1.\" $OpenBSD: RSA_set_method.3,v 1.15 2019/06/08 10:40:51 schwarze Exp $ 2.\" OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400 3.\" 4.\" This file was written by Ulf Moeller <ulf@openssl.org> 5.\" and Geoff Thorpe <geoff@openssl.org>. 6.\" Copyright (c) 2000, 2002, 2007, 2014 The OpenSSL Project. 7.\" All rights reserved. 8.\" 9.\" Redistribution and use in source and binary forms, with or without 10.\" modification, are permitted provided that the following conditions 11.\" are met: 12.\" 13.\" 1. Redistributions of source code must retain the above copyright 14.\" notice, this list of conditions and the following disclaimer. 15.\" 16.\" 2. Redistributions in binary form must reproduce the above copyright 17.\" notice, this list of conditions and the following disclaimer in 18.\" the documentation and/or other materials provided with the 19.\" distribution. 20.\" 21.\" 3. All advertising materials mentioning features or use of this 22.\" software must display the following acknowledgment: 23.\" "This product includes software developed by the OpenSSL Project 24.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" 25.\" 26.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 27.\" endorse or promote products derived from this software without 28.\" prior written permission. For written permission, please contact 29.\" openssl-core@openssl.org. 30.\" 31.\" 5. Products derived from this software may not be called "OpenSSL" 32.\" nor may "OpenSSL" appear in their names without prior written 33.\" permission of the OpenSSL Project. 34.\" 35.\" 6. Redistributions of any form whatsoever must retain the following 36.\" acknowledgment: 37.\" "This product includes software developed by the OpenSSL Project 38.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" 39.\" 40.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 41.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 42.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 43.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 44.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 45.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 46.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 47.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 48.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 49.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 50.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 51.\" OF THE POSSIBILITY OF SUCH DAMAGE. 52.\" 53.Dd $Mdocdate: June 8 2019 $ 54.Dt RSA_SET_METHOD 3 55.Os 56.Sh NAME 57.Nm RSA_set_default_method , 58.Nm RSA_get_default_method , 59.Nm RSA_set_method , 60.Nm RSA_get_method , 61.Nm RSA_PKCS1_SSLeay , 62.Nm RSA_flags , 63.Nm RSA_new_method 64.Nd select RSA method 65.Sh SYNOPSIS 66.In openssl/rsa.h 67.Ft void 68.Fo RSA_set_default_method 69.Fa "const RSA_METHOD *meth" 70.Fc 71.Ft const RSA_METHOD * 72.Fn RSA_get_default_method void 73.Ft int 74.Fo RSA_set_method 75.Fa "RSA *rsa" 76.Fa "const RSA_METHOD *meth" 77.Fc 78.Ft const RSA_METHOD * 79.Fo RSA_get_method 80.Fa "const RSA *rsa" 81.Fc 82.Ft const RSA_METHOD * 83.Fn RSA_PKCS1_SSLeay void 84.Ft int 85.Fo RSA_flags 86.Fa "const RSA *rsa" 87.Fc 88.Ft RSA * 89.Fo RSA_new_method 90.Fa "ENGINE *engine" 91.Fc 92.Sh DESCRIPTION 93An 94.Vt RSA_METHOD 95object contains pointers to the functions used for RSA operations. 96By default, the internal implementation returned by 97.Fn RSA_PKCS1_SSLeay 98is used. 99By selecting another method, alternative implementations 100such as hardware accelerators may be used. 101.Pp 102.Fn RSA_set_default_method 103selects 104.Fa meth 105as the default method for all 106.Vt RSA 107structures created later. 108If any 109.Vt ENGINE 110was registered with 111.Xr ENGINE_register_RSA 3 112that can be successfully initialized, it overrides the default. 113.Pp 114.Fn RSA_get_default_method 115returns a pointer to the current default method, 116even if it is actually overridded by an 117.Vt ENGINE . 