From c7efff3e254b868e292d5726e03e83b957c0dd15 Mon Sep 17 00:00:00 2001 From: schwarze <> Date: Sat, 8 Jun 2019 09:53:15 +0000 Subject: In rsa.h rev. 1.40, gilles@ provided several new RSA_METHOD accessors. Update the documentation. OK tb@ jmc@ --- src/lib/libcrypto/man/RSA_set_method.3 | 67 ++++++++++++++++++++++++++-------- 1 file changed, 51 insertions(+), 16 deletions(-) (limited to 'src/lib/libcrypto/man/RSA_set_method.3') diff --git a/src/lib/libcrypto/man/RSA_set_method.3 b/src/lib/libcrypto/man/RSA_set_method.3 index 524430b6f8..53d41f5516 100644 --- a/src/lib/libcrypto/man/RSA_set_method.3 +++ b/src/lib/libcrypto/man/RSA_set_method.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: RSA_set_method.3,v 1.13 2019/05/20 06:04:45 jmc Exp $ +.\" $OpenBSD: RSA_set_method.3,v 1.14 2019/06/08 09:53:15 schwarze Exp $ .\" OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400 .\" .\" This file was written by Ulf Moeller @@ -50,7 +50,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: May 20 2019 $ +.Dd $Mdocdate: June 8 2019 $ .Dt RSA_SET_METHOD 3 .Os .Sh NAME @@ -121,12 +121,25 @@ selects .Fa meth to perform all operations using the key .Fa rsa . -This replaces the +This replaces the previous .Vt RSA_METHOD -used by the RSA key, and if the previous method was supplied by an +used by the RSA key, calling the +.Fa finish +function set up with +.Xr RSA_meth_set_finish 3 +if any, and if the previous method was supplied by an .Vt ENGINE , .Xr ENGINE_finish 3 is called on it. +If +.Fa meth +contains an +.Fa init +function set up with +.Xr RSA_meth_set_init 3 , +that function is called just before returning from +.Fn RSA_set_method . +.Pp It is possible to have RSA keys that only work with certain .Vt RSA_METHOD implementations (e.g. from an @@ -148,14 +161,19 @@ to be valid as long as the RSA key itself is valid and does not have its implementation changed by .Fn RSA_set_method . .Pp +The misleadingly named function .Fn RSA_flags returns the flags that are set for the current .Vt RSA_METHOD of .Fa rsa . +The flags used by +.Fa rsa +itself can instead be tested with +.Xr RSA_test_flags 3 . See the .Sx BUGS -section. +section for more details. .Pp .Fn RSA_new_method allocates and initializes an @@ -175,6 +193,18 @@ the default method controlled by .Fn RSA_set_default_method is used. .Pp +The initial +.Fa flags +are copied from the +.Vt RSA_METHOD +object used and will not be affected by later changes to that object, +but may be modified by the optional +.Fa init +function which may have been set up with +.Xr RSA_meth_set_init 3 +and which is called just before returning from +.Fn RSA_new_method . +.Pp The .Dv RSA_METHOD structure is defined as follows: @@ -185,27 +215,28 @@ typedef struct rsa_meth_st const char *name; /* encrypt */ - int (*rsa_pub_enc)(int flen, unsigned char *from, + int (*rsa_pub_enc)(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding); /* verify arbitrary data */ - int (*rsa_pub_dec)(int flen, unsigned char *from, + int (*rsa_pub_dec)(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding); /* sign arbitrary data */ - int (*rsa_priv_enc)(int flen, unsigned char *from, + int (*rsa_priv_enc)(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding); /* decrypt */ - int (*rsa_priv_dec)(int flen, unsigned char *from, + int (*rsa_priv_dec)(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding); /* compute r0 = r0 ^ I mod rsa->n (May be NULL for some implementations) */ - int (*rsa_mod_exp)(BIGNUM *r0, BIGNUM *I, RSA *rsa); + int (*rsa_mod_exp)(BIGNUM *r0, const BIGNUM *I, RSA *rsa, + BN_CTX *ctx); /* compute r = a ^ p mod m (May be NULL for some implementations) */ - int (*bn_mod_exp)(BIGNUM *r, BIGNUM *a, const BIGNUM *p, + int (*bn_mod_exp)(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); /* called at RSA_new */ @@ -218,7 +249,6 @@ typedef struct rsa_meth_st * operations, even if p,q,dmp1,dmq1,iqmp * are NULL * RSA_FLAG_SIGN_VER - enable rsa_sign and rsa_verify - * RSA_METHOD_FLAG_NO_CHECK - don't check pub/private match */ int flags; @@ -227,14 +257,19 @@ typedef struct rsa_meth_st /* sign. For backward compatibility, this is used only * if (flags & RSA_FLAG_SIGN_VER) */ - int (*rsa_sign)(int type, unsigned char *m, unsigned int m_len, - unsigned char *sigret, unsigned int *siglen, RSA *rsa); + int (*rsa_sign)(int type, const unsigned char *m, + unsigned int m_len, unsigned char *sigret, + unsigned int *siglen, const RSA *rsa); /* verify. For backward compatibility, this is used only * if (flags & RSA_FLAG_SIGN_VER) */ - int (*rsa_verify)(int type, unsigned char *m, unsigned int m_len, - unsigned char *sigbuf, unsigned int siglen, RSA *rsa); + int (*rsa_verify)(int type, const unsigned char *m, + unsigned int m_len, const unsigned char *sigbuf, + unsigned int siglen, const RSA *rsa); + + /* called at RSA_generate_key_ex; may be NULL */ + int (*rsa_keygen)(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb); } RSA_METHOD; .Ed -- cgit v1.2.3-55-g6feb