1 files changed, 58 insertions, 33 deletions
diff --git a/src/lib/libcrypto/doc/DSA_set_method.pod b/src/lib/libcrypto/doc/DSA_set_method.pod
index 36a1052d27..bc3cfb1f0a 100644
--- a/src/lib/libcrypto/doc/DSA_set_method.pod
+++ b/src/lib/libcrypto/doc/DSA_set_method.pod
@@ -2,7 +2,7 @@
 =head1 NAME
-DSA_set_default_openssl_method, DSA_get_default_openssl_method,
+DSA_set_default_method, DSA_get_default_method,
 DSA_set_method, DSA_new_method, DSA_OpenSSL - select DSA method
 =head1 SYNOPSIS
@@ -10,11 +10,11 @@ DSA_set_method, DSA_new_method, DSA_OpenSSL - select DSA method
 #include <openssl/dsa.h>
 #include <openssl/engine.h>
- void DSA_set_default_openssl_method(DSA_METHOD *meth);
+ void DSA_set_default_method(const DSA_METHOD *meth);
- DSA_METHOD *DSA_get_default_openssl_method(void);
+ const DSA_METHOD *DSA_get_default_method(void);
- int DSA_set_method(DSA *dsa, ENGINE *engine);
+ int DSA_set_method(DSA *dsa, const DSA_METHOD *meth);
 DSA *DSA_new_method(ENGINE *engine);
@@ -24,26 +24,35 @@ DSA_set_method, DSA_new_method, DSA_OpenSSL - select DSA method
 A B<DSA_METHOD> specifies the functions that OpenSSL uses for DSA
 operations. By modifying the method, alternative implementations
-such as hardware accelerators may be used.
+such as hardware accelerators may be used. IMPORTANT: See the NOTES section for
+important information about how these DSA API functions are affected by the use
-Initially, the default is to use the OpenSSL internal implementation.
+of B<ENGINE> API calls.
-DSA_OpenSSL() returns a pointer to that method.
+Initially, the default DSA_METHOD is the OpenSSL internal implementation,
-DSA_set_default_openssl_method() makes B<meth> the default method for
+as returned by DSA_OpenSSL().
-all DSA structures created later. B<NB:> This is true only whilst the
-default engine for DSA operations remains as "openssl". ENGINEs
+DSA_set_default_method() makes B<meth> the default method for all DSA
-provide an encapsulation for implementations of one or more algorithms at a
+structures created later. B<NB>: This is true only whilst no ENGINE has
-time, and all the DSA functions mentioned here operate within the scope
+been set as a default for DSA, so this function is no longer recommended.
-of the default "openssl" engine.
+DSA_get_default_method() returns a pointer to the current default
-DSA_get_default_openssl_method() returns a pointer to the current default
+DSA_METHOD. However, the meaningfulness of this result is dependant on
-method for the "openssl" engine.
+whether the ENGINE API is being used, so this function is no longer 
+recommended.
-DSA_set_method() selects B<engine> for all operations using the structure B<dsa>.
+DSA_set_method() selects B<meth> to perform all operations using the key
-DSA_new_method() allocates and initializes a DSA structure so that
+B<rsa>. This will replace the DSA_METHOD used by the DSA key and if the
-B<engine> will be used for the DSA operations. If B<engine> is NULL,
+previous method was supplied by an ENGINE, the handle to that ENGINE will
-the default engine for DSA operations is used.
+be released during the change. It is possible to have DSA keys that only
+work with certain DSA_METHOD implementations (eg. from an ENGINE module
+that supports embedded hardware-protected keys), and in such cases
+attempting to change the DSA_METHOD for the key can have unexpected
+results.
+DSA_new_method() allocates and initializes a DSA structure so that B<engine>
+will be used for the DSA operations. If B<engine> is NULL, the default engine
+for DSA operations is used, and if no default ENGINE is set, the DSA_METHOD
+controlled by DSA_set_default_method() is used.
 =head1 THE DSA_METHOD STRUCTURE
@@ -89,18 +98,29 @@ struct
 =head1 RETURN VALUES
-DSA_OpenSSL() and DSA_get_default_openssl_method() return pointers to the
+DSA_OpenSSL() and DSA_get_default_method() return pointers to the respective
-respective B<DSA_METHOD>s.
+B<DSA_METHOD>s.
-DSA_set_default_openssl_method() returns no value.
+DSA_set_default_method() returns no value.
-DSA_set_method() returns non-zero if the ENGINE associated with B<dsa>
+DSA_set_method() returns non-zero if the provided B<meth> was successfully set as
-was successfully changed to B<engine>.
+the method for B<dsa> (including unloading the ENGINE handle if the previous
+method was supplied by an ENGINE).
 DSA_new_method() returns NULL and sets an error code that can be
 obtained by L<ERR_get_error(3)|ERR_get_error(3)> if the allocation
 fails. Otherwise it returns a pointer to the newly allocated structure.
