0). For this reason, the return type may be replaced with a \fBvoid\fR
280 declaration in a future release.
282 \&\fIRSA_new_method()\fR returns \s-1NULL\s0 and sets an error code that can be obtained
283 by \fIERR_get_error\fR\|(3) if the allocation fails. Otherwise
284 it returns a pointer to the newly allocated structure.
287 As of version 0.9.7, \s-1RSA_METHOD\s0 implementations are grouped together with
288 other algorithmic APIs (eg. \s-1DSA_METHOD\s0, \s-1EVP_CIPHER\s0, etc) into \fB\s-1ENGINE\s0\fR
289 modules. If a default \s-1ENGINE\s0 is specified for \s-1RSA\s0 functionality using an
290 \&\s-1ENGINE\s0 \s-1API\s0 function, that will override any \s-1RSA\s0 defaults set using the \s-1RSA\s0
291 \&\s-1API\s0 (ie. \fIRSA_set_default_method()\fR). For this reason, the \s-1ENGINE\s0 \s-1API\s0 is the
292 recommended way to control default implementations for use in \s-1RSA\s0 and other
293 cryptographic algorithms.
296 The behaviour of \fIRSA_flags()\fR is a mis-feature that is left as-is for now
297 to avoid creating compatibility problems. \s-1RSA\s0 functionality, such as the
298 encryption functions, are controlled by the \fBflags\fR value in the \s-1RSA\s0 key
299 itself, not by the \fBflags\fR value in the \s-1RSA_METHOD\s0 attached to the \s-1RSA\s0 key
300 (which is what this function returns). If the flags element of an \s-1RSA\s0 key
301 is changed, the changes will be honoured by \s-1RSA\s0 functionality but will not
302 be reflected in the return value of the \fIRSA_flags()\fR function \- in effect
303 \&\fIRSA_flags()\fR behaves more like an \fIRSA_default_flags()\fR function (which does
304 not currently exist).
306 .IX Header "SEE ALSO"
307 \&\fIrsa\fR\|(3), \fIRSA_new\fR\|(3)
310 \&\fIRSA_new_method()\fR and \fIRSA_set_default_method()\fR appeared in SSLeay 0.8.
311 \&\fIRSA_get_default_method()\fR, \fIRSA_set_method()\fR and \fIRSA_get_method()\fR as
312 well as the rsa_sign and rsa_verify components of \s-1RSA_METHOD\s0 were
313 added in OpenSSL 0.9.4.
315 \&\fIRSA_set_default_openssl_method()\fR and \fIRSA_get_default_openssl_method()\fR
316 replaced \fIRSA_set_default_method()\fR and \fIRSA_get_default_method()\fR
317 respectively, and \fIRSA_set_method()\fR and \fIRSA_new_method()\fR were altered to use
318 \&\fB\s-1ENGINE\s0\fRs rather than \fB\s-1RSA_METHOD\s0\fRs during development of the engine
319 version of OpenSSL 0.9.6. For 0.9.7, the handling of defaults in the \s-1ENGINE\s0
320 \&\s-1API\s0 was restructured so that this change was reversed, and behaviour of the
321 other functions resembled more closely the previous behaviour. The
322 behaviour of defaults in the \s-1ENGINE\s0 \s-1API\s0 now transparently overrides the
323 behaviour of defaults in the \s-1RSA\s0 \s-1API\s0 without requiring changing these