diff options
787 files changed, 3879 insertions, 5532 deletions
diff --git a/crypto/openssl/CHANGES b/crypto/openssl/CHANGES index 057405b0bff93..7ea3d2b823222 100644 --- a/crypto/openssl/CHANGES +++ b/crypto/openssl/CHANGES @@ -7,6 +7,33 @@ https://github.com/openssl/openssl/commits/ and pick the appropriate release branch. + Changes between 1.1.1g and 1.1.1h [22 Sep 2020] + + *) Certificates with explicit curve parameters are now disallowed in + verification chains if the X509_V_FLAG_X509_STRICT flag is used. + [Tomas Mraz] + + *) The 'MinProtocol' and 'MaxProtocol' configuration commands now silently + ignore TLS protocol version bounds when configuring DTLS-based contexts, and + conversely, silently ignore DTLS protocol version bounds when configuring + TLS-based contexts. The commands can be repeated to set bounds of both + types. The same applies with the corresponding "min_protocol" and + "max_protocol" command-line switches, in case some application uses both TLS + and DTLS. + + SSL_CTX instances that are created for a fixed protocol version (e.g. + TLSv1_server_method()) also silently ignore version bounds. Previously + attempts to apply bounds to these protocol versions would result in an + error. Now only the "version-flexible" SSL_CTX instances are subject to + limits in configuration files in command-line options. + [Viktor Dukhovni] + + *) Handshake now fails if Extended Master Secret extension is dropped + on renegotiation. + [Tomas Mraz] + + *) The Oracle Developer Studio compiler will start reporting deprecated APIs + Changes between 1.1.1f and 1.1.1g [21 Apr 2020] *) Fixed segmentation fault in SSL_check_chain() diff --git a/crypto/openssl/Configure b/crypto/openssl/Configure index 2e9efaa5f3da8..1d73d06e1b3b3 100755 --- a/crypto/openssl/Configure +++ b/crypto/openssl/Configure @@ -217,12 +217,22 @@ sub resolve_config; # Unified build supports separate build dir my $srcdir = catdir(absolutedir(dirname($0))); # catdir ensures local syntax my $blddir = catdir(absolutedir(".")); # catdir ensures local syntax + +# File::Spec::Unix doesn't detect case insensitivity, so we make sure to +# check if the source and build directory are really the same, and make +# them so. This avoids all kinds of confusion later on. +# We must check @File::Spec::ISA rather than using File::Spec->isa() to +# know if File::Spec ended up loading File::Spec::Unix. +$srcdir = $blddir + if (grep(/::Unix$/, @File::Spec::ISA) + && samedir($srcdir, $blddir)); + my $dofile = abs2rel(catfile($srcdir, "util/dofile.pl")); my $local_config_envname = 'OPENSSL_LOCAL_CONFIG_DIR'; -$config{sourcedir} = abs2rel($srcdir); -$config{builddir} = abs2rel($blddir); +$config{sourcedir} = abs2rel($srcdir, $blddir); +$config{builddir} = abs2rel($blddir, $blddir); # Collect reconfiguration information if needed my @argvcopy=@ARGV; @@ -1049,6 +1059,9 @@ if (scalar(@seed_sources) == 0) { print "Using os-specific seed configuration\n"; push @seed_sources, 'os'; } +if (scalar(grep { $_ eq 'egd' } @seed_sources) > 0) { + delete $disabled{'egd'}; +} if (scalar(grep { $_ eq 'none' } @seed_sources) > 0) { die "Cannot seed with none and anything else" if scalar(@seed_sources) > 1; warn <<_____ if scalar(@seed_sources) == 1; @@ -3424,6 +3437,27 @@ sub absolutedir { return realpath($dir); } +# Check if all paths are one and the same, using stat. They must both exist +# We need this for the cases when File::Spec doesn't detect case insensitivity +# (File::Spec::Unix assumes case sensitivity) +sub samedir { + die "samedir expects two arguments\n" unless scalar @_ == 2; + + my @stat0 = stat($_[0]); # First argument + my @stat1 = stat($_[1]); # Second argument + + die "Couldn't stat $_[0]" unless @stat0; + die "Couldn't stat $_[1]" unless @stat1; + + # Compare device number + return 0 unless ($stat0[0] == $stat1[0]); + # Compare "inode". The perl manual recommends comparing as + # string rather than as number. + return 0 unless ($stat0[1] eq $stat1[1]); + + return 1; # All the same +} + sub quotify { my %processors = ( perl => sub { my $x = shift; diff --git a/crypto/openssl/NEWS b/crypto/openssl/NEWS index 455b02dcb264b..5529a260e4e5f 100644 --- a/crypto/openssl/NEWS +++ b/crypto/openssl/NEWS @@ -5,6 +5,14 @@ This file gives a brief overview of the major changes between each OpenSSL release. For more details please read the CHANGES file. + Major changes between OpenSSL 1.1.1g and OpenSSL 1.1.1h [22 Sep 2020] + + o Disallow explicit curve parameters in verifications chains when + X509_V_FLAG_X509_STRICT is used + o Enable 'MinProtocol' and 'MaxProtocol' to configure both TLS and DTLS + contexts + o Oracle Developer Studio will start reporting deprecation warnings + Major changes between OpenSSL 1.1.1f and OpenSSL 1.1.1g [21 Apr 2020] o Fixed segmentation fault in SSL_check_chain() (CVE-2020-1967) diff --git a/crypto/openssl/NOTES.PERL b/crypto/openssl/NOTES.PERL index 42c6127724b48..201b14386729d 100644 --- a/crypto/openssl/NOTES.PERL +++ b/crypto/openssl/NOTES.PERL @@ -109,7 +109,7 @@ $ cpan -f -i Text::Template - Note: on VMS, you must quote any argument that contains upper case + Note: on VMS, you must quote any argument that contains uppercase characters, so the lines above would be: $ cpan -i "Text::Template" diff --git a/crypto/openssl/README b/crypto/openssl/README index 46c2b537bed48..0bcce5b487cbd 100644 --- a/crypto/openssl/README +++ b/crypto/openssl/README @@ -1,5 +1,5 @@ - OpenSSL 1.1.1g 21 Apr 2020 + OpenSSL 1.1.1h 22 Sep 2020 Copyright (c) 1998-2020 The OpenSSL Project Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson diff --git a/crypto/openssl/apps/genpkey.c b/crypto/openssl/apps/genpkey.c index 39fa73c91cf4d..3fe87e853c570 100644 --- a/crypto/openssl/apps/genpkey.c +++ b/crypto/openssl/apps/genpkey.c @@ -1,5 +1,5 @@ /* - * Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2006-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -177,9 +177,12 @@ int genpkey_main(int argc, char **argv) goto end; } + ret = 0; + if (rv <= 0) { BIO_puts(bio_err, "Error writing key\n"); ERR_print_errors(bio_err); + ret = 1; } if (text) { @@ -191,11 +194,10 @@ int genpkey_main(int argc, char **argv) if (rv <= 0) { BIO_puts(bio_err, "Error printing key\n"); ERR_print_errors(bio_err); + ret = 1; } } - ret = 0; - end: EVP_PKEY_free(pkey); EVP_PKEY_CTX_free(ctx); diff --git a/crypto/openssl/apps/rsa8192.pem b/crypto/openssl/apps/rsa8192.pem index 946a6e5433cef..83d962f40f0f7 100644 --- a/crypto/openssl/apps/rsa8192.pem +++ b/crypto/openssl/apps/rsa8192.pem @@ -1,5 +1,4 @@ -----BEGIN RSA PRIVATE KEY----- - MIISKAIBAAKCBAEAiQ2f1X6Bte1DKD0OoCBKEikzPW+5w3oXk3WwnE97Wxzy6wJZ ebbZC3CZKKBnJeBMrysPf+lK+9+fP6Vm8bp1wvbcSIA59BDrX6irFSuM/bdnkbuF MFlDjt+uVrxwoyqfPi2IPot1HQg3l5mdyBqcTWvbOnU2L9HZxJfPUCjfzdTMPrMY @@ -62,7 +61,7 @@ JH1/Qx7C/mTAMRsN5SkOthnGq0djCNWfPv/3JV0H67Uf5krFlnwLebrgfTYoPPdo yO7iBUNJzv6Qh22malLp4P8gzACkD7DGlSTnoB5cLwcjmDGg+i9WrUBbOiVTeQfZ kOj1o+Tz35ndpq/DDUVlqliB9krcxva+QHeJPH53EGI+YVg1nD+s/vUDZ3mQMGX9 DQou2L8uU6RnWNv/BihGcL8QvS4Ty6QyPOUPpD3zc70JQAEcQk9BxQNaELgJX0IN -22cYn22tYvElew9G41OpDqzBRcfbdJmKXQ2HcroShutYJQRGUpAXHk24fy6JVkIU +2cYUn22tYvElew9G41OpDqzBRcfbdJmKXQ2HcroShutYJQRGUpAXHk24fy6JVkIU ojF5U6cwextMja1ZIIZgh9eugIRUeIE7319nQNDzuXWjRCcoBLA25P7wnpHWDRpz D9ovXCIvdja74lL5psqobV6L5+fbLPkSgXoImKR0LQKCAgAIC9Jk8kxumCyIVGCP PeM5Uby9M3GMuKrfYsn0Y5e97+kSJF1dpojTodBgR2KQar6eVrvXt+8uZCcIjfx8 @@ -98,4 +97,3 @@ TwEgE67iOb2iIoUpon/NyP4LesMzvdpsu2JFlfz13PmmQ34mFI7tWvOb3NA5DP3c rMlMLtKfp2w8HlMZpsUlToNCx6CI+tJrohzcs3BAVAbjFAXRKWGijB1rxwyDdHPv I+/wJTNaRNPQ1M0SwtEL/zJd21y3KSPn4eL+GP3efhlDSjtlDvZqkdAUsU8= -----END RSA PRIVATE KEY----- - diff --git a/crypto/openssl/apps/s_client.c b/crypto/openssl/apps/s_client.c index 26a6789d811af..83b3fc9c7f13d 100644 --- a/crypto/openssl/apps/s_client.c +++ b/crypto/openssl/apps/s_client.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * Copyright 2005 Nokia. All rights reserved. * * Licensed under the OpenSSL license (the "License"). You may not use @@ -1283,22 +1283,42 @@ int s_client_main(int argc, char **argv) case OPT_SSL3: min_version = SSL3_VERSION; max_version = SSL3_VERSION; + socket_type = SOCK_STREAM; +#ifndef OPENSSL_NO_DTLS + isdtls = 0; +#endif break; case OPT_TLS1_3: min_version = TLS1_3_VERSION; max_version = TLS1_3_VERSION; + socket_type = SOCK_STREAM; +#ifndef OPENSSL_NO_DTLS + isdtls = 0; +#endif break; case OPT_TLS1_2: min_version = TLS1_2_VERSION; max_version = TLS1_2_VERSION; + socket_type = SOCK_STREAM; +#ifndef OPENSSL_NO_DTLS + isdtls = 0; +#endif break; case OPT_TLS1_1: min_version = TLS1_1_VERSION; max_version = TLS1_1_VERSION; + socket_type = SOCK_STREAM; +#ifndef OPENSSL_NO_DTLS + isdtls = 0; +#endif break; case OPT_TLS1: min_version = TLS1_VERSION; max_version = TLS1_VERSION; + socket_type = SOCK_STREAM; +#ifndef OPENSSL_NO_DTLS + isdtls = 0; +#endif break; case OPT_DTLS: #ifndef OPENSSL_NO_DTLS diff --git a/crypto/openssl/apps/x509.c b/crypto/openssl/apps/x509.c index 5bb110fe4a0a3..1043eba0c8a03 100644 --- a/crypto/openssl/apps/x509.c +++ b/crypto/openssl/apps/x509.c @@ -140,9 +140,9 @@ const OPTIONS x509_options[] = { {"", OPT_MD, '-', "Any supported digest"}, #ifndef OPENSSL_NO_MD5 {"subject_hash_old", OPT_SUBJECT_HASH_OLD, '-', - "Print old-style (MD5) issuer hash value"}, - {"issuer_hash_old", OPT_ISSUER_HASH_OLD, '-', "Print old-style (MD5) subject hash value"}, + {"issuer_hash_old", OPT_ISSUER_HASH_OLD, '-', + "Print old-style (MD5) issuer hash value"}, #endif #ifndef OPENSSL_NO_ENGINE {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"}, diff --git a/crypto/openssl/appveyor.yml b/crypto/openssl/appveyor.yml index 242d6a9ffe6fd..6210391f204a3 100644 --- a/crypto/openssl/appveyor.yml +++ b/crypto/openssl/appveyor.yml @@ -46,7 +46,8 @@ before_build: - cd .. - ps: >- if (-not $env:APPVEYOR_PULL_REQUEST_NUMBER` - -or (&git log -2 | Select-String "\[extended tests\]") ) { + -or (&git log -1 $env:APPVEYOR_PULL_REQUEST_HEAD_COMMIT | + Select-String "\[extended tests\]") ) { $env:EXTENDED_TESTS="yes" } diff --git a/crypto/openssl/crypto/aes/aes_core.c b/crypto/openssl/crypto/aes/aes_core.c index 687dd5829baaf..ad00c729e7002 100644 --- a/crypto/openssl/crypto/aes/aes_core.c +++ b/crypto/openssl/crypto/aes/aes_core.c @@ -673,357 +673,6 @@ void AES_decrypt(const unsigned char *in, unsigned char *out, InvCipher(in, out, rk, key->rounds); } - -# ifndef OPENSSL_SMALL_FOOTPRINT -void AES_ctr32_encrypt(const unsigned char *in, unsigned char *out, - size_t blocks, const AES_KEY *key, - const unsigned char *ivec); - -static void RawToBits(const u8 raw[64], u64 bits[8]) -{ - int i, j; - u64 in, out; - - memset(bits, 0, 64); - for (i = 0; i < 8; i++) { - in = 0; - for (j = 0; j < 8; j++) - in |= ((u64)raw[i * 8 + j]) << (8 * j); - out = in & 0xF0F0F0F00F0F0F0FuLL; - out |= (in & 0x0F0F0F0F00000000uLL) >> 28; - out |= (in & 0x00000000F0F0F0F0uLL) << 28; - in = out & 0xCCCC3333CCCC3333uLL; - in |= (out & 0x3333000033330000uLL) >> 14; - in |= (out & 0x0000CCCC0000CCCCuLL) << 14; - out = in & 0xAA55AA55AA55AA55uLL; - out |= (in & 0x5500550055005500uLL) >> 7; - out |= (in & 0x00AA00AA00AA00AAuLL) << 7; - for (j = 0; j < 8; j++) { - bits[j] |= (out & 0xFFuLL) << (8 * i); - out = out >> 8; - } - } -} - -static void BitsToRaw(const u64 bits[8], u8 raw[64]) -{ - int i, j; - u64 in, out; - - for (i = 0; i < 8; i++) { - in = 0; - for (j = 0; j < 8; j++) - in |= ((bits[j] >> (8 * i)) & 0xFFuLL) << (8 * j); - out = in & 0xF0F0F0F00F0F0F0FuLL; - out |= (in & 0x0F0F0F0F00000000uLL) >> 28; - out |= (in & 0x00000000F0F0F0F0uLL) << 28; - in = out & 0xCCCC3333CCCC3333uLL; - in |= (out & 0x3333000033330000uLL) >> 14; - in |= (out & 0x0000CCCC0000CCCCuLL) << 14; - out = in & 0xAA55AA55AA55AA55uLL; - out |= (in & 0x5500550055005500uLL) >> 7; - out |= (in & 0x00AA00AA00AA00AAuLL) << 7; - for (j = 0; j < 8; j++) { - raw[i * 8 + j] = (u8)out; - out = out >> 8; - } - } -} - -static void BitsXtime(u64 state[8]) -{ - u64 b; - - b = state[7]; - state[7] = state[6]; - state[6] = state[5]; - state[5] = state[4]; - state[4] = state[3] ^ b; - state[3] = state[2] ^ b; - state[2] = state[1]; - state[1] = state[0] ^ b; - state[0] = b; -} - -/* - * This S-box implementation follows a circuit described in - * Boyar and Peralta: "A new combinational logic minimization - * technique with applications to cryptology." - * https://eprint.iacr.org/2009/191.pdf - * - * The math is similar to above, in that it uses - * a tower field of GF(2^2^2^2) but with a different - * basis representation, that is better suited to - * logic designs. - */ -static void BitsSub(u64 state[8]) -{ - u64 x0, x1, x2, x3, x4, x5, x6, x7; - u64 y1, y2, y3, y4, y5, y6, y7, y8, y9, y10, y11; - u64 y12, y13, y14, y15, y16, y17, y18, y19, y20, y21; - u64 t0, t1, t2, t3, t4, t5, t6, t7, t8, t9, t10, t11; - u64 t12, t13, t14, t15, t16, t17, t18, t19, t20, t21; - u64 t22, t23, t24, t25, t26, t27, t28, t29, t30, t31; - u64 t32, t33, t34, t35, t36, t37, t38, t39, t40, t41; - u64 t42, t43, t44, t45, t46, t47, t48, t49, t50, t51; - u64 t52, t53, t54, t55, t56, t57, t58, t59, t60, t61; - u64 t62, t63, t64, t65, t66, t67; - u64 z0, z1, z2, z3, z4, z5, z6, z7, z8, z9, z10, z11; - u64 z12, z13, z14, z15, z16, z17; - u64 s0, s1, s2, s3, s4, s5, s6, s7; - - x7 = state[0]; - x6 = state[1]; - x5 = state[2]; - x4 = state[3]; - x3 = state[4]; - x2 = state[5]; - x1 = state[6]; - x0 = state[7]; - y14 = x3 ^ x5; - y13 = x0 ^ x6; - y9 = x0 ^ x3; - y8 = x0 ^ x5; - t0 = x1 ^ x2; - y1 = t0 ^ x7; - y4 = y1 ^ x3; - y12 = y13 ^ y14; - y2 = y1 ^ x0; - y5 = y1 ^ x6; - y3 = y5 ^ y8; - t1 = x4 ^ y12; - y15 = t1 ^ x5; - y20 = t1 ^ x1; - y6 = y15 ^ x7; - y10 = y15 ^ t0; - y11 = y20 ^ y9; - y7 = x7 ^ y11; - y17 = y10 ^ y11; - y19 = y10 ^ y8; - y16 = t0 ^ y11; - y21 = y13 ^ y16; - y18 = x0 ^ y16; - t2 = y12 & y15; - t3 = y3 & y6; - t4 = t3 ^ t2; - t5 = y4 & x7; - t6 = t5 ^ t2; - t7 = y13 & y16; - t8 = y5 & y1; - t9 = t8 ^ t7; - t10 = y2 & y7; - t11 = t10 ^ t7; - t12 = y9 & y11; - t13 = y14 & y17; - t14 = t13 ^ t12; - t15 = y8 & y10; - t16 = t15 ^ t12; - t17 = t4 ^ t14; - t18 = t6 ^ t16; - t19 = t9 ^ t14; - t20 = t11 ^ t16; - t21 = t17 ^ y20; - t22 = t18 ^ y19; - t23 = t19 ^ y21; - t24 = t20 ^ y18; - t25 = t21 ^ t22; - t26 = t21 & t23; - t27 = t24 ^ t26; - t28 = t25 & t27; - t29 = t28 ^ t22; - t30 = t23 ^ t24; - t31 = t22 ^ t26; - t32 = t31 & t30; - t33 = t32 ^ t24; - t34 = t23 ^ t33; - t35 = t27 ^ t33; - t36 = t24 & t35; - t37 = t36 ^ t34; - t38 = t27 ^ t36; - t39 = t29 & t38; - t40 = t25 ^ t39; - t41 = t40 ^ t37; - t42 = t29 ^ t33; - t43 = t29 ^ t40; - t44 = t33 ^ t37; - t45 = t42 ^ t41; - z0 = t44 & y15; - z1 = t37 & y6; - z2 = t33 & x7; - z3 = t43 & y16; - z4 = t40 & y1; - z5 = t29 & y7; - z6 = t42 & y11; - z7 = t45 & y17; - z8 = t41 & y10; - z9 = t44 & y12; - z10 = t37 & y3; - z11 = t33 & y4; - z12 = t43 & y13; - z13 = t40 & y5; - z14 = t29 & y2; - z15 = t42 & y9; - z16 = t45 & y14; - z17 = t41 & y8; - t46 = z15 ^ z16; - t47 = z10 ^ z11; - t48 = z5 ^ z13; - t49 = z9 ^ z10; - t50 = z2 ^ z12; - t51 = z2 ^ z5; - t52 = z7 ^ z8; - t53 = z0 ^ z3; - t54 = z6 ^ z7; - t55 = z16 ^ z17; - t56 = z12 ^ t48; - t57 = t50 ^ t53; - t58 = z4 ^ t46; - t59 = z3 ^ t54; - t60 = t46 ^ t57; - t61 = z14 ^ t57; - t62 = t52 ^ t58; - t63 = t49 ^ t58; - t64 = z4 ^ t59; - t65 = t61 ^ t62; - t66 = z1 ^ t63; - s0 = t59 ^ t63; - s6 = ~(t56 ^ t62); - s7 = ~(t48 ^ t60); - t67 = t64 ^ t65; - s3 = t53 ^ t66; - s4 = t51 ^ t66; - s5 = t47 ^ t65; - s1 = ~(t64 ^ s3); - s2 = ~(t55 ^ t67); - state[0] = s7; - state[1] = s6; - state[2] = s5; - state[3] = s4; - state[4] = s3; - state[5] = s2; - state[6] = s1; - state[7] = s0; -} - -static void BitsShiftRows(u64 state[8]) -{ - u64 s, s0; - int i; - - for (i = 0; i < 8; i++) { - s = state[i]; - s0 = s & 0x1111111111111111uLL; - s0 |= ((s & 0x2220222022202220uLL) >> 4) | ((s & 0x0002000200020002uLL) << 12); - s0 |= ((s & 0x4400440044004400uLL) >> 8) | ((s & 0x0044004400440044uLL) << 8); - s0 |= ((s & 0x8000800080008000uLL) >> 12) | ((s & 0x0888088808880888uLL) << 4); - state[i] = s0; - } -} - -static void BitsMixColumns(u64 state[8]) -{ - u64 s1, s; - u64 s0[8]; - int i; - - for (i = 0; i < 8; i++) { - s1 = state[i]; - s = s1; - s ^= ((s & 0xCCCCCCCCCCCCCCCCuLL) >> 2) | ((s & 0x3333333333333333uLL) << 2); - s ^= ((s & 0xAAAAAAAAAAAAAAAAuLL) >> 1) | ((s & 0x5555555555555555uLL) << 1); - s ^= s1; - s0[i] = s; - } - BitsXtime(state); - for (i = 0; i < 8; i++) { - s1 = state[i]; - s = s0[i]; - s ^= s1; - s ^= ((s1 & 0xEEEEEEEEEEEEEEEEuLL) >> 1) | ((s1 & 0x1111111111111111uLL) << 3); - state[i] = s; - } -} - -static void BitsAddRoundKey(u64 state[8], const u64 key[8]) -{ - int i; - - for (i = 0; i < 8; i++) - state[i] ^= key[i]; -} - -void AES_ctr32_encrypt(const unsigned char *in, unsigned char *out, - size_t blocks, const AES_KEY *key, - const unsigned char *ivec) -{ - struct { - u8 cipher[64]; - u64 state[8]; - u64 rd_key[AES_MAXNR + 1][8]; - } *bs; - u32 ctr32; - int i; - - ctr32 = GETU32(ivec + 12); - if (blocks >= 4 - && (bs = OPENSSL_malloc(sizeof(*bs)))) { - for (i = 0; i < key->rounds + 1; i++) { - memcpy(bs->cipher + 0, &key->rd_key[4 * i], 16); - memcpy(bs->cipher + 16, bs->cipher, 16); - memcpy(bs->cipher + 32, bs->cipher, 32); - RawToBits(bs->cipher, bs->rd_key[i]); - } - while (blocks) { - memcpy(bs->cipher, ivec, 12); - PUTU32(bs->cipher + 12, ctr32); - ctr32++; - memcpy(bs->cipher + 16, ivec, 12); - PUTU32(bs->cipher + 28, ctr32); - ctr32++; - memcpy(bs->cipher + 32, ivec, 12); - PUTU32(bs->cipher + 44, ctr32); - ctr32++; - memcpy(bs->cipher + 48, ivec, 12); - PUTU32(bs->cipher + 60, ctr32); - ctr32++; - RawToBits(bs->cipher, bs->state); - BitsAddRoundKey(bs->state, bs->rd_key[0]); - for (i = 1; i < key->rounds; i++) { - BitsSub(bs->state); - BitsShiftRows(bs->state); - BitsMixColumns(bs->state); - BitsAddRoundKey(bs->state, bs->rd_key[i]); - } - BitsSub(bs->state); - BitsShiftRows(bs->state); - BitsAddRoundKey(bs->state, bs->rd_key[key->rounds]); - BitsToRaw(bs->state, bs->cipher); - for (i = 0; i < 64 && blocks; i++) { - out[i] = in[i] ^ bs->cipher[i]; - if ((i & 15) == 15) - blocks--; - } - in += i; - out += i; - } - OPENSSL_clear_free(bs, sizeof(*bs)); - } else { - unsigned char cipher[16]; - - while (blocks) { - memcpy(cipher, ivec, 12); - PUTU32(cipher + 12, ctr32); - AES_encrypt(cipher, cipher, key); - for (i = 0; i < 16; i++) - out[i] = in[i] ^ cipher[i]; - in += 16; - out += 16; - ctr32++; - blocks--; - } - } -} -# endif #elif !defined(AES_ASM) /*- Te0[x] = S [x].[02, 01, 01, 03]; diff --git a/crypto/openssl/crypto/aes/aes_ige.c b/crypto/openssl/crypto/aes/aes_ige.c index dce4ef11be4f7..804b3a723d1fb 100644 --- a/crypto/openssl/crypto/aes/aes_ige.c +++ b/crypto/openssl/crypto/aes/aes_ige.c @@ -1,5 +1,5 @@ /* - * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2006-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -12,11 +12,6 @@ #include <openssl/aes.h> #include "aes_local.h" -#define N_WORDS (AES_BLOCK_SIZE / sizeof(unsigned long)) -typedef struct { - unsigned long data[N_WORDS]; -} aes_block_t; - /* XXX: probably some better way to do this */ #if defined(__i386__) || defined(__x86_64__) # define UNALIGNED_MEMOPS_ARE_FAST 1 @@ -24,6 +19,15 @@ typedef struct { # define UNALIGNED_MEMOPS_ARE_FAST 0 #endif +#define N_WORDS (AES_BLOCK_SIZE / sizeof(unsigned long)) +typedef struct { + unsigned long data[N_WORDS]; +#if defined(__GNUC__) && UNALIGNED_MEMOPS_ARE_FAST +} aes_block_t __attribute((__aligned__(1))); +#else +} aes_block_t; +#endif + #if UNALIGNED_MEMOPS_ARE_FAST # define load_block(d, s) (d) = *(const aes_block_t *)(s) # define store_block(d, s) *(aes_block_t *)(d) = (s) diff --git a/crypto/openssl/crypto/asn1/d2i_pr.c b/crypto/openssl/crypto/asn1/d2i_pr.c index 6ec0107380493..7b127d2092fa2 100644 --- a/crypto/openssl/crypto/asn1/d2i_pr.c +++ b/crypto/openssl/crypto/asn1/d2i_pr.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -56,6 +56,8 @@ EVP_PKEY *d2i_PrivateKey(int type, EVP_PKEY **a, const unsigned char **pp, goto err; EVP_PKEY_free(ret); ret = tmp; + if (EVP_PKEY_type(type) != EVP_PKEY_base_id(ret)) + goto err; } else { ASN1err(ASN1_F_D2I_PRIVATEKEY, ERR_R_ASN1_LIB); goto err; diff --git a/crypto/openssl/crypto/asn1/x_algor.c b/crypto/openssl/crypto/asn1/x_algor.c index 4c4a718850eed..c9a8f1e9d1d49 100644 --- a/crypto/openssl/crypto/asn1/x_algor.c +++ b/crypto/openssl/crypto/asn1/x_algor.c @@ -1,5 +1,5 @@ /* - * Copyright 1998-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1998-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -92,3 +92,35 @@ int X509_ALGOR_cmp(const X509_ALGOR *a, const X509_ALGOR *b) return 0; return ASN1_TYPE_cmp(a->parameter, b->parameter); } + +int X509_ALGOR_copy(X509_ALGOR *dest, const X509_ALGOR *src) +{ + if (src == NULL || dest == NULL) + return 0; + + if (dest->algorithm) + ASN1_OBJECT_free(dest->algorithm); + dest->algorithm = NULL; + + if (dest->parameter) + ASN1_TYPE_free(dest->parameter); + dest->parameter = NULL; + + if (src->algorithm) + if ((dest->algorithm = OBJ_dup(src->algorithm)) == NULL) + return 0; + + if (src->parameter) { + dest->parameter = ASN1_TYPE_new(); + if (dest->parameter == NULL) + return 0; + + /* Assuming this is also correct for a BOOL. + * set does copy as a side effect. + */ + if (ASN1_TYPE_set1(dest->parameter, + src->parameter->type, src->parameter->value.ptr) == 0) + return 0; + } + return 1; +} diff --git a/crypto/openssl/crypto/bio/b_print.c b/crypto/openssl/crypto/bio/b_print.c index 8ef90ac1d4f8b..41b7f5e2f61d1 100644 --- a/crypto/openssl/crypto/bio/b_print.c +++ b/crypto/openssl/crypto/bio/b_print.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -635,7 +635,11 @@ fmtfp(char **sbuffer, fvalue = tmpvalue; } ufvalue = abs_val(fvalue); - if (ufvalue > ULONG_MAX) { + /* + * By subtracting 65535 (2^16-1) we cancel the low order 15 bits + * of ULONG_MAX to avoid using imprecise floating point values. + */ + if (ufvalue >= (double)(ULONG_MAX - 65535) + 65536.0) { /* Number too big */ return 0; } diff --git a/crypto/openssl/crypto/bio/bss_acpt.c b/crypto/openssl/crypto/bio/bss_acpt.c index 5a2cb50dfc39f..4461eae2333de 100644 --- a/crypto/openssl/crypto/bio/bss_acpt.c +++ b/crypto/openssl/crypto/bio/bss_acpt.c @@ -434,8 +434,10 @@ static long acpt_ctrl(BIO *b, int cmd, long num, void *ptr) b->init = 1; } else if (num == 1) { OPENSSL_free(data->param_serv); - data->param_serv = BUF_strdup(ptr); - b->init = 1; + if ((data->param_serv = OPENSSL_strdup(ptr)) == NULL) + ret = 0; + else + b->init = 1; } else if (num == 2) { data->bind_mode |= BIO_SOCK_NONBLOCK; } else if (num == 3) { diff --git a/crypto/openssl/crypto/bio/bss_conn.c b/crypto/openssl/crypto/bio/bss_conn.c index dd43a406018ca..807a82b23ba2e 100644 --- a/crypto/openssl/crypto/bio/bss_conn.c +++ b/crypto/openssl/crypto/bio/bss_conn.c @@ -186,8 +186,17 @@ static int conn_state(BIO *b, BIO_CONNECT *c) case BIO_CONN_S_BLOCKED_CONNECT: i = BIO_sock_error(b->num); - if (i) { + if (i != 0) { BIO_clear_retry_flags(b); + if ((c->addr_iter = BIO_ADDRINFO_next(c->addr_iter)) != NULL) { + /* + * if there are more addresses to try, do that first + */ + BIO_closesocket(b->num); + c->state = BIO_CONN_S_CREATE_SOCKET; + ERR_clear_error(); + break; + } SYSerr(SYS_F_CONNECT, i); ERR_add_error_data(4, "hostname=", c->param_hostname, @@ -407,12 +416,13 @@ static long conn_ctrl(BIO *b, int cmd, long num, void *ptr) case BIO_C_SET_CONNECT: if (ptr != NULL) { b->init = 1; - if (num == 0) { + if (num == 0) { /* BIO_set_conn_hostname */ char *hold_service = data->param_service; /* We affect the hostname regardless. However, the input * string might contain a host:service spec, so we must * parse it, which might or might not affect the service */ + OPENSSL_free(data->param_hostname); data->param_hostname = NULL; ret = BIO_parse_hostserv(ptr, @@ -421,19 +431,29 @@ static long conn_ctrl(BIO *b, int cmd, long num, void *ptr) BIO_PARSE_PRIO_HOST); if (hold_service != data->param_service) OPENSSL_free(hold_service); - } else if (num == 1) { + } else if (num == 1) { /* BIO_set_conn_port */ OPENSSL_free(data->param_service); - data->param_service = BUF_strdup(ptr); - } else if (num == 2) { + if ((data->param_service = OPENSSL_strdup(ptr)) == NULL) + ret = 0; + } else if (num == 2) { /* BIO_set_conn_address */ const BIO_ADDR *addr = (const BIO_ADDR *)ptr; + char *host = BIO_ADDR_hostname_string(addr, 1); + char *service = BIO_ADDR_service_string(addr, 1); + + ret = host != NULL && service != NULL; if (ret) { - data->param_hostname = BIO_ADDR_hostname_string(addr, 1); - data->param_service = BIO_ADDR_service_string(addr, 1); + OPENSSL_free(data->param_hostname); + data->param_hostname = host; + OPENSSL_free(data->param_service); + data->param_service = service; BIO_ADDRINFO_free(data->addr_first); data->addr_first = NULL; data->addr_iter = NULL; + } else { + OPENSSL_free(host); + OPENSSL_free(service); } - } else if (num == 3) { + } else if (num == 3) { /* BIO_set_conn_ip_family */ data->connect_family = *(int *)ptr; } else { ret = 0; diff --git a/crypto/openssl/crypto/bn/bn_gcd.c b/crypto/openssl/crypto/bn/bn_gcd.c index ef81acb77ba6b..0941f7b97f3f7 100644 --- a/crypto/openssl/crypto/bn/bn_gcd.c +++ b/crypto/openssl/crypto/bn/bn_gcd.