* Make the description of method selection simpler, more precise,

and more concise. * Correct the description of the return values of DH_set_method(3) and DSA_set_method(3). * Stop referencing engine(3).
author: schwarze <> 2018-04-18 01:09:01 +0000
committer: schwarze <> 2018-04-18 01:09:01 +0000
commit: bf38af2d204a66db252db88697e129c75810d022 (patch)
tree: 2c4dc10a970df762b139b100fe0cb4b1255f91d6 /src
parent: 3853161947bef78ac2c0d8634299a75cea982c4c (diff)
download: openbsd-bf38af2d204a66db252db88697e129c75810d022.tar.gz
openbsd-bf38af2d204a66db252db88697e129c75810d022.tar.bz2
openbsd-bf38af2d204a66db252db88697e129c75810d022.zip
2 files changed, 67 insertions, 128 deletions
diff --git a/src/lib/libcrypto/man/DH_set_method.3 b/src/lib/libcrypto/man/DH_set_method.3
index 77d1616445..9863cbaca9 100644
--- a/src/lib/libcrypto/man/DH_set_method.3
+++ b/src/lib/libcrypto/man/DH_set_method.3
@@ -1,4 +1,4 @@
-.\"     $OpenBSD: DH_set_method.3,v 1.6 2018/03/22 16:06:33 schwarze Exp $
+.\"     $OpenBSD: DH_set_method.3,v 1.7 2018/04/18 01:09:01 schwarze Exp $
 .\"     OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
 .\"
 .\" This file was written by Ulf Moeller <ulf@openssl.org>.
@@ -48,7 +48,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: March 22 2018 $
+.Dd $Mdocdate: April 18 2018 $
 .Dt DH_SET_METHOD 3
 .Os
 .Sh NAME
@@ -84,53 +84,44 @@
 .Sh DESCRIPTION
 A
 .Vt DH_METHOD
-specifies the functions that OpenSSL uses for Diffie-Hellman operations.
+object contains pointers to the functions
-By modifying the method, alternative implementations such as hardware
+used for Diffie-Hellman operations.
-accelerators may be used.
+By default, the internal implementation returned by
-See the
+.Fn DH_OpenSSL
-.Sx CAVEATS
+is used.
-section for how these DH API functions are affected by the use of
+By selecting another method, alternative implementations
-.Xr engine 3
+such as hardware accelerators may be used.
-API calls.
-.Pp
-Initially, the default
-.Vt DH_METHOD
-is the OpenSSL internal implementation as returned by
-.Fn DH_OpenSSL .
 .Pp
 .Fn DH_set_default_method
-makes
+selects
 .Fa meth
-the default method for all
+as the default method for all
 .Vt DH
 structures created later.
-.Sy NB :
+If any
-This is true only whilst no
 .Vt ENGINE
-has been set as a default for DH, so this function is no longer
+was registered with
-recommended.
+.Xr ENGINE_register_DH 3
+that can be successfully initialized, it overrides the default.
 .Pp
 .Fn DH_get_default_method
-returns a pointer to the current default
+returns a pointer to the current default method,
-.Vt DH_METHOD .
+even if it is actually overridded by an
-However, the meaningfulness of this result is dependent on whether the
+.Vt ENGINE .
-.Xr engine 3
-API is being used, so this function is no longer recommended.
 .Pp
 .Fn DH_set_method
 selects
 .Fa meth
 to perform all operations using the key
 .Fa dh .
-This will replace the
+This replaces the
 .Vt DH_METHOD
 used by the
 .Fa dh
 key and if the previous method was supplied by an
 .Vt ENGINE ,
-the handle to that
+.Xr ENGINE_finish 3
-.Vt ENGINE
+is called on it.
-will be released during the change.
 It is possible to have
 .Vt DH
 keys that only work with certain
@@ -147,18 +138,16 @@ allocates and initializes a
 .Vt DH
 structure so that
 .Fa engine
-will be used for the DH operations.
+is used for the DH operations.
 If
 .Fa engine
 is
 .Dv NULL ,
-the default
+.Xr ENGINE_get_default_DH 3
-.Vt ENGINE
+is used.
