* Make the description of method selection simpler, more precise,

and more concise. * Correct the description of the return values of DH_set_method(3) and DSA_set_method(3). * Stop referencing engine(3).
author: schwarze <> 2018-04-18 01:09:01 +0000
committer: schwarze <> 2018-04-18 01:09:01 +0000
commit: bf38af2d204a66db252db88697e129c75810d022 (patch)
tree: 2c4dc10a970df762b139b100fe0cb4b1255f91d6 /src/lib/libcrypto/man/DH_set_method.3
parent: 3853161947bef78ac2c0d8634299a75cea982c4c (diff)
download: openbsd-bf38af2d204a66db252db88697e129c75810d022.tar.gz
openbsd-bf38af2d204a66db252db88697e129c75810d022.tar.bz2
openbsd-bf38af2d204a66db252db88697e129c75810d022.zip
1 files changed, 34 insertions, 65 deletions
diff --git a/src/lib/libcrypto/man/DH_set_method.3 b/src/lib/libcrypto/man/DH_set_method.3
index 77d1616445..9863cbaca9 100644
--- a/src/lib/libcrypto/man/DH_set_method.3
+++ b/src/lib/libcrypto/man/DH_set_method.3
@@ -1,4 +1,4 @@
-.\"     $OpenBSD: DH_set_method.3,v 1.6 2018/03/22 16:06:33 schwarze Exp $
+.\"     $OpenBSD: DH_set_method.3,v 1.7 2018/04/18 01:09:01 schwarze Exp $
 .\"     OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
 .\"
 .\" This file was written by Ulf Moeller <ulf@openssl.org>.
@@ -48,7 +48,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: March 22 2018 $
+.Dd $Mdocdate: April 18 2018 $
 .Dt DH_SET_METHOD 3
 .Os
 .Sh NAME
@@ -84,53 +84,44 @@
 .Sh DESCRIPTION
 A
 .Vt DH_METHOD
-specifies the functions that OpenSSL uses for Diffie-Hellman operations.
+object contains pointers to the functions
-By modifying the method, alternative implementations such as hardware
+used for Diffie-Hellman operations.
-accelerators may be used.
+By default, the internal implementation returned by
-See the
+.Fn DH_OpenSSL
-.Sx CAVEATS
+is used.
-section for how these DH API functions are affected by the use of
+By selecting another method, alternative implementations
-.Xr engine 3
+such as hardware accelerators may be used.
-API calls.
-.Pp
-Initially, the default
-.Vt DH_METHOD
-is the OpenSSL internal implementation as returned by
-.Fn DH_OpenSSL .
 .Pp
 .Fn DH_set_default_method
-makes
+selects
 .Fa meth
-the default method for all
+as the default method for all
 .Vt DH
 structures created later.
-.Sy NB :
+If any
-This is true only whilst no
 .Vt ENGINE
-has been set as a default for DH, so this function is no longer
+was registered with
-recommended.
+.Xr ENGINE_register_DH 3
+that can be successfully initialized, it overrides the default.
 .Pp
 .Fn DH_get_default_method
-returns a pointer to the current default
+returns a pointer to the current default method,
-.Vt DH_METHOD .
+even if it is actually overridded by an
-However, the meaningfulness of this result is dependent on whether the
+.Vt ENGINE .
-.Xr engine 3
-API is being used, so this function is no longer recommended.
 .Pp
 .Fn DH_set_method
 selects
 .Fa meth
 to perform all operations using the key
 .Fa dh .
-This will replace the
+This replaces the
 .Vt DH_METHOD
 used by the
 .Fa dh
 key and if the previous method was supplied by an
 .Vt ENGINE ,
-the handle to that
+.Xr ENGINE_finish 3
-.Vt ENGINE
+is called on it.
-will be released during the change.
 It is possible to have
 .Vt DH
 keys that only work with certain
@@ -147,18 +138,16 @@ allocates and initializes a
 .Vt DH
 structure so that
 .Fa engine
-will be used for the DH operations.
+is used for the DH operations.
 If
 .Fa engine
 is
 .Dv NULL ,
-the default
+.Xr ENGINE_get_default_DH 3
-.Vt ENGINE
+is used.
-for DH operations is used and, if no default
+If that returns
-.Vt ENGINE
+.Dv NULL ,
-is set, the
+the default method controlled by
-.Vt DH_METHOD
-controlled by
 .Fn DH_set_default_method
 is used.
 .Pp
@@ -199,17 +188,11 @@ typedef struct dh_meth_st
 and
 .Fn DH_get_default_method
 return pointers to the respective
-.Sy DH_METHOD Ns s.
+.Vt DH_METHOD .
 .Pp
 .Fn DH_set_method
-returns non-zero if the provided
+returns 1 on success or 0 on failure.
-.Fa meth
+Currently, it cannot fail.
-was successfully set as the method for
-.Fa dh
-(including unloading the
-.Vt ENGINE
-handle if the previous method was supplied by an
-.Vt ENGINE ) .