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -10,22 +10,189 @@ #include "internal/cryptlib.h" #include "bn_local.h" -/* solves ax == 1 (mod n) */ -static BIGNUM *BN_mod_inverse_no_branch(BIGNUM *in, - const BIGNUM *a, const BIGNUM *n, - BN_CTX *ctx); - -BIGNUM *BN_mod_inverse(BIGNUM *in, - const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx) +/* + * bn_mod_inverse_no_branch is a special version of BN_mod_inverse. It does + * not contain branches that may leak sensitive information. + * + * This is a static function, we ensure all callers in this file pass valid + * arguments: all passed pointers here are non-NULL. + */ +static ossl_inline +BIGNUM *bn_mod_inverse_no_branch(BIGNUM *in, + const BIGNUM *a, const BIGNUM *n, + BN_CTX *ctx, int *pnoinv) { - BIGNUM *rv; - int noinv; - rv = int_bn_mod_inverse(in, a, n, ctx, &noinv); - if (noinv) - BNerr(BN_F_BN_MOD_INVERSE, BN_R_NO_INVERSE); - return rv; + BIGNUM *A, *B, *X, *Y, *M, *D, *T, *R = NULL; + BIGNUM *ret = NULL; + int sign; + + bn_check_top(a); + bn_check_top(n); + + BN_CTX_start(ctx); + A = BN_CTX_get(ctx); + B = BN_CTX_get(ctx); + X = BN_CTX_get(ctx); + D = BN_CTX_get(ctx); + M = BN_CTX_get(ctx); + Y = BN_CTX_get(ctx); + T = BN_CTX_get(ctx); + if (T == NULL) + goto err; + + if (in == NULL) + R = BN_new(); + else + R = in; + if (R == NULL) + goto err; + + BN_one(X); + BN_zero(Y); + if (BN_copy(B, a) == NULL) + goto err; + if (BN_copy(A, n) == NULL) + goto err; + A->neg = 0; + + if (B->neg || (BN_ucmp(B, A) >= 0)) { + /* + * Turn BN_FLG_CONSTTIME flag on, so that when BN_div is invoked, + * BN_div_no_branch will be called eventually. + */ + { + BIGNUM local_B; + bn_init(&local_B); + BN_with_flags(&local_B, B, BN_FLG_CONSTTIME); + if (!BN_nnmod(B, &local_B, A, ctx)) + goto err; + /* Ensure local_B goes out of scope before any further use of B */ + } + } + sign = -1; + /*- + * From B = a mod |n|, A = |n| it follows that + * + * 0 <= B < A, + * -sign*X*a == B (mod |n|), + * sign*Y*a == A (mod |n|). + */ + + while (!BN_is_zero(B)) { + BIGNUM *tmp; + + /*- + * 0 < B < A, + * (*) -sign*X*a == B (mod |n|), + * sign*Y*a == A (mod |n|) + */ + + /* + * Turn BN_FLG_CONSTTIME flag on, so that when BN_div is invoked, + * BN_div_no_branch will be called eventually. + */ + { + BIGNUM local_A; + bn_init(&local_A); + BN_with_flags(&local_A, A, BN_FLG_CONSTTIME); + + /* (D, M) := (A/B, A%B) ... */ + if (!BN_div(D, M, &local_A, B, ctx)) + goto err; + /* Ensure local_A goes out of scope before any further use of A */ + } + + /*- + * Now + * A = D*B + M; + * thus we have + * (**) sign*Y*a == D*B + M (mod |n|). + */ + + tmp = A; /* keep the BIGNUM object, the value does not + * matter */ + + /* (A, B) := (B, A mod B) ... */ + A = B; + B = M; + /* ... so we have 0 <= B < A again */ + + /*- + * Since the former M is now B and the former B is now A, + * (**) translates into + * sign*Y*a == D*A + B (mod |n|), + * i.e. + * sign*Y*a - D*A == B (mod |n|). + * Similarly, (*) translates into + * -sign*X*a == A (mod |n|). + * + * Thus, + * sign*Y*a + D*sign*X*a == B (mod |n|), + * i.e. + * sign*(Y + D*X)*a == B (mod |n|). + * + * So if we set (X, Y, sign) := (Y + D*X, X, -sign), we arrive back at + * -sign*X*a == B (mod |n|), + * sign*Y*a == A (mod |n|). + * Note that X and Y stay non-negative all the time. + */ + + if (!BN_mul(tmp, D, X, ctx)) + goto err; + if (!BN_add(tmp, tmp, Y)) + goto err; + + M = Y; /* keep the BIGNUM object, the value does not + * matter */ + Y = X; + X = tmp; + sign = -sign; + } + + /*- + * The while loop (Euclid's algorithm) ends when + * A == gcd(a,n); + * we have + * sign*Y*a == A (mod |n|), + * where Y is non-negative. + */ + + if (sign < 0) { + if (!BN_sub(Y, n, Y)) + goto err; + } + /* Now Y*a == A (mod |n|). */ + + if (BN_is_one(A)) { + /* Y*a == 1 (mod |n|) */ + if (!Y->neg && BN_ucmp(Y, n) < 0) { + if (!BN_copy(R, Y)) + goto err; + } else { + if (!BN_nnmod(R, Y, n, ctx)) + goto err; + } + } else { + *pnoinv = 1; + /* caller sets the BN_R_NO_INVERSE error */ + goto err; + } + + ret = R; + *pnoinv = 0; + + err: + if ((ret == NULL) && (in == NULL)) + BN_free(R); + BN_CTX_end(ctx); + bn_check_top(ret); + return ret; } +/* + * This is an internal function, we assume all callers pass valid arguments: + * all pointers passed here are assumed non-NULL. + */ BIGNUM *int_bn_mod_inverse(BIGNUM *in, const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx, int *pnoinv) @@ -36,17 +203,15 @@ BIGNUM *int_bn_mod_inverse(BIGNUM *in, /* This is invalid input so we don't worry about constant time here */ if (BN_abs_is_word(n, 1) || BN_is_zero(n)) { - if (pnoinv != NULL) - *pnoinv = 1; + *pnoinv = 1; return NULL; } - if (pnoinv != NULL) - *pnoinv = 0; + *pnoinv = 0; if ((BN_get_flags(a, BN_FLG_CONSTTIME) != 0) || (BN_get_flags(n, BN_FLG_CONSTTIME) != 0)) { - return BN_mod_inverse_no_branch(in, a, n, ctx); + return bn_mod_inverse_no_branch(in, a, n, ctx, pnoinv); } bn_check_top(a); @@ -332,8 +497,7 @@ BIGNUM *int_bn_mod_inverse(BIGNUM *in, goto err; } } else { - if (pnoinv) - *pnoinv = 1; + *pnoinv = 1; goto err; } ret = R; @@ -345,175 +509,27 @@ BIGNUM *int_bn_mod_inverse(BIGNUM *in, return ret; } -/* - * BN_mod_inverse_no_branch is a special version of BN_mod_inverse. It does - * not contain branches that may leak sensitive information. - */ -static BIGNUM *BN_mod_inverse_no_branch(BIGNUM *in, - const BIGNUM *a, const BIGNUM *n, - BN_CTX *ctx) +/* solves ax == 1 (mod n) */ +BIGNUM *BN_mod_inverse(BIGNUM *in, + const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx) { - BIGNUM *A, *B, *X, *Y, *M, *D, *T, *R = NULL; - BIGNUM *ret = NULL; - int sign; - - bn_check_top(a); - bn_check_top(n); - - BN_CTX_start(ctx); - A = BN_CTX_get(ctx); - B = BN_CTX_get(ctx); - X = BN_CTX_get(ctx); - D = BN_CTX_get(ctx); - M = BN_CTX_get(ctx); - Y = BN_CTX_get(ctx); - T = BN_CTX_get(ctx); - if (T == NULL) - goto err; - - if (in == NULL) - R = BN_new(); - else - R = in; - if (R == NULL) - goto err; - - BN_one(X); - BN_zero(Y); - if (BN_copy(B, a) == NULL) - goto err; - if (BN_copy(A, n) == NULL) - goto err; - A->neg = 0; - - if (B->neg || (BN_ucmp(B, A) >= 0)) { - /* - * Turn BN_FLG_CONSTTIME flag on, so that when BN_div is invoked, - * BN_div_no_branch will be called eventually. - */ - { - BIGNUM local_B; - bn_init(&local_B); - BN_with_flags(&local_B, B, BN_FLG_CONSTTIME); - if (!BN_nnmod(B, &local_B, A, ctx)) - goto err; - /* Ensure local_B goes out of scope before any further use of B */ - } - } - sign = -1; - /*- - * From B = a mod |n|, A = |n| it follows that - * - * 0 <= B < A, - * -sign*X*a == B (mod |n|), - * sign*Y*a == A (mod |n|). - */ - - while (!BN_is_zero(B)) { - BIGNUM *tmp; - - /*- - * 0 < B < A, - * (*) -sign*X*a == B (mod |n|), - * sign*Y*a == A (mod |n|) - */ - - /* - * Turn BN_FLG_CONSTTIME flag on, so that when BN_div is invoked, - * BN_div_no_branch will be called eventually. - */ - { - BIGNUM local_A; - bn_init(&local_A); - BN_with_flags(&local_A, A, BN_FLG_CONSTTIME); + BN_CTX *new_ctx = NULL; + BIGNUM *rv; + int noinv = 0; - /* (D, M) := (A/B, A%B) ... */ - if (!BN_div(D, M, &local_A, B, ctx)) - goto err; - /* Ensure local_A goes out of scope before any further use of A */ + if (ctx == NULL) { + ctx = new_ctx = BN_CTX_new(); + if (ctx == NULL) { + BNerr(BN_F_BN_MOD_INVERSE, ERR_R_MALLOC_FAILURE); + return NULL; } - - /*- - * Now - * A = D*B + M; - * thus we have - * (**) sign*Y*a == D*B + M (mod |n|). - */ - - tmp = A; /* keep the BIGNUM object, the value does not - * matter */ - - /* (A, B) := (B, A mod B) ... */ - A = B; - B = M; - /* ... so we have 0 <= B < A again */ - - /*- - * Since the former M is now B and the former B is now A, - * (**) translates into - * sign*Y*a == D*A + B (mod |n|), - * i.e. - * sign*Y*a - D*A == B (mod |n|). - * Similarly, (*) translates into - * -sign*X*a == A (mod |n|). - * - * Thus, - * sign*Y*a + D*sign*X*a == B (mod |n|), - * i.e. - * sign*(Y + D*X)*a == B (mod |n|). - * - * So if we set (X, Y, sign) := (Y + D*X, X, -sign), we arrive back at - * -sign*X*a == B (mod |n|), - * sign*Y*a == A (mod |n|). - * Note that X and Y stay non-negative all the time. - */ - - if (!BN_mul(tmp, D, X, ctx)) - goto err; - if (!BN_add(tmp, tmp, Y)) - goto err; - - M = Y; /* keep the BIGNUM object, the value does not - * matter */ - Y = X; - X = tmp; - sign = -sign; - } - - /*- - * The while loop (Euclid's algorithm) ends when - * A == gcd(a,n); - * we have - * sign*Y*a == A (mod |n|), - * where Y is non-negative. - */ - - if (sign < 0) { - if (!BN_sub(Y, n, Y)) - goto err; } - /* Now Y*a == A (mod |n|). */ - if (BN_is_one(A)) { - /* Y*a == 1 (mod |n|) */ - if (!Y->neg && BN_ucmp(Y, n) < 0) { - if (!BN_copy(R, Y)) - goto err; - } else { - if (!BN_nnmod(R, Y, n, ctx)) - goto err; - } - } else { - BNerr(BN_F_BN_MOD_INVERSE_NO_BRANCH, BN_R_NO_INVERSE); - goto err; - } - ret = R; - err: - if ((ret == NULL) && (in == NULL)) - BN_free(R); - BN_CTX_end(ctx); - bn_check_top(ret); - return ret; + rv = int_bn_mod_inverse(in, a, n, ctx, &noinv); + if (noinv) + BNerr(BN_F_BN_MOD_INVERSE, BN_R_NO_INVERSE); + BN_CTX_free(new_ctx); + return rv; } /*- diff --git a/crypto/openssl/crypto/bn/bn_lib.c b/crypto/openssl/crypto/bn/bn_lib.c index 86d4956c8a8cf..eb4a31849bef1 100644 --- a/crypto/openssl/crypto/bn/bn_lib.c +++ b/crypto/openssl/crypto/bn/bn_lib.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -87,6 +87,15 @@ const BIGNUM *BN_value_one(void) return &const_one; } +/* + * Old Visual Studio ARM compiler miscompiles BN_num_bits_word() + * https://mta.openssl.org/pipermail/openssl-users/2018-August/008465.html + */ +#if defined(_MSC_VER) && defined(_ARM_) && defined(_WIN32_WCE) \ + && _MSC_VER>=1400 && _MSC_VER<1501 +# define MS_BROKEN_BN_num_bits_word +# pragma optimize("", off) +#endif int BN_num_bits_word(BN_ULONG l) { BN_ULONG x, mask; @@ -131,6 +140,9 @@ int BN_num_bits_word(BN_ULONG l) return bits; } +#ifdef MS_BROKEN_BN_num_bits_word +# pragma optimize("", on) +#endif /* * This function still leaks `a->dmax`: it's caller's responsibility to @@ -322,15 +334,19 @@ BIGNUM *BN_dup(const BIGNUM *a) BIGNUM *BN_copy(BIGNUM *a, const BIGNUM *b) { + int bn_words; + bn_check_top(b); + bn_words = BN_get_flags(b, BN_FLG_CONSTTIME) ? b->dmax : b->top; + if (a == b) return a; - if (bn_wexpand(a, b->top) == NULL) + if (bn_wexpand(a, bn_words) == NULL) return NULL; if (b->top > 0) - memcpy(a->d, b->d, sizeof(b->d[0]) * b->top); + memcpy(a->d, b->d, sizeof(b->d[0]) * bn_words); a->neg = b->neg; a->top = b->top; diff --git a/crypto/openssl/crypto/bn/bn_mpi.c b/crypto/openssl/crypto/bn/bn_mpi.c index bdbe822415c79..0902da5d076e6 100644 --- a/crypto/openssl/crypto/bn/bn_mpi.c +++ b/crypto/openssl/crypto/bn/bn_mpi.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -45,7 +45,7 @@ BIGNUM *BN_mpi2bn(const unsigned char *d, int n, BIGNUM *ain) int neg = 0; BIGNUM *a = NULL; - if (n < 4) { + if (n < 4 || (d[0] & 0x80) != 0) { BNerr(BN_F_BN_MPI2BN, BN_R_INVALID_LENGTH); return NULL; } diff --git a/crypto/openssl/crypto/cmac/cmac.c b/crypto/openssl/crypto/cmac/cmac.c index 6989c32d06609..1fac531016878 100644 --- a/crypto/openssl/crypto/cmac/cmac.c +++ b/crypto/openssl/crypto/cmac/cmac.c @@ -1,5 +1,5 @@ /* - * Copyright 2010-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2010-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -116,11 +116,18 @@ int CMAC_Init(CMAC_CTX *ctx, const void *key, size_t keylen, return 1; } /* Initialise context */ - if (cipher && !EVP_EncryptInit_ex(ctx->cctx, cipher, impl, NULL, NULL)) - return 0; + if (cipher != NULL) { + /* Ensure we can't use this ctx until we also have a key */ + ctx->nlast_block = -1; + if (!EVP_EncryptInit_ex(ctx->cctx, cipher, impl, NULL, NULL)) + return 0; + } /* Non-NULL key means initialisation complete */ - if (key) { + if (key != NULL) { int bl; + + /* If anything fails then ensure we can't use this ctx */ + ctx->nlast_block = -1; if (!EVP_CIPHER_CTX_cipher(ctx->cctx)) return 0; if (!EVP_CIPHER_CTX_set_key_length(ctx->cctx, keylen)) @@ -128,7 +135,7 @@ int CMAC_Init(CMAC_CTX *ctx, const void *key, size_t keylen, if (!EVP_EncryptInit_ex(ctx->cctx, NULL, NULL, key, zero_iv)) return 0; bl = EVP_CIPHER_CTX_block_size(ctx->cctx); - if (!EVP_Cipher(ctx->cctx, ctx->tbl, zero_iv, bl)) + if (EVP_Cipher(ctx->cctx, ctx->tbl, zero_iv, bl) <= 0) return 0; make_kn(ctx->k1, ctx->tbl, bl); make_kn(ctx->k2, ctx->k1, bl); @@ -166,12 +173,12 @@ int CMAC_Update(CMAC_CTX *ctx, const void *in, size_t dlen) return 1; data += nleft; /* Else not final block so encrypt it */ - if (!EVP_Cipher(ctx->cctx, ctx->tbl, ctx->last_block, bl)) + if (EVP_Cipher(ctx->cctx, ctx->tbl, ctx->last_block, bl) <= 0) return 0; } /* Encrypt all but one of the complete blocks left */ while (dlen > bl) { - if (!EVP_Cipher(ctx->cctx, ctx->tbl, data, bl)) + if (EVP_Cipher(ctx->cctx, ctx->tbl, data, bl) <= 0) return 0; dlen -= bl; data += bl; diff --git a/crypto/openssl/crypto/cms/cms_lib.c b/crypto/openssl/crypto/cms/cms_lib.c index 57afba4361150..be4c2c703f1a8 100644 --- a/crypto/openssl/crypto/cms/cms_lib.c +++ b/crypto/openssl/crypto/cms/cms_lib.c @@ -1,5 +1,5 @@ /* - * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2008-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -92,12 +92,13 @@ BIO *CMS_dataInit(CMS_ContentInfo *cms, BIO *icont) default: CMSerr(CMS_F_CMS_DATAINIT, CMS_R_UNSUPPORTED_TYPE); - return NULL; + goto err; } if (cmsbio) return BIO_push(cmsbio, cont); +err: if (!icont) BIO_free(cont); return NULL; diff --git a/crypto/openssl/crypto/cms/cms_sd.c b/crypto/openssl/crypto/cms/cms_sd.c index 29ba4c1b13342..3f2a782565a8a 100644 --- a/crypto/openssl/crypto/cms/cms_sd.c +++ b/crypto/openssl/crypto/cms/cms_sd.c @@ -1,5 +1,5 @@ /* - * Copyright 2008-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2008-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -897,8 +897,10 @@ int CMS_add_simple_smimecap(STACK_OF(X509_ALGOR) **algs, ASN1_INTEGER *key = NULL; if (keysize > 0) { key = ASN1_INTEGER_new(); - if (key == NULL || !ASN1_INTEGER_set(key, keysize)) + if (key == NULL || !ASN1_INTEGER_set(key, keysize)) { + ASN1_INTEGER_free(key); return 0; + } } alg = X509_ALGOR_new(); if (alg == NULL) { diff --git a/crypto/openssl/crypto/conf/conf_def.c b/crypto/openssl/crypto/conf/conf_def.c index ca76fa3679b8a..3d710f12ae07e 100644 --- a/crypto/openssl/crypto/conf/conf_def.c +++ b/crypto/openssl/crypto/conf/conf_def.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -376,11 +376,13 @@ static int def_load_bio(CONF *conf, BIO *in, long *line) if (biosk == NULL) { if ((biosk = sk_BIO_new_null()) == NULL) { CONFerr(CONF_F_DEF_LOAD_BIO, ERR_R_MALLOC_FAILURE); + BIO_free(next); goto err; } } if (!sk_BIO_push(biosk, in)) { CONFerr(CONF_F_DEF_LOAD_BIO, ERR_R_MALLOC_FAILURE); + BIO_free(next); goto err; } /* continue with reading from the included BIO */ diff --git a/crypto/openssl/crypto/ec/asm/ecp_nistz256-armv4.pl b/crypto/openssl/crypto/ec/asm/ecp_nistz256-armv4.pl index ea538c0698d54..fa833ce6aaf37 100755 --- a/crypto/openssl/crypto/ec/asm/ecp_nistz256-armv4.pl +++ b/crypto/openssl/crypto/ec/asm/ecp_nistz256-armv4.pl @@ -1517,9 +1517,9 @@ ecp_nistz256_point_add: ldr $t2,[sp,#32*18+12] @ ~is_equal(S1,S2) mvn $t0,$t0 @ -1/0 -> 0/-1 mvn $t1,$t1 @ -1/0 -> 0/-1 - orr $a0,$t0 - orr $a0,$t1 - orrs $a0,$t2 @ set flags + orr $a0,$a0,$t0 + orr $a0,$a0,$t1 + orrs $a0,$a0,$t2 @ set flags @ if(~is_equal(U1,U2) | in1infty | in2infty | ~is_equal(S1,S2)) bne .Ladd_proceed diff --git a/crypto/openssl/crypto/ec/asm/ecp_nistz256-avx2.pl b/crypto/openssl/crypto/ec/asm/ecp_nistz256-avx2.pl deleted file mode 100755 index 1b7ec8464b4f9..0000000000000 --- a/crypto/openssl/crypto/ec/asm/ecp_nistz256-avx2.pl +++ /dev/null @@ -1,2080 +0,0 @@ -#! /usr/bin/env perl -# Copyright 2014-2020 The OpenSSL Project Authors. All Rights Reserved. -# Copyright (c) 2014, Intel Corporation. All Rights Reserved. -# -# Licensed under the OpenSSL license (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html -# -# Originally written by Shay Gueron (1, 2), and Vlad Krasnov (1) -# (1) Intel Corporation, Israel Development Center, Haifa, Israel -# (2) University of Haifa, Israel -# -# Reference: -# S.Gueron and V.Krasnov, "Fast Prime Field Elliptic Curve Cryptography with -# 256 Bit Primes" - -$flavour = shift; -$output = shift; -if ($flavour =~ /\./) { $output = $flavour; undef $flavour; } - -$win64=0; $win64=1 if ($flavour =~ /[nm]asm|mingw64/ || $output =~ /\.asm$/); - -$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; -( $xlate="${dir}x86_64-xlate.pl" and -f $xlate ) or -( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or -die "can't locate x86_64-xlate.pl"; - -open OUT,"| \"$^X\" $xlate $flavour $output"; -*STDOUT=*OUT; - -if (`$ENV{CC} -Wa,-v -c -o /dev/null -x assembler /dev/null 2>&1` - =~ /GNU assembler version ([2-9]\.[0-9]+)/) { - $avx = ($1>=2.19) + ($1>=2.22); - $addx = ($1>=2.23); -} - -if (!$addx && $win64 && ($flavour =~ /nasm/ || $ENV{ASM} =~ /nasm/) && - `nasm -v 2>&1` =~ /NASM version ([2-9]\.[0-9]+)/) { - $avx = ($1>=2.09) + ($1>=2.10); - $addx = ($1>=2.10); -} - -if (!$addx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) && - `ml64 2>&1` =~ /Version ([0-9]+)\./) { - $avx = ($1>=10) + ($1>=11); - $addx = ($1>=12); -} - -if (!$addx && `$ENV{CC} -v 2>&1` =~ /((?:clang|LLVM) version|based on LLVM) ([0-9]+)\.([0-9]+)/) { - my $ver = $2 + $3/100.0; # 3.1->3.01, 3.10->3.10 - $avx = ($ver>=3.0) + ($ver>=3.01); - $addx = ($ver>=3.03); -} - -if ($avx>=2) {{ -$digit_size = "\$29"; -$n_digits = "\$9"; - -$code.=<<___; -.text - -.align 64 -.LAVX2_AND_MASK: -.LAVX2_POLY: -.quad 0x1fffffff, 0x1fffffff, 0x1fffffff, 0x1fffffff -.quad 0x1fffffff, 0x1fffffff, 0x1fffffff, 0x1fffffff -.quad 0x1fffffff, 0x1fffffff, 0x1fffffff, 0x1fffffff -.quad 0x000001ff, 0x000001ff, 0x000001ff, 0x000001ff -.quad 0x00000000, 0x00000000, 0x00000000, 0x00000000 -.quad 0x00000000, 0x00000000, 0x00000000, 0x00000000 -.quad 0x00040000, 0x00040000, 0x00040000, 0x00040000 -.quad 0x1fe00000, 0x1fe00000, 0x1fe00000, 0x1fe00000 -.quad 0x00ffffff, 0x00ffffff, 0x00ffffff, 0x00ffffff - -.LAVX2_POLY_x2: -.quad 0x7FFFFFFC, 0x7FFFFFFC, 0x7FFFFFFC, 0x7FFFFFFC -.quad 0x7FFFFFFC, 0x7FFFFFFC, 0x7FFFFFFC, 0x7FFFFFFC -.quad 0x7FFFFFFC, 0x7FFFFFFC, 0x7FFFFFFC, 0x7FFFFFFC -.quad 0x400007FC, 0x400007FC, 0x400007FC, 0x400007FC -.quad 0x3FFFFFFE, 0x3FFFFFFE, 0x3FFFFFFE, 0x3FFFFFFE -.quad 0x3FFFFFFE, 0x3FFFFFFE, 0x3FFFFFFE, 0x3FFFFFFE -.quad 0x400FFFFE, 0x400FFFFE, 0x400FFFFE, 0x400FFFFE -.quad 0x7F7FFFFE, 0x7F7FFFFE, 0x7F7FFFFE, 0x7F7FFFFE -.quad 0x03FFFFFC, 0x03FFFFFC, 0x03FFFFFC, 0x03FFFFFC - -.LAVX2_POLY_x8: -.quad 0xFFFFFFF8, 0xFFFFFFF8, 0xFFFFFFF8, 0xFFFFFFF8 -.quad 0xFFFFFFF8, 0xFFFFFFF8, 0xFFFFFFF8, 0xFFFFFFF8 -.quad 0xFFFFFFF8, 0xFFFFFFF8, 0xFFFFFFF8, 0xFFFFFFF8 -.quad 0x80000FF8, 0x80000FF8, 0x80000FF8, 0x80000FF8 -.quad 0x7FFFFFFC, 0x7FFFFFFC, 0x7FFFFFFC, 0x7FFFFFFC -.quad 0x7FFFFFFC, 0x7FFFFFFC, 0x7FFFFFFC, 0x7FFFFFFC -.quad 0x801FFFFC, 0x801FFFFC, 0x801FFFFC, 0x801FFFFC -.quad 0xFEFFFFFC, 0xFEFFFFFC, 0xFEFFFFFC, 0xFEFFFFFC -.quad 0x07FFFFF8, 0x07FFFFF8, 0x07FFFFF8, 0x07FFFFF8 - -.LONE: -.quad 0x00000020, 0x00000020, 0x00000020, 0x00000020 -.quad 0x00000000, 0x00000000, 0x00000000, 0x00000000 -.quad 0x00000000, 0x00000000, 0x00000000, 0x00000000 -.quad 0x1fffc000, 0x1fffc000, 0x1fffc000, 0x1fffc000 -.quad 0x1fffffff, 0x1fffffff, 0x1fffffff, 0x1fffffff -.quad 0x1fffffff, 0x1fffffff, 0x1fffffff, 0x1fffffff -.quad 0x1f7fffff, 0x1f7fffff, 0x1f7fffff, 0x1f7fffff -.quad 0x03ffffff, 0x03ffffff, 0x03ffffff, 0x03ffffff -.quad 0x00000000, 0x00000000, 0x00000000, 0x00000000 - -# RR = 2^266 mod p in AVX2 format, to transform from the native OpenSSL -# Montgomery form (*2^256) to our format (*2^261) - -.LTO_MONT_AVX2: -.quad 0x00000400, 0x00000400, 0x00000400, 0x00000400 -.quad 0x00000000, 0x00000000, 0x00000000, 0x00000000 -.quad 0x00000000, 0x00000000, 0x00000000, 0x00000000 -.quad 0x1ff80000, 0x1ff80000, 0x1ff80000, 0x1ff80000 -.quad 0x1fffffff, 0x1fffffff, 0x1fffffff, 0x1fffffff -.quad 0x1fffffff, 0x1fffffff, 0x1fffffff, 0x1fffffff -.quad 0x0fffffff, 0x0fffffff, 0x0fffffff, 0x0fffffff -.quad 0x1fffffff, 0x1fffffff, 0x1fffffff, 0x1fffffff -.quad 0x00000003, 0x00000003, 0x00000003, 0x00000003 - -.LFROM_MONT_AVX2: -.quad 0x00000001, 0x00000001, 0x00000001, 0x00000001 -.quad 0x00000000, 0x00000000, 0x00000000, 0x00000000 -.quad 0x00000000, 0x00000000, 0x00000000, 0x00000000 -.quad 0x1ffffe00, 0x1ffffe00, 0x1ffffe00, 0x1ffffe00 -.quad 0x1fffffff, 0x1fffffff, 0x1fffffff, 0x1fffffff -.quad 0x1fffffff, 0x1fffffff, 0x1fffffff, 0x1fffffff -.quad 0x1ffbffff, 0x1ffbffff, 0x1ffbffff, 0x1ffbffff -.quad 0x001fffff, 0x001fffff, 0x001fffff, 0x001fffff -.quad 0x00000000, 0x00000000, 0x00000000, 0x00000000 - -.LIntOne: -.long 1,1,1,1,1,1,1,1 -___ - -{ -# This function receives a pointer to an array of four affine points -# (X, Y, <1>) and rearranges the data for AVX2 execution, while -# converting it to 2^29 radix redundant form - -my ($X0,$X1,$X2,$X3, $Y0,$Y1,$Y2,$Y3, - $T0,$T1,$T2,$T3, $T4,$T5,$T6,$T7)=map("%ymm$_",(0..15)); - -$code.=<<___; -.globl ecp_nistz256_avx2_transpose_convert -.type ecp_nistz256_avx2_transpose_convert,\@function,2 -.align 64 -ecp_nistz256_avx2_transpose_convert: - vzeroupper -___ -$code.=<<___ if ($win64); - lea -8-16*10(%rsp), %rsp - vmovaps %xmm6, -8-16*10(%rax) - vmovaps %xmm7, -8-16*9(%rax) - vmovaps %xmm8, -8-16*8(%rax) - vmovaps %xmm9, -8-16*7(%rax) - vmovaps %xmm10, -8-16*6(%rax) - vmovaps %xmm11, -8-16*5(%rax) - vmovaps %xmm12, -8-16*4(%rax) - vmovaps %xmm13, -8-16*3(%rax) - vmovaps %xmm14, -8-16*2(%rax) - vmovaps %xmm15, -8-16*1(%rax) -___ -$code.