-for DH operations is used and, if no default
+If that returns
-.Vt ENGINE
+.Dv NULL ,
-is set, the
+the default method controlled by
-.Vt DH_METHOD
-controlled by
 .Fn DH_set_default_method
 is used.
 .Pp
@@ -199,17 +188,11 @@ typedef struct dh_meth_st
 and
 .Fn DH_get_default_method
 return pointers to the respective
-.Sy DH_METHOD Ns s.
+.Vt DH_METHOD .
 .Pp
 .Fn DH_set_method
-returns non-zero if the provided
+returns 1 on success or 0 on failure.
-.Fa meth
+Currently, it cannot fail.
-was successfully set as the method for
-.Fa dh
-(including unloading the
-.Vt ENGINE
-handle if the previous method was supplied by an
-.Vt ENGINE ) .
 .Pp
 .Fn DH_new_method
 returns
@@ -219,7 +202,10 @@ and sets an error code that can be obtained by
 if the allocation fails.
 Otherwise it returns a pointer to the newly allocated structure.
 .Sh SEE ALSO
-.Xr DH_new 3
+.Xr DH_new 3 ,
+.Xr ENGINE_get_default_DH 3 ,
+.Xr ENGINE_register_DH 3 ,
+.Xr ENGINE_set_default_DH 3
 .Sh HISTORY
 .Fn DH_set_default_method ,
 .Fn DH_get_default_method ,
@@ -229,20 +215,3 @@ and
 .Fn DH_OpenSSL
 first appeared in OpenSSL 0.9.5 and have been available since
 .Ox 2.7 .
-.Sh CAVEATS
-As of version 0.9.7,
-.Vt DH_METHOD
-implementations are grouped together with other algorithmic APIs
-(e.g. RSA_METHOD, EVP_CIPHER) in
-.Vt ENGINE
-modules.
-If a default
-.Vt ENGINE
-is specified for DH functionality using an
-.Xr engine 3
-API function, that will override any DH defaults set using the DH API
-.Pq i.e. Fn DH_set_default_method .
-For this reason, the
-.Xr engine 3
-API is the recommended way to control default implementations
-for use in DH and other cryptographic algorithms.
diff --git a/src/lib/libcrypto/man/DSA_set_method.3 b/src/lib/libcrypto/man/DSA_set_method.3
index f54c392097..8221f856be 100644
--- a/src/lib/libcrypto/man/DSA_set_method.3
+++ b/src/lib/libcrypto/man/DSA_set_method.3
@@ -1,4 +1,4 @@
-.\"     $OpenBSD: DSA_set_method.3,v 1.8 2018/03/22 16:06:33 schwarze Exp $
+.\"     $OpenBSD: DSA_set_method.3,v 1.9 2018/04/18 01:09:01 schwarze Exp $
 .\"     OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
 .\"
 .\" This file was written by Ulf Moeller <ulf@openssl.org>.
@@ -48,7 +48,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: March 22 2018 $
+.Dd $Mdocdate: April 18 2018 $
 .Dt DSA_SET_METHOD 3
 .Os
 .Sh NAME
@@ -60,7 +60,6 @@
 .Nd select DSA method
 .Sh SYNOPSIS
 .In openssl/dsa.h
-.In openssl/engine.h
 .Ft void
 .Fo DSA_set_default_method
 .Fa "const DSA_METHOD *meth"
@@ -81,51 +80,41 @@
 .Sh DESCRIPTION
 A
 .Vt DSA_METHOD
-specifies the functions that OpenSSL uses for DSA operations.
+object contains pointers to the functions used for DSA operations.
-By modifying the method, alternative implementations such as hardware
+By default, the internal implementation returned by
-accelerators may be used.
+.Fn DSA_OpenSSL
-See the
+is used.
-.Sx CAVEATS
+By selecting another method, alternative implementations
-section for how these DSA API functions are affected by the use of
+such as hardware accelerators may be used.
-.Xr engine 3
-API calls.
-.Pp
-Initially, the default
-.Vt DSA_METHOD
-is the OpenSSL internal implementation, as returned by
-.Fn DSA_OpenSSL .
