| =pod |
| |
| =head1 NAME |
| |
| RSA_set_default_method, RSA_get_default_method, RSA_set_method, |
| RSA_get_method, RSA_PKCS1_SSLeay, |
| RSA_null_method, RSA_flags, RSA_new_method - select RSA method |
| |
| =head1 SYNOPSIS |
| |
| #include <openssl/rsa.h> |
| #include <openssl/engine.h> |
| |
| void RSA_set_default_openssl_method(RSA_METHOD *meth); |
| |
| RSA_METHOD *RSA_get_default_openssl_method(void); |
| |
| int RSA_set_method(RSA *rsa, ENGINE *engine); |
| |
| RSA_METHOD *RSA_get_method(RSA *rsa); |
| |
| RSA_METHOD *RSA_PKCS1_SSLeay(void); |
| |
| RSA_METHOD *RSA_null_method(void); |
| |
| int RSA_flags(RSA *rsa); |
| |
| RSA *RSA_new_method(ENGINE *engine); |
| |
| =head1 DESCRIPTION |
| |
| An B<RSA_METHOD> specifies the functions that OpenSSL uses for RSA |
| operations. By modifying the method, alternative implementations |
| such as hardware accelerators may be used. |
| |
| Initially, the default is to use the OpenSSL internal implementation. |
| RSA_PKCS1_SSLeay() returns a pointer to that method. |
| |
| RSA_set_default_openssl_method() makes B<meth> the default method for all B<RSA> |
| structures created later. B<NB:> This is true only whilst the default engine |
| for RSA operations remains as "openssl". ENGINEs provide an |
| encapsulation for implementations of one or more algorithms at a time, and all |
| the RSA functions mentioned here operate within the scope of the default |
| "openssl" engine. |
| |
| RSA_get_default_openssl_method() returns a pointer to the current default |
| method for the "openssl" engine. |
| |
| RSA_set_method() selects B<engine> for all operations using the key |
| B<rsa>. |
| |
| RSA_get_method() returns a pointer to the RSA_METHOD from the currently |
| selected ENGINE for B<rsa>. |
| |
| RSA_flags() returns the B<flags> that are set for B<rsa>'s current method. |
| |
| RSA_new_method() allocates and initializes an RSA structure so that |
| B<engine> will be used for the RSA operations. If B<engine> is NULL, |
| the default engine for RSA operations is used. |
| |
| =head1 THE RSA_METHOD STRUCTURE |
| |
| typedef struct rsa_meth_st |
| { |
| /* name of the implementation */ |
| const char *name; |
| |
| /* encrypt */ |
| int (*rsa_pub_enc)(int flen, unsigned char *from, |
| unsigned char *to, RSA *rsa, int padding); |
| |
| /* verify arbitrary data */ |
| int (*rsa_pub_dec)(int flen, unsigned char *from, |
| unsigned char *to, RSA *rsa, int padding); |
| |
| /* sign arbitrary data */ |
| int (*rsa_priv_enc)(int flen, unsigned char *from, |
| unsigned char *to, RSA *rsa, int padding); |
| |
| /* decrypt */ |
| int (*rsa_priv_dec)(int flen, unsigned char *from, |
| unsigned char *to, RSA *rsa, int padding); |
| |
| /* compute r0 = r0 ^ I mod rsa->n (May be NULL for some |
| implementations) */ |
| int (*rsa_mod_exp)(BIGNUM *r0, BIGNUM *I, RSA *rsa); |
| |
| /* compute r = a ^ p mod m (May be NULL for some implementations) */ |
| int (*bn_mod_exp)(BIGNUM *r, BIGNUM *a, const BIGNUM *p, |
| const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); |
| |
| /* called at RSA_new */ |
| int (*init)(RSA *rsa); |
| |
| /* called at RSA_free */ |
| int (*finish)(RSA *rsa); |
| |
| /* RSA_FLAG_EXT_PKEY - rsa_mod_exp is called for private key |
| * operations, even if p,q,dmp1,dmq1,iqmp |
| * are NULL |
| * RSA_FLAG_SIGN_VER - enable rsa_sign and rsa_verify |
| * RSA_METHOD_FLAG_NO_CHECK - don't check pub/private match |
| */ |
| int flags; |
| |
| char *app_data; /* ?? */ |
| |
| /* sign. For backward compatibility, this is used only |
| * if (flags & RSA_FLAG_SIGN_VER) |
| */ |
| int (*rsa_sign)(int type, unsigned char *m, unsigned int m_len, |
| unsigned char *sigret, unsigned int *siglen, RSA *rsa); |
| |
| /* verify. For backward compatibility, this is used only |
| * if (flags & RSA_FLAG_SIGN_VER) |
| */ |
| int (*rsa_verify)(int type, unsigned char *m, unsigned int m_len, |
| unsigned char *sigbuf, unsigned int siglen, RSA *rsa); |
| |
| } RSA_METHOD; |
| |
| =head1 RETURN VALUES |
| |
| RSA_PKCS1_SSLeay(), RSA_PKCS1_null_method(), RSA_get_default_openssl_method() |
| and RSA_get_method() return pointers to the respective RSA_METHODs. |
| |
| RSA_set_default_openssl_method() returns no value. |
| |
| RSA_set_method() selects B<engine> as the engine that will be responsible for |
| all operations using the structure B<rsa>. If this function completes successfully, |
| then the B<rsa> structure will have its own functional reference of B<engine>, so |
| the caller should remember to free their own reference to B<engine> when they are |
| finished with it. NB: An ENGINE's RSA_METHOD can be retrieved (or set) by |
| ENGINE_get_RSA() or ENGINE_set_RSA(). |
| |
| RSA_new_method() returns NULL and sets an error code that can be |
| obtained by L<ERR_get_error(3)|ERR_get_error(3)> if the allocation fails. Otherwise |
| it returns a pointer to the newly allocated structure. |
| |
| =head1 SEE ALSO |
| |
| L<rsa(3)|rsa(3)>, L<RSA_new(3)|RSA_new(3)> |
| |
| =head1 HISTORY |
| |
| RSA_new_method() and RSA_set_default_method() appeared in SSLeay 0.8. |
| RSA_get_default_method(), RSA_set_method() and RSA_get_method() as |
| well as the rsa_sign and rsa_verify components of RSA_METHOD were |
| added in OpenSSL 0.9.4. |
| |
| RSA_set_default_openssl_method() and RSA_get_default_openssl_method() |
| replaced RSA_set_default_method() and RSA_get_default_method() respectively, |
| and RSA_set_method() and RSA_new_method() were altered to use B<ENGINE>s |
| rather than B<RSA_METHOD>s during development of OpenSSL 0.9.6. |
| |
| =cut |