 .Pp
 .Fn DH_new_method
 returns
@@ -219,7 +202,10 @@ and sets an error code that can be obtained by
 if the allocation fails.
 Otherwise it returns a pointer to the newly allocated structure.
 .Sh SEE ALSO
-.Xr DH_new 3
+.Xr DH_new 3 ,
+.Xr ENGINE_get_default_DH 3 ,
+.Xr ENGINE_register_DH 3 ,
+.Xr ENGINE_set_default_DH 3
 .Sh HISTORY
 .Fn DH_set_default_method ,
 .Fn DH_get_default_method ,
@@ -229,20 +215,3 @@ and
 .Fn DH_OpenSSL
 first appeared in OpenSSL 0.9.5 and have been available since
 .Ox 2.7 .
-.Sh CAVEATS
-As of version 0.9.7,
-.Vt DH_METHOD
-implementations are grouped together with other algorithmic APIs
-(e.g. RSA_METHOD, EVP_CIPHER) in
-.Vt ENGINE
-modules.
-If a default
-.Vt ENGINE
-is specified for DH functionality using an
-.Xr engine 3
-API function, that will override any DH defaults set using the DH API
-.Pq i.e. Fn DH_set_default_method .
-For this reason, the
-.Xr engine 3
-API is the recommended way to control default implementations
-for use in DH and other cryptographic algorithms.
author	schwarze <>	2018-04-18 01:09:01 +0000
committer	schwarze <>	2018-04-18 01:09:01 +0000
commit	bf38af2d204a66db252db88697e129c75810d022 (patch)
tree	2c4dc10a970df762b139b100fe0cb4b1255f91d6 /src/lib/libcrypto/man/DH_set_method.3
parent	3853161947bef78ac2c0d8634299a75cea982c4c (diff)
download	openbsd-bf38af2d204a66db252db88697e129c75810d022.tar.gz openbsd-bf38af2d204a66db252db88697e129c75810d022.tar.bz2 openbsd-bf38af2d204a66db252db88697e129c75810d022.zip

diff --git a/src/lib/libcrypto/man/DH_set_method.3 b/src/lib/libcrypto/man/DH_set_method.3 index 77d1616445..9863cbaca9 100644 --- a/src/lib/libcrypto/man/DH_set_method.3 +++ b/src/lib/libcrypto/man/DH_set_method.3
@@ -1,4 +1,4 @@
1	.\" $OpenBSD: DH_set_method.3,v 1.6 2018/03/22 16:06:33 schwarze Exp $	1	.\" $OpenBSD: DH_set_method.3,v 1.7 2018/04/18 01:09:01 schwarze Exp $
2	.\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100	2	.\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
3	.\"	3	.\"
4	.\" This file was written by Ulf Moeller <ulf@openssl.org>.	4	.\" This file was written by Ulf Moeller <ulf@openssl.org>.
@@ -48,7 +48,7 @@
48	.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED	48	.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
49	.\" OF THE POSSIBILITY OF SUCH DAMAGE.	49	.\" OF THE POSSIBILITY OF SUCH DAMAGE.
50	.\"	50	.\"
51	.Dd $Mdocdate: March 22 2018 $	51	.Dd $Mdocdate: April 18 2018 $
52	.Dt DH_SET_METHOD 3	52	.Dt DH_SET_METHOD 3
53	.Os	53	.Os
54	.Sh NAME	54	.Sh NAME
@@ -84,53 +84,44 @@
84	.Sh DESCRIPTION	84	.Sh DESCRIPTION
85	A	85	A
86	.Vt DH_METHOD	86	.Vt DH_METHOD
87	specifies the functions that OpenSSL uses for Diffie-Hellman operations.	87	object contains pointers to the functions
88	By modifying the method, alternative implementations such as hardware	88	used for Diffie-Hellman operations.
89	accelerators may be used.	89	By default, the internal implementation returned by
90	See the	90	.Fn DH_OpenSSL
91	.Sx CAVEATS	91	is used.
92	section for how these DH API functions are affected by the use of	92	By selecting another method, alternative implementations
93	.Xr engine 3	93	such as hardware accelerators may be used.
94	API calls.
95	.Pp
96	Initially, the default
97	.Vt DH_METHOD
98	is the OpenSSL internal implementation as returned by
99	.Fn DH_OpenSSL .
100	.Pp	94	.Pp
101	.Fn DH_set_default_method	95	.Fn DH_set_default_method
102	makes	96	selects
103	.Fa meth	97	.Fa meth
104	the default method for all	98	as the default method for all
105	.Vt DH	99	.Vt DH
106	structures created later.	100	structures created later.
107	.Sy NB :	101	If any
108	This is true only whilst no
109	.Vt ENGINE	102	.Vt ENGINE
110	has been set as a default for DH, so this function is no longer	103	was registered with
111	recommended.	104	.Xr ENGINE_register_DH 3
		105	that can be successfully initialized, it overrides the default.