 .Pp
 .Fn DSA_set_default_method
-makes
+selects
 .Fa meth
-the default method for all
+as the default method for all
 .Vt DSA
 structures created later.
-.Sy Note :
+If any
-this is true only whilst no
 .Vt ENGINE
-has been set as a default for DSA, so this function is no longer
+was registered with
-recommended.
+.Xr ENGINE_register_DSA 3
+that can be successfully initialized, it overrides the default.
 .Pp
 .Fn DSA_get_default_method
-returns a pointer to the current default
+returns a pointer to the current default method,
-.Vt DSA_METHOD .
+even if it is actually overridded by an
-However, the meaningfulness of this result is dependent on whether the
+.Vt ENGINE .
-.Xr engine 3
-API is being used, so this function is no longer recommended.
 .Pp
 .Fn DSA_set_method
 selects
 .Fa meth
 to perform all operations using the key
 .Fa dsa .
-This will replace the
+This replaces the
 .Vt DSA_METHOD
 used by the DSA key and if the previous method was supplied by an
 .Vt ENGINE ,
-the handle to that
+.Xr ENGINE_finish 3
-.Vt ENGINE
+is called on it.
-will be released during the change.
 It is possible to have DSA keys that only work with certain
 .Vt DSA_METHOD
 implementations (e.g. from an
@@ -140,17 +129,16 @@ allocates and initializes a
 .Vt DSA
 structure so that
 .Fa engine
-will be used for the DSA operations.
+is used for the DSA operations.
 If
 .Fa engine
 is
 .Dv NULL ,
-the default engine for DSA operations is used and, if no
+.Xr ENGINE_get_default_DSA 3
-default
+is used.
-.Vt ENGINE
+If that returns
-is set, the
+.Dv NULL ,
-.Vt DSA_METHOD
+the default method controlled by
-controlled by
 .Fn DSA_set_default_method
 is used.
 .Pp
@@ -203,17 +191,11 @@ struct
 and
 .Fn DSA_get_default_method
 return pointers to the respective
-.Vt DSA_METHOD Ns s .
+.Vt DSA_METHOD .
 .Pp
 .Fn DSA_set_method
-returns non-zero if the provided
+returns 1 on success or 0 on failure.
-.Fa meth
+Currently, it cannot fail.
-was successfully set as the method for
-.Fa dsa
-(including unloading the
-.Vt ENGINE
-handle if the previous method was supplied by an
-.Vt ENGINE ) .
 .Pp
 .Fn DSA_new_method
 returns
@@ -224,7 +206,10 @@ if the allocation fails.
 Otherwise it returns a pointer to the newly allocated structure.
 .Sh SEE ALSO
 .Xr DSA_meth_new 3 ,
-.Xr DSA_new 3
+.Xr DSA_new 3 ,
+.Xr ENGINE_get_default_DSA 3 ,
+.Xr ENGINE_register_DSA 3 ,
+.Xr ENGINE_set_default_DSA 3
 .Sh HISTORY
 .Fn DSA_set_default_method ,
 .Fn DSA_get_default_method ,
@@ -234,18 +219,3 @@ and
 .Fn DSA_OpenSSL
 first appeared in OpenSSL 0.9.5 and have been available since
 .Ox 2.7 .
-.Sh CAVEATS
-As of version 0.9.7, DSA_METHOD implementations are grouped together
-with other algorithmic APIs (e.g. RSA_METHOD, EVP_CIPHER) in
-.Vt ENGINE
-modules.
-If a default
-.Vt ENGINE
-is specified for DSA functionality using an
-.Xr engine 3
-API function, that will override any DSA defaults set using the DSA API
-.Pq i.e. DSA_set_default_method .