=<<___; - # Load the data - vmovdqa 32*0(%rsi), $X0 - lea 112(%rsi), %rax # size optimization - vmovdqa 32*1(%rsi), $Y0 - lea .LAVX2_AND_MASK(%rip), %rdx - vmovdqa 32*2(%rsi), $X1 - vmovdqa 32*3(%rsi), $Y1 - vmovdqa 32*4-112(%rax), $X2 - vmovdqa 32*5-112(%rax), $Y2 - vmovdqa 32*6-112(%rax), $X3 - vmovdqa 32*7-112(%rax), $Y3 - - # Transpose X and Y independently - vpunpcklqdq $X1, $X0, $T0 # T0 = [B2 A2 B0 A0] - vpunpcklqdq $X3, $X2, $T1 # T1 = [D2 C2 D0 C0] - vpunpckhqdq $X1, $X0, $T2 # T2 = [B3 A3 B1 A1] - vpunpckhqdq $X3, $X2, $T3 # T3 = [D3 C3 D1 C1] - - vpunpcklqdq $Y1, $Y0, $T4 - vpunpcklqdq $Y3, $Y2, $T5 - vpunpckhqdq $Y1, $Y0, $T6 - vpunpckhqdq $Y3, $Y2, $T7 - - vperm2i128 \$0x20, $T1, $T0, $X0 # X0 = [D0 C0 B0 A0] - vperm2i128 \$0x20, $T3, $T2, $X1 # X1 = [D1 C1 B1 A1] - vperm2i128 \$0x31, $T1, $T0, $X2 # X2 = [D2 C2 B2 A2] - vperm2i128 \$0x31, $T3, $T2, $X3 # X3 = [D3 C3 B3 A3] - - vperm2i128 \$0x20, $T5, $T4, $Y0 - vperm2i128 \$0x20, $T7, $T6, $Y1 - vperm2i128 \$0x31, $T5, $T4, $Y2 - vperm2i128 \$0x31, $T7, $T6, $Y3 - vmovdqa (%rdx), $T7 - - vpand (%rdx), $X0, $T0 # out[0] = in[0] & mask; - vpsrlq \$29, $X0, $X0 - vpand $T7, $X0, $T1 # out[1] = (in[0] >> shift) & mask; - vpsrlq \$29, $X0, $X0 - vpsllq \$6, $X1, $T2 - vpxor $X0, $T2, $T2 - vpand $T7, $T2, $T2 # out[2] = ((in[0] >> (shift*2)) ^ (in[1] << (64-shift*2))) & mask; - vpsrlq \$23, $X1, $X1 - vpand $T7, $X1, $T3 # out[3] = (in[1] >> ((shift*3)%64)) & mask; - vpsrlq \$29, $X1, $X1 - vpsllq \$12, $X2, $T4 - vpxor $X1, $T4, $T4 - vpand $T7, $T4, $T4 # out[4] = ((in[1] >> ((shift*4)%64)) ^ (in[2] << (64*2-shift*4))) & mask; - vpsrlq \$17, $X2, $X2 - vpand $T7, $X2, $T5 # out[5] = (in[2] >> ((shift*5)%64)) & mask; - vpsrlq \$29, $X2, $X2 - vpsllq \$18, $X3, $T6 - vpxor $X2, $T6, $T6 - vpand $T7, $T6, $T6 # out[6] = ((in[2] >> ((shift*6)%64)) ^ (in[3] << (64*3-shift*6))) & mask; - vpsrlq \$11, $X3, $X3 - vmovdqa $T0, 32*0(%rdi) - lea 112(%rdi), %rax # size optimization - vpand $T7, $X3, $T0 # out[7] = (in[3] >> ((shift*7)%64)) & mask; - vpsrlq \$29, $X3, $X3 # out[8] = (in[3] >> ((shift*8)%64)) & mask; - - vmovdqa $T1, 32*1(%rdi) - vmovdqa $T2, 32*2(%rdi) - vmovdqa $T3, 32*3(%rdi) - vmovdqa $T4, 32*4-112(%rax) - vmovdqa $T5, 32*5-112(%rax) - vmovdqa $T6, 32*6-112(%rax) - vmovdqa $T0, 32*7-112(%rax) - vmovdqa $X3, 32*8-112(%rax) - lea 448(%rdi), %rax # size optimization - - vpand $T7, $Y0, $T0 # out[0] = in[0] & mask; - vpsrlq \$29, $Y0, $Y0 - vpand $T7, $Y0, $T1 # out[1] = (in[0] >> shift) & mask; - vpsrlq \$29, $Y0, $Y0 - vpsllq \$6, $Y1, $T2 - vpxor $Y0, $T2, $T2 - vpand $T7, $T2, $T2 # out[2] = ((in[0] >> (shift*2)) ^ (in[1] << (64-shift*2))) & mask; - vpsrlq \$23, $Y1, $Y1 - vpand $T7, $Y1, $T3 # out[3] = (in[1] >> ((shift*3)%64)) & mask; - vpsrlq \$29, $Y1, $Y1 - vpsllq \$12, $Y2, $T4 - vpxor $Y1, $T4, $T4 - vpand $T7, $T4, $T4 # out[4] = ((in[1] >> ((shift*4)%64)) ^ (in[2] << (64*2-shift*4))) & mask; - vpsrlq \$17, $Y2, $Y2 - vpand $T7, $Y2, $T5 # out[5] = (in[2] >> ((shift*5)%64)) & mask; - vpsrlq \$29, $Y2, $Y2 - vpsllq \$18, $Y3, $T6 - vpxor $Y2, $T6, $T6 - vpand $T7, $T6, $T6 # out[6] = ((in[2] >> ((shift*6)%64)) ^ (in[3] << (64*3-shift*6))) & mask; - vpsrlq \$11, $Y3, $Y3 - vmovdqa $T0, 32*9-448(%rax) - vpand $T7, $Y3, $T0 # out[7] = (in[3] >> ((shift*7)%64)) & mask; - vpsrlq \$29, $Y3, $Y3 # out[8] = (in[3] >> ((shift*8)%64)) & mask; - - vmovdqa $T1, 32*10-448(%rax) - vmovdqa $T2, 32*11-448(%rax) - vmovdqa $T3, 32*12-448(%rax) - vmovdqa $T4, 32*13-448(%rax) - vmovdqa $T5, 32*14-448(%rax) - vmovdqa $T6, 32*15-448(%rax) - vmovdqa $T0, 32*16-448(%rax) - vmovdqa $Y3, 32*17-448(%rax) - - vzeroupper -___ -$code.=<<___ if ($win64); - movaps 16*0(%rsp), %xmm6 - movaps 16*1(%rsp), %xmm7 - movaps 16*2(%rsp), %xmm8 - movaps 16*3(%rsp), %xmm9 - movaps 16*4(%rsp), %xmm10 - movaps 16*5(%rsp), %xmm11 - movaps 16*6(%rsp), %xmm12 - movaps 16*7(%rsp), %xmm13 - movaps 16*8(%rsp), %xmm14 - movaps 16*9(%rsp), %xmm15 - lea 8+16*10(%rsp), %rsp -___ -$code.=<<___; - ret -.size ecp_nistz256_avx2_transpose_convert,.-ecp_nistz256_avx2_transpose_convert -___ -} -{ -################################################################################ -# This function receives a pointer to an array of four AVX2 formatted points -# (X, Y, Z) convert the data to normal representation, and rearranges the data - -my ($D0,$D1,$D2,$D3, $D4,$D5,$D6,$D7, $D8)=map("%ymm$_",(0..8)); -my ($T0,$T1,$T2,$T3, $T4,$T5,$T6)=map("%ymm$_",(9..15)); - -$code.=<<___; - -.globl ecp_nistz256_avx2_convert_transpose_back -.type ecp_nistz256_avx2_convert_transpose_back,\@function,2 -.align 32 -ecp_nistz256_avx2_convert_transpose_back: - vzeroupper -___ -$code.=<<___ if ($win64); - lea -8-16*10(%rsp), %rsp - vmovaps %xmm6, -8-16*10(%rax) - vmovaps %xmm7, -8-16*9(%rax) - vmovaps %xmm8, -8-16*8(%rax) - vmovaps %xmm9, -8-16*7(%rax) - vmovaps %xmm10, -8-16*6(%rax) - vmovaps %xmm11, -8-16*5(%rax) - vmovaps %xmm12, -8-16*4(%rax) - vmovaps %xmm13, -8-16*3(%rax) - vmovaps %xmm14, -8-16*2(%rax) - vmovaps %xmm15, -8-16*1(%rax) -___ -$code.=<<___; - mov \$3, %ecx - -.Lconv_loop: - vmovdqa 32*0(%rsi), $D0 - lea 160(%rsi), %rax # size optimization - vmovdqa 32*1(%rsi), $D1 - vmovdqa 32*2(%rsi), $D2 - vmovdqa 32*3(%rsi), $D3 - vmovdqa 32*4-160(%rax), $D4 - vmovdqa 32*5-160(%rax), $D5 - vmovdqa 32*6-160(%rax), $D6 - vmovdqa 32*7-160(%rax), $D7 - vmovdqa 32*8-160(%rax), $D8 - - vpsllq \$29, $D1, $D1 - vpsllq \$58, $D2, $T0 - vpaddq $D1, $D0, $D0 - vpaddq $T0, $D0, $D0 # out[0] = (in[0]) ^ (in[1] << shift*1) ^ (in[2] << shift*2); - - vpsrlq \$6, $D2, $D2 - vpsllq \$23, $D3, $D3 - vpsllq \$52, $D4, $T1 - vpaddq $D2, $D3, $D3 - vpaddq $D3, $T1, $D1 # out[1] = (in[2] >> (64*1-shift*2)) ^ (in[3] << shift*3%64) ^ (in[4] << shift*4%64); - - vpsrlq \$12, $D4, $D4 - vpsllq \$17, $D5, $D5 - vpsllq \$46, $D6, $T2 - vpaddq $D4, $D5, $D5 - vpaddq $D5, $T2, $D2 # out[2] = (in[4] >> (64*2-shift*4)) ^ (in[5] << shift*5%64) ^ (in[6] << shift*6%64); - - vpsrlq \$18, $D6, $D6 - vpsllq \$11, $D7, $D7 - vpsllq \$40, $D8, $T3 - vpaddq $D6, $D7, $D7 - vpaddq $D7, $T3, $D3 # out[3] = (in[6] >> (64*3-shift*6)) ^ (in[7] << shift*7%64) ^ (in[8] << shift*8%64); - - vpunpcklqdq $D1, $D0, $T0 # T0 = [B2 A2 B0 A0] - vpunpcklqdq $D3, $D2, $T1 # T1 = [D2 C2 D0 C0] - vpunpckhqdq $D1, $D0, $T2 # T2 = [B3 A3 B1 A1] - vpunpckhqdq $D3, $D2, $T3 # T3 = [D3 C3 D1 C1] - - vperm2i128 \$0x20, $T1, $T0, $D0 # X0 = [D0 C0 B0 A0] - vperm2i128 \$0x20, $T3, $T2, $D1 # X1 = [D1 C1 B1 A1] - vperm2i128 \$0x31, $T1, $T0, $D2 # X2 = [D2 C2 B2 A2] - vperm2i128 \$0x31, $T3, $T2, $D3 # X3 = [D3 C3 B3 A3] - - vmovdqa $D0, 32*0(%rdi) - vmovdqa $D1, 32*3(%rdi) - vmovdqa $D2, 32*6(%rdi) - vmovdqa $D3, 32*9(%rdi) - - lea 32*9(%rsi), %rsi - lea 32*1(%rdi), %rdi - - dec %ecx - jnz .Lconv_loop - - vzeroupper -___ -$code.=<<___ if ($win64); - movaps 16*0(%rsp), %xmm6 - movaps 16*1(%rsp), %xmm7 - movaps 16*2(%rsp), %xmm8 - movaps 16*3(%rsp), %xmm9 - movaps 16*4(%rsp), %xmm10 - movaps 16*5(%rsp), %xmm11 - movaps 16*6(%rsp), %xmm12 - movaps 16*7(%rsp), %xmm13 - movaps 16*8(%rsp), %xmm14 - movaps 16*9(%rsp), %xmm15 - lea 8+16*10(%rsp), %rsp -___ -$code.=<<___; - ret -.size ecp_nistz256_avx2_convert_transpose_back,.-ecp_nistz256_avx2_convert_transpose_back -___ -} -{ -my ($r_ptr,$a_ptr,$b_ptr,$itr)=("%rdi","%rsi","%rdx","%ecx"); -my ($ACC0,$ACC1,$ACC2,$ACC3,$ACC4,$ACC5,$ACC6,$ACC7,$ACC8)=map("%ymm$_",(0..8)); -my ($B,$Y,$T0,$AND_MASK,$OVERFLOW)=map("%ymm$_",(9..13)); - -sub NORMALIZE { -my $ret=<<___; - vpsrlq $digit_size, $ACC0, $T0 - vpand $AND_MASK, $ACC0, $ACC0 - vpaddq $T0, $ACC1, $ACC1 - - vpsrlq $digit_size, $ACC1, $T0 - vpand $AND_MASK, $ACC1, $ACC1 - vpaddq $T0, $ACC2, $ACC2 - - vpsrlq $digit_size, $ACC2, $T0 - vpand $AND_MASK, $ACC2, $ACC2 - vpaddq $T0, $ACC3, $ACC3 - - vpsrlq $digit_size, $ACC3, $T0 - vpand $AND_MASK, $ACC3, $ACC3 - vpaddq $T0, $ACC4, $ACC4 - - vpsrlq $digit_size, $ACC4, $T0 - vpand $AND_MASK, $ACC4, $ACC4 - vpaddq $T0, $ACC5, $ACC5 - - vpsrlq $digit_size, $ACC5, $T0 - vpand $AND_MASK, $ACC5, $ACC5 - vpaddq $T0, $ACC6, $ACC6 - - vpsrlq $digit_size, $ACC6, $T0 - vpand $AND_MASK, $ACC6, $ACC6 - vpaddq $T0, $ACC7, $ACC7 - - vpsrlq $digit_size, $ACC7, $T0 - vpand $AND_MASK, $ACC7, $ACC7 - vpaddq $T0, $ACC8, $ACC8 - #vpand $AND_MASK, $ACC8, $ACC8 -___ - $ret; -} - -sub STORE { -my $ret=<<___; - vmovdqa $ACC0, 32*0(%rdi) - lea 160(%rdi), %rax # size optimization - vmovdqa $ACC1, 32*1(%rdi) - vmovdqa $ACC2, 32*2(%rdi) - vmovdqa $ACC3, 32*3(%rdi) - vmovdqa $ACC4, 32*4-160(%rax) - vmovdqa $ACC5, 32*5-160(%rax) - vmovdqa $ACC6, 32*6-160(%rax) - vmovdqa $ACC7, 32*7-160(%rax) - vmovdqa $ACC8, 32*8-160(%rax) -___ - $ret; -} - -$code.=<<___; -.type avx2_normalize,\@abi-omnipotent -.align 32 -avx2_normalize: - vpsrlq $digit_size, $ACC0, $T0 - vpand $AND_MASK, $ACC0, $ACC0 - vpaddq $T0, $ACC1, $ACC1 - - vpsrlq $digit_size, $ACC1, $T0 - vpand $AND_MASK, $ACC1, $ACC1 - vpaddq $T0, $ACC2, $ACC2 - - vpsrlq $digit_size, $ACC2, $T0 - vpand $AND_MASK, $ACC2, $ACC2 - vpaddq $T0, $ACC3, $ACC3 - - vpsrlq $digit_size, $ACC3, $T0 - vpand $AND_MASK, $ACC3, $ACC3 - vpaddq $T0, $ACC4, $ACC4 - - vpsrlq $digit_size, $ACC4, $T0 - vpand $AND_MASK, $ACC4, $ACC4 - vpaddq $T0, $ACC5, $ACC5 - - vpsrlq $digit_size, $ACC5, $T0 - vpand $AND_MASK, $ACC5, $ACC5 - vpaddq $T0, $ACC6, $ACC6 - - vpsrlq $digit_size, $ACC6, $T0 - vpand $AND_MASK, $ACC6, $ACC6 - vpaddq $T0, $ACC7, $ACC7 - - vpsrlq $digit_size, $ACC7, $T0 - vpand $AND_MASK, $ACC7, $ACC7 - vpaddq $T0, $ACC8, $ACC8 - #vpand $AND_MASK, $ACC8, $ACC8 - - ret -.size avx2_normalize,.-avx2_normalize - -.type avx2_normalize_n_store,\@abi-omnipotent -.align 32 -avx2_normalize_n_store: - vpsrlq $digit_size, $ACC0, $T0 - vpand $AND_MASK, $ACC0, $ACC0 - vpaddq $T0, $ACC1, $ACC1 - - vpsrlq $digit_size, $ACC1, $T0 - vpand $AND_MASK, $ACC1, $ACC1 - vmovdqa $ACC0, 32*0(%rdi) - lea 160(%rdi), %rax # size optimization - vpaddq $T0, $ACC2, $ACC2 - - vpsrlq $digit_size, $ACC2, $T0 - vpand $AND_MASK, $ACC2, $ACC2 - vmovdqa $ACC1, 32*1(%rdi) - vpaddq $T0, $ACC3, $ACC3 - - vpsrlq $digit_size, $ACC3, $T0 - vpand $AND_MASK, $ACC3, $ACC3 - vmovdqa $ACC2, 32*2(%rdi) - vpaddq $T0, $ACC4, $ACC4 - - vpsrlq $digit_size, $ACC4, $T0 - vpand $AND_MASK, $ACC4, $ACC4 - vmovdqa $ACC3, 32*3(%rdi) - vpaddq $T0, $ACC5, $ACC5 - - vpsrlq $digit_size, $ACC5, $T0 - vpand $AND_MASK, $ACC5, $ACC5 - vmovdqa $ACC4, 32*4-160(%rax) - vpaddq $T0, $ACC6, $ACC6 - - vpsrlq $digit_size, $ACC6, $T0 - vpand $AND_MASK, $ACC6, $ACC6 - vmovdqa $ACC5, 32*5-160(%rax) - vpaddq $T0, $ACC7, $ACC7 - - vpsrlq $digit_size, $ACC7, $T0 - vpand $AND_MASK, $ACC7, $ACC7 - vmovdqa $ACC6, 32*6-160(%rax) - vpaddq $T0, $ACC8, $ACC8 - #vpand $AND_MASK, $ACC8, $ACC8 - vmovdqa $ACC7, 32*7-160(%rax) - vmovdqa $ACC8, 32*8-160(%rax) - - ret -.size avx2_normalize_n_store,.-avx2_normalize_n_store - -################################################################################ -# void avx2_mul_x4(void* RESULTx4, void *Ax4, void *Bx4); -.type avx2_mul_x4,\@abi-omnipotent -.align 32 -avx2_mul_x4: - lea .LAVX2_POLY(%rip), %rax - - vpxor $ACC0, $ACC0, $ACC0 - vpxor $ACC1, $ACC1, $ACC1 - vpxor $ACC2, $ACC2, $ACC2 - vpxor $ACC3, $ACC3, $ACC3 - vpxor $ACC4, $ACC4, $ACC4 - vpxor $ACC5, $ACC5, $ACC5 - vpxor $ACC6, $ACC6, $ACC6 - vpxor $ACC7, $ACC7, $ACC7 - - vmovdqa 32*7(%rax), %ymm14 - vmovdqa 32*8(%rax), %ymm15 - - mov $n_digits, $itr - lea -512($a_ptr), $a_ptr # strategic bias to control u-op density - jmp .Lavx2_mul_x4_loop - -.align 32 -.Lavx2_mul_x4_loop: - vmovdqa 32*0($b_ptr), $B - lea 32*1($b_ptr), $b_ptr - - vpmuludq 32*0+512($a_ptr), $B, $T0 - vpmuludq 32*1+512($a_ptr), $B, $OVERFLOW # borrow $OVERFLOW - vpaddq $T0, $ACC0, $ACC0 - vpmuludq 32*2+512($a_ptr), $B, $T0 - vpaddq $OVERFLOW, $ACC1, $ACC1 - vpand $AND_MASK, $ACC0, $Y - vpmuludq 32*3+512($a_ptr), $B, $OVERFLOW - vpaddq $T0, $ACC2, $ACC2 - vpmuludq 32*4+512($a_ptr), $B, $T0 - vpaddq $OVERFLOW, $ACC3, $ACC3 - vpmuludq 32*5+512($a_ptr), $B, $OVERFLOW - vpaddq $T0, $ACC4, $ACC4 - vpmuludq 32*6+512($a_ptr), $B, $T0 - vpaddq $OVERFLOW, $ACC5, $ACC5 - vpmuludq 32*7+512($a_ptr), $B, $OVERFLOW - vpaddq $T0, $ACC6, $ACC6 - - # Skip some multiplications, optimizing for the constant poly - vpmuludq $AND_MASK, $Y, $T0 - vpaddq $OVERFLOW, $ACC7, $ACC7 - vpmuludq 32*8+512($a_ptr), $B, $ACC8 - vpaddq $T0, $ACC0, $OVERFLOW - vpaddq $T0, $ACC1, $ACC0 - vpsrlq $digit_size, $OVERFLOW, $OVERFLOW - vpaddq $T0, $ACC2, $ACC1 - vpmuludq 32*3(%rax), $Y, $T0 - vpaddq $OVERFLOW, $ACC0, $ACC0 - vpaddq $T0, $ACC3, $ACC2 - .byte 0x67 - vmovdqa $ACC4, $ACC3 - vpsllq \$18, $Y, $OVERFLOW - .byte 0x67 - vmovdqa $ACC5, $ACC4 - vpmuludq %ymm14, $Y, $T0 - vpaddq $OVERFLOW, $ACC6, $ACC5 - vpmuludq %ymm15, $Y, $OVERFLOW - vpaddq $T0, $ACC7, $ACC6 - vpaddq $OVERFLOW, $ACC8, $ACC7 - - dec $itr - jnz .Lavx2_mul_x4_loop - - vpxor $ACC8, $ACC8, $ACC8 - - ret -.size avx2_mul_x4,.-avx2_mul_x4 - -# Function optimized for the constant 1 -################################################################################ -# void avx2_mul_by1_x4(void* RESULTx4, void *Ax4); -.type avx2_mul_by1_x4,\@abi-omnipotent -.align 32 -avx2_mul_by1_x4: - lea .LAVX2_POLY(%rip), %rax - - vpxor $ACC0, $ACC0, $ACC0 - vpxor $ACC1, $ACC1, $ACC1 - vpxor $ACC2, $ACC2, $ACC2 - vpxor $ACC3, $ACC3, $ACC3 - vpxor $ACC4, $ACC4, $ACC4 - vpxor $ACC5, $ACC5, $ACC5 - vpxor $ACC6, $ACC6, $ACC6 - vpxor $ACC7, $ACC7, $ACC7 - vpxor $ACC8, $ACC8, $ACC8 - - vmovdqa 32*3+.LONE(%rip), %ymm14 - vmovdqa 32*7+.LONE(%rip), %ymm15 - - mov $n_digits, $itr - jmp .Lavx2_mul_by1_x4_loop - -.align 32 -.Lavx2_mul_by1_x4_loop: - vmovdqa 32*0($a_ptr), $B - .byte 0x48,0x8d,0xb6,0x20,0,0,0 # lea 32*1($a_ptr), $a_ptr - - vpsllq \$5, $B, $OVERFLOW - vpmuludq %ymm14, $B, $T0 - vpaddq $OVERFLOW, $ACC0, $ACC0 - vpaddq $T0, $ACC3, $ACC3 - .byte 0x67 - vpmuludq $AND_MASK, $B, $T0 - vpand $AND_MASK, $ACC0, $Y - vpaddq $T0, $ACC4, $ACC4 - vpaddq $T0, $ACC5, $ACC5 - vpaddq $T0, $ACC6, $ACC6 - vpsllq \$23, $B, $T0 - - .byte 0x67,0x67 - vpmuludq %ymm15, $B, $OVERFLOW - vpsubq $T0, $ACC6, $ACC6 - - vpmuludq $AND_MASK, $Y, $T0 - vpaddq $OVERFLOW, $ACC7, $ACC7 - vpaddq $T0, $ACC0, $OVERFLOW - vpaddq $T0, $ACC1, $ACC0 - .byte 0x67,0x67 - vpsrlq $digit_size, $OVERFLOW, $OVERFLOW - vpaddq $T0, $ACC2, $ACC1 - vpmuludq 32*3(%rax), $Y, $T0 - vpaddq $OVERFLOW, $ACC0, $ACC0 - vpaddq $T0, $ACC3, $ACC2 - vmovdqa $ACC4, $ACC3 - vpsllq \$18, $Y, $OVERFLOW - vmovdqa $ACC5, $ACC4 - vpmuludq 32*7(%rax), $Y, $T0 - vpaddq $OVERFLOW, $ACC6, $ACC5 - vpaddq $T0, $ACC7, $ACC6 - vpmuludq 32*8(%rax), $Y, $ACC7 - - dec $itr - jnz .Lavx2_mul_by1_x4_loop - - ret -.size avx2_mul_by1_x4,.-avx2_mul_by1_x4 - -################################################################################ -# void avx2_sqr_x4(void* RESULTx4, void *Ax4, void *Bx4); -.type avx2_sqr_x4,\@abi-omnipotent -.align 32 -avx2_sqr_x4: - lea .LAVX2_POLY(%rip), %rax - - vmovdqa 32*7(%rax), %ymm14 - vmovdqa 32*8(%rax), %ymm15 - - vmovdqa 32*0($a_ptr), $B - vmovdqa 32*1($a_ptr), $ACC1 - vmovdqa 32*2($a_ptr), $ACC2 - vmovdqa 32*3($a_ptr), $ACC3 - vmovdqa 32*4($a_ptr), $ACC4 - vmovdqa 32*5($a_ptr), $ACC5 - vmovdqa 32*6($a_ptr), $ACC6 - vmovdqa 32*7($a_ptr), $ACC7 - vpaddq $ACC1, $ACC1, $ACC1 # 2*$ACC0..7 - vmovdqa 32*8($a_ptr), $ACC8 - vpaddq $ACC2, $ACC2, $ACC2 - vmovdqa $ACC1, 32*0(%rcx) - vpaddq $ACC3, $ACC3, $ACC3 - vmovdqa $ACC2, 32*1(%rcx) - vpaddq $ACC4, $ACC4, $ACC4 - vmovdqa $ACC3, 32*2(%rcx) - vpaddq $ACC5, $ACC5, $ACC5 - vmovdqa $ACC4, 32*3(%rcx) - vpaddq $ACC6, $ACC6, $ACC6 - vmovdqa $ACC5, 32*4(%rcx) - vpaddq $ACC7, $ACC7, $ACC7 - vmovdqa $ACC6, 32*5(%rcx) - vpaddq $ACC8, $ACC8, $ACC8 - vmovdqa $ACC7, 32*6(%rcx) - vmovdqa $ACC8, 32*7(%rcx) - - #itr 1 - vpmuludq $B, $B, $ACC0 - vpmuludq $B, $ACC1, $ACC1 - vpand $AND_MASK, $ACC0, $Y - vpmuludq $B, $ACC2, $ACC2 - vpmuludq $B, $ACC3, $ACC3 - vpmuludq $B, $ACC4, $ACC4 - vpmuludq $B, $ACC5, $ACC5 - vpmuludq $B, $ACC6, $ACC6 - vpmuludq $AND_MASK, $Y, $T0 - vpmuludq $B, $ACC7, $ACC7 - vpmuludq $B, $ACC8, $ACC8 - vmovdqa 32*1($a_ptr), $B - - vpaddq $T0, $ACC0, $OVERFLOW - vpaddq $T0, $ACC1, $ACC0 - vpsrlq $digit_size, $OVERFLOW, $OVERFLOW - vpaddq $T0, $ACC2, $ACC1 - vpmuludq 32*3(%rax), $Y, $T0 - vpaddq $OVERFLOW, $ACC0, $ACC0 - vpaddq $T0, $ACC3, $ACC2 - vmovdqa $ACC4, $ACC3 - vpsllq \$18, $Y, $T0 - vmovdqa $ACC5, $ACC4 - vpmuludq %ymm14, $Y, $OVERFLOW - vpaddq $T0, $ACC6, $ACC5 - vpmuludq %ymm15, $Y, $T0 - vpaddq $OVERFLOW, $ACC7, $ACC6 - vpaddq $T0, $ACC8, $ACC7 - - #itr 2 - vpmuludq $B, $B, $OVERFLOW - vpand $AND_MASK, $ACC0, $Y - vpmuludq 32*1(%rcx), $B, $T0 - vpaddq $OVERFLOW, $ACC1, $ACC1 - vpmuludq 32*2(%rcx), $B, $OVERFLOW - vpaddq $T0, $ACC2, $ACC2 - vpmuludq 32*3(%rcx), $B, $T0 - vpaddq $OVERFLOW, $ACC3, $ACC3 - vpmuludq 32*4(%rcx), $B, $OVERFLOW - vpaddq $T0, $ACC4, $ACC4 - vpmuludq 32*5(%rcx), $B, $T0 - vpaddq $OVERFLOW, $ACC5, $ACC5 - vpmuludq 32*6(%rcx), $B, $OVERFLOW - vpaddq $T0, $ACC6, $ACC6 - - vpmuludq $AND_MASK, $Y, $T0 - vpaddq $OVERFLOW, $ACC7, $ACC7 - vpmuludq 32*7(%rcx), $B, $ACC8 - vmovdqa 32*2($a_ptr), $B - vpaddq $T0, $ACC0, $OVERFLOW - vpaddq $T0, $ACC1, $ACC0 - vpsrlq $digit_size, $OVERFLOW, $OVERFLOW - vpaddq $T0, $ACC2, $ACC1 - vpmuludq 32*3(%rax), $Y, $T0 - vpaddq $OVERFLOW, $ACC0, $ACC0 - vpaddq $T0, $ACC3, $ACC2 - vmovdqa $ACC4, $ACC3 - vpsllq \$18, $Y, $T0 - vmovdqa $ACC5, $ACC4 - vpmuludq %ymm14, $Y, $OVERFLOW - vpaddq $T0, $ACC6, $ACC5 - vpmuludq %ymm15, $Y, $T0 - vpaddq $OVERFLOW, $ACC7, $ACC6 - vpaddq $T0, $ACC8, $ACC7 - - #itr 3 - vpmuludq $B, $B, $T0 - vpand $AND_MASK, $ACC0, $Y - vpmuludq 32*2(%rcx), $B, $OVERFLOW - vpaddq $T0, $ACC2, $ACC2 - vpmuludq 32*3(%rcx), $B, $T0 - vpaddq $OVERFLOW, $ACC3, $ACC3 - vpmuludq 32*4(%rcx), $B, $OVERFLOW - vpaddq $T0, $ACC4, $ACC4 - vpmuludq 32*5(%rcx), $B, $T0 - vpaddq $OVERFLOW, $ACC5, $ACC5 - vpmuludq 32*6(%rcx), $B, $OVERFLOW - vpaddq $T0, $ACC6, $ACC6 - - vpmuludq $AND_MASK, $Y, $T0 - vpaddq $OVERFLOW, $ACC7, $ACC7 - vpmuludq 32*7(%rcx), $B, $ACC8 - vmovdqa 32*3($a_ptr), $B - vpaddq $T0, $ACC0, $OVERFLOW - vpaddq $T0, $ACC1, $ACC0 - vpsrlq $digit_size, $OVERFLOW, $OVERFLOW - vpaddq $T0, $ACC2, $ACC1 - vpmuludq 32*3(%rax), $Y, $T0 - vpaddq $OVERFLOW, $ACC0, $ACC0 - vpaddq $T0, $ACC3, $ACC2 - vmovdqa $ACC4, $ACC3 - vpsllq \$18, $Y, $T0 - vmovdqa $ACC5, $ACC4 - vpmuludq %ymm14, $Y, $OVERFLOW - vpaddq $T0, $ACC6, $ACC5 - vpmuludq %ymm15, $Y, $T0 - vpand $AND_MASK, $ACC0, $Y - vpaddq $OVERFLOW, $ACC7, $ACC6 - vpaddq $T0, $ACC8, $ACC7 - - #itr 4 - vpmuludq $B, $B, $OVERFLOW - vpmuludq 32*3(%rcx), $B, $T0 - vpaddq $OVERFLOW, $ACC3, $ACC3 - vpmuludq 32*4(%rcx), $B, $OVERFLOW - vpaddq $T0, $ACC4, $ACC4 - vpmuludq 32*5(%rcx), $B, $T0 - vpaddq $OVERFLOW, $ACC5, $ACC5 - vpmuludq 32*6(%rcx), $B, $OVERFLOW - vpaddq $T0, $ACC6, $ACC6 - - vpmuludq $AND_MASK, $Y, $T0 - vpaddq $OVERFLOW, $ACC7, $ACC7 - vpmuludq 32*7(%rcx), $B, $ACC8 - vmovdqa 32*4($a_ptr), $B - vpaddq $T0, $ACC0, $OVERFLOW - vpaddq $T0, $ACC1, $ACC0 - vpsrlq $digit_size, $OVERFLOW, $OVERFLOW - vpaddq $T0, $ACC2, $ACC1 - vpmuludq 32*3(%rax), $Y, $T0 - vpaddq $OVERFLOW, $ACC0, $ACC0 - vpaddq $T0, $ACC3, $ACC2 - vmovdqa $ACC4, $ACC3 - vpsllq \$18, $Y, $T0 - vmovdqa $ACC5, $ACC4 - vpmuludq %ymm14, $Y, $OVERFLOW - vpaddq $T0, $ACC6, $ACC5 - vpmuludq %ymm15, $Y, $T0 - vpand $AND_MASK, $ACC0, $Y - vpaddq $OVERFLOW, $ACC7, $ACC6 - vpaddq $T0, $ACC8, $ACC7 - - #itr 5 - vpmuludq $B, $B, $T0 - vpmuludq 32*4(%rcx), $B, $OVERFLOW - vpaddq $T0, $ACC4, $ACC4 - vpmuludq 32*5(%rcx), $B, $T0 - vpaddq $OVERFLOW, $ACC5, $ACC5 - vpmuludq 32*6(%rcx), $B, $OVERFLOW - vpaddq $T0, $ACC6, $ACC6 - - vpmuludq $AND_MASK, $Y, $T0 - vpaddq $OVERFLOW, $ACC7, $ACC7 - vpmuludq 32*7(%rcx), $B, $ACC8 - vmovdqa 32*5($a_ptr), $B - vpaddq $T0, $ACC0, $OVERFLOW - vpsrlq $digit_size, $OVERFLOW, $OVERFLOW - vpaddq $T0, $ACC1, $ACC0 - vpaddq $T0, $ACC2, $ACC1 - vpmuludq 32*3+.LAVX2_POLY(%rip), $Y, $T0 - vpaddq $OVERFLOW, $ACC0, $ACC0 - vpaddq $T0, $ACC3, $ACC2 - vmovdqa $ACC4, $ACC3 - vpsllq \$18, $Y, $T0 - vmovdqa $ACC5, $ACC4 - vpmuludq %ymm14, $Y, $OVERFLOW - vpaddq $T0, $ACC6, $ACC5 - vpmuludq %ymm15, $Y, $T0 - vpand $AND_MASK, $ACC0, $Y - vpaddq $OVERFLOW, $ACC7, $ACC6 - vpaddq $T0, $ACC8, $ACC7 - - #itr 6 - vpmuludq $B, $B, $OVERFLOW - vpmuludq 32*5(%rcx), $B, $T0 - vpaddq $OVERFLOW, $ACC5, $ACC5 - vpmuludq 32*6(%rcx), $B, $OVERFLOW - vpaddq $T0, $ACC6, $ACC6 - - vpmuludq $AND_MASK, $Y, $T0 - vpaddq $OVERFLOW, $ACC7, $ACC7 - vpmuludq 32*7(%rcx), $B, $ACC8 - vmovdqa 32*6($a_ptr), $B - vpaddq $T0, $ACC0, $OVERFLOW - vpaddq $T0, $ACC1, $ACC0 - vpsrlq $digit_size, $OVERFLOW, $OVERFLOW - vpaddq $T0, $ACC2, $ACC1 - vpmuludq 32*3(%rax), $Y, $T0 - vpaddq $OVERFLOW, $ACC0, $ACC0 - vpaddq $T0, $ACC3, $ACC2 - vmovdqa $ACC4, $ACC3 - vpsllq \$18, $Y, $T0 - vmovdqa $ACC5, $ACC4 - vpmuludq %ymm14, $Y, $OVERFLOW - vpaddq $T0, $ACC6, $ACC5 - vpmuludq %ymm15, $Y, $T0 - vpand $AND_MASK, $ACC0, $Y - vpaddq $OVERFLOW, $ACC7, $ACC6 - vpaddq $T0, $ACC8, $ACC7 - - #itr 7 - vpmuludq $B, $B, $T0 - vpmuludq 32*6(%rcx), $B, $OVERFLOW - vpaddq $T0, $ACC6, $ACC6 - - vpmuludq $AND_MASK, $Y, $T0 - vpaddq $OVERFLOW, $ACC7, $ACC7 - vpmuludq 32*7(%rcx), $B, $ACC8 - vmovdqa 32*7($a_ptr), $B - vpaddq $T0, $ACC0, $OVERFLOW - vpsrlq $digit_size, $OVERFLOW, $OVERFLOW - vpaddq $T0, $ACC1, $ACC0 - vpaddq $T0, $ACC2, $ACC1 - vpmuludq 32*3(%rax), $Y, $T0 - vpaddq $OVERFLOW, $ACC0, $ACC0 - vpaddq $T0, $ACC3, $ACC2 - vmovdqa $ACC4, $ACC3 - vpsllq \$18, $Y, $T0 - vmovdqa $ACC5, $ACC4 - vpmuludq %ymm14, $Y, $OVERFLOW - vpaddq $T0, $ACC6, $ACC5 - vpmuludq %ymm15, $Y, $T0 - vpand $AND_MASK, $ACC0, $Y - vpaddq $OVERFLOW, $ACC7, $ACC6 - vpaddq $T0, $ACC8, $ACC7 - - #itr 8 - vpmuludq $B, $B, $OVERFLOW - - vpmuludq $AND_MASK, $Y, $T0 - vpaddq $OVERFLOW, $ACC7, $ACC7 - vpmuludq 32*7(%rcx), $B, $ACC8 - vmovdqa 32*8($a_ptr), $B - vpaddq $T0, $ACC0, $OVERFLOW - vpsrlq $digit_size, $OVERFLOW, $OVERFLOW - vpaddq $T0, $ACC1, $ACC0 - vpaddq $T0, $ACC2, $ACC1 - vpmuludq 32*3(%rax), $Y, $T0 - vpaddq $OVERFLOW, $ACC0, $ACC0 - vpaddq $T0, $ACC3, $ACC2 - vmovdqa $ACC4, $ACC3 - vpsllq \$18, $Y, $T0 - vmovdqa $ACC5, $ACC4 - vpmuludq %ymm14, $Y, $OVERFLOW - vpaddq $T0, $ACC6, $ACC5 - vpmuludq %ymm15, $Y, $T0 - vpand $AND_MASK, $ACC0, $Y - vpaddq $OVERFLOW, $ACC7, $ACC6 - vpaddq $T0, $ACC8, $ACC7 - - #itr 9 - vpmuludq $B, $B, $ACC8 - - vpmuludq $AND_MASK, $Y, $T0 - vpaddq $T0, $ACC0, $OVERFLOW - vpsrlq $digit_size, $OVERFLOW, $OVERFLOW - vpaddq $T0, $ACC1, $ACC0 - vpaddq $T0, $ACC2, $ACC1 - vpmuludq 32*3(%rax), $Y, $T0 - vpaddq $OVERFLOW, $ACC0, $ACC0 - vpaddq $T0, $ACC3, $ACC2 - vmovdqa $ACC4, $ACC3 - vpsllq \$18, $Y, $T0 - vmovdqa $ACC5, $ACC4 - vpmuludq %ymm14, $Y, $OVERFLOW - vpaddq $T0, $ACC6, $ACC5 - vpmuludq %ymm15, $Y, $T0 - vpaddq $OVERFLOW, $ACC7, $ACC6 - vpaddq $T0, $ACC8, $ACC7 - - vpxor $ACC8, $ACC8, $ACC8 - - ret -.size avx2_sqr_x4,.-avx2_sqr_x4 - -################################################################################ -# void avx2_sub_x4(void* RESULTx4, void *Ax4, void *Bx4); -.type avx2_sub_x4,\@abi-omnipotent -.align 32 -avx2_sub_x4: - vmovdqa 32*0($a_ptr), $ACC0 - lea 160($a_ptr), $a_ptr - lea .LAVX2_POLY_x8+128(%rip), %rax - lea 128($b_ptr), $b_ptr - vmovdqa 32*1-160($a_ptr), $ACC1 - vmovdqa 32*2-160($a_ptr), $ACC2 - vmovdqa 32*3-160($a_ptr), $ACC3 - vmovdqa 32*4-160($a_ptr), $ACC4 - vmovdqa 32*5-160($a_ptr), $ACC5 - vmovdqa 32*6-160($a_ptr), $ACC6 - vmovdqa 32*7-160($a_ptr), $ACC7 - vmovdqa 32*8-160($a_ptr), $ACC8 - - vpaddq 32*0-128(%rax), $ACC0, $ACC0 - vpaddq 32*1-128(%rax), $ACC1, $ACC1 - vpaddq 32*2-128(%rax), $ACC2, $ACC2 - vpaddq 32*3-128(%rax), $ACC3, $ACC3 - vpaddq 32*4-128(%rax), $ACC4, $ACC4 - vpaddq 32*5-128(%rax), $ACC5, $ACC5 - vpaddq 32*6-128(%rax), $ACC6, $ACC6 - vpaddq 32*7-128(%rax), $ACC7, $ACC7 - vpaddq 32*8-128(%rax), $ACC8, $ACC8 - - vpsubq 32*0-128($b_ptr), $ACC0, $ACC0 - vpsubq 32*1-128($b_ptr), $ACC1, $ACC1 - vpsubq 32*2-128($b_ptr), $ACC2, $ACC2 - vpsubq 32*3-128($b_ptr), $ACC3, $ACC3 - vpsubq 32*4-128($b_ptr), $ACC4, $ACC4 - vpsubq 32*5-128($b_ptr), $ACC5, $ACC5 - vpsubq 32*6-128($b_ptr), $ACC6, $ACC6 - vpsubq 32*7-128($b_ptr), $ACC7, $ACC7 - vpsubq 32*8-128($b_ptr), $ACC8, $ACC8 - - ret -.size avx2_sub_x4,.-avx2_sub_x4 - -.type avx2_select_n_store,\@abi-omnipotent -.align 32 -avx2_select_n_store: - vmovdqa `8+32*9*8`(%rsp), $Y - vpor `8+32*9*8+32`(%rsp), $Y, $Y - - vpandn $ACC0, $Y, $ACC0 - vpandn $ACC1, $Y, $ACC1 - vpandn $ACC2, $Y, $ACC2 - vpandn $ACC3, $Y, $ACC3 - vpandn $ACC4, $Y, $ACC4 - vpandn $ACC5, $Y, $ACC5 - vpandn $ACC6, $Y, $ACC6 - vmovdqa `8+32*9*8+32`(%rsp), $B - vpandn $ACC7, $Y, $ACC7 - vpandn `8+32*9*8`(%rsp), $B, $B - vpandn $ACC8, $Y, $ACC8 - - vpand 32*0(%rsi), $B, $T0 - lea 160(%rsi), %rax - vpand 32*1(%rsi), $B, $Y - vpxor $T0, $ACC0, $ACC0 - vpand 32*2(%rsi), $B, $T0 - vpxor $Y, $ACC1, $ACC1 - vpand 32*3(%rsi), $B, $Y - vpxor $T0, $ACC2, $ACC2 - vpand 32*4-160(%rax), $B, $T0 - vpxor $Y, $ACC3, $ACC3 - vpand 32*5-160(%rax), $B, $Y - vpxor $T0, $ACC4, $ACC4 - vpand 32*6-160(%rax), $B, $T0 - vpxor $Y, $ACC5, $ACC5 - vpand 32*7-160(%rax), $B, $Y - vpxor $T0, $ACC6, $ACC6 - vpand 32*8-160(%rax), $B, $T0 - vmovdqa `8+32*9*8+32`(%rsp), $B - vpxor $Y, $ACC7, $ACC7 - - vpand 32*0(%rdx), $B, $Y - lea 160(%rdx), %rax - vpxor $T0, $ACC8, $ACC8 - vpand 32*1(%rdx), $B, $T0 - vpxor $Y, $ACC0, $ACC0 - vpand 32*2(%rdx), $B, $Y - vpxor $T0, $ACC1, $ACC1 - vpand 32*3(%rdx), $B, $T0 - vpxor $Y, $ACC2, $ACC2 - vpand 32*4-160(%rax), $B, $Y - vpxor $T0, $ACC3, $ACC3 - vpand 32*5-160(%rax), $B, $T0 - vpxor $Y, $ACC4, $ACC4 - vpand 32*6-160(%rax), $B, $Y - vpxor $T0, $ACC5, $ACC5 - vpand 32*7-160(%rax), $B, $T0 - vpxor $Y, $ACC6, $ACC6 - vpand 32*8-160(%rax), $B, $Y - vpxor $T0, $ACC7, $ACC7 - vpxor $Y, $ACC8, $ACC8 - `&STORE` - - ret -.size avx2_select_n_store,.