xref: /openbsd-src/lib/libcrypto/man/DSA_set_method.3 (revision ae3cb403620ab940fbaabb3055fac045a63d56b7) 
1.\"	$OpenBSD: DSA_set_method.3,v 1.6 2016/12/10 22:47:49 schwarze Exp $
2.\"	OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
3.\"
4.\" This file was written by Ulf Moeller <ulf@openssl.org>.
5.\" Copyright (c) 2000, 2002, 2007 The OpenSSL Project.  All rights reserved.
6.\"
7.\" Redistribution and use in source and binary forms, with or without
8.\" modification, are permitted provided that the following conditions
9.\" are met:
10.\"
11.\" 1. Redistributions of source code must retain the above copyright
12.\"    notice, this list of conditions and the following disclaimer.
13.\"
14.\" 2. Redistributions in binary form must reproduce the above copyright
15.\"    notice, this list of conditions and the following disclaimer in
16.\"    the documentation and/or other materials provided with the
17.\"    distribution.
18.\"
19.\" 3. All advertising materials mentioning features or use of this
20.\"    software must display the following acknowledgment:
21.\"    "This product includes software developed by the OpenSSL Project
22.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
23.\"
24.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
25.\"    endorse or promote products derived from this software without
26.\"    prior written permission. For written permission, please contact
27.\"    openssl-core@openssl.org.
28.\"
29.\" 5. Products derived from this software may not be called "OpenSSL"
30.\"    nor may "OpenSSL" appear in their names without prior written
31.\"    permission of the OpenSSL Project.
32.\"
33.\" 6. Redistributions of any form whatsoever must retain the following
34.\"    acknowledgment:
35.\"    "This product includes software developed by the OpenSSL Project
36.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
37.\"
38.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
39.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
40.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
41.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
42.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
43.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
44.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
45.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
46.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
47.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
48.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
49.\" OF THE POSSIBILITY OF SUCH DAMAGE.
50.\"
51.Dd $Mdocdate: December 10 2016 $
52.Dt DSA_SET_METHOD 3
53.Os
54.Sh NAME
55.Nm DSA_set_default_method ,
56.Nm DSA_get_default_method ,
57.Nm DSA_set_method ,
58.Nm DSA_new_method ,
59.Nm DSA_OpenSSL
60.Nd select DSA method
61.Sh SYNOPSIS
62.In openssl/dsa.h
63.In openssl/engine.h
64.Ft void
65.Fo DSA_set_default_method
66.Fa "const DSA_METHOD *meth"
67.Fc
68.Ft const DSA_METHOD *
69.Fn DSA_get_default_method void
70.Ft int
71.Fo DSA_set_method
72.Fa "DSA *dsa"
73.Fa "const DSA_METHOD *meth"
74.Fc
75.Ft DSA *
76.Fo DSA_new_method
77.Fa "ENGINE *engine"
78.Fc
79.Ft DSA_METHOD *
80.Fn DSA_OpenSSL void
81.Sh DESCRIPTION
82A
83.Vt DSA_METHOD
84specifies the functions that OpenSSL uses for DSA operations.
85By modifying the method, alternative implementations such as hardware
86accelerators may be used.
87See the
88.Sx CAVEATS
89section for how these DSA API functions are affected by the use of
90.Xr engine 3
91API calls.
92.Pp
93Initially, the default
94.Vt DSA_METHOD
95is the OpenSSL internal implementation, as returned by
96.Fn DSA_OpenSSL .
97.Pp
98.Fn DSA_set_default_method
99makes
100.Fa meth
101the default method for all
102.Vt DSA
103structures created later.
104.Sy Note :
105this is true only whilst no
106.Vt ENGINE
107has been set as a default for DSA, so this function is no longer
108recommended.
109.Pp
110.Fn DSA_get_default_method
111returns a pointer to the current default
112.Vt DSA_METHOD .
113However, the meaningfulness of this result is dependent on whether the
114.Xr engine 3
115API is being used, so this function is no longer recommended.
116.Pp
117.Fn DSA_set_method
118selects
119.Fa meth
120to perform all operations using the key
121.Fa dsa .