-For this reason, the
-.Xr engine 3
-API is the recommended way to control default implementations for
-use in DSA and other cryptographic algorithms.
author	schwarze <>	2018-04-18 01:09:01 +0000
committer	schwarze <>	2018-04-18 01:09:01 +0000
commit	bf38af2d204a66db252db88697e129c75810d022 (patch)
tree	2c4dc10a970df762b139b100fe0cb4b1255f91d6 /src
parent	3853161947bef78ac2c0d8634299a75cea982c4c (diff)
download	openbsd-bf38af2d204a66db252db88697e129c75810d022.tar.gz openbsd-bf38af2d204a66db252db88697e129c75810d022.tar.bz2 openbsd-bf38af2d204a66db252db88697e129c75810d022.zip

diff --git a/src/lib/libcrypto/man/DH_set_method.3 b/src/lib/libcrypto/man/DH_set_method.3 index 77d1616445..9863cbaca9 100644 --- a/src/lib/libcrypto/man/DH_set_method.3 +++ b/src/lib/libcrypto/man/DH_set_method.3
@@ -1,4 +1,4 @@
1	.\" $OpenBSD: DH_set_method.3,v 1.6 2018/03/22 16:06:33 schwarze Exp $	1	.\" $OpenBSD: DH_set_method.3,v 1.7 2018/04/18 01:09:01 schwarze Exp $
2	.\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100	2	.\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
3	.\"	3	.\"
4	.\" This file was written by Ulf Moeller <ulf@openssl.org>.	4	.\" This file was written by Ulf Moeller <ulf@openssl.org>.
@@ -48,7 +48,7 @@
48	.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED	48	.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
49	.\" OF THE POSSIBILITY OF SUCH DAMAGE.	49	.\" OF THE POSSIBILITY OF SUCH DAMAGE.
50	.\"	50	.\"
51	.Dd $Mdocdate: March 22 2018 $	51	.Dd $Mdocdate: April 18 2018 $
52	.Dt DH_SET_METHOD 3	52	.Dt DH_SET_METHOD 3
53	.Os	53	.Os
54	.Sh NAME	54	.Sh NAME
@@ -84,53 +84,44 @@
84	.Sh DESCRIPTION	84	.Sh DESCRIPTION
85	A	85	A
86	.Vt DH_METHOD	86	.Vt DH_METHOD
87	specifies the functions that OpenSSL uses for Diffie-Hellman operations.	87	object contains pointers to the functions
88	By modifying the method, alternative implementations such as hardware	88	used for Diffie-Hellman operations.
89	accelerators may be used.	89	By default, the internal implementation returned by
90	See the	90	.Fn DH_OpenSSL
91	.Sx CAVEATS	91	is used.
92	section for how these DH API functions are affected by the use of	92	By selecting another method, alternative implementations
93	.Xr engine 3	93	such as hardware accelerators may be used.
94	API calls.
95	.Pp
96	Initially, the default
97	.Vt DH_METHOD
98	is the OpenSSL internal implementation as returned by
99	.Fn DH_OpenSSL .
100	.Pp	94	.Pp
101	.Fn DH_set_default_method	95	.Fn DH_set_default_method
102	makes	96	selects
103	.Fa meth	97	.Fa meth
104	the default method for all	98	as the default method for all
105	.Vt DH	99	.Vt DH
106	structures created later.	100	structures created later.
107	.Sy NB :	101	If any
108	This is true only whilst no
109	.Vt ENGINE	102	.Vt ENGINE
110	has been set as a default for DH, so this function is no longer	103	was registered with
111	recommended.	104	.Xr ENGINE_register_DH 3
		105	that can be successfully initialized, it overrides the default.
112	.Pp	106	.Pp
113	.Fn DH_get_default_method	107	.Fn DH_get_default_method
114	returns a pointer to the current default	108	returns a pointer to the current default method,
115	.Vt DH_METHOD .	109	even if it is actually overridded by an
116	However, the meaningfulness of this result is dependent on whether the	110	.Vt ENGINE .
117	.Xr engine 3
118	API is being used, so this function is no longer recommended.
119	.Pp	111	.Pp
120	.Fn DH_set_method	112	.Fn DH_set_method
121	selects	113	selects
122	.Fa meth	114	.Fa meth
123	to perform all operations using the key	115	to perform all operations using the key
124	.Fa dh .	116	.Fa dh .