-avx2_select_n_store -___ -$code.=<<___ if (0); # inlined -################################################################################ -# void avx2_mul_by2_x4(void* RESULTx4, void *Ax4); -.type avx2_mul_by2_x4,\@abi-omnipotent -.align 32 -avx2_mul_by2_x4: - vmovdqa 32*0($a_ptr), $ACC0 - lea 160($a_ptr), %rax - vmovdqa 32*1($a_ptr), $ACC1 - vmovdqa 32*2($a_ptr), $ACC2 - vmovdqa 32*3($a_ptr), $ACC3 - vmovdqa 32*4-160(%rax), $ACC4 - vmovdqa 32*5-160(%rax), $ACC5 - vmovdqa 32*6-160(%rax), $ACC6 - vmovdqa 32*7-160(%rax), $ACC7 - vmovdqa 32*8-160(%rax), $ACC8 - - vpaddq $ACC0, $ACC0, $ACC0 - vpaddq $ACC1, $ACC1, $ACC1 - vpaddq $ACC2, $ACC2, $ACC2 - vpaddq $ACC3, $ACC3, $ACC3 - vpaddq $ACC4, $ACC4, $ACC4 - vpaddq $ACC5, $ACC5, $ACC5 - vpaddq $ACC6, $ACC6, $ACC6 - vpaddq $ACC7, $ACC7, $ACC7 - vpaddq $ACC8, $ACC8, $ACC8 - - ret -.size avx2_mul_by2_x4,.-avx2_mul_by2_x4 -___ -my ($r_ptr_in,$a_ptr_in,$b_ptr_in)=("%rdi","%rsi","%rdx"); -my ($r_ptr,$a_ptr,$b_ptr)=("%r8","%r9","%r10"); - -$code.=<<___; -################################################################################ -# void ecp_nistz256_avx2_point_add_affine_x4(void* RESULTx4, void *Ax4, void *Bx4); -.globl ecp_nistz256_avx2_point_add_affine_x4 -.type ecp_nistz256_avx2_point_add_affine_x4,\@function,3 -.align 32 -ecp_nistz256_avx2_point_add_affine_x4: - mov %rsp, %rax - push %rbp - vzeroupper -___ -$code.=<<___ if ($win64); - lea -16*10(%rsp), %rsp - vmovaps %xmm6, -8-16*10(%rax) - vmovaps %xmm7, -8-16*9(%rax) - vmovaps %xmm8, -8-16*8(%rax) - vmovaps %xmm9, -8-16*7(%rax) - vmovaps %xmm10, -8-16*6(%rax) - vmovaps %xmm11, -8-16*5(%rax) - vmovaps %xmm12, -8-16*4(%rax) - vmovaps %xmm13, -8-16*3(%rax) - vmovaps %xmm14, -8-16*2(%rax) - vmovaps %xmm15, -8-16*1(%rax) -___ -$code.=<<___; - lea -8(%rax), %rbp - -# Result + 32*0 = Result.X -# Result + 32*9 = Result.Y -# Result + 32*18 = Result.Z - -# A + 32*0 = A.X -# A + 32*9 = A.Y -# A + 32*18 = A.Z - -# B + 32*0 = B.X -# B + 32*9 = B.Y - - sub \$`32*9*8+32*2+32*8`, %rsp - and \$-64, %rsp - - mov $r_ptr_in, $r_ptr - mov $a_ptr_in, $a_ptr - mov $b_ptr_in, $b_ptr - - vmovdqa 32*0($a_ptr_in), %ymm0 - vmovdqa .LAVX2_AND_MASK(%rip), $AND_MASK - vpxor %ymm1, %ymm1, %ymm1 - lea 256($a_ptr_in), %rax # size optimization - vpor 32*1($a_ptr_in), %ymm0, %ymm0 - vpor 32*2($a_ptr_in), %ymm0, %ymm0 - vpor 32*3($a_ptr_in), %ymm0, %ymm0 - vpor 32*4-256(%rax), %ymm0, %ymm0 - lea 256(%rax), %rcx # size optimization - vpor 32*5-256(%rax), %ymm0, %ymm0 - vpor 32*6-256(%rax), %ymm0, %ymm0 - vpor 32*7-256(%rax), %ymm0, %ymm0 - vpor 32*8-256(%rax), %ymm0, %ymm0 - vpor 32*9-256(%rax), %ymm0, %ymm0 - vpor 32*10-256(%rax), %ymm0, %ymm0 - vpor 32*11-256(%rax), %ymm0, %ymm0 - vpor 32*12-512(%rcx), %ymm0, %ymm0 - vpor 32*13-512(%rcx), %ymm0, %ymm0 - vpor 32*14-512(%rcx), %ymm0, %ymm0 - vpor 32*15-512(%rcx), %ymm0, %ymm0 - vpor 32*16-512(%rcx), %ymm0, %ymm0 - vpor 32*17-512(%rcx), %ymm0, %ymm0 - vpcmpeqq %ymm1, %ymm0, %ymm0 - vmovdqa %ymm0, `32*9*8`(%rsp) - - vpxor %ymm1, %ymm1, %ymm1 - vmovdqa 32*0($b_ptr), %ymm0 - lea 256($b_ptr), %rax # size optimization - vpor 32*1($b_ptr), %ymm0, %ymm0 - vpor 32*2($b_ptr), %ymm0, %ymm0 - vpor 32*3($b_ptr), %ymm0, %ymm0 - vpor 32*4-256(%rax), %ymm0, %ymm0 - lea 256(%rax), %rcx # size optimization - vpor 32*5-256(%rax), %ymm0, %ymm0 - vpor 32*6-256(%rax), %ymm0, %ymm0 - vpor 32*7-256(%rax), %ymm0, %ymm0 - vpor 32*8-256(%rax), %ymm0, %ymm0 - vpor 32*9-256(%rax), %ymm0, %ymm0 - vpor 32*10-256(%rax), %ymm0, %ymm0 - vpor 32*11-256(%rax), %ymm0, %ymm0 - vpor 32*12-512(%rcx), %ymm0, %ymm0 - vpor 32*13-512(%rcx), %ymm0, %ymm0 - vpor 32*14-512(%rcx), %ymm0, %ymm0 - vpor 32*15-512(%rcx), %ymm0, %ymm0 - vpor 32*16-512(%rcx), %ymm0, %ymm0 - vpor 32*17-512(%rcx), %ymm0, %ymm0 - vpcmpeqq %ymm1, %ymm0, %ymm0 - vmovdqa %ymm0, `32*9*8+32`(%rsp) - - # Z1^2 = Z1*Z1 - lea `32*9*2`($a_ptr), %rsi - lea `32*9*2`(%rsp), %rdi - lea `32*9*8+32*2`(%rsp), %rcx # temporary vector - call avx2_sqr_x4 - call avx2_normalize_n_store - - # U2 = X2*Z1^2 - lea `32*9*0`($b_ptr), %rsi - lea `32*9*2`(%rsp), %rdx - lea `32*9*0`(%rsp), %rdi - call avx2_mul_x4 - #call avx2_normalize - `&STORE` - - # S2 = Z1*Z1^2 = Z1^3 - lea `32*9*2`($a_ptr), %rsi - lea `32*9*2`(%rsp), %rdx - lea `32*9*1`(%rsp), %rdi - call avx2_mul_x4 - call avx2_normalize_n_store - - # S2 = S2*Y2 = Y2*Z1^3 - lea `32*9*1`($b_ptr), %rsi - lea `32*9*1`(%rsp), %rdx - lea `32*9*1`(%rsp), %rdi - call avx2_mul_x4 - call avx2_normalize_n_store - - # H = U2 - U1 = U2 - X1 - lea `32*9*0`(%rsp), %rsi - lea `32*9*0`($a_ptr), %rdx - lea `32*9*3`(%rsp), %rdi - call avx2_sub_x4 - call avx2_normalize_n_store - - # R = S2 - S1 = S2 - Y1 - lea `32*9*1`(%rsp), %rsi - lea `32*9*1`($a_ptr), %rdx - lea `32*9*4`(%rsp), %rdi - call avx2_sub_x4 - call avx2_normalize_n_store - - # Z3 = H*Z1*Z2 - lea `32*9*3`(%rsp), %rsi - lea `32*9*2`($a_ptr), %rdx - lea `32*9*2`($r_ptr), %rdi - call avx2_mul_x4 - call avx2_normalize - - lea .LONE(%rip), %rsi - lea `32*9*2`($a_ptr), %rdx - call avx2_select_n_store - - # R^2 = R^2 - lea `32*9*4`(%rsp), %rsi - lea `32*9*6`(%rsp), %rdi - lea `32*9*8+32*2`(%rsp), %rcx # temporary vector - call avx2_sqr_x4 - call avx2_normalize_n_store - - # H^2 = H^2 - lea `32*9*3`(%rsp), %rsi - lea `32*9*5`(%rsp), %rdi - call avx2_sqr_x4 - call avx2_normalize_n_store - - # H^3 = H^2*H - lea `32*9*3`(%rsp), %rsi - lea `32*9*5`(%rsp), %rdx - lea `32*9*7`(%rsp), %rdi - call avx2_mul_x4 - call avx2_normalize_n_store - - # U2 = U1*H^2 - lea `32*9*0`($a_ptr), %rsi - lea `32*9*5`(%rsp), %rdx - lea `32*9*0`(%rsp), %rdi - call avx2_mul_x4 - #call avx2_normalize - `&STORE` - - # Hsqr = U2*2 - #lea 32*9*0(%rsp), %rsi - #lea 32*9*5(%rsp), %rdi - #call avx2_mul_by2_x4 - - vpaddq $ACC0, $ACC0, $ACC0 # inlined avx2_mul_by2_x4 - lea `32*9*5`(%rsp), %rdi - vpaddq $ACC1, $ACC1, $ACC1 - vpaddq $ACC2, $ACC2, $ACC2 - vpaddq $ACC3, $ACC3, $ACC3 - vpaddq $ACC4, $ACC4, $ACC4 - vpaddq $ACC5, $ACC5, $ACC5 - vpaddq $ACC6, $ACC6, $ACC6 - vpaddq $ACC7, $ACC7, $ACC7 - vpaddq $ACC8, $ACC8, $ACC8 - call avx2_normalize_n_store - - # X3 = R^2 - H^3 - #lea 32*9*6(%rsp), %rsi - #lea 32*9*7(%rsp), %rdx - #lea 32*9*5(%rsp), %rcx - #lea 32*9*0($r_ptr), %rdi - #call avx2_sub_x4 - #NORMALIZE - #STORE - - # X3 = X3 - U2*2 - #lea 32*9*0($r_ptr), %rsi - #lea 32*9*0($r_ptr), %rdi - #call avx2_sub_x4 - #NORMALIZE - #STORE - - lea `32*9*6+128`(%rsp), %rsi - lea .LAVX2_POLY_x2+128(%rip), %rax - lea `32*9*7+128`(%rsp), %rdx - lea `32*9*5+128`(%rsp), %rcx - lea `32*9*0`($r_ptr), %rdi - - vmovdqa 32*0-128(%rsi), $ACC0 - vmovdqa 32*1-128(%rsi), $ACC1 - vmovdqa 32*2-128(%rsi), $ACC2 - vmovdqa 32*3-128(%rsi), $ACC3 - vmovdqa 32*4-128(%rsi), $ACC4 - vmovdqa 32*5-128(%rsi), $ACC5 - vmovdqa 32*6-128(%rsi), $ACC6 - vmovdqa 32*7-128(%rsi), $ACC7 - vmovdqa 32*8-128(%rsi), $ACC8 - - vpaddq 32*0-128(%rax), $ACC0, $ACC0 - vpaddq 32*1-128(%rax), $ACC1, $ACC1 - vpaddq 32*2-128(%rax), $ACC2, $ACC2 - vpaddq 32*3-128(%rax), $ACC3, $ACC3 - vpaddq 32*4-128(%rax), $ACC4, $ACC4 - vpaddq 32*5-128(%rax), $ACC5, $ACC5 - vpaddq 32*6-128(%rax), $ACC6, $ACC6 - vpaddq 32*7-128(%rax), $ACC7, $ACC7 - vpaddq 32*8-128(%rax), $ACC8, $ACC8 - - vpsubq 32*0-128(%rdx), $ACC0, $ACC0 - vpsubq 32*1-128(%rdx), $ACC1, $ACC1 - vpsubq 32*2-128(%rdx), $ACC2, $ACC2 - vpsubq 32*3-128(%rdx), $ACC3, $ACC3 - vpsubq 32*4-128(%rdx), $ACC4, $ACC4 - vpsubq 32*5-128(%rdx), $ACC5, $ACC5 - vpsubq 32*6-128(%rdx), $ACC6, $ACC6 - vpsubq 32*7-128(%rdx), $ACC7, $ACC7 - vpsubq 32*8-128(%rdx), $ACC8, $ACC8 - - vpsubq 32*0-128(%rcx), $ACC0, $ACC0 - vpsubq 32*1-128(%rcx), $ACC1, $ACC1 - vpsubq 32*2-128(%rcx), $ACC2, $ACC2 - vpsubq 32*3-128(%rcx), $ACC3, $ACC3 - vpsubq 32*4-128(%rcx), $ACC4, $ACC4 - vpsubq 32*5-128(%rcx), $ACC5, $ACC5 - vpsubq 32*6-128(%rcx), $ACC6, $ACC6 - vpsubq 32*7-128(%rcx), $ACC7, $ACC7 - vpsubq 32*8-128(%rcx), $ACC8, $ACC8 - call avx2_normalize - - lea 32*0($b_ptr), %rsi - lea 32*0($a_ptr), %rdx - call avx2_select_n_store - - # H = U2 - X3 - lea `32*9*0`(%rsp), %rsi - lea `32*9*0`($r_ptr), %rdx - lea `32*9*3`(%rsp), %rdi - call avx2_sub_x4 - call avx2_normalize_n_store - - # - lea `32*9*3`(%rsp), %rsi - lea `32*9*4`(%rsp), %rdx - lea `32*9*3`(%rsp), %rdi - call avx2_mul_x4 - call avx2_normalize_n_store - - # - lea `32*9*7`(%rsp), %rsi - lea `32*9*1`($a_ptr), %rdx - lea `32*9*1`(%rsp), %rdi - call avx2_mul_x4 - call avx2_normalize_n_store - - # - lea `32*9*3`(%rsp), %rsi - lea `32*9*1`(%rsp), %rdx - lea `32*9*1`($r_ptr), %rdi - call avx2_sub_x4 - call avx2_normalize - - lea 32*9($b_ptr), %rsi - lea 32*9($a_ptr), %rdx - call avx2_select_n_store - - #lea 32*9*0($r_ptr), %rsi - #lea 32*9*0($r_ptr), %rdi - #call avx2_mul_by1_x4 - #NORMALIZE - #STORE - - lea `32*9*1`($r_ptr), %rsi - lea `32*9*1`($r_ptr), %rdi - call avx2_mul_by1_x4 - call avx2_normalize_n_store - - vzeroupper -___ -$code.=<<___ if ($win64); - movaps %xmm6, -16*10(%rbp) - movaps %xmm7, -16*9(%rbp) - movaps %xmm8, -16*8(%rbp) - movaps %xmm9, -16*7(%rbp) - movaps %xmm10, -16*6(%rbp) - movaps %xmm11, -16*5(%rbp) - movaps %xmm12, -16*4(%rbp) - movaps %xmm13, -16*3(%rbp) - movaps %xmm14, -16*2(%rbp) - movaps %xmm15, -16*1(%rbp) -___ -$code.=<<___; - mov %rbp, %rsp - pop %rbp - ret -.size ecp_nistz256_avx2_point_add_affine_x4,.-ecp_nistz256_avx2_point_add_affine_x4 - -################################################################################ -# void ecp_nistz256_avx2_point_add_affines_x4(void* RESULTx4, void *Ax4, void *Bx4); -.globl ecp_nistz256_avx2_point_add_affines_x4 -.type ecp_nistz256_avx2_point_add_affines_x4,\@function,3 -.align 32 -ecp_nistz256_avx2_point_add_affines_x4: - mov %rsp, %rax - push %rbp - vzeroupper -___ -$code.=<<___ if ($win64); - lea -16*10(%rsp), %rsp - vmovaps %xmm6, -8-16*10(%rax) - vmovaps %xmm7, -8-16*9(%rax) - vmovaps %xmm8, -8-16*8(%rax) - vmovaps %xmm9, -8-16*7(%rax) - vmovaps %xmm10, -8-16*6(%rax) - vmovaps %xmm11, -8-16*5(%rax) - vmovaps %xmm12, -8-16*4(%rax) - vmovaps %xmm13, -8-16*3(%rax) - vmovaps %xmm14, -8-16*2(%rax) - vmovaps %xmm15, -8-16*1(%rax) -___ -$code.=<<___; - lea -8(%rax), %rbp - -# Result + 32*0 = Result.X -# Result + 32*9 = Result.Y -# Result + 32*18 = Result.Z - -# A + 32*0 = A.X -# A + 32*9 = A.Y - -# B + 32*0 = B.X -# B + 32*9 = B.Y - - sub \$`32*9*8+32*2+32*8`, %rsp - and \$-64, %rsp - - mov $r_ptr_in, $r_ptr - mov $a_ptr_in, $a_ptr - mov $b_ptr_in, $b_ptr - - vmovdqa 32*0($a_ptr_in), %ymm0 - vmovdqa .LAVX2_AND_MASK(%rip), $AND_MASK - vpxor %ymm1, %ymm1, %ymm1 - lea 256($a_ptr_in), %rax # size optimization - vpor 32*1($a_ptr_in), %ymm0, %ymm0 - vpor 32*2($a_ptr_in), %ymm0, %ymm0 - vpor 32*3($a_ptr_in), %ymm0, %ymm0 - vpor 32*4-256(%rax), %ymm0, %ymm0 - lea 256(%rax), %rcx # size optimization - vpor 32*5-256(%rax), %ymm0, %ymm0 - vpor 32*6-256(%rax), %ymm0, %ymm0 - vpor 32*7-256(%rax), %ymm0, %ymm0 - vpor 32*8-256(%rax), %ymm0, %ymm0 - vpor 32*9-256(%rax), %ymm0, %ymm0 - vpor 32*10-256(%rax), %ymm0, %ymm0 - vpor 32*11-256(%rax), %ymm0, %ymm0 - vpor 32*12-512(%rcx), %ymm0, %ymm0 - vpor 32*13-512(%rcx), %ymm0, %ymm0 - vpor 32*14-512(%rcx), %ymm0, %ymm0 - vpor 32*15-512(%rcx), %ymm0, %ymm0 - vpor 32*16-512(%rcx), %ymm0, %ymm0 - vpor 32*17-512(%rcx), %ymm0, %ymm0 - vpcmpeqq %ymm1, %ymm0, %ymm0 - vmovdqa %ymm0, `32*9*8`(%rsp) - - vpxor %ymm1, %ymm1, %ymm1 - vmovdqa 32*0($b_ptr), %ymm0 - lea 256($b_ptr), %rax # size optimization - vpor 32*1($b_ptr), %ymm0, %ymm0 - vpor 32*2($b_ptr), %ymm0, %ymm0 - vpor 32*3($b_ptr), %ymm0, %ymm0 - vpor 32*4-256(%rax), %ymm0, %ymm0 - lea 256(%rax), %rcx # size optimization - vpor 32*5-256(%rax), %ymm0, %ymm0 - vpor 32*6-256(%rax), %ymm0, %ymm0 - vpor 32*7-256(%rax), %ymm0, %ymm0 - vpor 32*8-256(%rax), %ymm0, %ymm0 - vpor 32*9-256(%rax), %ymm0, %ymm0 - vpor 32*10-256(%rax), %ymm0, %ymm0 - vpor 32*11-256(%rax), %ymm0, %ymm0 - vpor 32*12-512(%rcx), %ymm0, %ymm0 - vpor 32*13-512(%rcx), %ymm0, %ymm0 - vpor 32*14-512(%rcx), %ymm0, %ymm0 - vpor 32*15-512(%rcx), %ymm0, %ymm0 - vpor 32*16-512(%rcx), %ymm0, %ymm0 - vpor 32*17-512(%rcx), %ymm0, %ymm0 - vpcmpeqq %ymm1, %ymm0, %ymm0 - vmovdqa %ymm0, `32*9*8+32`(%rsp) - - # H = U2 - U1 = X2 - X1 - lea `32*9*0`($b_ptr), %rsi - lea `32*9*0`($a_ptr), %rdx - lea `32*9*3`(%rsp), %rdi - call avx2_sub_x4 - call avx2_normalize_n_store - - # R = S2 - S1 = Y2 - Y1 - lea `32*9*1`($b_ptr), %rsi - lea `32*9*1`($a_ptr), %rdx - lea `32*9*4`(%rsp), %rdi - call avx2_sub_x4 - call avx2_normalize_n_store - - # Z3 = H*Z1*Z2 = H - lea `32*9*3`(%rsp), %rsi - lea `32*9*2`($r_ptr), %rdi - call avx2_mul_by1_x4 - call avx2_normalize - - vmovdqa `32*9*8`(%rsp), $B - vpor `32*9*8+32`(%rsp), $B, $B - - vpandn $ACC0, $B, $ACC0 - lea .LONE+128(%rip), %rax - vpandn $ACC1, $B, $ACC1 - vpandn $ACC2, $B, $ACC2 - vpandn $ACC3, $B, $ACC3 - vpandn $ACC4, $B, $ACC4 - vpandn $ACC5, $B, $ACC5 - vpandn $ACC6, $B, $ACC6 - vpandn $ACC7, $B, $ACC7 - - vpand 32*0-128(%rax), $B, $T0 - vpandn $ACC8, $B, $ACC8 - vpand 32*1-128(%rax), $B, $Y - vpxor $T0, $ACC0, $ACC0 - vpand 32*2-128(%rax), $B, $T0 - vpxor $Y, $ACC1, $ACC1 - vpand 32*3-128(%rax), $B, $Y - vpxor $T0, $ACC2, $ACC2 - vpand 32*4-128(%rax), $B, $T0 - vpxor $Y, $ACC3, $ACC3 - vpand 32*5-128(%rax), $B, $Y - vpxor $T0, $ACC4, $ACC4 - vpand 32*6-128(%rax), $B, $T0 - vpxor $Y, $ACC5, $ACC5 - vpand 32*7-128(%rax), $B, $Y - vpxor $T0, $ACC6, $ACC6 - vpand 32*8-128(%rax), $B, $T0 - vpxor $Y, $ACC7, $ACC7 - vpxor $T0, $ACC8, $ACC8 - `&STORE` - - # R^2 = R^2 - lea `32*9*4`(%rsp), %rsi - lea `32*9*6`(%rsp), %rdi - lea `32*9*8+32*2`(%rsp), %rcx # temporary vector - call avx2_sqr_x4 - call avx2_normalize_n_store - - # H^2 = H^2 - lea `32*9*3`(%rsp), %rsi - lea `32*9*5`(%rsp), %rdi - call avx2_sqr_x4 - call avx2_normalize_n_store - - # H^3 = H^2*H - lea `32*9*3`(%rsp), %rsi - lea `32*9*5`(%rsp), %rdx - lea `32*9*7`(%rsp), %rdi - call avx2_mul_x4 - call avx2_normalize_n_store - - # U2 = U1*H^2 - lea `32*9*0`($a_ptr), %rsi - lea `32*9*5`(%rsp), %rdx - lea `32*9*0`(%rsp), %rdi - call avx2_mul_x4 - #call avx2_normalize - `&STORE` - - # Hsqr = U2*2 - #lea 32*9*0(%rsp), %rsi - #lea 32*9*5(%rsp), %rdi - #call avx2_mul_by2_x4 - - vpaddq $ACC0, $ACC0, $ACC0 # inlined avx2_mul_by2_x4 - lea `32*9*5`(%rsp), %rdi - vpaddq $ACC1, $ACC1, $ACC1 - vpaddq $ACC2, $ACC2, $ACC2 - vpaddq $ACC3, $ACC3, $ACC3 - vpaddq $ACC4, $ACC4, $ACC4 - vpaddq $ACC5, $ACC5, $ACC5 - vpaddq $ACC6, $ACC6, $ACC6 - vpaddq $ACC7, $ACC7, $ACC7 - vpaddq $ACC8, $ACC8, $ACC8 - call avx2_normalize_n_store - - # X3 = R^2 - H^3 - #lea 32*9*6(%rsp), %rsi - #lea 32*9*7(%rsp), %rdx - #lea 32*9*5(%rsp), %rcx - #lea 32*9*0($r_ptr), %rdi - #call avx2_sub_x4 - #NORMALIZE - #STORE - - # X3 = X3 - U2*2 - #lea 32*9*0($r_ptr), %rsi - #lea 32*9*0($r_ptr), %rdi - #call avx2_sub_x4 - #NORMALIZE - #STORE - - lea `32*9*6+128`(%rsp), %rsi - lea .LAVX2_POLY_x2+128(%rip), %rax - lea `32*9*7+128`(%rsp), %rdx - lea `32*9*5+128`(%rsp), %rcx - lea `32*9*0`($r_ptr), %rdi - - vmovdqa 32*0-128(%rsi), $ACC0 - vmovdqa 32*1-128(%rsi), $ACC1 - vmovdqa 32*2-128(%rsi), $ACC2 - vmovdqa 32*3-128(%rsi), $ACC3 - vmovdqa 32*4-128(%rsi), $ACC4 - vmovdqa 32*5-128(%rsi), $ACC5 - vmovdqa 32*6-128(%rsi), $ACC6 - vmovdqa 32*7-128(%rsi), $ACC7 - vmovdqa 32*8-128(%rsi), $ACC8 - - vpaddq 32*0-128(%rax), $ACC0, $ACC0 - vpaddq 32*1-128(%rax), $ACC1, $ACC1 - vpaddq 32*2-128(%rax), $ACC2, $ACC2 - vpaddq 32*3-128(%rax), $ACC3, $ACC3 - vpaddq 32*4-128(%rax), $ACC4, $ACC4 - vpaddq 32*5-128(%rax), $ACC5, $ACC5 - vpaddq 32*6-128(%rax), $ACC6, $ACC6 - vpaddq 32*7-128(%rax), $ACC7, $ACC7 - vpaddq 32*8-128(%rax), $ACC8, $ACC8 - - vpsubq 32*0-128(%rdx), $ACC0, $ACC0 - vpsubq 32*1-128(%rdx), $ACC1, $ACC1 - vpsubq 32*2-128(%rdx), $ACC2, $ACC2 - vpsubq 32*3-128(%rdx), $ACC3, $ACC3 - vpsubq 32*4-128(%rdx), $ACC4, $ACC4 - vpsubq 32*5-128(%rdx), $ACC5, $ACC5 - vpsubq 32*6-128(%rdx), $ACC6, $ACC6 - vpsubq 32*7-128(%rdx), $ACC7, $ACC7 - vpsubq 32*8-128(%rdx), $ACC8, $ACC8 - - vpsubq 32*0-128(%rcx), $ACC0, $ACC0 - vpsubq 32*1-128(%rcx), $ACC1, $ACC1 - vpsubq 32*2-128(%rcx), $ACC2, $ACC2 - vpsubq 32*3-128(%rcx), $ACC3, $ACC3 - vpsubq 32*4-128(%rcx), $ACC4, $ACC4 - vpsubq 32*5-128(%rcx), $ACC5, $ACC5 - vpsubq 32*6-128(%rcx), $ACC6, $ACC6 - vpsubq 32*7-128(%rcx), $ACC7, $ACC7 - vpsubq 32*8-128(%rcx), $ACC8, $ACC8 - call avx2_normalize - - lea 32*0($b_ptr), %rsi - lea 32*0($a_ptr), %rdx - call avx2_select_n_store - - # H = U2 - X3 - lea `32*9*0`(%rsp), %rsi - lea `32*9*0`($r_ptr), %rdx - lea `32*9*3`(%rsp), %rdi - call avx2_sub_x4 - call avx2_normalize_n_store - - # H = H*R - lea `32*9*3`(%rsp), %rsi - lea `32*9*4`(%rsp), %rdx - lea `32*9*3`(%rsp), %rdi - call avx2_mul_x4 - call avx2_normalize_n_store - - # S2 = S1 * H^3 - lea `32*9*7`(%rsp), %rsi - lea `32*9*1`($a_ptr), %rdx - lea `32*9*1`(%rsp), %rdi - call avx2_mul_x4 - call avx2_normalize_n_store - - # - lea `32*9*3`(%rsp), %rsi - lea `32*9*1`(%rsp), %rdx - lea `32*9*1`($r_ptr), %rdi - call avx2_sub_x4 - call avx2_normalize - - lea 32*9($b_ptr), %rsi - lea 32*9($a_ptr), %rdx - call avx2_select_n_store - - #lea 32*9*0($r_ptr), %rsi - #lea 32*9*0($r_ptr), %rdi - #call avx2_mul_by1_x4 - #NORMALIZE - #STORE - - lea `32*9*1`($r_ptr), %rsi - lea `32*9*1`($r_ptr), %rdi - call avx2_mul_by1_x4 - call avx2_normalize_n_store - - vzeroupper -___ -$code.=<<___ if ($win64); - movaps %xmm6, -16*10(%rbp) - movaps %xmm7, -16*9(%rbp) - movaps %xmm8, -16*8(%rbp) - movaps %xmm9, -16*7(%rbp) - movaps %xmm10, -16*6(%rbp) - movaps %xmm11, -16*5(%rbp) - movaps %xmm12, -16*4(%rbp) - movaps %xmm13, -16*3(%rbp) - movaps %xmm14, -16*2(%rbp) - movaps %xmm15, -16*1(%rbp) -___ -$code.=<<___; - mov %rbp, %rsp - pop %rbp - ret -.size ecp_nistz256_avx2_point_add_affines_x4,.-ecp_nistz256_avx2_point_add_affines_x4 - -################################################################################ -# void ecp_nistz256_avx2_to_mont(void* RESULTx4, void *Ax4); -.globl ecp_nistz256_avx2_to_mont -.type ecp_nistz256_avx2_to_mont,\@function,2 -.align 32 -ecp_nistz256_avx2_to_mont: - vzeroupper -___ -$code.=<<___ if ($win64); - lea -8-16*10(%rsp), %rsp - vmovaps %xmm6, -8-16*10(%rax) - vmovaps %xmm7, -8-16*9(%rax) - vmovaps %xmm8, -8-16*8(%rax) - vmovaps %xmm9, -8-16*7(%rax) - vmovaps %xmm10, -8-16*6(%rax) - vmovaps %xmm11, -8-16*5(%rax) - vmovaps %xmm12, -8-16*4(%rax) - vmovaps %xmm13, -8-16*3(%rax) - vmovaps %xmm14, -8-16*2(%rax) - vmovaps %xmm15, -8-16*1(%rax) -___ -$code.=<<___; - vmovdqa .LAVX2_AND_MASK(%rip), $AND_MASK - lea .LTO_MONT_AVX2(%rip), %rdx - call avx2_mul_x4 - call avx2_normalize_n_store - - vzeroupper -___ -$code.=<<___ if ($win64); - movaps 16*0(%rsp), %xmm6 - movaps 16*1(%rsp), %xmm7 - movaps 16*2(%rsp), %xmm8 - movaps 16*3(%rsp), %xmm9 - movaps 16*4(%rsp), %xmm10 - movaps 16*5(%rsp), %xmm11 - movaps 16*6(%rsp), %xmm12 - movaps 16*7(%rsp), %xmm13 - movaps 16*8(%rsp), %xmm14 - movaps 16*9(%rsp), %xmm15 - lea 8+16*10(%rsp), %rsp -___ -$code.=<<___; - ret -.size ecp_nistz256_avx2_to_mont,.-ecp_nistz256_avx2_to_mont - -################################################################################ -# void ecp_nistz256_avx2_from_mont(void* RESULTx4, void *Ax4); -.globl ecp_nistz256_avx2_from_mont -.type ecp_nistz256_avx2_from_mont,\@function,2 -.align 32 -ecp_nistz256_avx2_from_mont: - vzeroupper -___ -$code.=<<___ if ($win64); - lea -8-16*10(%rsp), %rsp - vmovaps %xmm6, -8-16*10(%rax) - vmovaps %xmm7, -8-16*9(%rax) - vmovaps %xmm8, -8-16*8(%rax) - vmovaps %xmm9, -8-16*7(%rax) - vmovaps %xmm10, -8-16*6(%rax) - vmovaps %xmm11, -8-16*5(%rax) - vmovaps %xmm12, -8-16*4(%rax) - vmovaps %xmm13, -8-16*3(%rax) - vmovaps %xmm14, -8-16*2(%rax) - vmovaps %xmm15, -8-16*1(%rax) -___ -$code.=<<___; - vmovdqa .LAVX2_AND_MASK(%rip), $AND_MASK - lea .LFROM_MONT_AVX2(%rip), %rdx - call avx2_mul_x4 - call avx2_normalize_n_store - - vzeroupper -___ -$code.=<<___ if ($win64); - movaps 16*0(%rsp), %xmm6 - movaps 16*1(%rsp), %xmm7 - movaps 16*2(%rsp), %xmm8 - movaps 16*3(%rsp), %xmm9 - movaps 16*4(%rsp), %xmm10 - movaps 16*5(%rsp), %xmm11 - movaps 16*6(%rsp), %xmm12 - movaps 16*7(%rsp), %xmm13 - movaps 16*8(%rsp), %xmm14 - movaps 16*9(%rsp), %xmm15 - lea 8+16*10(%rsp), %rsp -___ -$code.=<<___; - ret -.size ecp_nistz256_avx2_from_mont,.-ecp_nistz256_avx2_from_mont - -################################################################################ -# void ecp_nistz256_avx2_set1(void* RESULTx4); -.globl ecp_nistz256_avx2_set1 -.type ecp_nistz256_avx2_set1,\@function,1 -.align 32 -ecp_nistz256_avx2_set1: - lea .LONE+128(%rip), %rax - lea 128(%rdi), %rdi - vzeroupper - vmovdqa 32*0-128(%rax), %ymm0 - vmovdqa 32*1-128(%rax), %ymm1 - vmovdqa 32*2-128(%rax), %ymm2 - vmovdqa 32*3-128(%rax), %ymm3 - vmovdqa 32*4-128(%rax), %ymm4 - vmovdqa 32*5-128(%rax), %ymm5 - vmovdqa %ymm0, 32*0-128(%rdi) - vmovdqa 32*6-128(%rax), %ymm0 - vmovdqa %ymm1, 32*1-128(%rdi) - vmovdqa 32*7-128(%rax), %ymm1 - vmovdqa %ymm2, 32*2-128(%rdi) - vmovdqa 32*8-128(%rax), %ymm2 - vmovdqa %ymm3, 32*3-128(%rdi) - vmovdqa %ymm4, 32*4-128(%rdi) - vmovdqa %ymm5, 32*5-128(%rdi) - vmovdqa %ymm0, 32*6-128(%rdi) - vmovdqa %ymm1, 32*7-128(%rdi) - vmovdqa %ymm2, 32*8-128(%rdi) - - vzeroupper - ret -.size ecp_nistz256_avx2_set1,.-ecp_nistz256_avx2_set1 -___ -} -{ -################################################################################ -# void ecp_nistz256_avx2_multi_gather_w7(void* RESULT, void *in, -# int index0, int index1, int index2, int index3); -################################################################################ - -my ($val,$in_t,$index0,$index1,$index2,$index3)=("%rdi","%rsi","%edx","%ecx","%r8d","%r9d"); -my ($INDEX0,$INDEX1,$INDEX2,$INDEX3)=map("%ymm$_",(0..3)); -my ($R0a,$R0b,$R1a,$R1b,$R2a,$R2b,$R3a,$R3b)=map("%ymm$_",(4..11)); -my ($M0,$T0,$T1,$TMP0)=map("%ymm$_",(12..15)); - -$code.=<<___; -.globl ecp_nistz256_avx2_multi_gather_w7 -.type ecp_nistz256_avx2_multi_gather_w7,\@function,6 -.align 32 -ecp_nistz256_avx2_multi_gather_w7: - vzeroupper -___ -$code.=<<___ if ($win64); - lea -8-16*10(%rsp), %rsp - vmovaps %xmm6, -8-16*10(%rax) - vmovaps %xmm7, -8-16*9(%rax) - vmovaps %xmm8, -8-16*8(%rax) - vmovaps %xmm9, -8-16*7(%rax) - vmovaps %xmm10, -8-16*6(%rax) - vmovaps %xmm11, -8-16*5(%rax) - vmovaps %xmm12, -8-16*4(%rax) - vmovaps %xmm13, -8-16*3(%rax) - vmovaps %xmm14, -8-16*2(%rax) - vmovaps %xmm15, -8-16*1(%rax) -___ -$code.=<<___; - lea .LIntOne(%rip), %rax - - vmovd $index0, %xmm0 - vmovd $index1, %xmm1 - vmovd $index2, %xmm2 - vmovd $index3, %xmm3 - - vpxor $R0a, $R0a, $R0a - vpxor $R0b, $R0b, $R0b - vpxor $R1a, $R1a, $R1a - vpxor $R1b, $R1b, $R1b - vpxor $R2a, $R2a, $R2a - vpxor $R2b, $R2b, $R2b - vpxor $R3a, $R3a, $R3a - vpxor $R3b, $R3b, $R3b - vmovdqa (%rax), $M0 - - vpermd $INDEX0, $R0a, $INDEX0 - vpermd $INDEX1, $R0a, $INDEX1 - vpermd $INDEX2, $R0a, $INDEX2 - vpermd $INDEX3, $R0a, $INDEX3 - - mov \$64, %ecx - lea 112($val), $val # size optimization - jmp .Lmulti_select_loop_avx2 - -# INDEX=0, corresponds to the point at infty (0,0) -.align 32 -.Lmulti_select_loop_avx2: - vpcmpeqd $INDEX0, $M0, $TMP0 - - vmovdqa `32*0+32*64*2*0`($in_t), $T0 - vmovdqa `32*1+32*64*2*0`($in_t), $T1 - vpand $TMP0, $T0, $T0 - vpand $TMP0, $T1, $T1 - vpxor $T0, $R0a, $R0a - vpxor $T1, $R0b, $R0b - - vpcmpeqd $INDEX1, $M0, $TMP0 - - vmovdqa `32*0+32*64*2*1`($in_t), $T0 - vmovdqa `32*1+32*64*2*1`($in_t), $T1 - vpand $TMP0, $T0, $T0 - vpand $TMP0, $T1, $T1 - vpxor $T0, $R1a, $R1a - vpxor $T1, $R1b, $R1b - - vpcmpeqd $INDEX2, $M0, $TMP0 - - vmovdqa `32*0+32*64*2*2`($in_t), $T0 - vmovdqa `32*1+32*64*2*2`($in_t), $T1 - vpand $TMP0, $T0, $T0 - vpand $TMP0, $T1, $T1 - vpxor $T0, $R2a, $R2a - vpxor $T1, $R2b, $R2b - - vpcmpeqd $INDEX3, $M0, $TMP0 - - vmovdqa `32*0+32*64*2*3`($in_t), $T0 - vmovdqa `32*1+32*64*2*3`($in_t), $T1 - vpand $TMP0, $T0, $T0 - vpand $TMP0, $T1, $T1 - vpxor $T0, $R3a, $R3a - vpxor $T1, $R3b, $R3b - - vpaddd (%rax), $M0, $M0 # increment - lea 32*2($in_t), $in_t - - dec %ecx - jnz .Lmulti_select_loop_avx2 - - vmovdqu $R0a, 32*0-112($val) - vmovdqu $R0b, 32*1-112($val) - vmovdqu $R1a, 32*2-112($val) - vmovdqu $R1b, 32*3-112($val) - vmovdqu $R2a, 32*4-112($val) - vmovdqu $R2b, 32*5-112($val) - vmovdqu $R3a, 32*6-112($val) - vmovdqu $R3b, 32*7-112($val) - - vzeroupper -___ -$code.