+=head1 NOTES
+As of version 0.9.7, DSA_METHOD implementations are grouped together with other
+algorithmic APIs (eg. RSA_METHOD, EVP_CIPHER, etc) in B<ENGINE> modules. If a
+default ENGINE is specified for DSA functionality using an ENGINE API function,
+that will override any DSA defaults set using the DSA API (ie.
+DSA_set_default_method()). For this reason, the ENGINE API is the recommended way
+to control default implementations for use in DSA and other cryptographic
+algorithms.
 =head1 SEE ALSO
 L<dsa(3)|dsa(3)>, L<DSA_new(3)|DSA_new(3)>
@@ -110,9 +130,14 @@ L<dsa(3)|dsa(3)>, L<DSA_new(3)|DSA_new(3)>
 DSA_set_default_method(), DSA_get_default_method(), DSA_set_method(),
 DSA_new_method() and DSA_OpenSSL() were added in OpenSSL 0.9.4.
-DSA_set_default_openssl_method() and DSA_get_default_openssl_method()
+DSA_set_default_openssl_method() and DSA_get_default_openssl_method() replaced
-replaced DSA_set_default_method() and DSA_get_default_method() respectively,
+DSA_set_default_method() and DSA_get_default_method() respectively, and
-and DSA_set_method() and DSA_new_method() were altered to use B<ENGINE>s
+DSA_set_method() and DSA_new_method() were altered to use B<ENGINE>s rather than
-rather than B<DSA_METHOD>s during development of OpenSSL 0.9.6.
+B<DSA_METHOD>s during development of the engine version of OpenSSL 0.9.6. For
+0.9.7, the handling of defaults in the ENGINE API was restructured so that this
+change was reversed, and behaviour of the other functions resembled more closely
+the previous behaviour. The behaviour of defaults in the ENGINE API now
+transparently overrides the behaviour of defaults in the DSA API without
+requiring changing these function prototypes.
 =cut

diff --git a/src/lib/libcrypto/doc/DSA_set_method.pod b/src/lib/libcrypto/doc/DSA_set_method.pod index 36a1052d27..bc3cfb1f0a 100644 --- a/src/lib/libcrypto/doc/DSA_set_method.pod +++ b/src/lib/libcrypto/doc/DSA_set_method.pod
@@ -2,7 +2,7 @@
2		2
3	=head1 NAME	3	=head1 NAME
4		4
5	DSA_set_default_openssl_method, DSA_get_default_openssl_method,	5	DSA_set_default_method, DSA_get_default_method,
6	DSA_set_method, DSA_new_method, DSA_OpenSSL - select DSA method	6	DSA_set_method, DSA_new_method, DSA_OpenSSL - select DSA method
7		7
8	=head1 SYNOPSIS	8	=head1 SYNOPSIS
@@ -10,11 +10,11 @@ DSA_set_method, DSA_new_method, DSA_OpenSSL - select DSA method
10	#include <openssl/dsa.h>	10	#include <openssl/dsa.h>
11	#include <openssl/engine.h>	11	#include <openssl/engine.h>
12		12
13	void DSA_set_default_openssl_method(DSA_METHOD *meth);	13	void DSA_set_default_method(const DSA_METHOD *meth);
14		14
15	DSA_METHOD *DSA_get_default_openssl_method(void);	15	const DSA_METHOD *DSA_get_default_method(void);
16		16
17	int DSA_set_method(DSA dsa, ENGINE engine);	17	int DSA_set_method(DSA dsa, const DSA_METHOD meth);
18		18
19	DSA DSA_new_method(ENGINE engine);	19	DSA DSA_new_method(ENGINE engine);
20		20
@@ -24,26 +24,35 @@ DSA_set_method, DSA_new_method, DSA_OpenSSL - select DSA method
24		24
25	A B<DSA_METHOD> specifies the functions that OpenSSL uses for DSA	25	A B<DSA_METHOD> specifies the functions that OpenSSL uses for DSA
26	operations. By modifying the method, alternative implementations	26	operations. By modifying the method, alternative implementations
27	such as hardware accelerators may be used.	27	such as hardware accelerators may be used. IMPORTANT: See the NOTES section for
28		28	important information about how these DSA API functions are affected by the use
29	Initially, the default is to use the OpenSSL internal implementation.	29	of B<ENGINE> API calls.
30	DSA_OpenSSL() returns a pointer to that method.	30
31		31	Initially, the default DSA_METHOD is the OpenSSL internal implementation,
32	DSA_set_default_openssl_method() makes B<meth> the default method for	32	as returned by DSA_OpenSSL().
33	all DSA structures created later. B<NB:> This is true only whilst the	33
34	default engine for DSA operations remains as "openssl". ENGINEs	34	DSA_set_default_method() makes B<meth> the default method for all DSA
35	provide an encapsulation for implementations of one or more algorithms at a	35	structures created later. B<NB>: This is true only whilst no ENGINE has
36	time, and all the DSA functions mentioned here operate within the scope	36	been set as a default for DSA, so this function is no longer recommended.
37	of the default "openssl" engine.	37
38		38	DSA_get_default_method() returns a pointer to the current default
39	DSA_get_default_openssl_method() returns a pointer to the current default	39	DSA_METHOD. However, the meaningfulness of this result is dependant on
40	method for the "openssl" engine.	40	whether the ENGINE API is being used, so this function is no longer
41		41	recommended.