125	This will replace the	117	This replaces the
126	.Vt DH_METHOD	118	.Vt DH_METHOD
127	used by the	119	used by the
128	.Fa dh	120	.Fa dh
129	key and if the previous method was supplied by an	121	key and if the previous method was supplied by an
130	.Vt ENGINE ,	122	.Vt ENGINE ,
131	the handle to that	123	.Xr ENGINE_finish 3
132	.Vt ENGINE	124	is called on it.
133	will be released during the change.
134	It is possible to have	125	It is possible to have
135	.Vt DH	126	.Vt DH
136	keys that only work with certain	127	keys that only work with certain
@@ -147,18 +138,16 @@ allocates and initializes a
147	.Vt DH	138	.Vt DH
148	structure so that	139	structure so that
149	.Fa engine	140	.Fa engine
150	will be used for the DH operations.	141	is used for the DH operations.
151	If	142	If
152	.Fa engine	143	.Fa engine
153	is	144	is
154	.Dv NULL ,	145	.Dv NULL ,
155	the default	146	.Xr ENGINE_get_default_DH 3
156	.Vt ENGINE	147	is used.
157	for DH operations is used and, if no default	148	If that returns
158	.Vt ENGINE	149	.Dv NULL ,
159	is set, the	150	the default method controlled by
160	.Vt DH_METHOD
161	controlled by
162	.Fn DH_set_default_method	151	.Fn DH_set_default_method
163	is used.	152	is used.
164	.Pp	153	.Pp
@@ -199,17 +188,11 @@ typedef struct dh_meth_st
199	and	188	and
200	.Fn DH_get_default_method	189	.Fn DH_get_default_method
201	return pointers to the respective	190	return pointers to the respective
202	.Sy DH_METHOD Ns s.	191	.Vt DH_METHOD .
203	.Pp	192	.Pp
204	.Fn DH_set_method	193	.Fn DH_set_method
205	returns non-zero if the provided	194	returns 1 on success or 0 on failure.
206	.Fa meth	195	Currently, it cannot fail.
207	was successfully set as the method for
208	.Fa dh
209	(including unloading the
210	.Vt ENGINE
211	handle if the previous method was supplied by an
212	.Vt ENGINE ) .
213	.Pp	196	.Pp
214	.Fn DH_new_method	197	.Fn DH_new_method
215	returns	198	returns
@@ -219,7 +202,10 @@ and sets an error code that can be obtained by
219	if the allocation fails.	202	if the allocation fails.
220	Otherwise it returns a pointer to the newly allocated structure.	203	Otherwise it returns a pointer to the newly allocated structure.
221	.Sh SEE ALSO	204	.Sh SEE ALSO
222	.Xr DH_new 3	205	.Xr DH_new 3 ,
		206	.Xr ENGINE_get_default_DH 3 ,
		207	.Xr ENGINE_register_DH 3 ,
		208	.Xr ENGINE_set_default_DH 3
223	.Sh HISTORY	209	.Sh HISTORY
224	.Fn DH_set_default_method ,	210	.Fn DH_set_default_method ,
225	.Fn DH_get_default_method ,	211	.Fn DH_get_default_method ,
@@ -229,20 +215,3 @@ and
229	.Fn DH_OpenSSL	215	.Fn DH_OpenSSL
230	first appeared in OpenSSL 0.9.5 and have been available since	216	first appeared in OpenSSL 0.9.5 and have been available since
231	.Ox 2.7 .	217	.Ox 2.7 .
232	.Sh CAVEATS
233	As of version 0.9.7,
234	.Vt DH_METHOD
235	implementations are grouped together with other algorithmic APIs
236	(e.g. RSA_METHOD, EVP_CIPHER) in
237	.Vt ENGINE
238	modules.
239	If a default
240	.Vt ENGINE
241	is specified for DH functionality using an
242	.Xr engine 3
243	API function, that will override any DH defaults set using the DH API
244	.Pq i.e. Fn DH_set_default_method .
245	For this reason, the
246	.Xr engine 3
247	API is the recommended way to control default implementations
248	for use in DH and other cryptographic algorithms.


