OpenBSD manual page server

Manual Page Search Parameters

DSA_SET_METHOD(3) Library Functions Manual DSA_SET_METHOD(3)

DSA_set_default_method, DSA_get_default_method, DSA_set_method, DSA_new_method, DSA_OpenSSLselect DSA method

#include <openssl/dsa.h>

void
DSA_set_default_method(const DSA_METHOD *meth);

const DSA_METHOD *
DSA_get_default_method(void);

int
DSA_set_method(DSA *dsa, const DSA_METHOD *meth);

DSA *
DSA_new_method(ENGINE *engine);

DSA_METHOD *
DSA_OpenSSL(void);

A DSA_METHOD object contains pointers to the functions used for DSA operations. By default, the internal implementation returned by () is used. By selecting another method, alternative implementations such as hardware accelerators may be used.

() selects meth as the default method for all DSA structures created later. If any ENGINE was registered with ENGINE_register_DSA(3) that can be successfully initialized, it overrides the default.

() returns a pointer to the current default method, even if it is actually overridded by an ENGINE.

() selects meth to perform all operations using the key dsa. This replaces the DSA_METHOD used by the DSA key and if the previous method was supplied by an ENGINE, ENGINE_finish(3) is called on it. It is possible to have DSA keys that only work with certain DSA_METHOD implementations (e.g. from an ENGINE module that supports embedded hardware-protected keys), and in such cases attempting to change the DSA_METHOD for the key can have unexpected results.

() allocates and initializes a DSA structure so that engine is used for the DSA operations. If engine is NULL, ENGINE_get_default_DSA(3) is used. If that returns NULL, the default method controlled by DSA_set_default_method() is used.

The DSA_METHOD structure is defined as follows:

struct
{
     /* name of the implementation */
	const char *name;

     /* sign */
	DSA_SIG *(*dsa_do_sign)(const unsigned char *dgst, int dlen,
                                 DSA *dsa);

     /* pre-compute k^-1 and r */
	int (*dsa_sign_setup)(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp,
                                 BIGNUM **rp);

     /* verify */
	int (*dsa_do_verify)(const unsigned char *dgst, int dgst_len,
                                 DSA_SIG *sig, DSA *dsa);

     /* compute rr = a1^p1 * a2^p2 mod m (May be NULL for some
                                          implementations) */
	int (*dsa_mod_exp)(DSA *dsa, BIGNUM *rr, BIGNUM *a1, BIGNUM *p1,
                                 BIGNUM *a2, BIGNUM *p2, BIGNUM *m,
                                 BN_CTX *ctx, BN_MONT_CTX *in_mont);

     /* compute r = a ^ p mod m (May be NULL for some implementations) */
        int (*bn_mod_exp)(DSA *dsa, BIGNUM *r, BIGNUM *a,
                                 const BIGNUM *p, const BIGNUM *m,
                                 BN_CTX *ctx, BN_MONT_CTX *m_ctx);

     /* called at DSA_new */
        int (*init)(DSA *DSA);

     /* called at DSA_free */
        int (*finish)(DSA *DSA);

        int flags;

        char *app_data; /* ?? */

} DSA_METHOD;

DSA_OpenSSL() and DSA_get_default_method() return pointers to the respective DSA_METHOD.

DSA_set_method() returns 1 on success or 0 on failure. Currently, it cannot fail.

DSA_new_method() returns NULL and sets an error code that can be obtained by ERR_get_error(3) if the allocation fails. Otherwise it returns a pointer to the newly allocated structure.

DSA_meth_new(3), DSA_new(3), ENGINE_get_default_DSA(3), ENGINE_register_DSA(3), ENGINE_set_default_DSA(3)

DSA_set_default_method(), DSA_get_default_method(), DSA_set_method(), DSA_new_method(), and DSA_OpenSSL() first appeared in OpenSSL 0.9.5 and have been available since OpenBSD 2.7.

April 18, 2018 OpenBSD-7.0