=<<___ if ($win64); - movaps 16*0(%rsp), %xmm6 - movaps 16*1(%rsp), %xmm7 - movaps 16*2(%rsp), %xmm8 - movaps 16*3(%rsp), %xmm9 - movaps 16*4(%rsp), %xmm10 - movaps 16*5(%rsp), %xmm11 - movaps 16*6(%rsp), %xmm12 - movaps 16*7(%rsp), %xmm13 - movaps 16*8(%rsp), %xmm14 - movaps 16*9(%rsp), %xmm15 - lea 8+16*10(%rsp), %rsp -___ -$code.=<<___; - ret -.size ecp_nistz256_avx2_multi_gather_w7,.-ecp_nistz256_avx2_multi_gather_w7 - -.extern OPENSSL_ia32cap_P -.globl ecp_nistz_avx2_eligible -.type ecp_nistz_avx2_eligible,\@abi-omnipotent -.align 32 -ecp_nistz_avx2_eligible: - mov OPENSSL_ia32cap_P+8(%rip),%eax - shr \$5,%eax - and \$1,%eax - ret -.size ecp_nistz_avx2_eligible,.-ecp_nistz_avx2_eligible -___ -} -}} else {{ # assembler is too old -$code.=<<___; -.text - -.globl ecp_nistz256_avx2_transpose_convert -.globl ecp_nistz256_avx2_convert_transpose_back -.globl ecp_nistz256_avx2_point_add_affine_x4 -.globl ecp_nistz256_avx2_point_add_affines_x4 -.globl ecp_nistz256_avx2_to_mont -.globl ecp_nistz256_avx2_from_mont -.globl ecp_nistz256_avx2_set1 -.globl ecp_nistz256_avx2_multi_gather_w7 -.type ecp_nistz256_avx2_multi_gather_w7,\@abi-omnipotent -ecp_nistz256_avx2_transpose_convert: -ecp_nistz256_avx2_convert_transpose_back: -ecp_nistz256_avx2_point_add_affine_x4: -ecp_nistz256_avx2_point_add_affines_x4: -ecp_nistz256_avx2_to_mont: -ecp_nistz256_avx2_from_mont: -ecp_nistz256_avx2_set1: -ecp_nistz256_avx2_multi_gather_w7: - .byte 0x0f,0x0b # ud2 - ret -.size ecp_nistz256_avx2_multi_gather_w7,.-ecp_nistz256_avx2_multi_gather_w7 - -.globl ecp_nistz_avx2_eligible -.type ecp_nistz_avx2_eligible,\@abi-omnipotent -ecp_nistz_avx2_eligible: - xor %eax,%eax - ret -.size ecp_nistz_avx2_eligible,.-ecp_nistz_avx2_eligible -___ -}} - -foreach (split("\n",$code)) { - s/\`([^\`]*)\`/eval($1)/geo; - - print $_,"\n"; -} - -close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/openssl/crypto/ec/ec_ameth.c b/crypto/openssl/crypto/ec/ec_ameth.c index 2210383739218..5098bd7a66025 100644 --- a/crypto/openssl/crypto/ec/ec_ameth.c +++ b/crypto/openssl/crypto/ec/ec_ameth.c @@ -1,5 +1,5 @@ /* - * Copyright 2006-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2006-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -23,7 +23,7 @@ static int ecdh_cms_decrypt(CMS_RecipientInfo *ri); static int ecdh_cms_encrypt(CMS_RecipientInfo *ri); #endif -static int eckey_param2type(int *pptype, void **ppval, EC_KEY *ec_key) +static int eckey_param2type(int *pptype, void **ppval, const EC_KEY *ec_key) { const EC_GROUP *group; int nid; @@ -35,7 +35,14 @@ static int eckey_param2type(int *pptype, void **ppval, EC_KEY *ec_key) && (nid = EC_GROUP_get_curve_name(group))) /* we have a 'named curve' => just set the OID */ { - *ppval = OBJ_nid2obj(nid); + ASN1_OBJECT *asn1obj = OBJ_nid2obj(nid); + + if (asn1obj == NULL || OBJ_length(asn1obj) == 0) { + ASN1_OBJECT_free(asn1obj); + ECerr(EC_F_ECKEY_PARAM2TYPE, EC_R_MISSING_OID); + return 0; + } + *ppval = asn1obj; *pptype = V_ASN1_OBJECT; } else { /* explicit parameters */ @@ -43,7 +50,17 @@ static int eckey_param2type(int *pptype, void **ppval, EC_KEY *ec_key) pstr = ASN1_STRING_new(); if (pstr == NULL) return 0; - pstr->length = i2d_ECParameters(ec_key, &pstr->data); + + /* + * The cast in the following line is intentional as the + * `i2d_ECParameters` signature can't be constified (see discussion at + * https://github.com/openssl/openssl/pull/9347 where related and + * required constification backports were rejected). + * + * This cast should be safe anyway, because we can expect + * `i2d_ECParameters()` to treat the first argument as if it was const. + */ + pstr->length = i2d_ECParameters((EC_KEY *)ec_key, &pstr->data); if (pstr->length <= 0) { ASN1_STRING_free(pstr); ECerr(EC_F_ECKEY_PARAM2TYPE, ERR_R_EC_LIB); @@ -57,7 +74,7 @@ static int eckey_param2type(int *pptype, void **ppval, EC_KEY *ec_key) static int eckey_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey) { - EC_KEY *ec_key = pkey->pkey.ec; + const EC_KEY *ec_key = pkey->pkey.ec; void *pval = NULL; int ptype; unsigned char *penc = NULL, *p; diff --git a/crypto/openssl/crypto/ec/ec_asn1.c b/crypto/openssl/crypto/ec/ec_asn1.c index 006f9a5dea178..7b7c75ce84435 100644 --- a/crypto/openssl/crypto/ec/ec_asn1.c +++ b/crypto/openssl/crypto/ec/ec_asn1.c @@ -137,6 +137,12 @@ struct ec_parameters_st { ASN1_INTEGER *cofactor; } /* ECPARAMETERS */ ; +typedef enum { + ECPKPARAMETERS_TYPE_NAMED = 0, + ECPKPARAMETERS_TYPE_EXPLICIT, + ECPKPARAMETERS_TYPE_IMPLICIT +} ecpk_parameters_type_t; + struct ecpk_parameters_st { int type; union { @@ -535,9 +541,10 @@ ECPKPARAMETERS *EC_GROUP_get_ecpkparameters(const EC_GROUP *group, return NULL; } } else { - if (ret->type == 0) + if (ret->type == ECPKPARAMETERS_TYPE_NAMED) ASN1_OBJECT_free(ret->value.named_curve); - else if (ret->type == 1 && ret->value.parameters) + else if (ret->type == ECPKPARAMETERS_TYPE_EXPLICIT + && ret->value.parameters != NULL) ECPARAMETERS_free(ret->value.parameters); } @@ -547,15 +554,22 @@ ECPKPARAMETERS *EC_GROUP_get_ecpkparameters(const EC_GROUP *group, */ tmp = EC_GROUP_get_curve_name(group); if (tmp) { - ret->type = 0; - if ((ret->value.named_curve = OBJ_nid2obj(tmp)) == NULL) + ASN1_OBJECT *asn1obj = OBJ_nid2obj(tmp); + + if (asn1obj == NULL || OBJ_length(asn1obj) == 0) { + ASN1_OBJECT_free(asn1obj); + ECerr(EC_F_EC_GROUP_GET_ECPKPARAMETERS, EC_R_MISSING_OID); ok = 0; + } else { + ret->type = ECPKPARAMETERS_TYPE_NAMED; + ret->value.named_curve = asn1obj; + } } else /* we don't know the nid => ERROR */ ok = 0; } else { /* use the ECPARAMETERS structure */ - ret->type = 1; + ret->type = ECPKPARAMETERS_TYPE_EXPLICIT; if ((ret->value.parameters = EC_GROUP_get_ecparameters(group, NULL)) == NULL) ok = 0; @@ -894,7 +908,8 @@ EC_GROUP *EC_GROUP_new_from_ecpkparameters(const ECPKPARAMETERS *params) return NULL; } - if (params->type == 0) { /* the curve is given by an OID */ + if (params->type == ECPKPARAMETERS_TYPE_NAMED) { + /* the curve is given by an OID */ tmp = OBJ_obj2nid(params->value.named_curve); if ((ret = EC_GROUP_new_by_curve_name(tmp)) == NULL) { ECerr(EC_F_EC_GROUP_NEW_FROM_ECPKPARAMETERS, @@ -902,15 +917,16 @@ EC_GROUP *EC_GROUP_new_from_ecpkparameters(const ECPKPARAMETERS *params) return NULL; } EC_GROUP_set_asn1_flag(ret, OPENSSL_EC_NAMED_CURVE); - } else if (params->type == 1) { /* the parameters are given by a - * ECPARAMETERS structure */ + } else if (params->type == ECPKPARAMETERS_TYPE_EXPLICIT) { + /* the parameters are given by an ECPARAMETERS structure */ ret = EC_GROUP_new_from_ecparameters(params->value.parameters); if (!ret) { ECerr(EC_F_EC_GROUP_NEW_FROM_ECPKPARAMETERS, ERR_R_EC_LIB); return NULL; } EC_GROUP_set_asn1_flag(ret, OPENSSL_EC_EXPLICIT_CURVE); - } else if (params->type == 2) { /* implicitlyCA */ + } else if (params->type == ECPKPARAMETERS_TYPE_IMPLICIT) { + /* implicit parameters inherited from CA - unsupported */ return NULL; } else { ECerr(EC_F_EC_GROUP_NEW_FROM_ECPKPARAMETERS, EC_R_ASN1_ERROR); @@ -940,6 +956,9 @@ EC_GROUP *d2i_ECPKParameters(EC_GROUP **a, const unsigned char **in, long len) return NULL; } + if (params->type == ECPKPARAMETERS_TYPE_EXPLICIT) + group->decoded_from_explicit_params = 1; + if (a) { EC_GROUP_free(*a); *a = group; @@ -991,6 +1010,9 @@ EC_KEY *d2i_ECPrivateKey(EC_KEY **a, const unsigned char **in, long len) if (priv_key->parameters) { EC_GROUP_free(ret->group); ret->group = EC_GROUP_new_from_ecpkparameters(priv_key->parameters); + if (ret->group != NULL + && priv_key->parameters->type == ECPKPARAMETERS_TYPE_EXPLICIT) + ret->group->decoded_from_explicit_params = 1; } if (ret->group == NULL) { diff --git a/crypto/openssl/crypto/ec/ec_err.c b/crypto/openssl/crypto/ec/ec_err.c index ce3493823218f..bfe74226503eb 100644 --- a/crypto/openssl/crypto/ec/ec_err.c +++ b/crypto/openssl/crypto/ec/ec_err.c @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -341,6 +341,7 @@ static const ERR_STRING_DATA EC_str_reasons[] = { {ERR_PACK(ERR_LIB_EC, 0, EC_R_LADDER_POST_FAILURE), "ladder post failure"}, {ERR_PACK(ERR_LIB_EC, 0, EC_R_LADDER_PRE_FAILURE), "ladder pre failure"}, {ERR_PACK(ERR_LIB_EC, 0, EC_R_LADDER_STEP_FAILURE), "ladder step failure"}, + {ERR_PACK(ERR_LIB_EC, 0, EC_R_MISSING_OID), "missing OID"}, {ERR_PACK(ERR_LIB_EC, 0, EC_R_MISSING_PARAMETERS), "missing parameters"}, {ERR_PACK(ERR_LIB_EC, 0, EC_R_MISSING_PRIVATE_KEY), "missing private key"}, {ERR_PACK(ERR_LIB_EC, 0, EC_R_NEED_NEW_SETUP_VALUES), diff --git a/crypto/openssl/crypto/ec/ec_key.c b/crypto/openssl/crypto/ec/ec_key.c index 08aaac5d8a6f5..23efbd015ca47 100644 --- a/crypto/openssl/crypto/ec/ec_key.c +++ b/crypto/openssl/crypto/ec/ec_key.c @@ -1,5 +1,5 @@ /* - * Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2002-2020 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * * Licensed under the OpenSSL license (the "License"). You may not use @@ -14,6 +14,7 @@ #include "internal/refcount.h" #include <openssl/err.h> #include <openssl/engine.h> +#include "crypto/bn.h" EC_KEY *EC_KEY_new(void) { @@ -416,17 +417,86 @@ const BIGNUM *EC_KEY_get0_private_key(const EC_KEY *key) int EC_KEY_set_private_key(EC_KEY *key, const BIGNUM *priv_key) { + int fixed_top; + const BIGNUM *order = NULL; + BIGNUM *tmp_key = NULL; + if (key->group == NULL || key->group->meth == NULL) return 0; + + /* + * Not only should key->group be set, but it should also be in a valid + * fully initialized state. + * + * Specifically, to operate in constant time, we need that the group order + * is set, as we use its length as the fixed public size of any scalar used + * as an EC private key. + */ + order = EC_GROUP_get0_order(key->group); + if (order == NULL || BN_is_zero(order)) + return 0; /* This should never happen */ + if (key->group->meth->set_private != NULL && key->group->meth->set_private(key, priv_key) == 0) return 0; if (key->meth->set_private != NULL && key->meth->set_private(key, priv_key) == 0) return 0; + + /* + * We should never leak the bit length of the secret scalar in the key, + * so we always set the `BN_FLG_CONSTTIME` flag on the internal `BIGNUM` + * holding the secret scalar. + * + * This is important also because `BN_dup()` (and `BN_copy()`) do not + * propagate the `BN_FLG_CONSTTIME` flag from the source `BIGNUM`, and + * this brings an extra risk of inadvertently losing the flag, even when + * the caller specifically set it. + * + * The propagation has been turned on and off a few times in the past + * years because in some conditions has shown unintended consequences in + * some code paths, so at the moment we can't fix this in the BN layer. + * + * In `EC_KEY_set_private_key()` we can work around the propagation by + * manually setting the flag after `BN_dup()` as we know for sure that + * inside the EC module the `BN_FLG_CONSTTIME` is always treated + * correctly and should not generate unintended consequences. + * + * Setting the BN_FLG_CONSTTIME flag alone is never enough, we also have + * to preallocate the BIGNUM internal buffer to a fixed public size big + * enough that operations performed during the processing never trigger + * a realloc which would leak the size of the scalar through memory + * accesses. + * + * Fixed Length + * ------------ + * + * The order of the large prime subgroup of the curve is our choice for + * a fixed public size, as that is generally the upper bound for + * generating a private key in EC cryptosystems and should fit all valid + * secret scalars. + * + * For preallocating the BIGNUM storage we look at the number of "words" + * required for the internal representation of the order, and we + * preallocate 2 extra "words" in case any of the subsequent processing + * might temporarily overflow the order length. + */ + tmp_key = BN_dup(priv_key); + if (tmp_key == NULL) + return 0; + + BN_set_flags(tmp_key, BN_FLG_CONSTTIME); + + fixed_top = bn_get_top(order) + 2; + if (bn_wexpand(tmp_key, fixed_top) == NULL) { + BN_clear_free(tmp_key); + return 0; + } + BN_clear_free(key->priv_key); - key->priv_key = BN_dup(priv_key); - return (key->priv_key == NULL) ? 0 : 1; + key->priv_key = tmp_key; + + return 1; } const EC_POINT *EC_KEY_get0_public_key(const EC_KEY *key) @@ -494,6 +564,13 @@ void EC_KEY_clear_flags(EC_KEY *key, int flags) key->flags &= ~flags; } +int EC_KEY_decoded_from_explicit_params(const EC_KEY *key) +{ + if (key == NULL || key->group == NULL) + return -1; + return key->group->decoded_from_explicit_params; +} + size_t EC_KEY_key2buf(const EC_KEY *key, point_conversion_form_t form, unsigned char **pbuf, BN_CTX *ctx) { diff --git a/crypto/openssl/crypto/ec/ec_lib.c b/crypto/openssl/crypto/ec/ec_lib.c index 6832383cad518..08db89fceeb5c 100644 --- a/crypto/openssl/crypto/ec/ec_lib.c +++ b/crypto/openssl/crypto/ec/ec_lib.c @@ -211,6 +211,7 @@ int EC_GROUP_copy(EC_GROUP *dest, const EC_GROUP *src) dest->asn1_flag = src->asn1_flag; dest->asn1_form = src->asn1_form; + dest->decoded_from_explicit_params = src->decoded_from_explicit_params; if (src->seed) { OPENSSL_free(dest->seed); diff --git a/crypto/openssl/crypto/ec/ec_local.h b/crypto/openssl/crypto/ec/ec_local.h index e656fbd5e7755..64725a9c92f41 100644 --- a/crypto/openssl/crypto/ec/ec_local.h +++ b/crypto/openssl/crypto/ec/ec_local.h @@ -1,5 +1,5 @@ /* - * Copyright 2001-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2001-2020 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * * Licensed under the OpenSSL license (the "License"). You may not use @@ -209,6 +209,8 @@ struct ec_group_st { BIGNUM *order, *cofactor; int curve_name; /* optional NID for named curve */ int asn1_flag; /* flag to control the asn1 encoding */ + int decoded_from_explicit_params; /* set if decoded from explicit + * curve parameters encoding */ point_conversion_form_t asn1_form; unsigned char *seed; /* optional seed for parameters (appears in * ASN1) */ diff --git a/crypto/openssl/crypto/ec/ecp_nistp224.c b/crypto/openssl/crypto/ec/ecp_nistp224.c index 9a9ced8f13434..6f7d66c8bea46 100644 --- a/crypto/openssl/crypto/ec/ecp_nistp224.c +++ b/crypto/openssl/crypto/ec/ecp_nistp224.c @@ -72,6 +72,7 @@ typedef uint64_t u64; */ typedef uint64_t limb; +typedef uint64_t limb_aX __attribute((__aligned__(1))); typedef uint128_t widelimb; typedef limb felem[4]; @@ -307,10 +308,10 @@ const EC_METHOD *EC_GFp_nistp224_method(void) */ static void bin28_to_felem(felem out, const u8 in[28]) { - out[0] = *((const uint64_t *)(in)) & 0x00ffffffffffffff; - out[1] = (*((const uint64_t *)(in + 7))) & 0x00ffffffffffffff; - out[2] = (*((const uint64_t *)(in + 14))) & 0x00ffffffffffffff; - out[3] = (*((const uint64_t *)(in+20))) >> 8; + out[0] = *((const limb *)(in)) & 0x00ffffffffffffff; + out[1] = (*((const limb_aX *)(in + 7))) & 0x00ffffffffffffff; + out[2] = (*((const limb_aX *)(in + 14))) & 0x00ffffffffffffff; + out[3] = (*((const limb_aX *)(in + 20))) >> 8; } static void felem_to_bin28(u8 out[28], const felem in) diff --git a/crypto/openssl/crypto/ec/ecp_nistp521.c b/crypto/openssl/crypto/ec/ecp_nistp521.c index 75eeba853679c..08b32787293b8 100644 --- a/crypto/openssl/crypto/ec/ecp_nistp521.c +++ b/crypto/openssl/crypto/ec/ecp_nistp521.c @@ -128,6 +128,7 @@ static const felem_bytearray nistp521_curve_params[5] = { # define NLIMBS 9 typedef uint64_t limb; +typedef limb limb_aX __attribute((__aligned__(1))); typedef limb felem[NLIMBS]; typedef uint128_t largefelem[NLIMBS]; @@ -141,14 +142,14 @@ static const limb bottom58bits = 0x3ffffffffffffff; static void bin66_to_felem(felem out, const u8 in[66]) { out[0] = (*((limb *) & in[0])) & bottom58bits; - out[1] = (*((limb *) & in[7]) >> 2) & bottom58bits; - out[2] = (*((limb *) & in[14]) >> 4) & bottom58bits; - out[3] = (*((limb *) & in[21]) >> 6) & bottom58bits; - out[4] = (*((limb *) & in[29])) & bottom58bits; - out[5] = (*((limb *) & in[36]) >> 2) & bottom58bits; - out[6] = (*((limb *) & in[43]) >> 4) & bottom58bits; - out[7] = (*((limb *) & in[50]) >> 6) & bottom58bits; - out[8] = (*((limb *) & in[58])) & bottom57bits; + out[1] = (*((limb_aX *) & in[7]) >> 2) & bottom58bits; + out[2] = (*((limb_aX *) & in[14]) >> 4) & bottom58bits; + out[3] = (*((limb_aX *) & in[21]) >> 6) & bottom58bits; + out[4] = (*((limb_aX *) & in[29])) & bottom58bits; + out[5] = (*((limb_aX *) & in[36]) >> 2) & bottom58bits; + out[6] = (*((limb_aX *) & in[43]) >> 4) & bottom58bits; + out[7] = (*((limb_aX *) & in[50]) >> 6) & bottom58bits; + out[8] = (*((limb_aX *) & in[58])) & bottom57bits; } /* @@ -159,14 +160,14 @@ static void felem_to_bin66(u8 out[66], const felem in) { memset(out, 0, 66); (*((limb *) & out[0])) = in[0]; - (*((limb *) & out[7])) |= in[1] << 2; - (*((limb *) & out[14])) |= in[2] << 4; - (*((limb *) & out[21])) |= in[3] << 6; - (*((limb *) & out[29])) = in[4]; - (*((limb *) & out[36])) |= in[5] << 2; - (*((limb *) & out[43])) |= in[6] << 4; - (*((limb *) & out[50])) |= in[7] << 6; - (*((limb *) & out[58])) = in[8]; + (*((limb_aX *) & out[7])) |= in[1] << 2; + (*((limb_aX *) & out[14])) |= in[2] << 4; + (*((limb_aX *) & out[21])) |= in[3] << 6; + (*((limb_aX *) & out[29])) = in[4]; + (*((limb_aX *) & out[36])) |= in[5] << 2; + (*((limb_aX *) & out[43])) |= in[6] << 4; + (*((limb_aX *) & out[50])) |= in[7] << 6; + (*((limb_aX *) & out[58])) = in[8]; } /* BN_to_felem converts an OpenSSL BIGNUM into an felem */ diff --git a/crypto/openssl/crypto/ec/ecp_nistz256.c b/crypto/openssl/crypto/ec/ecp_nistz256.c index ba92681388623..5005249b05eaf 100644 --- a/crypto/openssl/crypto/ec/ecp_nistz256.c +++ b/crypto/openssl/crypto/ec/ecp_nistz256.c @@ -929,207 +929,6 @@ __owur static int ecp_nistz256_mult_precompute(EC_GROUP *group, BN_CTX *ctx) return ret; } -/* - * Note that by default ECP_NISTZ256_AVX2 is undefined. While it's great - * code processing 4 points in parallel, corresponding serial operation - * is several times slower, because it uses 29x29=58-bit multiplication - * as opposite to 64x64=128-bit in integer-only scalar case. As result - * it doesn't provide *significant* performance improvement. Note that - * just defining ECP_NISTZ256_AVX2 is not sufficient to make it work, - * you'd need to compile even asm/ecp_nistz256-avx.pl module. - */ -#if defined(ECP_NISTZ256_AVX2) -# if !(defined(__x86_64) || defined(__x86_64__) || \ - defined(_M_AMD64) || defined(_M_X64)) || \ - !(defined(__GNUC__) || defined(_MSC_VER)) /* this is for ALIGN32 */ -# undef ECP_NISTZ256_AVX2 -# else -/* Constant time access, loading four values, from four consecutive tables */ -void ecp_nistz256_avx2_multi_gather_w7(void *result, const void *in, - int index0, int index1, int index2, - int index3); -void ecp_nistz256_avx2_transpose_convert(void *RESULTx4, const void *in); -void ecp_nistz256_avx2_convert_transpose_back(void *result, const void *Ax4); -void ecp_nistz256_avx2_point_add_affine_x4(void *RESULTx4, const void *Ax4, - const void *Bx4); -void ecp_nistz256_avx2_point_add_affines_x4(void *RESULTx4, const void *Ax4, - const void *Bx4); -void ecp_nistz256_avx2_to_mont(void *RESULTx4, const void *Ax4); -void ecp_nistz256_avx2_from_mont(void *RESULTx4, const void *Ax4); -void ecp_nistz256_avx2_set1(void *RESULTx4); -int ecp_nistz_avx2_eligible(void); - -static void booth_recode_w7(unsigned char *sign, - unsigned char *digit, unsigned char in) -{ - unsigned char s, d; - - s = ~((in >> 7) - 1); - d = (1 << 8) - in - 1; - d = (d & s) | (in & ~s); - d = (d >> 1) + (d & 1); - - *sign = s & 1; - *digit = d; -} - -/* - * ecp_nistz256_avx2_mul_g performs multiplication by G, using only the - * precomputed table. It does 4 affine point additions in parallel, - * significantly speeding up point multiplication for a fixed value. - */ -static void ecp_nistz256_avx2_mul_g(P256_POINT *r, - unsigned char p_str[33], - const P256_POINT_AFFINE(*preComputedTable)[64]) -{ - const unsigned int window_size = 7; - const unsigned int mask = (1 << (window_size + 1)) - 1; - unsigned int wvalue; - /* Using 4 windows at a time */ - unsigned char sign0, digit0; - unsigned char sign1, digit1; - unsigned char sign2, digit2; - unsigned char sign3, digit3; - unsigned int idx = 0; - BN_ULONG tmp[P256_LIMBS]; - int i; - - ALIGN32 BN_ULONG aX4[4 * 9 * 3] = { 0 }; - ALIGN32 BN_ULONG bX4[4 * 9 * 2] = { 0 }; - ALIGN32 P256_POINT_AFFINE point_arr[4]; - ALIGN32 P256_POINT res_point_arr[4]; - - /* Initial four windows */ - wvalue = *((u16 *) & p_str[0]); - wvalue = (wvalue << 1) & mask; - idx += window_size; - booth_recode_w7(&sign0, &digit0, wvalue); - wvalue = *((u16 *) & p_str[(idx - 1) / 8]); - wvalue = (wvalue >> ((idx - 1) % 8)) & mask; - idx += window_size; - booth_recode_w7(&sign1, &digit1, wvalue); - wvalue = *((u16 *) & p_str[(idx - 1) / 8]); - wvalue = (wvalue >> ((idx - 1) % 8)) & mask; - idx += window_size; - booth_recode_w7(&sign2, &digit2, wvalue); - wvalue = *((u16 *) & p_str[(idx - 1) / 8]); - wvalue = (wvalue >> ((idx - 1) % 8)) & mask; - idx += window_size; - booth_recode_w7(&sign3, &digit3, wvalue); - - ecp_nistz256_avx2_multi_gather_w7(point_arr, preComputedTable[0], - digit0, digit1, digit2, digit3); - - ecp_nistz256_neg(tmp, point_arr[0].Y); - copy_conditional(point_arr[0].Y, tmp, sign0); - ecp_nistz256_neg(tmp, point_arr[1].Y); - copy_conditional(point_arr[1].Y, tmp, sign1); - ecp_nistz256_neg(tmp, point_arr[2].Y); - copy_conditional(point_arr[2].Y, tmp, sign2); - ecp_nistz256_neg(tmp, point_arr[3].Y); - copy_conditional(point_arr[3].Y, tmp, sign3); - - ecp_nistz256_avx2_transpose_convert(aX4, point_arr); - ecp_nistz256_avx2_to_mont(aX4, aX4); - ecp_nistz256_avx2_to_mont(&aX4[4 * 9], &aX4[4 * 9]); - ecp_nistz256_avx2_set1(&aX4[4 * 9 * 2]); - - wvalue = *((u16 *) & p_str[(idx - 1) / 8]); - wvalue = (wvalue >> ((idx - 1) % 8)) & mask; - idx += window_size; - booth_recode_w7(&sign0, &digit0, wvalue); - wvalue = *((u16 *) & p_str[(idx - 1) / 8]); - wvalue = (wvalue >> ((idx - 1) % 8)) & mask; - idx += window_size; - booth_recode_w7(&sign1, &digit1, wvalue); - wvalue = *((u16 *) & p_str[(idx - 1) / 8]); - wvalue = (wvalue >> ((idx - 1) % 8)) & mask; - idx += window_size; - booth_recode_w7(&sign2, &digit2, wvalue); - wvalue = *((u16 *) & p_str[(idx - 1) / 8]); - wvalue = (wvalue >> ((idx - 1) % 8)) & mask; - idx += window_size; - booth_recode_w7(&sign3, &digit3, wvalue); - - ecp_nistz256_avx2_multi_gather_w7(point_arr, preComputedTable[4 * 1], - digit0, digit1, digit2, digit3); - - ecp_nistz256_neg(tmp, point_arr[0].Y); - copy_conditional(point_arr[0].Y, tmp, sign0); - ecp_nistz256_neg(tmp, point_arr[1].Y); - copy_conditional(point_arr[1].Y, tmp, sign1); - ecp_nistz256_neg(tmp, point_arr[2].Y); - copy_conditional(point_arr[2].Y, tmp, sign2); - ecp_nistz256_neg(tmp, point_arr[3].Y); - copy_conditional(point_arr[3].Y, tmp, sign3); - - ecp_nistz256_avx2_transpose_convert(bX4, point_arr); - ecp_nistz256_avx2_to_mont(bX4, bX4); - ecp_nistz256_avx2_to_mont(&bX4[4 * 9], &bX4[4 * 9]); - /* Optimized when both inputs are affine */ - ecp_nistz256_avx2_point_add_affines_x4(aX4, aX4, bX4); - - for (i = 2; i < 9; i++) { - wvalue = *((u16 *) & p_str[(idx - 1) / 