diff --git a/src/lib/libcrypto/man/DSA_set_method.3 b/src/lib/libcrypto/man/DSA_set_method.3 index f54c392097..8221f856be 100644 --- a/src/lib/libcrypto/man/DSA_set_method.3 +++ b/src/lib/libcrypto/man/DSA_set_method.3
@@ -1,4 +1,4 @@
1	.\" $OpenBSD: DSA_set_method.3,v 1.8 2018/03/22 16:06:33 schwarze Exp $	1	.\" $OpenBSD: DSA_set_method.3,v 1.9 2018/04/18 01:09:01 schwarze Exp $
2	.\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100	2	.\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
3	.\"	3	.\"
4	.\" This file was written by Ulf Moeller <ulf@openssl.org>.	4	.\" This file was written by Ulf Moeller <ulf@openssl.org>.
@@ -48,7 +48,7 @@
48	.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED	48	.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
49	.\" OF THE POSSIBILITY OF SUCH DAMAGE.	49	.\" OF THE POSSIBILITY OF SUCH DAMAGE.
50	.\"	50	.\"
51	.Dd $Mdocdate: March 22 2018 $	51	.Dd $Mdocdate: April 18 2018 $
52	.Dt DSA_SET_METHOD 3	52	.Dt DSA_SET_METHOD 3
53	.Os	53	.Os
54	.Sh NAME	54	.Sh NAME
@@ -60,7 +60,6 @@
60	.Nd select DSA method	60	.Nd select DSA method
61	.Sh SYNOPSIS	61	.Sh SYNOPSIS
62	.In openssl/dsa.h	62	.In openssl/dsa.h
63	.In openssl/engine.h
64	.Ft void	63	.Ft void
65	.Fo DSA_set_default_method	64	.Fo DSA_set_default_method
66	.Fa "const DSA_METHOD *meth"	65	.Fa "const DSA_METHOD *meth"
@@ -81,51 +80,41 @@
81	.Sh DESCRIPTION	80	.Sh DESCRIPTION
82	A	81	A
83	.Vt DSA_METHOD	82	.Vt DSA_METHOD
84	specifies the functions that OpenSSL uses for DSA operations.	83	object contains pointers to the functions used for DSA operations.
85	By modifying the method, alternative implementations such as hardware	84	By default, the internal implementation returned by
86	accelerators may be used.	85	.Fn DSA_OpenSSL
87	See the	86	is used.
88	.Sx CAVEATS	87	By selecting another method, alternative implementations
89	section for how these DSA API functions are affected by the use of	88	such as hardware accelerators may be used.
90	.Xr engine 3
91	API calls.
92	.Pp
93	Initially, the default
94	.Vt DSA_METHOD
95	is the OpenSSL internal implementation, as returned by
96	.Fn DSA_OpenSSL .
97	.Pp	89	.Pp
98	.Fn DSA_set_default_method	90	.Fn DSA_set_default_method
99	makes	91	selects
100	.Fa meth	92	.Fa meth
101	the default method for all	93	as the default method for all
102	.Vt DSA	94	.Vt DSA
103	structures created later.	95	structures created later.
104	.Sy Note :	96	If any
105	this is true only whilst no
106	.Vt ENGINE	97	.Vt ENGINE
107	has been set as a default for DSA, so this function is no longer	98	was registered with
108	recommended.	99	.Xr ENGINE_register_DSA 3
		100	that can be successfully initialized, it overrides the default.
109	.Pp	101	.Pp
110	.Fn DSA_get_default_method	102	.Fn DSA_get_default_method
111	returns a pointer to the current default	103	returns a pointer to the current default method,
112	.Vt DSA_METHOD .	104	even if it is actually overridded by an
113	However, the meaningfulness of this result is dependent on whether the	105	.Vt ENGINE .
114	.Xr engine 3
115	API is being used, so this function is no longer recommended.
116	.Pp	106	.Pp
117	.Fn DSA_set_method	107	.Fn DSA_set_method
118	selects	108	selects
119	.Fa meth	109	.Fa meth
120	to perform all operations using the key	110	to perform all operations using the key
121	.Fa dsa .	111	.Fa dsa .