112	.Pp	106	.Pp
113	.Fn DH_get_default_method	107	.Fn DH_get_default_method
114	returns a pointer to the current default	108	returns a pointer to the current default method,
115	.Vt DH_METHOD .	109	even if it is actually overridded by an
116	However, the meaningfulness of this result is dependent on whether the	110	.Vt ENGINE .
117	.Xr engine 3
118	API is being used, so this function is no longer recommended.
119	.Pp	111	.Pp
120	.Fn DH_set_method	112	.Fn DH_set_method
121	selects	113	selects
122	.Fa meth	114	.Fa meth
123	to perform all operations using the key	115	to perform all operations using the key
124	.Fa dh .	116	.Fa dh .
125	This will replace the	117	This replaces the
126	.Vt DH_METHOD	118	.Vt DH_METHOD
127	used by the	119	used by the
128	.Fa dh	120	.Fa dh
129	key and if the previous method was supplied by an	121	key and if the previous method was supplied by an
130	.Vt ENGINE ,	122	.Vt ENGINE ,
131	the handle to that	123	.Xr ENGINE_finish 3
132	.Vt ENGINE	124	is called on it.
133	will be released during the change.
134	It is possible to have	125	It is possible to have
135	.Vt DH	126	.Vt DH
136	keys that only work with certain	127	keys that only work with certain
@@ -147,18 +138,16 @@ allocates and initializes a
147	.Vt DH	138	.Vt DH
148	structure so that	139	structure so that
149	.Fa engine	140	.Fa engine
150	will be used for the DH operations.	141	is used for the DH operations.
151	If	142	If
152	.Fa engine	143	.Fa engine
153	is	144	is
154	.Dv NULL ,	145	.Dv NULL ,
155	the default	146	.Xr ENGINE_get_default_DH 3
156	.Vt ENGINE	147	is used.
157	for DH operations is used and, if no default	148	If that returns
158	.Vt ENGINE	149	.Dv NULL ,
159	is set, the	150	the default method controlled by
160	.Vt DH_METHOD
161	controlled by
162	.Fn DH_set_default_method	151	.Fn DH_set_default_method
163	is used.	152	is used.
164	.Pp	153	.Pp
@@ -199,17 +188,11 @@ typedef struct dh_meth_st
199	and	188	and
200	.Fn DH_get_default_method	189	.Fn DH_get_default_method
201	return pointers to the respective	190	return pointers to the respective
202	.Sy DH_METHOD Ns s.	191	.Vt DH_METHOD .
203	.Pp	192	.Pp
204	.Fn DH_set_method	193	.Fn DH_set_method
205	returns non-zero if the provided	194	returns 1 on success or 0 on failure.
206	.Fa meth	195	Currently, it cannot fail.
207	was successfully set as the method for
208	.Fa dh
209	(including unloading the
210	.Vt ENGINE
211	handle if the previous method was supplied by an
212	.Vt ENGINE ) .
213	.Pp	196	.Pp
214	.Fn DH_new_method	197	.Fn DH_new_method
215	returns	198	returns
@@ -219,7 +202,10 @@ and sets an error code that can be obtained by
219	if the allocation fails.	202	if the allocation fails.
220	Otherwise it returns a pointer to the newly allocated structure.	203	Otherwise it returns a pointer to the newly allocated structure.
221	.Sh SEE ALSO	204	.Sh SEE ALSO
222	.Xr DH_new 3	205	.Xr DH_new 3 ,
		206	.Xr ENGINE_get_default_DH 3 ,
		207	.Xr ENGINE_register_DH 3 ,
		208	.Xr ENGINE_set_default_DH 3
223	.Sh HISTORY	209	.Sh HISTORY
224	.Fn DH_set_default_method ,	210	.Fn DH_set_default_method ,
225	.Fn DH_get_default_method ,	211	.Fn DH_get_default_method ,
@@ -229,20 +215,3 @@ and
229	.Fn DH_OpenSSL	215	.Fn DH_OpenSSL
230	first appeared in OpenSSL 0.9.5 and have been available since	216	first appeared in OpenSSL 0.9.5 and have been available since
231	.Ox 2.7 .	217	.Ox 2.7 .
232	.Sh CAVEATS
233	As of version 0.9.7,
234	.Vt DH_METHOD
235	implementations are grouped together with other algorithmic APIs
236	(e.g. RSA_METHOD, EVP_CIPHER) in
237	.Vt ENGINE
238	modules.
239	If a default
240	.Vt ENGINE
241	is specified for DH functionality using an
242	.Xr engine 3
243	API function, that will override any DH defaults set using the DH API
244	.Pq i.e. Fn DH_set_default_method .
245	For this reason, the
246	.Xr engine 3
247	API is the recommended way to control default implementations
248	for use in DH and other cryptographic algorithms.