8]); - wvalue = (wvalue >> ((idx - 1) % 8)) & mask; - idx += window_size; - booth_recode_w7(&sign0, &digit0, wvalue); - wvalue = *((u16 *) & p_str[(idx - 1) / 8]); - wvalue = (wvalue >> ((idx - 1) % 8)) & mask; - idx += window_size; - booth_recode_w7(&sign1, &digit1, wvalue); - wvalue = *((u16 *) & p_str[(idx - 1) / 8]); - wvalue = (wvalue >> ((idx - 1) % 8)) & mask; - idx += window_size; - booth_recode_w7(&sign2, &digit2, wvalue); - wvalue = *((u16 *) & p_str[(idx - 1) / 8]); - wvalue = (wvalue >> ((idx - 1) % 8)) & mask; - idx += window_size; - booth_recode_w7(&sign3, &digit3, wvalue); - - ecp_nistz256_avx2_multi_gather_w7(point_arr, - preComputedTable[4 * i], - digit0, digit1, digit2, digit3); - - ecp_nistz256_neg(tmp, point_arr[0].Y); - copy_conditional(point_arr[0].Y, tmp, sign0); - ecp_nistz256_neg(tmp, point_arr[1].Y); - copy_conditional(point_arr[1].Y, tmp, sign1); - ecp_nistz256_neg(tmp, point_arr[2].Y); - copy_conditional(point_arr[2].Y, tmp, sign2); - ecp_nistz256_neg(tmp, point_arr[3].Y); - copy_conditional(point_arr[3].Y, tmp, sign3); - - ecp_nistz256_avx2_transpose_convert(bX4, point_arr); - ecp_nistz256_avx2_to_mont(bX4, bX4); - ecp_nistz256_avx2_to_mont(&bX4[4 * 9], &bX4[4 * 9]); - - ecp_nistz256_avx2_point_add_affine_x4(aX4, aX4, bX4); - } - - ecp_nistz256_avx2_from_mont(&aX4[4 * 9 * 0], &aX4[4 * 9 * 0]); - ecp_nistz256_avx2_from_mont(&aX4[4 * 9 * 1], &aX4[4 * 9 * 1]); - ecp_nistz256_avx2_from_mont(&aX4[4 * 9 * 2], &aX4[4 * 9 * 2]); - - ecp_nistz256_avx2_convert_transpose_back(res_point_arr, aX4); - /* Last window is performed serially */ - wvalue = *((u16 *) & p_str[(idx - 1) / 8]); - wvalue = (wvalue >> ((idx - 1) % 8)) & mask; - booth_recode_w7(&sign0, &digit0, wvalue); - ecp_nistz256_gather_w7((P256_POINT_AFFINE *)r, - preComputedTable[36], digit0); - ecp_nistz256_neg(tmp, r->Y); - copy_conditional(r->Y, tmp, sign0); - memcpy(r->Z, ONE, sizeof(ONE)); - /* Sum the four windows */ - ecp_nistz256_point_add(r, r, &res_point_arr[0]); - ecp_nistz256_point_add(r, r, &res_point_arr[1]); - ecp_nistz256_point_add(r, r, &res_point_arr[2]); - ecp_nistz256_point_add(r, r, &res_point_arr[3]); -} -# endif -#endif - __owur static int ecp_nistz256_set_from_affine(EC_POINT *out, const EC_GROUP *group, const P256_POINT_AFFINE *in, BN_CTX *ctx) @@ -1219,6 +1018,8 @@ __owur static int ecp_nistz256_points_mul(const EC_GROUP *group, } if (preComputedTable) { + BN_ULONG infty; + if ((BN_num_bits(scalar) > 256) || BN_is_negative(scalar)) { if ((tmp_scalar = BN_CTX_get(ctx)) == NULL) @@ -1250,67 +1051,58 @@ __owur static int ecp_nistz256_points_mul(const EC_GROUP *group, for (; i < 33; i++) p_str[i] = 0; -#if defined(ECP_NISTZ256_AVX2) - if (ecp_nistz_avx2_eligible()) { - ecp_nistz256_avx2_mul_g(&p.p, p_str, preComputedTable); - } else -#endif - { - BN_ULONG infty; + /* First window */ + wvalue = (p_str[0] << 1) & mask; + idx += window_size; - /* First window */ - wvalue = (p_str[0] << 1) & mask; - idx += window_size; + wvalue = _booth_recode_w7(wvalue); - wvalue = _booth_recode_w7(wvalue); + ecp_nistz256_gather_w7(&p.a, preComputedTable[0], + wvalue >> 1); - ecp_nistz256_gather_w7(&p.a, preComputedTable[0], - wvalue >> 1); - - ecp_nistz256_neg(p.p.Z, p.p.Y); - copy_conditional(p.p.Y, p.p.Z, wvalue & 1); - - /* - * Since affine infinity is encoded as (0,0) and - * Jacobian ias (,,0), we need to harmonize them - * by assigning "one" or zero to Z. - */ - infty = (p.p.X[0] | p.p.X[1] | p.p.X[2] | p.p.X[3] | - p.p.Y[0] | p.p.Y[1] | p.p.Y[2] | p.p.Y[3]); - if (P256_LIMBS == 8) - infty |= (p.p.X[4] | p.p.X[5] | p.p.X[6] | p.p.X[7] | - p.p.Y[4] | p.p.Y[5] | p.p.Y[6] | p.p.Y[7]); - - infty = 0 - is_zero(infty); - infty = ~infty; - - p.p.Z[0] = ONE[0] & infty; - p.p.Z[1] = ONE[1] & infty; - p.p.Z[2] = ONE[2] & infty; - p.p.Z[3] = ONE[3] & infty; - if (P256_LIMBS == 8) { - p.p.Z[4] = ONE[4] & infty; - p.p.Z[5] = ONE[5] & infty; - p.p.Z[6] = ONE[6] & infty; - p.p.Z[7] = ONE[7] & infty; - } + ecp_nistz256_neg(p.p.Z, p.p.Y); + copy_conditional(p.p.Y, p.p.Z, wvalue & 1); - for (i = 1; i < 37; i++) { - unsigned int off = (idx - 1) / 8; - wvalue = p_str[off] | p_str[off + 1] << 8; - wvalue = (wvalue >> ((idx - 1) % 8)) & mask; - idx += window_size; + /* + * Since affine infinity is encoded as (0,0) and + * Jacobian is (,,0), we need to harmonize them + * by assigning "one" or zero to Z. + */ + infty = (p.p.X[0] | p.p.X[1] | p.p.X[2] | p.p.X[3] | + p.p.Y[0] | p.p.Y[1] | p.p.Y[2] | p.p.Y[3]); + if (P256_LIMBS == 8) + infty |= (p.p.X[4] | p.p.X[5] | p.p.X[6] | p.p.X[7] | + p.p.Y[4] | p.p.Y[5] | p.p.Y[6] | p.p.Y[7]); + + infty = 0 - is_zero(infty); + infty = ~infty; + + p.p.Z[0] = ONE[0] & infty; + p.p.Z[1] = ONE[1] & infty; + p.p.Z[2] = ONE[2] & infty; + p.p.Z[3] = ONE[3] & infty; + if (P256_LIMBS == 8) { + p.p.Z[4] = ONE[4] & infty; + p.p.Z[5] = ONE[5] & infty; + p.p.Z[6] = ONE[6] & infty; + p.p.Z[7] = ONE[7] & infty; + } - wvalue = _booth_recode_w7(wvalue); + for (i = 1; i < 37; i++) { + unsigned int off = (idx - 1) / 8; + wvalue = p_str[off] | p_str[off + 1] << 8; + wvalue = (wvalue >> ((idx - 1) % 8)) & mask; + idx += window_size; - ecp_nistz256_gather_w7(&t.a, - preComputedTable[i], wvalue >> 1); + wvalue = _booth_recode_w7(wvalue); - ecp_nistz256_neg(t.p.Z, t.a.Y); - copy_conditional(t.a.Y, t.p.Z, wvalue & 1); + ecp_nistz256_gather_w7(&t.a, + preComputedTable[i], wvalue >> 1); - ecp_nistz256_point_add_affine(&p.p, &p.p, &t.a); - } + ecp_nistz256_neg(t.p.Z, t.a.Y); + copy_conditional(t.a.Y, t.p.Z, wvalue & 1); + + ecp_nistz256_point_add_affine(&p.p, &p.p, &t.a); } } else { p_is_infinity = 1; diff --git a/crypto/openssl/crypto/engine/eng_lib.c b/crypto/openssl/crypto/engine/eng_lib.c index b851ff6957568..5bd584c5999a2 100644 --- a/crypto/openssl/crypto/engine/eng_lib.c +++ b/crypto/openssl/crypto/engine/eng_lib.c @@ -1,5 +1,5 @@ /* - * Copyright 2001-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2001-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -171,6 +171,7 @@ void engine_cleanup_int(void) cleanup_stack = NULL; } CRYPTO_THREAD_lock_free(global_engine_lock); + global_engine_lock = NULL; } /* Now the "ex_data" support */ diff --git a/crypto/openssl/crypto/err/openssl.txt b/crypto/openssl/crypto/err/openssl.txt index 35512f9caf96b..0b5873ebbcb77 100644 --- a/crypto/openssl/crypto/err/openssl.txt +++ b/crypto/openssl/crypto/err/openssl.txt @@ -934,6 +934,8 @@ PEM_F_PEM_READ_PRIVATEKEY:124:PEM_read_PrivateKey PEM_F_PEM_SIGNFINAL:112:PEM_SignFinal PEM_F_PEM_WRITE:113:PEM_write PEM_F_PEM_WRITE_BIO:114:PEM_write_bio +PEM_F_PEM_WRITE_BIO_PRIVATEKEY_TRADITIONAL:147:\ + PEM_write_bio_PrivateKey_traditional PEM_F_PEM_WRITE_PRIVATEKEY:139:PEM_write_PrivateKey PEM_F_PEM_X509_INFO_READ:115:PEM_X509_INFO_read PEM_F_PEM_X509_INFO_READ_BIO:116:PEM_X509_INFO_read_bio @@ -1742,6 +1744,7 @@ X509_F_X509_NAME_PRINT:117:X509_NAME_print X509_F_X509_OBJECT_NEW:150:X509_OBJECT_new X509_F_X509_PRINT_EX_FP:118:X509_print_ex_fp X509_F_X509_PUBKEY_DECODE:148:x509_pubkey_decode +X509_F_X509_PUBKEY_GET:161:X509_PUBKEY_get X509_F_X509_PUBKEY_GET0:119:X509_PUBKEY_get0 X509_F_X509_PUBKEY_SET:120:X509_PUBKEY_set X509_F_X509_REQ_CHECK_PRIVATE_KEY:144:X509_REQ_check_private_key @@ -2164,6 +2167,7 @@ EC_R_KEYS_NOT_SET:140:keys not set EC_R_LADDER_POST_FAILURE:136:ladder post failure EC_R_LADDER_PRE_FAILURE:153:ladder pre failure EC_R_LADDER_STEP_FAILURE:162:ladder step failure +EC_R_MISSING_OID:167:missing OID EC_R_MISSING_PARAMETERS:124:missing parameters EC_R_MISSING_PRIVATE_KEY:125:missing private key EC_R_NEED_NEW_SETUP_VALUES:157:need new setup values @@ -2398,6 +2402,7 @@ PEM_R_UNEXPECTED_DEK_IV:130:unexpected dek iv PEM_R_UNSUPPORTED_CIPHER:113:unsupported cipher PEM_R_UNSUPPORTED_ENCRYPTION:114:unsupported encryption PEM_R_UNSUPPORTED_KEY_COMPONENTS:126:unsupported key components +PEM_R_UNSUPPORTED_PUBLIC_KEY_TYPE:110:unsupported public key type PKCS12_R_CANT_PACK_STRUCTURE:100:cant pack structure PKCS12_R_CONTENT_TYPE_NOT_DATA:121:content type not data PKCS12_R_DECODE_ERROR:101:decode error diff --git a/crypto/openssl/crypto/evp/e_aes.c b/crypto/openssl/crypto/evp/e_aes.c index a1b7d50bbff84..405ddbf9bf09e 100644 --- a/crypto/openssl/crypto/evp/e_aes.c +++ b/crypto/openssl/crypto/evp/e_aes.c @@ -130,11 +130,6 @@ void bsaes_xts_decrypt(const unsigned char *inp, unsigned char *out, size_t len, const AES_KEY *key1, const AES_KEY *key2, const unsigned char iv[16]); #endif -#if !defined(AES_ASM) && !defined(AES_CTR_ASM) \ - && defined(OPENSSL_AES_CONST_TIME) \ - && !defined(OPENSSL_SMALL_FOOTPRINT) -# define AES_CTR_ASM -#endif #ifdef AES_CTR_ASM void AES_ctr32_encrypt(const unsigned char *in, unsigned char *out, size_t blocks, const AES_KEY *key, diff --git a/crypto/openssl/crypto/evp/encode.c b/crypto/openssl/crypto/evp/encode.c index 9307ff0464249..85926434c3007 100644 --- a/crypto/openssl/crypto/evp/encode.c +++ b/crypto/openssl/crypto/evp/encode.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -423,7 +423,7 @@ static int evp_decodeblock_int(EVP_ENCODE_CTX *ctx, unsigned char *t, table = data_ascii2bin; /* trim white space from the start of the line. */ - while ((conv_ascii2bin(*f, table) == B64_WS) && (n > 0)) { + while ((n > 0) && (conv_ascii2bin(*f, table) == B64_WS)) { f++; n--; } diff --git a/crypto/openssl/crypto/mem_sec.c b/crypto/openssl/crypto/mem_sec.c index 9e0f6702f4069..b5f959ba15d55 100644 --- a/crypto/openssl/crypto/mem_sec.c +++ b/crypto/openssl/crypto/mem_sec.c @@ -1,5 +1,5 @@ /* - * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved. * Copyright 2004-2014, Akamai Technologies. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use @@ -502,7 +502,7 @@ static void sh_done(void) OPENSSL_free(sh.freelist); OPENSSL_free(sh.bittable); OPENSSL_free(sh.bitmalloc); - if (sh.map_result != NULL && sh.map_size) + if (sh.map_result != MAP_FAILED && sh.map_size) munmap(sh.map_result, sh.map_size); memset(&sh, 0, sizeof(sh)); } diff --git a/crypto/openssl/crypto/modes/cbc128.c b/crypto/openssl/crypto/modes/cbc128.c index fc7e0b60510b0..c85e37c6a546d 100644 --- a/crypto/openssl/crypto/modes/cbc128.c +++ b/crypto/openssl/crypto/modes/cbc128.c @@ -1,5 +1,5 @@ /* - * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2008-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -15,6 +15,12 @@ # define STRICT_ALIGNMENT 0 #endif +#if defined(__GNUC__) && !STRICT_ALIGNMENT +typedef size_t size_t_aX __attribute((__aligned__(1))); +#else +typedef size_t size_t_aX; +#endif + void CRYPTO_cbc128_encrypt(const unsigned char *in, unsigned char *out, size_t len, const void *key, unsigned char ivec[16], block128_f block) @@ -40,8 +46,8 @@ void CRYPTO_cbc128_encrypt(const unsigned char *in, unsigned char *out, } else { while (len >= 16) { for (n = 0; n < 16; n += sizeof(size_t)) - *(size_t *)(out + n) = - *(size_t *)(in + n) ^ *(size_t *)(iv + n); + *(size_t_aX *)(out + n) = + *(size_t_aX *)(in + n) ^ *(size_t_aX *)(iv + n); (*block) (out, out, key); iv = out; len -= 16; @@ -96,7 +102,8 @@ void CRYPTO_cbc128_decrypt(const unsigned char *in, unsigned char *out, } } else if (16 % sizeof(size_t) == 0) { /* always true */ while (len >= 16) { - size_t *out_t = (size_t *)out, *iv_t = (size_t *)iv; + size_t_aX *out_t = (size_t_aX *)out; + size_t_aX *iv_t = (size_t_aX *)iv; (*block) (in, out, key); for (n = 0; n < 16 / sizeof(size_t); n++) @@ -125,8 +132,10 @@ void CRYPTO_cbc128_decrypt(const unsigned char *in, unsigned char *out, } } else if (16 % sizeof(size_t) == 0) { /* always true */ while (len >= 16) { - size_t c, *out_t = (size_t *)out, *ivec_t = (size_t *)ivec; - const size_t *in_t = (const size_t *)in; + size_t c; + size_t_aX *out_t = (size_t_aX *)out; + size_t_aX *ivec_t = (size_t_aX *)ivec; + const size_t_aX *in_t = (const size_t_aX *)in; (*block) (in, tmp.c, key); for (n = 0; n < 16 / sizeof(size_t); n++) { diff --git a/crypto/openssl/crypto/modes/ccm128.c b/crypto/openssl/crypto/modes/ccm128.c index 424722811c16c..655b10350201e 100644 --- a/crypto/openssl/crypto/modes/ccm128.c +++ b/crypto/openssl/crypto/modes/ccm128.c @@ -1,5 +1,5 @@ /* - * Copyright 2011-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2011-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -11,6 +11,14 @@ #include "modes_local.h" #include <string.h> +#ifndef STRICT_ALIGNMENT +# ifdef __GNUC__ +typedef u64 u64_a1 __attribute((__aligned__(1))); +# else +typedef u64 u64_a1; +# endif +#endif + /* * First you setup M and L parameters and pass the key schedule. This is * called once per session setup... @@ -170,8 +178,8 @@ int CRYPTO_ccm128_encrypt(CCM128_CONTEXT *ctx, ctx->cmac.u[0] ^= temp.u[0]; ctx->cmac.u[1] ^= temp.u[1]; #else - ctx->cmac.u[0] ^= ((u64 *)inp)[0]; - ctx->cmac.u[1] ^= ((u64 *)inp)[1]; + ctx->cmac.u[0] ^= ((u64_a1 *)inp)[0]; + ctx->cmac.u[1] ^= ((u64_a1 *)inp)[1]; #endif (*block) (ctx->cmac.c, ctx->cmac.c, key); (*block) (ctx->nonce.c, scratch.c, key); @@ -181,8 +189,8 @@ int CRYPTO_ccm128_encrypt(CCM128_CONTEXT *ctx, temp.u[1] ^= scratch.u[1]; memcpy(out, temp.c, 16); #else - ((u64 *)out)[0] = scratch.u[0] ^ ((u64 *)inp)[0]; - ((u64 *)out)[1] = scratch.u[1] ^ ((u64 *)inp)[1]; + ((u64_a1 *)out)[0] = scratch.u[0] ^ ((u64_a1 *)inp)[0]; + ((u64_a1 *)out)[1] = scratch.u[1] ^ ((u64_a1 *)inp)[1]; #endif inp += 16; out += 16; @@ -254,8 +262,10 @@ int CRYPTO_ccm128_decrypt(CCM128_CONTEXT *ctx, ctx->cmac.u[1] ^= (scratch.u[1] ^= temp.u[1]); memcpy(out, scratch.c, 16); #else - ctx->cmac.u[0] ^= (((u64 *)out)[0] = scratch.u[0] ^ ((u64 *)inp)[0]); - ctx->cmac.u[1] ^= (((u64 *)out)[1] = scratch.u[1] ^ ((u64 *)inp)[1]); + ctx->cmac.u[0] ^= (((u64_a1 *)out)[0] + = scratch.u[0] ^ ((u64_a1 *)inp)[0]); + ctx->cmac.u[1] ^= (((u64_a1 *)out)[1] + = scratch.u[1] ^ ((u64_a1 *)inp)[1]); #endif (*block) (ctx->cmac.c, ctx->cmac.c, key); diff --git a/crypto/openssl/crypto/modes/cfb128.c b/crypto/openssl/crypto/modes/cfb128.c index b6bec414a966f..b2530007b6e41 100644 --- a/crypto/openssl/crypto/modes/cfb128.c +++ b/crypto/openssl/crypto/modes/cfb128.c @@ -1,5 +1,5 @@ /* - * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2008-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -11,6 +11,12 @@ #include "modes_local.h" #include <string.h> +#if defined(__GNUC__) && !defined(STRICT_ALIGNMENT) +typedef size_t size_t_aX __attribute((__aligned__(1))); +#else +typedef size_t size_t_aX; +#endif + /* * The input and output encrypted as though 128bit cfb mode is being used. * The extra state information to record how much of the 128bit block we have @@ -43,8 +49,9 @@ void CRYPTO_cfb128_encrypt(const unsigned char *in, unsigned char *out, while (len >= 16) { (*block) (ivec, ivec, key); for (; n < 16; n += sizeof(size_t)) { - *(size_t *)(out + n) = - *(size_t *)(ivec + n) ^= *(size_t *)(in + n); + *(size_t_aX *)(out + n) = + *(size_t_aX *)(ivec + n) + ^= *(size_t_aX *)(in + n); } len -= 16; out += 16; @@ -92,9 +99,10 @@ void CRYPTO_cfb128_encrypt(const unsigned char *in, unsigned char *out, while (len >= 16) { (*block) (ivec, ivec, key); for (; n < 16; n += sizeof(size_t)) { - size_t t = *(size_t *)(in + n); - *(size_t *)(out + n) = *(size_t *)(ivec + n) ^ t; - *(size_t *)(ivec + n) = t; + size_t t = *(size_t_aX *)(in + n); + *(size_t_aX *)(out + n) + = *(size_t_aX *)(ivec + n) ^ t; + *(size_t_aX *)(ivec + n) = t; } len -= 16; out += 16; diff --git a/crypto/openssl/crypto/modes/ctr128.c b/crypto/openssl/crypto/modes/ctr128.c index ae35116e95241..1ed7decedfd33 100644 --- a/crypto/openssl/crypto/modes/ctr128.c +++ b/crypto/openssl/crypto/modes/ctr128.c @@ -1,5 +1,5 @@ /* - * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2008-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -11,6 +11,12 @@ #include "modes_local.h" #include <string.h> +#if defined(__GNUC__) && !defined(STRICT_ALIGNMENT) +typedef size_t size_t_aX __attribute((__aligned__(1))); +#else +typedef size_t size_t_aX; +#endif + /* * NOTE: the IV/counter CTR mode is big-endian. The code itself is * endian-neutral. @@ -97,8 +103,9 @@ void CRYPTO_ctr128_encrypt(const unsigned char *in, unsigned char *out, (*block) (ivec, ecount_buf, key); ctr128_inc_aligned(ivec); for (n = 0; n < 16; n += sizeof(size_t)) - *(size_t *)(out + n) = - *(size_t *)(in + n) ^ *(size_t *)(ecount_buf + n); + *(size_t_aX *)(out + n) = + *(size_t_aX *)(in + n) + ^ *(size_t_aX *)(ecount_buf + n); len -= 16; out += 16; in += 16; diff --git a/crypto/openssl/crypto/modes/gcm128.c b/crypto/openssl/crypto/modes/gcm128.c index 48775e6d05ffb..0c0bf3cda5b5d 100644 --- a/crypto/openssl/crypto/modes/gcm128.c +++ b/crypto/openssl/crypto/modes/gcm128.c @@ -1,5 +1,5 @@ /* - * Copyright 2010-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2010-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -11,6 +11,12 @@ #include "modes_local.h" #include <string.h> +#if defined(__GNUC__) && !defined(STRICT_ALIGNMENT) +typedef size_t size_t_aX __attribute((__aligned__(1))); +#else +typedef size_t size_t_aX; +#endif + #if defined(BSWAP4) && defined(STRICT_ALIGNMENT) /* redefine, because alignment is ensured */ # undef GETU32 @@ -1080,8 +1086,8 @@ int CRYPTO_gcm128_encrypt(GCM128_CONTEXT *ctx, size_t j = GHASH_CHUNK; while (j) { - size_t *out_t = (size_t *)out; - const size_t *in_t = (const size_t *)in; + size_t_aX *out_t = (size_t_aX *)out; + const size_t_aX *in_t = (const size_t_aX *)in; (*block) (ctx->Yi.c, ctx->EKi.c, key); ++ctr; @@ -1107,8 +1113,8 @@ int CRYPTO_gcm128_encrypt(GCM128_CONTEXT *ctx, size_t j = i; while (len >= 16) { - size_t *out_t = (size_t *)out; - const size_t *in_t = (const size_t *)in; + size_t_aX *out_t = (size_t_aX *)out; + const size_t_aX *in_t = (const size_t_aX *)in; (*block) (ctx->Yi.c, ctx->EKi.c, key); ++ctr; @@ -1318,8 +1324,8 @@ int CRYPTO_gcm128_decrypt(GCM128_CONTEXT *ctx, GHASH(ctx, in, GHASH_CHUNK); while (j) { - size_t *out_t = (size_t *)out; - const size_t *in_t = (const size_t *)in; + size_t_aX *out_t = (size_t_aX *)out; + const size_t_aX *in_t = (const size_t_aX *)in; (*block) (ctx->Yi.c, ctx->EKi.c, key); ++ctr; @@ -1343,8 +1349,8 @@ int CRYPTO_gcm128_decrypt(GCM128_CONTEXT *ctx, if ((i = (len & (size_t)-16))) { GHASH(ctx, in, i); while (len >= 16) { - size_t *out_t = (size_t *)out; - const size_t *in_t = (const size_t *)in; + size_t_aX *out_t = (size_t_aX *)out; + const size_t_aX *in_t = (const size_t_aX *)in; (*block) (ctx->Yi.c, ctx->EKi.c, key); ++ctr; diff --git a/crypto/openssl/crypto/modes/modes_local.h b/crypto/openssl/crypto/modes/modes_local.h index f2ae01d11afd2..28c32c0643f4a 100644 --- a/crypto/openssl/crypto/modes/modes_local.h +++ b/crypto/openssl/crypto/modes/modes_local.h @@ -1,5 +1,5 @@ /* - * Copyright 2010-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2010-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -37,6 +37,14 @@ typedef unsigned char u8; # endif #endif +#ifndef STRICT_ALIGNMENT +# ifdef __GNUC__ +typedef u32 u32_a1 __attribute((__aligned__(1))); +# else +typedef u32 u32_a1; +# endif +#endif + #if !defined(PEDANTIC) && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) # if defined(__GNUC__) && __GNUC__>=2 # if defined(__x86_64) || defined(__x86_64__) @@ -86,8 +94,8 @@ _asm mov eax, val _asm bswap eax} # endif #endif #if defined(BSWAP4) && !defined(STRICT_ALIGNMENT) -# define GETU32(p) BSWAP4(*(const u32 *)(p)) -# define PUTU32(p,v) *(u32 *)(p) = BSWAP4(v) +# define GETU32(p) BSWAP4(*(const u32_a1 *)(p)) +# define PUTU32(p,v) *(u32_a1 *)(p) = BSWAP4(v) #else # define GETU32(p) ((u32)(p)[0]<<24|(u32)(p)[1]<<16|(u32)(p)[2]<<8|(u32)(p)[3]) # define PUTU32(p,v) ((p)[0]=(u8)((v)>>24),(p)[1]=(u8)((v)>>16),(p)[2]=(u8)((v)>>8),(p)[3]=(u8)(v)) diff --git a/crypto/openssl/crypto/modes/ofb128.c b/crypto/openssl/crypto/modes/ofb128.c index 44bdf888db1a1..a3469712b2de3 100644 --- a/crypto/openssl/crypto/modes/ofb128.c +++ b/crypto/openssl/crypto/modes/ofb128.c @@ -1,5 +1,5 @@ /* - * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2008-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -11,6 +11,12 @@ #include "modes_local.h" #include <string.h> +#if defined(__GNUC__) && !defined(STRICT_ALIGNMENT) +typedef size_t size_t_aX __attribute((__aligned__(1))); +#else +typedef size_t size_t_aX; +#endif + /* * The input and output encrypted as though 128bit ofb mode is being used. * The extra state information to record how much of the 128bit block we have @@ -41,8 +47,9 @@ void CRYPTO_ofb128_encrypt(const unsigned char *in, unsigned char *out, while (len >= 16) { (*block) (ivec, ivec, key); for (; n < 16; n += sizeof(size_t)) - *(size_t *)(out + n) = - *(size_t *)(in + n) ^ *(size_t *)(ivec + n); + *(size_t_aX *)(out + n) = + *(size_t_aX *)(in + n) + ^ *(size_t_aX *)(ivec + n); len -= 16; out += 16; in += 16; diff --git a/crypto/openssl/crypto/modes/xts128.c b/crypto/openssl/crypto/modes/xts128.c index b5bda5e6402d9..fe1626c62e104 100644 --- a/crypto/openssl/crypto/modes/xts128.c +++ b/crypto/openssl/crypto/modes/xts128.c @@ -1,5 +1,5 @@ /* - * Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2011-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -11,6 +11,14 @@ #include "modes_local.h" #include <string.h> +#ifndef STRICT_ALIGNMENT +# ifdef __GNUC__ +typedef u64 u64_a1 __attribute((__aligned__(1))); +# else +typedef u64 u64_a1; +# endif +#endif + int CRYPTO_xts128_encrypt(const XTS128_CONTEXT *ctx, const unsigned char iv[16], const unsigned char *inp, unsigned char *out, @@ -45,8 +53,8 @@ int CRYPTO_xts128_encrypt(const XTS128_CONTEXT *ctx, scratch.u[0] ^= tweak.u[0]; scratch.u[1] ^= tweak.u[1]; #else - scratch.u[0] = ((u64 *)inp)[0] ^ tweak.u[0]; - scratch.u[1] = ((u64 *)inp)[1] ^ tweak.u[1]; + scratch.u[0] = ((u64_a1 *)inp)[0] ^ tweak.u[0]; + scratch.u[1] = ((u64_a1 *)inp)[1] ^ tweak.u[1]; #endif (*ctx->block1) (scratch.c, scratch.c, ctx->key1); #if defined(STRICT_ALIGNMENT) @@ -54,8 +62,8 @@ int CRYPTO_xts128_encrypt(const XTS128_CONTEXT *ctx, scratch.u[1] ^= tweak.u[1]; memcpy(out, scratch.c, 16); #else - ((u64 *)out)[0] = scratch.u[0] ^= tweak.u[0]; - ((u64 *)out)[1] = scratch.u[1] ^= tweak.u[1]; + ((u64_a1 *)out)[0] = scratch.u[0] ^= tweak.u[0]; + ((u64_a1 *)out)[1] = scratch.u[1] ^= tweak.u[1]; #endif inp += 16; out += 16; @@ -128,8 +136,8 @@ int CRYPTO_xts128_encrypt(const XTS128_CONTEXT *ctx, scratch.u[0] ^= tweak1.u[0]; scratch.u[1] ^= tweak1.u[1]; #else - scratch.u[0] = ((u64 *)inp)[0] ^ tweak1.u[0]; - scratch.u[1] = ((u64 *)inp)[1] ^ tweak1.u[1]; + scratch.u[0] = ((u64_a1 *)inp)[0] ^ tweak1.u[0]; + scratch.u[1] = ((u64_a1 *)inp)[1] ^ tweak1.u[1]; #endif (*ctx->block1) (scratch.c, scratch.c, ctx->key1); scratch.u[0] ^= tweak1.u[0]; @@ -148,8 +156,8 @@ int CRYPTO_xts128_encrypt(const XTS128_CONTEXT *ctx, scratch.u[1] ^= tweak.u[1]; memcpy(out, scratch.c, 16); #else - ((u64 *)out)[0] = scratch.u[0] ^ tweak.u[0]; - ((u64 *)out)[1] = scratch.u[1] ^ tweak.u[1]; + ((u64_a1 *)out)[0] = scratch.u[0] ^ tweak.u[0]; + ((u64_a1 *)out)[1] = scratch.u[1] ^ tweak.u[1]; #endif } diff --git a/crypto/openssl/crypto/o_str.c b/crypto/openssl/crypto/o_str.c index 9ad7a89dcadfe..eb9f21cc0c453 100644 --- a/crypto/openssl/crypto/o_str.c +++ b/crypto/openssl/crypto/o_str.c @@ -1,5 +1,5 @@ /* - * Copyright 2003-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2003-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -220,7 +220,7 @@ char *OPENSSL_buf2hexstr(const unsigned char *buffer, long len) int openssl_strerror_r(int errnum, char *buf, size_t buflen) { -#if defined(_MSC_VER) && _MSC_VER>=1400 +#if defined(_MSC_VER) && _MSC_VER>=1400 && !defined(_WIN32_WCE) return !strerror_s(buf, buflen, errnum); #elif defined(_GNU_SOURCE) char *err; diff --git a/crypto/openssl/crypto/o_time.c b/crypto/openssl/crypto/o_time.c index 6d764f55e2e8b..3502edda6238f 100644 --- a/crypto/openssl/crypto/o_time.c +++ b/crypto/openssl/crypto/o_time.c @@ -1,5 +1,5 @@ /* - * Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2001-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -41,7 +41,7 @@ struct tm *OPENSSL_gmtime(const time_t *timer, struct tm *result) if (gmtime_r(timer, result) == NULL) return NULL; ts = result; -#elif defined (OPENSSL_SYS_WINDOWS) && defined(_MSC_VER) && _MSC_VER >= 1400 +#elif defined (OPENSSL_SYS_WINDOWS) && defined(_MSC_VER) && _MSC_VER >= 1400 && !defined(_WIN32_WCE) if (gmtime_s(result, timer)) return NULL; ts = result; diff --git a/crypto/openssl/crypto/pem/pem_err.c b/crypto/openssl/crypto/pem/pem_err.c index f642030aa539f..0f3cb02407e69 100644 --- a/crypto/openssl/crypto/pem/pem_err.c +++ b/crypto/openssl/crypto/pem/pem_err.c @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -60,6 +60,8 @@ static const ERR_STRING_DATA PEM_str_functs[] = { {ERR_PACK(ERR_LIB_PEM, PEM_F_PEM_SIGNFINAL, 0), "PEM_SignFinal"}, {ERR_PACK(ERR_LIB_PEM, PEM_F_PEM_WRITE, 0), "PEM_write"}, {ERR_PACK(ERR_LIB_PEM, PEM_F_PEM_WRITE_BIO, 0), "PEM_write_bio"}, + {ERR_PACK(ERR_LIB_PEM, PEM_F_PEM_WRITE_BIO_PRIVATEKEY_TRADITIONAL, 0), + "PEM_write_bio_PrivateKey_traditional"}, {ERR_PACK(ERR_LIB_PEM, PEM_F_PEM_WRITE_PRIVATEKEY, 0), "PEM_write_PrivateKey"}, {ERR_PACK(ERR_LIB_PEM, PEM_F_PEM_X509_INFO_READ, 0), "PEM_X509_INFO_read"}, @@ -109,6 +111,8 @@ static const ERR_STRING_DATA PEM_str_reasons[] = { "unsupported encryption"}, {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_UNSUPPORTED_KEY_COMPONENTS), "unsupported key components"}, + {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_UNSUPPORTED_PUBLIC_KEY_TYPE), + "unsupported public key type"}, {0, NULL} }; diff --git a/crypto/openssl/crypto/pem/pem_lib.c b/crypto/openssl/crypto/pem/pem_lib.c index 64baf7108ea4f..a26322119aa7c 100644 --- a/crypto/openssl/crypto/pem/pem_lib.c +++ b/crypto/openssl/crypto/pem/pem_lib.