122	This will replace the	112	This replaces the
123	.Vt DSA_METHOD	113	.Vt DSA_METHOD
124	used by the DSA key and if the previous method was supplied by an	114	used by the DSA key and if the previous method was supplied by an
125	.Vt ENGINE ,	115	.Vt ENGINE ,
126	the handle to that	116	.Xr ENGINE_finish 3
127	.Vt ENGINE	117	is called on it.
128	will be released during the change.
129	It is possible to have DSA keys that only work with certain	118	It is possible to have DSA keys that only work with certain
130	.Vt DSA_METHOD	119	.Vt DSA_METHOD
131	implementations (e.g. from an	120	implementations (e.g. from an
@@ -140,17 +129,16 @@ allocates and initializes a
140	.Vt DSA	129	.Vt DSA
141	structure so that	130	structure so that
142	.Fa engine	131	.Fa engine
143	will be used for the DSA operations.	132	is used for the DSA operations.
144	If	133	If
145	.Fa engine	134	.Fa engine
146	is	135	is
147	.Dv NULL ,	136	.Dv NULL ,
148	the default engine for DSA operations is used and, if no	137	.Xr ENGINE_get_default_DSA 3
149	default	138	is used.
150	.Vt ENGINE	139	If that returns
151	is set, the	140	.Dv NULL ,
152	.Vt DSA_METHOD	141	the default method controlled by
153	controlled by
154	.Fn DSA_set_default_method	142	.Fn DSA_set_default_method
155	is used.	143	is used.
156	.Pp	144	.Pp
@@ -203,17 +191,11 @@ struct
203	and	191	and
204	.Fn DSA_get_default_method	192	.Fn DSA_get_default_method
205	return pointers to the respective	193	return pointers to the respective
206	.Vt DSA_METHOD Ns s .	194	.Vt DSA_METHOD .
207	.Pp	195	.Pp
208	.Fn DSA_set_method	196	.Fn DSA_set_method
209	returns non-zero if the provided	197	returns 1 on success or 0 on failure.
210	.Fa meth	198	Currently, it cannot fail.
211	was successfully set as the method for
212	.Fa dsa
213	(including unloading the
214	.Vt ENGINE
215	handle if the previous method was supplied by an
216	.Vt ENGINE ) .
217	.Pp	199	.Pp
218	.Fn DSA_new_method	200	.Fn DSA_new_method
219	returns	201	returns
@@ -224,7 +206,10 @@ if the allocation fails.
224	Otherwise it returns a pointer to the newly allocated structure.	206	Otherwise it returns a pointer to the newly allocated structure.
225	.Sh SEE ALSO	207	.Sh SEE ALSO
226	.Xr DSA_meth_new 3 ,	208	.Xr DSA_meth_new 3 ,
227	.Xr DSA_new 3	209	.Xr DSA_new 3 ,
		210	.Xr ENGINE_get_default_DSA 3 ,
		211	.Xr ENGINE_register_DSA 3 ,
		212	.Xr ENGINE_set_default_DSA 3
228	.Sh HISTORY	213	.Sh HISTORY
229	.Fn DSA_set_default_method ,	214	.Fn DSA_set_default_method ,
230	.Fn DSA_get_default_method ,	215	.Fn DSA_get_default_method ,
@@ -234,18 +219,3 @@ and
234	.Fn DSA_OpenSSL	219	.Fn DSA_OpenSSL
235	first appeared in OpenSSL 0.9.5 and have been available since	220	first appeared in OpenSSL 0.9.5 and have been available since
236	.Ox 2.7 .	221	.Ox 2.7 .
237	.Sh CAVEATS
238	As of version 0.9.7, DSA_METHOD implementations are grouped together
239	with other algorithmic APIs (e.g. RSA_METHOD, EVP_CIPHER) in
240	.Vt ENGINE
241	modules.
242	If a default
243	.Vt ENGINE
244	is specified for DSA functionality using an
245	.Xr engine 3
246	API function, that will override any DSA defaults set using the DSA API
247	.Pq i.e. DSA_set_default_method .
248	For this reason, the
249	.Xr engine 3
250	API is the recommended way to control default implementations for
251	use in DSA and other cryptographic algorithms.