42	DSA_set_method() selects B<engine> for all operations using the structure B<dsa>.	42
43		43	DSA_set_method() selects B<meth> to perform all operations using the key
44	DSA_new_method() allocates and initializes a DSA structure so that	44	B<rsa>. This will replace the DSA_METHOD used by the DSA key and if the
45	B<engine> will be used for the DSA operations. If B<engine> is NULL,	45	previous method was supplied by an ENGINE, the handle to that ENGINE will
46	the default engine for DSA operations is used.	46	be released during the change. It is possible to have DSA keys that only
		47	work with certain DSA_METHOD implementations (eg. from an ENGINE module
		48	that supports embedded hardware-protected keys), and in such cases
		49	attempting to change the DSA_METHOD for the key can have unexpected
		50	results.
		51
		52	DSA_new_method() allocates and initializes a DSA structure so that B<engine>
		53	will be used for the DSA operations. If B<engine> is NULL, the default engine
		54	for DSA operations is used, and if no default ENGINE is set, the DSA_METHOD
		55	controlled by DSA_set_default_method() is used.
47		56
48	=head1 THE DSA_METHOD STRUCTURE	57	=head1 THE DSA_METHOD STRUCTURE
49		58
@@ -89,18 +98,29 @@ struct
89		98
90	=head1 RETURN VALUES	99	=head1 RETURN VALUES
91		100
92	DSA_OpenSSL() and DSA_get_default_openssl_method() return pointers to the	101	DSA_OpenSSL() and DSA_get_default_method() return pointers to the respective
93	respective B<DSA_METHOD>s.	102	B<DSA_METHOD>s.
94		103
95	DSA_set_default_openssl_method() returns no value.	104	DSA_set_default_method() returns no value.
96		105
97	DSA_set_method() returns non-zero if the ENGINE associated with B<dsa>	106	DSA_set_method() returns non-zero if the provided B<meth> was successfully set as
98	was successfully changed to B<engine>.	107	the method for B<dsa> (including unloading the ENGINE handle if the previous
		108	method was supplied by an ENGINE).
99		109
100	DSA_new_method() returns NULL and sets an error code that can be	110	DSA_new_method() returns NULL and sets an error code that can be
101	obtained by L<ERR_get_error(3)\|ERR_get_error(3)> if the allocation	111	obtained by L<ERR_get_error(3)\|ERR_get_error(3)> if the allocation
102	fails. Otherwise it returns a pointer to the newly allocated structure.	112	fails. Otherwise it returns a pointer to the newly allocated structure.
103		113
		114	=head1 NOTES
		115
		116	As of version 0.9.7, DSA_METHOD implementations are grouped together with other
		117	algorithmic APIs (eg. RSA_METHOD, EVP_CIPHER, etc) in B<ENGINE> modules. If a
		118	default ENGINE is specified for DSA functionality using an ENGINE API function,
		119	that will override any DSA defaults set using the DSA API (ie.
		120	DSA_set_default_method()). For this reason, the ENGINE API is the recommended way
		121	to control default implementations for use in DSA and other cryptographic
		122	algorithms.
		123
104	=head1 SEE ALSO	124	=head1 SEE ALSO
105		125
106	L<dsa(3)\|dsa(3)>, L<DSA_new(3)\|DSA_new(3)>	126	L<dsa(3)\|dsa(3)>, L<DSA_new(3)\|DSA_new(3)>
@@ -110,9 +130,14 @@ L<dsa(3)\|dsa(3)>, L<DSA_new(3)\|DSA_new(3)>
110	DSA_set_default_method(), DSA_get_default_method(), DSA_set_method(),	130	DSA_set_default_method(), DSA_get_default_method(), DSA_set_method(),
111	DSA_new_method() and DSA_OpenSSL() were added in OpenSSL 0.9.4.	131	DSA_new_method() and DSA_OpenSSL() were added in OpenSSL 0.9.4.
112		132
113	DSA_set_default_openssl_method() and DSA_get_default_openssl_method()	133	DSA_set_default_openssl_method() and DSA_get_default_openssl_method() replaced
114	replaced DSA_set_default_method() and DSA_get_default_method() respectively,	134	DSA_set_default_method() and DSA_get_default_method() respectively, and
115	and DSA_set_method() and DSA_new_method() were altered to use B<ENGINE>s	135	DSA_set_method() and DSA_new_method() were altered to use B<ENGINE>s rather than
116	rather than B<DSA_METHOD>s during development of OpenSSL 0.9.6.	136	B<DSA_METHOD>s during development of the engine version of OpenSSL 0.9.6. For
		137	0.9.7, the handling of defaults in the ENGINE API was restructured so that this
		138	change was reversed, and behaviour of the other functions resembled more closely
		139	the previous behaviour. The behaviour of defaults in the ENGINE API now
		140	transparently overrides the behaviour of defaults in the DSA API without
		141	requiring changing these function prototypes.
117		142
118	=cut	143	=cut