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -332,7 +332,7 @@ int PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, BIO *bp, } } - if ((dsize = i2d(x, NULL)) < 0) { + if ((dsize = i2d(x, NULL)) <= 0) { PEMerr(PEM_F_PEM_ASN1_WRITE_BIO, ERR_R_ASN1_LIB); dsize = 0; goto err; @@ -791,7 +791,7 @@ static int get_header_and_data(BIO *bp, BIO **header, BIO **data, char *name, { BIO *tmp = *header; char *linebuf, *p; - int len, line, ret = 0, end = 0; + int len, line, ret = 0, end = 0, prev_partial_line_read = 0, partial_line_read = 0; /* 0 if not seen (yet), 1 if reading header, 2 if finished header */ enum header_status got_header = MAYBE_HEADER; unsigned int flags_mask; @@ -809,10 +809,18 @@ static int get_header_and_data(BIO *bp, BIO **header, BIO **data, char *name, flags_mask = ~0u; len = BIO_gets(bp, linebuf, LINESIZE); if (len <= 0) { - PEMerr(PEM_F_GET_HEADER_AND_DATA, PEM_R_SHORT_HEADER); + PEMerr(PEM_F_GET_HEADER_AND_DATA, PEM_R_BAD_END_LINE); goto err; } + /* + * Check if line has been read completely or if only part of the line + * has been read. Keep the previous value to ignore newlines that + * appear due to reading a line up until the char before the newline. + */ + prev_partial_line_read = partial_line_read; + partial_line_read = len == LINESIZE-1 && linebuf[LINESIZE-2] != '\n'; + if (got_header == MAYBE_HEADER) { if (memchr(linebuf, ':', len) != NULL) got_header = IN_HEADER; @@ -823,13 +831,19 @@ static int get_header_and_data(BIO *bp, BIO **header, BIO **data, char *name, /* Check for end of header. */ if (linebuf[0] == '\n') { - if (got_header == POST_HEADER) { - /* Another blank line is an error. */ - PEMerr(PEM_F_GET_HEADER_AND_DATA, PEM_R_BAD_END_LINE); - goto err; + /* + * If previous line has been read only partially this newline is a + * regular newline at the end of a line and not an empty line. + */ + if (!prev_partial_line_read) { + if (got_header == POST_HEADER) { + /* Another blank line is an error. */ + PEMerr(PEM_F_GET_HEADER_AND_DATA, PEM_R_BAD_END_LINE); + goto err; + } + got_header = POST_HEADER; + tmp = *data; } - got_header = POST_HEADER; - tmp = *data; continue; } diff --git a/crypto/openssl/crypto/pem/pem_pkey.c b/crypto/openssl/crypto/pem/pem_pkey.c index e58cdf4a3e0bf..4a94927244876 100644 --- a/crypto/openssl/crypto/pem/pem_pkey.c +++ b/crypto/openssl/crypto/pem/pem_pkey.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -108,6 +108,12 @@ int PEM_write_bio_PrivateKey_traditional(BIO *bp, EVP_PKEY *x, pem_password_cb *cb, void *u) { char pem_str[80]; + + if (x->ameth == NULL || x->ameth->old_priv_encode == NULL) { + PEMerr(PEM_F_PEM_WRITE_BIO_PRIVATEKEY_TRADITIONAL, + PEM_R_UNSUPPORTED_PUBLIC_KEY_TYPE); + return 0; + } BIO_snprintf(pem_str, 80, "%s PRIVATE KEY", x->ameth->pem_str); return PEM_ASN1_write_bio((i2d_of_void *)i2d_PrivateKey, pem_str, bp, x, enc, kstr, klen, cb, u); diff --git a/crypto/openssl/crypto/pem/pvkfmt.c b/crypto/openssl/crypto/pem/pvkfmt.c index 1fc19c17f913e..a933b7c1813c3 100644 --- a/crypto/openssl/crypto/pem/pvkfmt.c +++ b/crypto/openssl/crypto/pem/pvkfmt.c @@ -1,5 +1,5 @@ /* - * Copyright 2005-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2005-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -29,10 +29,10 @@ static unsigned int read_ledword(const unsigned char **in) { const unsigned char *p = *in; unsigned int ret; - ret = *p++; - ret |= (*p++ << 8); - ret |= (*p++ << 16); - ret |= (*p++ << 24); + ret = (unsigned int)*p++; + ret |= (unsigned int)*p++ << 8; + ret |= (unsigned int)*p++ << 16; + ret |= (unsigned int)*p++ << 24; *in = p; return ret; } @@ -875,9 +875,9 @@ int i2b_PVK_bio(BIO *out, EVP_PKEY *pk, int enclevel, wrlen = BIO_write(out, tmp, outlen); OPENSSL_free(tmp); if (wrlen == outlen) { - PEMerr(PEM_F_I2B_PVK_BIO, PEM_R_BIO_WRITE_FAILURE); return outlen; } + PEMerr(PEM_F_I2B_PVK_BIO, PEM_R_BIO_WRITE_FAILURE); return -1; } diff --git a/crypto/openssl/crypto/rand/drbg_ctr.c b/crypto/openssl/crypto/rand/drbg_ctr.c index 0f0ad1b37be47..a757d0a258ab9 100644 --- a/crypto/openssl/crypto/rand/drbg_ctr.c +++ b/crypto/openssl/crypto/rand/drbg_ctr.c @@ -63,15 +63,15 @@ static void ctr_XOR(RAND_DRBG_CTR *ctr, const unsigned char *in, size_t inlen) * Process a complete block using BCC algorithm of SP 800-90A 10.3.3 */ __owur static int ctr_BCC_block(RAND_DRBG_CTR *ctr, unsigned char *out, - const unsigned char *in) + const unsigned char *in, int len) { int i, outlen = AES_BLOCK_SIZE; - for (i = 0; i < 16; i++) + for (i = 0; i < len; i++) out[i] ^= in[i]; - if (!EVP_CipherUpdate(ctr->ctx_df, out, &outlen, out, AES_BLOCK_SIZE) - || outlen != AES_BLOCK_SIZE) + if (!EVP_CipherUpdate(ctr->ctx_df, out, &outlen, out, len) + || outlen != len) return 0; return 1; } @@ -82,12 +82,16 @@ __owur static int ctr_BCC_block(RAND_DRBG_CTR *ctr, unsigned char *out, */ __owur static int ctr_BCC_blocks(RAND_DRBG_CTR *ctr, const unsigned char *in) { - if (!ctr_BCC_block(ctr, ctr->KX, in) - || !ctr_BCC_block(ctr, ctr->KX + 16, in)) - return 0; - if (ctr->keylen != 16 && !ctr_BCC_block(ctr, ctr->KX + 32, in)) - return 0; - return 1; + unsigned char in_tmp[48]; + unsigned char num_of_blk = 2; + + memcpy(in_tmp, in, 16); + memcpy(in_tmp + 16, in, 16); + if (ctr->keylen != 16) { + memcpy(in_tmp + 32, in, 16); + num_of_blk = 3; + } + return ctr_BCC_block(ctr, ctr->KX, in_tmp, AES_BLOCK_SIZE * num_of_blk); } /* @@ -96,19 +100,14 @@ __owur static int ctr_BCC_blocks(RAND_DRBG_CTR *ctr, const unsigned char *in) */ __owur static int ctr_BCC_init(RAND_DRBG_CTR *ctr) { + unsigned char bltmp[48] = {0}; + unsigned char num_of_blk; + memset(ctr->KX, 0, 48); - memset(ctr->bltmp, 0, 16); - if (!ctr_BCC_block(ctr, ctr->KX, ctr->bltmp)) - return 0; - ctr->bltmp[3] = 1; - if (!ctr_BCC_block(ctr, ctr->KX + 16, ctr->bltmp)) - return 0; - if (ctr->keylen != 16) { - ctr->bltmp[3] = 2; - if (!ctr_BCC_block(ctr, ctr->KX + 32, ctr->bltmp)) - return 0; - } - return 1; + num_of_blk = ctr->keylen == 16 ? 2 : 3; + bltmp[(AES_BLOCK_SIZE * 1) + 3] = 1; + bltmp[(AES_BLOCK_SIZE * 2) + 3] = 2; + return ctr_BCC_block(ctr, ctr->KX, bltmp, num_of_blk * AES_BLOCK_SIZE); } /* @@ -197,20 +196,20 @@ __owur static int ctr_df(RAND_DRBG_CTR *ctr, || !ctr_BCC_final(ctr)) return 0; /* Set up key K */ - if (!EVP_CipherInit_ex(ctr->ctx, ctr->cipher, NULL, ctr->KX, NULL, 1)) + if (!EVP_CipherInit_ex(ctr->ctx_ecb, NULL, NULL, ctr->KX, NULL, -1)) return 0; /* X follows key K */ - if (!EVP_CipherUpdate(ctr->ctx, ctr->KX, &outlen, ctr->KX + ctr->keylen, + if (!EVP_CipherUpdate(ctr->ctx_ecb, ctr->KX, &outlen, ctr->KX + ctr->keylen, AES_BLOCK_SIZE) || outlen != AES_BLOCK_SIZE) return 0; - if (!EVP_CipherUpdate(ctr->ctx, ctr->KX + 16, &outlen, ctr->KX, + if (!EVP_CipherUpdate(ctr->ctx_ecb, ctr->KX + 16, &outlen, ctr->KX, AES_BLOCK_SIZE) || outlen != AES_BLOCK_SIZE) return 0; if (ctr->keylen != 16) - if (!EVP_CipherUpdate(ctr->ctx, ctr->KX + 32, &outlen, ctr->KX + 16, - AES_BLOCK_SIZE) + if (!EVP_CipherUpdate(ctr->ctx_ecb, ctr->KX + 32, &outlen, + ctr->KX + 16, AES_BLOCK_SIZE) || outlen != AES_BLOCK_SIZE) return 0; return 1; @@ -229,31 +228,25 @@ __owur static int ctr_update(RAND_DRBG *drbg, { RAND_DRBG_CTR *ctr = &drbg->data.ctr; int outlen = AES_BLOCK_SIZE; + unsigned char V_tmp[48], out[48]; + unsigned char len; /* correct key is already set up. */ + memcpy(V_tmp, ctr->V, 16); inc_128(ctr); - if (!EVP_CipherUpdate(ctr->ctx, ctr->K, &outlen, ctr->V, AES_BLOCK_SIZE) - || outlen != AES_BLOCK_SIZE) - return 0; - - /* If keylen longer than 128 bits need extra encrypt */ - if (ctr->keylen != 16) { + memcpy(V_tmp + 16, ctr->V, 16); + if (ctr->keylen == 16) { + len = 32; + } else { inc_128(ctr); - if (!EVP_CipherUpdate(ctr->ctx, ctr->K+16, &outlen, ctr->V, - AES_BLOCK_SIZE) - || outlen != AES_BLOCK_SIZE) - return 0; + memcpy(V_tmp + 32, ctr->V, 16); + len = 48; } - inc_128(ctr); - if (!EVP_CipherUpdate(ctr->ctx, ctr->V, &outlen, ctr->V, AES_BLOCK_SIZE) - || outlen != AES_BLOCK_SIZE) + if (!EVP_CipherUpdate(ctr->ctx_ecb, out, &outlen, V_tmp, len) + || outlen != len) return 0; - - /* If 192 bit key part of V is on end of K */ - if (ctr->keylen == 24) { - memcpy(ctr->V + 8, ctr->V, 8); - memcpy(ctr->V, ctr->K + 24, 8); - } + memcpy(ctr->K, out, ctr->keylen); + memcpy(ctr->V, out + ctr->keylen, 16); if ((drbg->flags & RAND_DRBG_FLAG_CTR_NO_DF) == 0) { /* If no input reuse existing derived value */ @@ -268,7 +261,8 @@ __owur static int ctr_update(RAND_DRBG *drbg, ctr_XOR(ctr, in2, in2len); } - if (!EVP_CipherInit_ex(ctr->ctx, ctr->cipher, NULL, ctr->K, NULL, 1)) + if (!EVP_CipherInit_ex(ctr->ctx_ecb, NULL, NULL, ctr->K, NULL, -1) + || !EVP_CipherInit_ex(ctr->ctx_ctr, NULL, NULL, ctr->K, NULL, -1)) return 0; return 1; } @@ -285,8 +279,10 @@ __owur static int drbg_ctr_instantiate(RAND_DRBG *drbg, memset(ctr->K, 0, sizeof(ctr->K)); memset(ctr->V, 0, sizeof(ctr->V)); - if (!EVP_CipherInit_ex(ctr->ctx, ctr->cipher, NULL, ctr->K, NULL, 1)) + if (!EVP_CipherInit_ex(ctr->ctx_ecb, NULL, NULL, ctr->K, NULL, -1)) return 0; + + inc_128(ctr); if (!ctr_update(drbg, entropy, entropylen, pers, perslen, nonce, noncelen)) return 0; return 1; @@ -296,20 +292,40 @@ __owur static int drbg_ctr_reseed(RAND_DRBG *drbg, const unsigned char *entropy, size_t entropylen, const unsigned char *adin, size_t adinlen) { + RAND_DRBG_CTR *ctr = &drbg->data.ctr; + if (entropy == NULL) return 0; + + inc_128(ctr); if (!ctr_update(drbg, entropy, entropylen, adin, adinlen, NULL, 0)) return 0; return 1; } +static void ctr96_inc(unsigned char *counter) +{ + u32 n = 12, c = 1; + + do { + --n; + c += counter[n]; + counter[n] = (u8)c; + c >>= 8; + } while (n); +} + __owur static int drbg_ctr_generate(RAND_DRBG *drbg, unsigned char *out, size_t outlen, const unsigned char *adin, size_t adinlen) { RAND_DRBG_CTR *ctr = &drbg->data.ctr; + unsigned int ctr32, blocks; + int outl, buflen; if (adin != NULL && adinlen != 0) { + inc_128(ctr); + if (!ctr_update(drbg, adin, adinlen, NULL, 0, NULL, 0)) return 0; /* This means we reuse derived value */ @@ -321,28 +337,53 @@ __owur static int drbg_ctr_generate(RAND_DRBG *drbg, adinlen = 0; } - for ( ; ; ) { - int outl = AES_BLOCK_SIZE; + inc_128(ctr); + if (outlen == 0) { inc_128(ctr); - if (outlen < 16) { - /* Use K as temp space as it will be updated */ - if (!EVP_CipherUpdate(ctr->ctx, ctr->K, &outl, ctr->V, - AES_BLOCK_SIZE) - || outl != AES_BLOCK_SIZE) - return 0; - memcpy(out, ctr->K, outlen); - break; - } - if (!EVP_CipherUpdate(ctr->ctx, out, &outl, ctr->V, AES_BLOCK_SIZE) - || outl != AES_BLOCK_SIZE) + + if (!ctr_update(drbg, adin, adinlen, NULL, 0, NULL, 0)) return 0; - out += 16; - outlen -= 16; - if (outlen == 0) - break; + return 1; } + memset(out, 0, outlen); + + do { + if (!EVP_CipherInit_ex(ctr->ctx_ctr, + NULL, NULL, NULL, ctr->V, -1)) + return 0; + + /*- + * outlen has type size_t while EVP_CipherUpdate takes an + * int argument and thus cannot be guaranteed to process more + * than 2^31-1 bytes at a time. We process such huge generate + * requests in 2^30 byte chunks, which is the greatest multiple + * of AES block size lower than or equal to 2^31-1. + */ + buflen = outlen > (1U << 30) ? (1U << 30) : outlen; + blocks = (buflen + 15) / 16; + + ctr32 = GETU32(ctr->V + 12) + blocks; + if (ctr32 < blocks) { + /* 32-bit counter overflow into V. */ + if (ctr32 != 0) { + blocks -= ctr32; + buflen = blocks * 16; + ctr32 = 0; + } + ctr96_inc(ctr->V); + } + PUTU32(ctr->V + 12, ctr32); + + if (!EVP_CipherUpdate(ctr->ctx_ctr, out, &outl, out, buflen) + || outl != buflen) + return 0; + + out += buflen; + outlen -= buflen; + } while (outlen); + if (!ctr_update(drbg, adin, adinlen, NULL, 0, NULL, 0)) return 0; return 1; @@ -350,7 +391,8 @@ __owur static int drbg_ctr_generate(RAND_DRBG *drbg, static int drbg_ctr_uninstantiate(RAND_DRBG *drbg) { - EVP_CIPHER_CTX_free(drbg->data.ctr.ctx); + EVP_CIPHER_CTX_free(drbg->data.ctr.ctx_ecb); + EVP_CIPHER_CTX_free(drbg->data.ctr.ctx_ctr); EVP_CIPHER_CTX_free(drbg->data.ctr.ctx_df); OPENSSL_cleanse(&drbg->data.ctr, sizeof(drbg->data.ctr)); return 1; @@ -374,25 +416,36 @@ int drbg_ctr_init(RAND_DRBG *drbg) return 0; case NID_aes_128_ctr: keylen = 16; - ctr->cipher = EVP_aes_128_ecb(); + ctr->cipher_ecb = EVP_aes_128_ecb(); + ctr->cipher_ctr = EVP_aes_128_ctr(); break; case NID_aes_192_ctr: keylen = 24; - ctr->cipher = EVP_aes_192_ecb(); + ctr->cipher_ecb = EVP_aes_192_ecb(); + ctr->cipher_ctr = EVP_aes_192_ctr(); break; case NID_aes_256_ctr: keylen = 32; - ctr->cipher = EVP_aes_256_ecb(); + ctr->cipher_ecb = EVP_aes_256_ecb(); + ctr->cipher_ctr = EVP_aes_256_ctr(); break; } drbg->meth = &drbg_ctr_meth; ctr->keylen = keylen; - if (ctr->ctx == NULL) - ctr->ctx = EVP_CIPHER_CTX_new(); - if (ctr->ctx == NULL) + if (ctr->ctx_ecb == NULL) + ctr->ctx_ecb = EVP_CIPHER_CTX_new(); + if (ctr->ctx_ctr == NULL) + ctr->ctx_ctr = EVP_CIPHER_CTX_new(); + if (ctr->ctx_ecb == NULL || ctr->ctx_ctr == NULL + || !EVP_CipherInit_ex(ctr->ctx_ecb, + ctr->cipher_ecb, NULL, NULL, NULL, 1) + || !EVP_CipherInit_ex(ctr->ctx_ctr, + ctr->cipher_ctr, NULL, NULL, NULL, 1)) return 0; + + drbg->meth = &drbg_ctr_meth; drbg->strength = keylen * 8; drbg->seedlen = keylen + 16; @@ -410,7 +463,8 @@ int drbg_ctr_init(RAND_DRBG *drbg) if (ctr->ctx_df == NULL) return 0; /* Set key schedule for df_key */ - if (!EVP_CipherInit_ex(ctr->ctx_df, ctr->cipher, NULL, df_key, NULL, 1)) + if (!EVP_CipherInit_ex(ctr->ctx_df, + ctr->cipher_ecb, NULL, df_key, NULL, 1)) return 0; drbg->min_entropylen = ctr->keylen; diff --git a/crypto/openssl/crypto/rand/drbg_lib.c b/crypto/openssl/crypto/rand/drbg_lib.c index faf0590c6c281..8c7c28c9703a4 100644 --- a/crypto/openssl/crypto/rand/drbg_lib.c +++ b/crypto/openssl/crypto/rand/drbg_lib.c @@ -327,13 +327,6 @@ int RAND_DRBG_instantiate(RAND_DRBG *drbg, max_entropylen += drbg->max_noncelen; } - drbg->reseed_next_counter = tsan_load(&drbg->reseed_prop_counter); - if (drbg->reseed_next_counter) { - drbg->reseed_next_counter++; - if(!drbg->reseed_next_counter) - drbg->reseed_next_counter = 1; - } - if (drbg->get_entropy != NULL) entropylen = drbg->get_entropy(drbg, &entropy, min_entropy, min_entropylen, max_entropylen, 0); @@ -359,9 +352,15 @@ int RAND_DRBG_instantiate(RAND_DRBG *drbg, } drbg->state = DRBG_READY; - drbg->reseed_gen_counter = 1; + drbg->generate_counter = 1; drbg->reseed_time = time(NULL); - tsan_store(&drbg->reseed_prop_counter, drbg->reseed_next_counter); + if (drbg->enable_reseed_propagation) { + if (drbg->parent == NULL) + tsan_counter(&drbg->reseed_counter); + else + tsan_store(&drbg->reseed_counter, + tsan_load(&drbg->parent->reseed_counter)); + } end: if (entropy != NULL && drbg->cleanup_entropy != NULL) @@ -428,14 +427,6 @@ int RAND_DRBG_reseed(RAND_DRBG *drbg, } drbg->state = DRBG_ERROR; - - drbg->reseed_next_counter = tsan_load(&drbg->reseed_prop_counter); - if (drbg->reseed_next_counter) { - drbg->reseed_next_counter++; - if(!drbg->reseed_next_counter) - drbg->reseed_next_counter = 1; - } - if (drbg->get_entropy != NULL) entropylen = drbg->get_entropy(drbg, &entropy, drbg->strength, drbg->min_entropylen, @@ -451,9 +442,15 @@ int RAND_DRBG_reseed(RAND_DRBG *drbg, goto end; drbg->state = DRBG_READY; - drbg->reseed_gen_counter = 1; + drbg->generate_counter = 1; drbg->reseed_time = time(NULL); - tsan_store(&drbg->reseed_prop_counter, drbg->reseed_next_counter); + if (drbg->enable_reseed_propagation) { + if (drbg->parent == NULL) + tsan_counter(&drbg->reseed_counter); + else + tsan_store(&drbg->reseed_counter, + tsan_load(&drbg->parent->reseed_counter)); + } end: if (entropy != NULL && drbg->cleanup_entropy != NULL) @@ -554,7 +551,9 @@ int rand_drbg_restart(RAND_DRBG *drbg, drbg->meth->reseed(drbg, adin, adinlen, NULL, 0); } else if (reseeded == 0) { /* do a full reseeding if it has not been done yet above */ - RAND_DRBG_reseed(drbg, NULL, 0, 0); + if (!RAND_DRBG_reseed(drbg, NULL, 0, 0)) { + RANDerr(RAND_F_RAND_DRBG_RESTART, RAND_R_RESEED_ERROR); + } } } @@ -612,7 +611,7 @@ int RAND_DRBG_generate(RAND_DRBG *drbg, unsigned char *out, size_t outlen, } if (drbg->reseed_interval > 0) { - if (drbg->reseed_gen_counter >= drbg->reseed_interval) + if (drbg->generate_counter >= drbg->reseed_interval) reseed_required = 1; } if (drbg->reseed_time_interval > 0) { @@ -621,11 +620,8 @@ int RAND_DRBG_generate(RAND_DRBG *drbg, unsigned char *out, size_t outlen, || now - drbg->reseed_time >= drbg->reseed_time_interval) reseed_required = 1; } - if (drbg->parent != NULL) { - unsigned int reseed_counter = tsan_load(&drbg->reseed_prop_counter); - if (reseed_counter > 0 - && tsan_load(&drbg->parent->reseed_prop_counter) - != reseed_counter) + if (drbg->enable_reseed_propagation && drbg->parent != NULL) { + if (drbg->reseed_counter != tsan_load(&drbg->parent->reseed_counter)) reseed_required = 1; } @@ -644,7 +640,7 @@ int RAND_DRBG_generate(RAND_DRBG *drbg, unsigned char *out, size_t outlen, return 0; } - drbg->reseed_gen_counter++; + drbg->generate_counter++; return 1; } @@ -706,8 +702,7 @@ int RAND_DRBG_set_callbacks(RAND_DRBG *drbg, RAND_DRBG_get_nonce_fn get_nonce, RAND_DRBG_cleanup_nonce_fn cleanup_nonce) { - if (drbg->state != DRBG_UNINITIALISED - || drbg->parent != NULL) + if (drbg->state != DRBG_UNINITIALISED) return 0; drbg->get_entropy = get_entropy; drbg->cleanup_entropy = cleanup_entropy; @@ -883,8 +878,9 @@ static RAND_DRBG *drbg_setup(RAND_DRBG *parent) if (parent == NULL && rand_drbg_enable_locking(drbg) == 0) goto err; - /* enable seed propagation */ - tsan_store(&drbg->reseed_prop_counter, 1); + /* enable reseed propagation */ + drbg->enable_reseed_propagation = 1; + drbg->reseed_counter = 1; /* * Ignore instantiation error to support just-in-time instantiation. diff --git a/crypto/openssl/crypto/rand/rand_lib.c b/crypto/openssl/crypto/rand/rand_lib.c index ab4e9b5486cb3..ba3a29e584685 100644 --- a/crypto/openssl/crypto/rand/rand_lib.c +++ b/crypto/openssl/crypto/rand/rand_lib.c @@ -174,8 +174,6 @@ size_t rand_drbg_get_entropy(RAND_DRBG *drbg, prediction_resistance, (unsigned char *)&drbg, sizeof(drbg)) != 0) bytes = bytes_needed; - drbg->reseed_next_counter - = tsan_load(&drbg->parent->reseed_prop_counter); rand_drbg_unlock(drbg->parent); rand_pool_add_end(pool, bytes, 8 * bytes); diff --git a/crypto/openssl/crypto/rand/rand_local.h b/crypto/openssl/crypto/rand/rand_local.h index 1bc9bf7d266dd..a5de5252dcdcc 100644 --- a/crypto/openssl/crypto/rand/rand_local.h +++ b/crypto/openssl/crypto/rand/rand_local.h @@ -138,9 +138,11 @@ typedef struct rand_drbg_method_st { * The state of a DRBG AES-CTR. */ typedef struct rand_drbg_ctr_st { - EVP_CIPHER_CTX *ctx; + EVP_CIPHER_CTX *ctx_ecb; + EVP_CIPHER_CTX *ctx_ctr; EVP_CIPHER_CTX *ctx_df; - const EVP_CIPHER *cipher; + const EVP_CIPHER *cipher_ecb; + const EVP_CIPHER *cipher_ctr; size_t keylen; unsigned char K[32]; unsigned char V[16]; @@ -233,7 +235,7 @@ struct rand_drbg_st { size_t max_perslen, max_adinlen; /* Counts the number of generate requests since the last reseed. */ - unsigned int reseed_gen_counter; + unsigned int generate_counter; /* * Maximum number of generate requests until a reseed is required. * This value is ignored if it is zero. @@ -246,9 +248,15 @@ struct rand_drbg_st { * This value is ignored if it is zero. */ time_t reseed_time_interval; + + /* + * Enables reseed propagation (see following comment) + */ + unsigned int enable_reseed_propagation; + /* * Counts the number of reseeds since instantiation. - * This value is ignored if it is zero. + * This value is ignored if enable_reseed_propagation is zero. * * This counter is used only for seed propagation from the <master> DRBG * to its two children, the <public> and <private> DRBG. This feature is @@ -256,8 +264,7 @@ struct rand_drbg_st { * is added by RAND_add() or RAND_seed() will have an immediate effect on * the output of RAND_bytes() resp. RAND_priv_bytes(). */ - TSAN_QUALIFIER unsigned int reseed_prop_counter; - unsigned int reseed_next_counter; + TSAN_QUALIFIER unsigned int reseed_counter; size_t seedlen; DRBG_STATUS state; diff --git a/crypto/openssl/crypto/rand/rand_unix.c b/crypto/openssl/crypto/rand/rand_unix.c index fe457cab4a3b1..da66773e4ab91 100644 --- a/crypto/openssl/crypto/rand/rand_unix.c +++ b/crypto/openssl/crypto/rand/rand_unix.c @@ -26,12 +26,12 @@ # include <sys/utsname.h> # endif #endif -#if defined(__FreeBSD__) && !defined(OPENSSL_SYS_UEFI) +#if (defined(__FreeBSD__) || defined(__NetBSD__)) && !defined(OPENSSL_SYS_UEFI) # include <sys/types.h> # include <sys/sysctl.h> # include <sys/param.h> #endif -#if defined(__OpenBSD__) || defined(__NetBSD__) +#if defined(__OpenBSD__) # include <sys/param.h> #endif @@ -247,10 +247,12 @@ static ssize_t sysctl_random(char *buf, size_t buflen) * when the sysctl returns long and we want to request something not a * multiple of longs, which should never be the case. */ +#if defined(__FreeBSD__) if (!ossl_assert(buflen % sizeof(long) == 0)) { errno = EINVAL; return -1; } +#endif /* * On NetBSD before 4.0 KERN_ARND was an alias for KERN_URND, and only @@ -268,7 +270,7 @@ static ssize_t sysctl_random(char *buf, size_t buflen) mib[1] = KERN_ARND; do { - len = buflen; + len = buflen > 256 ? 256 : buflen; if (sysctl(mib, 2, buf, &len, NULL, 0) == -1) return done > 0 ? done : -1; done += len; @@ -409,7 +411,8 @@ static struct random_device { } random_devices[OSSL_NELEM(random_device_paths)]; static int keep_random_devices_open = 1; -# if defined(__linux) && defined(DEVRANDOM_WAIT) +# if defined(__linux) && defined(DEVRANDOM_WAIT) \ + && defined(OPENSSL_RAND_SEED_GETRANDOM) static void *shm_addr; static void cleanup_shm(void) @@ -487,7 +490,7 @@ static int wait_random_seeded(void) } return seeded; } -# else /* defined __linux */ +# else /* defined __linux && DEVRANDOM_WAIT && OPENSSL_RAND_SEED_GETRANDOM */ static int wait_random_seeded(void) { return 1; diff --git a/crypto/openssl/crypto/rand/randfile.c b/crypto/openssl/crypto/rand/randfile.c index ba121eefbf09d..229ce864a3123 100644 --- a/crypto/openssl/crypto/rand/randfile.c +++ b/crypto/openssl/crypto/rand/randfile.