122This will replace the
123.Vt DSA_METHOD
124used by the DSA key and if the previous method was supplied by an
125.Vt ENGINE ,
126the handle to that
127.Vt ENGINE
128will be released during the change.
129It is possible to have DSA keys that only work with certain
130.Vt DSA_METHOD
131implementations (e.g. from an
132.Vt ENGINE
133module that supports embedded hardware-protected keys),
134and in such cases attempting to change the
135.Vt DSA_METHOD
136for the key can have unexpected results.
137.Pp
138.Fn DSA_new_method
139allocates and initializes a
140.Vt DSA
141structure so that
142.Fa engine
143will be used for the DSA operations.
144If
145.Fa engine
146is
147.Dv NULL ,
148the default engine for DSA operations is used and, if no
149default
150.Vt ENGINE
151is set, the
152.Vt DSA_METHOD
153controlled by
154.Fn DSA_set_default_method
155is used.
156.Pp
157The
158.Vt DSA_METHOD
159structure is defined as follows:
160.Bd -literal
161struct
162{
163     /* name of the implementation */
164	const char *name;
165
166     /* sign */
167	DSA_SIG *(*dsa_do_sign)(const unsigned char *dgst, int dlen,
168                                 DSA *dsa);
169
170     /* pre-compute k^-1 and r */
171	int (*dsa_sign_setup)(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp,
172                                 BIGNUM **rp);
173
174     /* verify */
175	int (*dsa_do_verify)(const unsigned char *dgst, int dgst_len,
176                                 DSA_SIG *sig, DSA *dsa);
177
178     /* compute rr = a1^p1 * a2^p2 mod m (May be NULL for some
179                                          implementations) */
180	int (*dsa_mod_exp)(DSA *dsa, BIGNUM *rr, BIGNUM *a1, BIGNUM *p1,
181                                 BIGNUM *a2, BIGNUM *p2, BIGNUM *m,
182                                 BN_CTX *ctx, BN_MONT_CTX *in_mont);
183
184     /* compute r = a ^ p mod m (May be NULL for some implementations) */
185        int (*bn_mod_exp)(DSA *dsa, BIGNUM *r, BIGNUM *a,
186                                 const BIGNUM *p, const BIGNUM *m,
187                                 BN_CTX *ctx, BN_MONT_CTX *m_ctx);
188
189     /* called at DSA_new */
190        int (*init)(DSA *DSA);
191
192     /* called at DSA_free */
193        int (*finish)(DSA *DSA);
194
195        int flags;
196
197        char *app_data; /* ?? */
198
199} DSA_METHOD;
200.Ed
201.Sh RETURN VALUES
202.Fn DSA_OpenSSL
203and
204.Fn DSA_get_default_method
205return pointers to the respective
206.Vt DSA_METHOD Ns s .
207.Pp
208.Fn DSA_set_method
209returns non-zero if the provided
210.Fa meth
211was successfully set as the method for
212.Fa dsa
213(including unloading the
214.Vt ENGINE
215handle if the previous method was supplied by an
216.Vt ENGINE ) .
217.Pp
218.Fn DSA_new_method
219returns
220.Dv NULL
221and sets an error code that can be obtained by
222.Xr ERR_get_error 3
223if the allocation fails.
224Otherwise it returns a pointer to the newly allocated structure.
225.Sh SEE ALSO
226.Xr DSA_new 3
227.Sh HISTORY
228.Fn DSA_set_default_method ,
229.Fn DSA_get_default_method ,
230.Fn DSA_set_method ,
231.Fn DSA_new_method ,
232and
233.Fn DSA_OpenSSL
234were added in OpenSSL 0.9.4.
235.Sh CAVEATS
236As of version 0.9.7, DSA_METHOD implementations are grouped together
237with other algorithmic APIs (e.g. RSA_METHOD, EVP_CIPHER) in
238.Vt ENGINE
239modules.
240If a default
241.Vt ENGINE
242is specified for DSA functionality using an
243.Xr engine 3
244API function, that will override any DSA defaults set using the DSA API
245.Pq i.e. DSA_set_default_method .
246For this reason, the
247.Xr engine 3
248API is the recommended way to control default implementations for
249use in DSA and other cryptographic algorithms.
250