118.Pp 119.Fn RSA_set_method 120selects 121.Fa meth 122to perform all operations using the key 123.Fa rsa . 124This replaces the previous 125.Vt RSA_METHOD 126used by the RSA key, calling the 127.Fa finish 128function set up with 129.Xr RSA_meth_set_finish 3 130if any, and if the previous method was supplied by an 131.Vt ENGINE , 132.Xr ENGINE_finish 3 133is called on it. 134If 135.Fa meth 136contains an 137.Fa init 138function set up with 139.Xr RSA_meth_set_init 3 , 140that function is called just before returning from 141.Fn RSA_set_method . 142.Pp 143It is possible to have RSA keys that only work with certain 144.Vt RSA_METHOD 145implementations (e.g. from an 146.Vt ENGINE 147module that supports embedded hardware-protected keys), 148and in such cases attempting to change the 149.Vt RSA_METHOD 150for the key can have unexpected results. 151.Pp 152.Fn RSA_get_method 153returns a pointer to the 154.Vt RSA_METHOD 155being used by 156.Fa rsa . 157This method may or may not be supplied by an 158.Vt ENGINE 159implementation but if it is, the return value can only be guaranteed 160to be valid as long as the RSA key itself is valid and does not 161have its implementation changed by 162.Fn RSA_set_method . 163.Pp 164The misleadingly named function 165.Fn RSA_flags 166returns the flags that are set for the current 167.Vt RSA_METHOD 168of 169.Fa rsa . 170The flags used by 171.Fa rsa 172itself can instead be tested with 173.Xr RSA_test_flags 3 . 174See the 175.Sx BUGS 176section for more details. 177.Pp 178.Fn RSA_new_method 179allocates and initializes an 180.Vt RSA 181structure so that 182.Fa engine 183is used for the RSA operations. 184If 185.Fa engine 186is 187.Dv NULL , 188.Xr ENGINE_get_default_RSA 3 189is used. 190If that returns 191.Dv NULL , 192the default method controlled by 193.Fn RSA_set_default_method 194is used. 195.Pp 196The initial 197.Fa flags 198are copied from the 199.Vt RSA_METHOD 200object used and will not be affected by later changes to that object, 201but may be modified by the optional 202.Fa init 203function which may have been set up with 204.Xr RSA_meth_set_init 3 205and which is called just before returning from 206.Fn RSA_new_method . 207.Sh RETURN VALUES 208.Fn RSA_PKCS1_SSLeay , 209.Fn RSA_get_default_method , 210and 211.Fn RSA_get_method 212return pointers to the respective 213.Vt RSA_METHOD . 214.Pp 215.Fn RSA_set_method 216returns 1 on success or 0 on failure. 217Currently, it cannot fail. 218.Pp 219.Fn RSA_new_method 220returns 221.Dv NULL 222and sets an error code that can be obtained by 223.Xr ERR_get_error 3 224if the allocation fails. 225Otherwise it returns a pointer to the newly allocated structure. 226.Sh SEE ALSO 227.Xr ENGINE_get_default_RSA 3 , 228.Xr ENGINE_register_RSA 3 , 229.Xr ENGINE_set_default_RSA 3 , 230.Xr RSA_meth_new 3 , 231.Xr RSA_new 3 232.Sh HISTORY 233.Fn RSA_set_default_method , 234.Fn RSA_PKCS1_SSLeay , 235and 236.Fn RSA_new_method 237first appeared in SSLeay 0.8.0. 238.Fn RSA_flags 239first appeared in SSLeay 0.9.0. 240These functions have been available since 241.Ox 2.4 . 242.Pp 243.Fn RSA_get_default_method , 244.Fn RSA_set_method , 245and 246.Fn RSA_get_method 247as well as the 248.Fa rsa_sign 249and 250.Fa rsa_verify 251components of 252.Vt RSA_METHOD 253first appeared in OpenSSL 0.9.4 and have been available since 254.Ox 2.6 . 255.Sh BUGS 256The behaviour of 257.Fn RSA_flags 258is a misfeature that is left as-is for now to avoid creating 259compatibility problems. 260RSA functionality, such as the encryption functions, are controlled by 261the 262.Fa flags 263value in the 264.Vt RSA 265key itself, not by the 266.Fa flags 267value in the 268.Vt RSA_METHOD 269attached to the RSA key (which is what this function returns). 270If the flags element of an 271.Vt RSA 272key is changed, the changes will be honoured by RSA functionality 273but will not be reflected in the return value of the 274.Fn RSA_flags 275function - in effect 276.Fn RSA_flags 277behaves more like an RSA_default_flags() function, which does not 278currently exist. 279