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -26,7 +26,7 @@ #ifndef OPENSSL_NO_POSIX_IO # include <sys/stat.h> # include <fcntl.h> -# ifdef _WIN32 +# if defined(_WIN32) && !defined(_WIN32_WCE) # include <windows.h> # include <io.h> # define stat _stat diff --git a/crypto/openssl/crypto/rsa/rsa_ameth.c b/crypto/openssl/crypto/rsa/rsa_ameth.c index 6692a51ed8fe4..fb045544a832f 100644 --- a/crypto/openssl/crypto/rsa/rsa_ameth.c +++ b/crypto/openssl/crypto/rsa/rsa_ameth.c @@ -1,5 +1,5 @@ /* - * Copyright 2006-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2006-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -118,6 +118,15 @@ static int rsa_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey) static int rsa_pub_cmp(const EVP_PKEY *a, const EVP_PKEY *b) { + /* + * Don't check the public/private key, this is mostly for smart + * cards. + */ + if (((RSA_flags(a->pkey.rsa) & RSA_METHOD_FLAG_NO_CHECK)) + || (RSA_flags(b->pkey.rsa) & RSA_METHOD_FLAG_NO_CHECK)) { + return 1; + } + if (BN_cmp(b->pkey.rsa->n, a->pkey.rsa->n) != 0 || BN_cmp(b->pkey.rsa->e, a->pkey.rsa->e) != 0) return 0; diff --git a/crypto/openssl/crypto/store/loader_file.c b/crypto/openssl/crypto/store/loader_file.c index 8f1d20e74aa4f..9c9e3bd085068 100644 --- a/crypto/openssl/crypto/store/loader_file.c +++ b/crypto/openssl/crypto/store/loader_file.c @@ -1,5 +1,5 @@ /* - * Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -429,6 +429,42 @@ static OSSL_STORE_INFO *try_decode_PrivateKey(const char *pem_name, } } else { int i; +#ifndef OPENSSL_NO_ENGINE + ENGINE *curengine = ENGINE_get_first(); + + while (curengine != NULL) { + ENGINE_PKEY_ASN1_METHS_PTR asn1meths = + ENGINE_get_pkey_asn1_meths(curengine); + + if (asn1meths != NULL) { + const int *nids = NULL; + int nids_n = asn1meths(curengine, NULL, &nids, 0); + + for (i = 0; i < nids_n; i++) { + EVP_PKEY_ASN1_METHOD *ameth2 = NULL; + EVP_PKEY *tmp_pkey = NULL; + const unsigned char *tmp_blob = blob; + + if (!asn1meths(curengine, &ameth2, NULL, nids[i])) + continue; + if (ameth2 == NULL + || ameth2->pkey_flags & ASN1_PKEY_ALIAS) + continue; + + tmp_pkey = d2i_PrivateKey(ameth2->pkey_id, NULL, + &tmp_blob, len); + if (tmp_pkey != NULL) { + if (pkey != NULL) + EVP_PKEY_free(tmp_pkey); + else + pkey = tmp_pkey; + (*matchcount)++; + } + } + } + curengine = ENGINE_get_next(curengine); + } +#endif for (i = 0; i < EVP_PKEY_asn1_get_count(); i++) { EVP_PKEY *tmp_pkey = NULL; diff --git a/crypto/openssl/crypto/store/store_lib.c b/crypto/openssl/crypto/store/store_lib.c index fb8184d2d9b54..fb71f84725b12 100644 --- a/crypto/openssl/crypto/store/store_lib.c +++ b/crypto/openssl/crypto/store/store_lib.c @@ -1,5 +1,5 @@ /* - * Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -218,7 +218,11 @@ int OSSL_STORE_eof(OSSL_STORE_CTX *ctx) int OSSL_STORE_close(OSSL_STORE_CTX *ctx) { - int loader_ret = ctx->loader->close(ctx->loader_ctx); + int loader_ret; + + if (ctx == NULL) + return 1; + loader_ret = ctx->loader->close(ctx->loader_ctx); OPENSSL_free(ctx); return loader_ret; diff --git a/crypto/openssl/crypto/ts/ts_rsp_sign.c b/crypto/openssl/crypto/ts/ts_rsp_sign.c index 041a187da68c6..342582f024b2a 100644 --- a/crypto/openssl/crypto/ts/ts_rsp_sign.c +++ b/crypto/openssl/crypto/ts/ts_rsp_sign.c @@ -57,12 +57,14 @@ static ASN1_INTEGER *def_serial_cb(struct TS_resp_ctx *ctx, void *data) goto err; if (!ASN1_INTEGER_set(serial, 1)) goto err; + return serial; err: TSerr(TS_F_DEF_SERIAL_CB, ERR_R_MALLOC_FAILURE); TS_RESP_CTX_set_status_info(ctx, TS_STATUS_REJECTION, "Error during serial number generation."); + ASN1_INTEGER_free(serial); return NULL; } diff --git a/crypto/openssl/crypto/ui/ui_openssl.c b/crypto/openssl/crypto/ui/ui_openssl.c index 168de4630dcc0..9526c16536cbe 100644 --- a/crypto/openssl/crypto/ui/ui_openssl.c +++ b/crypto/openssl/crypto/ui/ui_openssl.c @@ -1,5 +1,5 @@ /* - * Copyright 2001-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2001-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -439,6 +439,16 @@ static int open_console(UI *ui) is_a_tty = 0; else # endif +# ifdef EPERM + /* + * Linux can return EPERM (Operation not permitted), + * e.g. if a daemon executes openssl via fork()+execve() + * This should be ok + */ + if (errno == EPERM) + is_a_tty = 0; + else +# endif # ifdef ENODEV /* * MacOS X returns ENODEV (Operation not supported by device), diff --git a/crypto/openssl/crypto/whrlpool/wp_block.c b/crypto/openssl/crypto/whrlpool/wp_block.c index c21c04dbc1bbf..39ad009c01bfb 100644 --- a/crypto/openssl/crypto/whrlpool/wp_block.c +++ b/crypto/openssl/crypto/whrlpool/wp_block.c @@ -1,5 +1,5 @@ /* - * Copyright 2005-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2005-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -63,6 +63,20 @@ typedef unsigned long long u64; # undef STRICT_ALIGNMENT #endif +#ifndef STRICT_ALIGNMENT +# ifdef __GNUC__ +typedef u64 u64_a1 __attribute((__aligned__(1))); +# else +typedef u64 u64_a1; +# endif +#endif + +#if defined(__GNUC__) && !defined(STRICT_ALIGNMENT) +typedef u64 u64_aX __attribute((__aligned__(1))); +#else +typedef u64 u64_aX; +#endif + #undef SMALL_REGISTER_BANK #if defined(__i386) || defined(__i386__) || defined(_M_IX86) # define SMALL_REGISTER_BANK @@ -191,13 +205,13 @@ typedef unsigned long long u64; # define LL(c0,c1,c2,c3,c4,c5,c6,c7) c0,c1,c2,c3,c4,c5,c6,c7, \ c0,c1,c2,c3,c4,c5,c6,c7 # define C0(K,i) (((u64*)(Cx.c+0))[2*K.c[(i)*8+0]]) -# define C1(K,i) (((u64*)(Cx.c+7))[2*K.c[(i)*8+1]]) -# define C2(K,i) (((u64*)(Cx.c+6))[2*K.c[(i)*8+2]]) -# define C3(K,i) (((u64*)(Cx.c+5))[2*K.c[(i)*8+3]]) -# define C4(K,i) (((u64*)(Cx.c+4))[2*K.c[(i)*8+4]]) -# define C5(K,i) (((u64*)(Cx.c+3))[2*K.c[(i)*8+5]]) -# define C6(K,i) (((u64*)(Cx.c+2))[2*K.c[(i)*8+6]]) -# define C7(K,i) (((u64*)(Cx.c+1))[2*K.c[(i)*8+7]]) +# define C1(K,i) (((u64_a1*)(Cx.c+7))[2*K.c[(i)*8+1]]) +# define C2(K,i) (((u64_a1*)(Cx.c+6))[2*K.c[(i)*8+2]]) +# define C3(K,i) (((u64_a1*)(Cx.c+5))[2*K.c[(i)*8+3]]) +# define C4(K,i) (((u64_a1*)(Cx.c+4))[2*K.c[(i)*8+4]]) +# define C5(K,i) (((u64_a1*)(Cx.c+3))[2*K.c[(i)*8+5]]) +# define C6(K,i) (((u64_a1*)(Cx.c+2))[2*K.c[(i)*8+6]]) +# define C7(K,i) (((u64_a1*)(Cx.c+1))[2*K.c[(i)*8+7]]) #endif static const @@ -531,7 +545,7 @@ void whirlpool_block(WHIRLPOOL_CTX *ctx, const void *inp, size_t n) } else # endif { - const u64 *pa = (const u64 *)p; + const u64_aX *pa = (const u64_aX *)p; S.q[0] = (K.q[0] = H->q[0]) ^ pa[0]; S.q[1] = (K.q[1] = H->q[1]) ^ pa[1]; S.q[2] = (K.q[2] = H->q[2]) ^ pa[2]; @@ -769,7 +783,7 @@ void whirlpool_block(WHIRLPOOL_CTX *ctx, const void *inp, size_t n) } else # endif { - const u64 *pa = (const u64 *)p; + const u64_aX *pa = (const u64_aX *)p; H->q[0] ^= S.q[0] ^ pa[0]; H->q[1] ^= S.q[1] ^ pa[1]; H->q[2] ^= S.q[2] ^ pa[2]; diff --git a/crypto/openssl/crypto/x509/x509_err.c b/crypto/openssl/crypto/x509/x509_err.c index c110d908090e6..bdd1e67cd3fd3 100644 --- a/crypto/openssl/crypto/x509/x509_err.c +++ b/crypto/openssl/crypto/x509/x509_err.c @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -79,6 +79,7 @@ static const ERR_STRING_DATA X509_str_functs[] = { {ERR_PACK(ERR_LIB_X509, X509_F_X509_PRINT_EX_FP, 0), "X509_print_ex_fp"}, {ERR_PACK(ERR_LIB_X509, X509_F_X509_PUBKEY_DECODE, 0), "x509_pubkey_decode"}, + {ERR_PACK(ERR_LIB_X509, X509_F_X509_PUBKEY_GET, 0), "X509_PUBKEY_get"}, {ERR_PACK(ERR_LIB_X509, X509_F_X509_PUBKEY_GET0, 0), "X509_PUBKEY_get0"}, {ERR_PACK(ERR_LIB_X509, X509_F_X509_PUBKEY_SET, 0), "X509_PUBKEY_set"}, {ERR_PACK(ERR_LIB_X509, X509_F_X509_REQ_CHECK_PRIVATE_KEY, 0), diff --git a/crypto/openssl/crypto/x509/x509_local.h b/crypto/openssl/crypto/x509/x509_local.h index c517a77456371..10807e1def045 100644 --- a/crypto/openssl/crypto/x509/x509_local.h +++ b/crypto/openssl/crypto/x509/x509_local.h @@ -1,5 +1,5 @@ /* - * Copyright 2014-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2014-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -145,3 +145,5 @@ DEFINE_STACK_OF(STACK_OF_X509_NAME_ENTRY) void x509_set_signature_info(X509_SIG_INFO *siginf, const X509_ALGOR *alg, const ASN1_STRING *sig); +int x509_likely_issued(X509 *issuer, X509 *subject); +int x509_signing_allowed(const X509 *issuer, const X509 *subject); diff --git a/crypto/openssl/crypto/x509/x509_req.c b/crypto/openssl/crypto/x509/x509_req.c index 7ba0f26495f97..dd674926ddb5f 100644 --- a/crypto/openssl/crypto/x509/x509_req.c +++ b/crypto/openssl/crypto/x509/x509_req.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -286,6 +286,18 @@ void X509_REQ_get0_signature(const X509_REQ *req, const ASN1_BIT_STRING **psig, *palg = &req->sig_alg; } +void X509_REQ_set0_signature(X509_REQ *req, ASN1_BIT_STRING *psig) +{ + if (req->signature) + ASN1_BIT_STRING_free(req->signature); + req->signature = psig; +} + +int X509_REQ_set1_signature_algo(X509_REQ *req, X509_ALGOR *palg) +{ + return X509_ALGOR_copy(&req->sig_alg, palg); +} + int X509_REQ_get_signature_nid(const X509_REQ *req) { return OBJ_obj2nid(req->sig_alg.algorithm); diff --git a/crypto/openssl/crypto/x509/x509_txt.c b/crypto/openssl/crypto/x509/x509_txt.c index 4755b39eb4eb6..02bde640d8e8d 100644 --- a/crypto/openssl/crypto/x509/x509_txt.c +++ b/crypto/openssl/crypto/x509/x509_txt.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -174,6 +174,8 @@ const char *X509_verify_cert_error_string(long n) return "OCSP verification failed"; case X509_V_ERR_OCSP_CERT_UNKNOWN: return "OCSP unknown cert"; + case X509_V_ERR_EC_KEY_EXPLICIT_PARAMS: + return "Certificate public key has explicit ECC parameters"; default: /* Printing an error number into a static buffer is not thread-safe */ diff --git a/crypto/openssl/crypto/x509/x509_vfy.c b/crypto/openssl/crypto/x509/x509_vfy.c index 41625e75ad6a6..801055f5a0877 100644 --- a/crypto/openssl/crypto/x509/x509_vfy.c +++ b/crypto/openssl/crypto/x509/x509_vfy.c @@ -80,6 +80,7 @@ static int get_issuer_sk(X509 **issuer, X509_STORE_CTX *ctx, X509 *x); static int check_dane_issuer(X509_STORE_CTX *ctx, int depth); static int check_key_level(X509_STORE_CTX *ctx, X509 *cert); static int check_sig_level(X509_STORE_CTX *ctx, X509 *cert); +static int check_curve(X509 *cert); static int get_crl_score(X509_STORE_CTX *ctx, X509 **pissuer, unsigned int *preasons, X509_CRL *crl, X509 *x); @@ -104,7 +105,12 @@ static int null_callback(int ok, X509_STORE_CTX *e) return ok; } -/* Return 1 is a certificate is self signed */ +/* + * Return 1 if given cert is considered self-signed, 0 if not or on error. + * This does not verify self-signedness but relies on x509v3_cache_extensions() + * matching issuer and subject names (i.e., the cert being self-issued) and any + * present authority key identifier matching the subject key identifier, etc. + */ static int cert_self_signed(X509 *x) { if (X509_check_purpose(x, -1, 0) != 1) @@ -131,10 +137,9 @@ static X509 *lookup_cert_match(X509_STORE_CTX *ctx, X509 *x) xtmp = sk_X509_value(certs, i); if (!X509_cmp(xtmp, x)) break; + xtmp = NULL; } - if (i < sk_X509_num(certs)) - X509_up_ref(xtmp); - else + if (xtmp != NULL && !X509_up_ref(xtmp)) xtmp = NULL; sk_X509_pop_free(certs, X509_free); return xtmp; @@ -267,17 +272,24 @@ int X509_verify_cert(X509_STORE_CTX *ctx) return -1; } + if (!X509_up_ref(ctx->cert)) { + X509err(X509_F_X509_VERIFY_CERT, ERR_R_INTERNAL_ERROR); + ctx->error = X509_V_ERR_UNSPECIFIED; + return -1; + } + /* * first we make sure the chain we are going to build is present and that * the first entry is in place */ - if (((ctx->chain = sk_X509_new_null()) == NULL) || - (!sk_X509_push(ctx->chain, ctx->cert))) { + if ((ctx->chain = sk_X509_new_null()) == NULL + || !sk_X509_push(ctx->chain, ctx->cert)) { + X509_free(ctx->cert); X509err(X509_F_X509_VERIFY_CERT, ERR_R_MALLOC_FAILURE); ctx->error = X509_V_ERR_OUT_OF_MEM; return -1; } - X509_up_ref(ctx->cert); + ctx->num_untrusted = 1; /* If the peer's public key is too weak, we can stop early. */ @@ -319,30 +331,26 @@ static X509 *find_issuer(X509_STORE_CTX *ctx, STACK_OF(X509) *sk, X509 *x) return rv; } -/* Given a possible certificate and issuer check them */ - +/* + * Check that the given certificate 'x' is issued by the certificate 'issuer' + * and the issuer is not yet in ctx->chain, where the exceptional case + * that 'x' is self-issued and ctx->chain has just one element is allowed. + */ static int check_issued(X509_STORE_CTX *ctx, X509 *x, X509 *issuer) { - int ret; - if (x == issuer) - return cert_self_signed(x); - ret = X509_check_issued(issuer, x); - if (ret == X509_V_OK) { + if (x509_likely_issued(issuer, x) != X509_V_OK) + return 0; + if ((x->ex_flags & EXFLAG_SI) == 0 || sk_X509_num(ctx->chain) != 1) { int i; X509 *ch; - /* Special case: single self signed certificate */ - if (cert_self_signed(x) && sk_X509_num(ctx->chain) == 1) - return 1; + for (i = 0; i < sk_X509_num(ctx->chain); i++) { ch = sk_X509_value(ctx->chain, i); - if (ch == issuer || !X509_cmp(ch, issuer)) { - ret = X509_V_ERR_PATH_LOOP; - break; - } + if (ch == issuer || X509_cmp(ch, issuer) == 0) + return 0; } } - - return (ret == X509_V_OK); + return 1; } /* Alternative lookup method: look from a STACK stored in other_ctx */ @@ -350,11 +358,15 @@ static int check_issued(X509_STORE_CTX *ctx, X509 *x, X509 *issuer) static int get_issuer_sk(X509 **issuer, X509_STORE_CTX *ctx, X509 *x) { *issuer = find_issuer(ctx, ctx->other_ctx, x); - if (*issuer) { - X509_up_ref(*issuer); - return 1; - } else - return 0; + + if (*issuer == NULL || !X509_up_ref(*issuer)) + goto err; + + return 1; + + err: + *issuer = NULL; + return 0; } static STACK_OF(X509) *lookup_certs_sk(X509_STORE_CTX *ctx, X509_NAME *nm) @@ -366,15 +378,21 @@ static STACK_OF(X509) *lookup_certs_sk(X509_STORE_CTX *ctx, X509_NAME *nm) for (i = 0; i < sk_X509_num(ctx->other_ctx); i++) { x = sk_X509_value(ctx->other_ctx, i); if (X509_NAME_cmp(nm, X509_get_subject_name(x)) == 0) { + if (!X509_up_ref(x)) { + sk_X509_pop_free(sk, X509_free); + X509err(X509_F_LOOKUP_CERTS_SK, ERR_R_INTERNAL_ERROR); + ctx->error = X509_V_ERR_UNSPECIFIED; + return NULL; + } if (sk == NULL) sk = sk_X509_new_null(); - if (sk == NULL || sk_X509_push(sk, x) == 0) { + if (sk == NULL || !sk_X509_push(sk, x)) { + X509_free(x); sk_X509_pop_free(sk, X509_free); X509err(X509_F_LOOKUP_CERTS_SK, ERR_R_MALLOC_FAILURE); ctx->error = X509_V_ERR_OUT_OF_MEM; return NULL; } - X509_up_ref(x); } } return sk; @@ -508,6 +526,14 @@ static int check_chain_extensions(X509_STORE_CTX *ctx) ret = 1; break; } + if ((ctx->param->flags & X509_V_FLAG_X509_STRICT) && num > 1) { + /* Check for presence of explicit elliptic curve parameters */ + ret = check_curve(x); + if (ret < 0) + ctx->error = X509_V_ERR_UNSPECIFIED; + else if (ret == 0) + ctx->error = X509_V_ERR_EC_KEY_EXPLICIT_PARAMS; + } if ((x->ex_flags & EXFLAG_CA) == 0 && x->ex_pathlen != -1 && (ctx->param->flags & X509_V_FLAG_X509_STRICT)) { @@ -1699,6 +1725,7 @@ int x509_check_cert_time(X509_STORE_CTX *ctx, X509 *x, int depth) return 1; } +/* verify the issuer signatures and cert times of ctx->chain */ static int internal_verify(X509_STORE_CTX *ctx) { int n = sk_X509_num(ctx->chain) - 1; @@ -1717,7 +1744,7 @@ static int internal_verify(X509_STORE_CTX *ctx) } if (ctx->check_issued(ctx, xi, xi)) - xs = xi; + xs = xi; /* the typical case: last cert in the chain is self-issued */ else { if (ctx->param->flags & X509_V_FLAG_PARTIAL_CHAIN) { xs = xi; @@ -1736,22 +1763,50 @@ static int internal_verify(X509_STORE_CTX *ctx) * is allowed to reset errors (at its own peril). */ while (n >= 0) { - EVP_PKEY *pkey; - /* - * Skip signature check for self signed certificates unless explicitly - * asked for. It doesn't add any security and just wastes time. If - * the issuer's public key is unusable, report the issuer certificate - * and its depth (rather than the depth of the subject). + * For each iteration of this loop: + * n is the subject depth + * xs is the subject cert, for which the signature is to be checked + * xi is the supposed issuer cert containing the public key to use + * Initially xs == xi if the last cert in the chain is self-issued. + * + * Skip signature check for self-signed certificates unless explicitly + * asked for because it does not add any security and just wastes time. */ - if (xs != xi || (ctx->param->flags & X509_V_FLAG_CHECK_SS_SIGNATURE)) { + if (xs != xi || ((ctx->param->flags & X509_V_FLAG_CHECK_SS_SIGNATURE) + && (xi->ex_flags & EXFLAG_SS) != 0)) { + EVP_PKEY *pkey; + /* + * If the issuer's public key is not available or its key usage + * does not support issuing the subject cert, report the issuer + * cert and its depth (rather than n, the depth of the subject). + */ + int issuer_depth = n + (xs == xi ? 0 : 1); + /* + * According to https://tools.ietf.org/html/rfc5280#section-6.1.4 + * step (n) we must check any given key usage extension in a CA cert + * when preparing the verification of a certificate issued by it. + * According to https://tools.ietf.org/html/rfc5280#section-4.2.1.3 + * we must not verify a certifiate signature if the key usage of the + * CA certificate that issued the certificate prohibits signing. + * In case the 'issuing' certificate is the last in the chain and is + * not a CA certificate but a 'self-issued' end-entity cert (i.e., + * xs == xi && !(xi->ex_flags & EXFLAG_CA)) RFC 5280 does not apply + * (see https://tools.ietf.org/html/rfc6818#section-2) and thus + * we are free to ignore any key usage restrictions on such certs. + */ + int ret = xs == xi && (xi->ex_flags & EXFLAG_CA) == 0 + ? X509_V_OK : x509_signing_allowed(xi, xs); + + if (ret != X509_V_OK && !verify_cb_cert(ctx, xi, issuer_depth, ret)) + return 0; if ((pkey = X509_get0_pubkey(xi)) == NULL) { - if (!verify_cb_cert(ctx, xi, xi != xs ? n+1 : n, - X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY)) + ret = X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY; + if (!verify_cb_cert(ctx, xi, issuer_depth, ret)) return 0; } else if (X509_verify(xs, pkey) <= 0) { - if (!verify_cb_cert(ctx, xs, n, - X509_V_ERR_CERT_SIGNATURE_FAILURE)) + ret = X509_V_ERR_CERT_SIGNATURE_FAILURE; + if (!verify_cb_cert(ctx, xs, n, ret)) return 0; } } @@ -3158,7 +3213,16 @@ static int build_chain(X509_STORE_CTX *ctx) /* Drop this issuer from future consideration */ (void) sk_X509_delete_ptr(sktmp, xtmp); + if (!X509_up_ref(xtmp)) { + X509err(X509_F_BUILD_CHAIN, ERR_R_INTERNAL_ERROR); + trust = X509_TRUST_REJECTED; + ctx->error = X509_V_ERR_UNSPECIFIED; + search = 0; + continue; + } + if (!sk_X509_push(ctx->chain, xtmp)) { + X509_free(xtmp); X509err(X509_F_BUILD_CHAIN, ERR_R_MALLOC_FAILURE); trust = X509_TRUST_REJECTED; ctx->error = X509_V_ERR_OUT_OF_MEM; @@ -3166,7 +3230,7 @@ static int build_chain(X509_STORE_CTX *ctx) continue; } - X509_up_ref(x = xtmp); + x = xtmp; ++ctx->num_untrusted; ss = cert_self_signed(xtmp); @@ -3258,6 +3322,32 @@ static int check_key_level(X509_STORE_CTX *ctx, X509 *cert) } /* + * Check whether the public key of ``cert`` does not use explicit params + * for an elliptic curve. + * + * Returns 1 on success, 0 if check fails, -1 for other errors. + */ +static int check_curve(X509 *cert) +{ +#ifndef OPENSSL_NO_EC + EVP_PKEY *pkey = X509_get0_pubkey(cert); + + /* Unsupported or malformed key */ + if (pkey == NULL) + return -1; + + if (EVP_PKEY_id(pkey) == EVP_PKEY_EC) { + int ret; + + ret = EC_KEY_decoded_from_explicit_params(EVP_PKEY_get0_EC_KEY(pkey)); + return ret < 0 ? ret : !ret; + } +#endif + + return 1; +} + +/* * Check whether the signature digest algorithm of ``cert`` meets the security * level of ``ctx``. Should not be checked for trust anchors (whether * self-signed or otherwise). diff --git a/crypto/openssl/crypto/x509/x_pubkey.c b/crypto/openssl/crypto/x509/x_pubkey.c index 4f694b93fb003..9be7e9286571d 100644 --- a/crypto/openssl/crypto/x509/x_pubkey.c +++ b/crypto/openssl/crypto/x509/x_pubkey.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -169,8 +169,11 @@ EVP_PKEY *X509_PUBKEY_get0(X509_PUBKEY *key) EVP_PKEY *X509_PUBKEY_get(X509_PUBKEY *key) { EVP_PKEY *ret = X509_PUBKEY_get0(key); - if (ret != NULL) - EVP_PKEY_up_ref(ret); + + if (ret != NULL && !EVP_PKEY_up_ref(ret)) { + X509err(X509_F_X509_PUBKEY_GET, ERR_R_INTERNAL_ERROR); + ret = NULL; + } return ret; } diff --git a/crypto/openssl/crypto/x509v3/pcy_data.c b/crypto/openssl/crypto/x509v3/pcy_data.c index 0735059513220..8c7bc69576a4c 100644 --- a/crypto/openssl/crypto/x509v3/pcy_data.c +++ b/crypto/openssl/crypto/x509v3/pcy_data.c @@ -1,5 +1,5 @@ /* - * Copyright 2004-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2004-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -52,6 +52,7 @@ X509_POLICY_DATA *policy_data_new(POLICYINFO *policy, ret = OPENSSL_zalloc(sizeof(*ret)); if (ret == NULL) { X509V3err(X509V3_F_POLICY_DATA_NEW, ERR_R_MALLOC_FAILURE); + ASN1_OBJECT_free(id); return NULL; } ret->expected_policy_set = sk_ASN1_OBJECT_new_null(); diff --git a/crypto/openssl/crypto/x509v3/v3_alt.c b/crypto/openssl/crypto/x509v3/v3_alt.c index 7ac2911b91af0..4dce0041012e4 100644 --- a/crypto/openssl/crypto/x509v3/v3_alt.c +++ b/crypto/openssl/crypto/x509v3/v3_alt.c @@ -1,5 +1,5 @@ /* - * Copyright 1999-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1999-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -275,6 +275,7 @@ static int copy_issuer(X509V3_CTX *ctx, GENERAL_NAMES *gens) num = sk_GENERAL_NAME_num(ialt); if (!sk_GENERAL_NAME_reserve(gens, num)) { X509V3err(X509V3_F_COPY_ISSUER, ERR_R_MALLOC_FAILURE); + sk_GENERAL_NAME_free(ialt); goto err; } diff --git a/crypto/openssl/crypto/x509v3/v3_purp.c b/crypto/openssl/crypto/x509v3/v3_purp.c index f023c6489548b..2b06dba053981 100644 --- a/crypto/openssl/crypto/x509v3/v3_purp.c +++ b/crypto/openssl/crypto/x509v3/v3_purp.c @@ -13,6 +13,7 @@ #include <openssl/x509v3.h> #include <openssl/x509_vfy.h> #include "crypto/x509.h" +#include "../x509/x509_local.h" /* for x509_signing_allowed() */ #include "internal/tsan_assist.h" static void x509v3_cache_extensions(X509 *x); @@ -344,6 +345,21 @@ static int setup_crldp(X509 *x) return 1; } +/* Check that issuer public key algorithm matches subject signature algorithm */ +static int check_sig_alg_match(const EVP_PKEY *pkey, const X509 *subject) +{ + int pkey_nid; + + if (pkey == NULL) + return X509_V_ERR_NO_ISSUER_PUBLIC_KEY; + if (OBJ_find_sigid_algs(OBJ_obj2nid(subject->cert_info.signature.algorithm), + NULL, &pkey_nid) == 0) + return X509_V_ERR_UNSUPPORTED_SIGNATURE_ALGORITHM; + if (EVP_PKEY_type(pkey_nid) != EVP_PKEY_base_id(pkey)) + return X509_V_ERR_SIGNATURE_ALGORITHM_MISMATCH; + return X509_V_OK; +} + #define V1_ROOT (EXFLAG_V1|EXFLAG_SS) #define ku_reject(x, usage) \ (((x)->ex_flags & EXFLAG_KUSAGE) && !((x)->ex_kusage & (usage))) @@ -496,11 +512,11 @@ static void x509v3_cache_extensions(X509 *x) x->ex_flags |= EXFLAG_INVALID; /* Does subject name match issuer ? */ if (!X509_NAME_cmp(X509_get_subject_name(x), X509_get_issuer_name(x))) { - x->ex_flags |= EXFLAG_SI; - /* If SKID matches AKID also indicate self signed */ - if (X509_check_akid(x, x->akid) == X509_V_OK && - !ku_reject(x, KU_KEY_CERT_SIGN)) - x->ex_flags |= EXFLAG_SS; + x->ex_flags |= EXFLAG_SI; /* cert is self-issued */ + if (X509_check_akid(x, x->akid) == X509_V_OK /* SKID matches AKID */ + /* .. and the signature alg matches the PUBKEY alg: */ + && check_sig_alg_match(X509_get0_pubkey(x), x) == X509_V_OK) + x->ex_flags |= EXFLAG_SS; /* indicate self-signed */ } x->altname = X509_get_ext_d2i(x, NID_subject_alt_name, &i, NULL); if (x->altname == NULL && i != -1) @@ -793,6 +809,23 @@ static int no_check(const X509_PURPOSE *xp, const X509 *x, int ca) } /*- + * Check if certificate I<issuer> is allowed to issue certificate I<subject> + * according to the B<keyUsage> field of I<issuer> if present + * depending on any proxyCertInfo extension of I<subject>. + * Returns 0 for OK, or positive for reason for rejection + * where reason codes match those for X509_verify_cert(). + */ +int x509_signing_allowed(const X509 *issuer, const X509 *subject) +{ + if (subject->ex_flags & EXFLAG_PROXY) { + if (ku_reject(issuer, KU_DIGITAL_SIGNATURE)) + return X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE; + } else if (ku_reject(issuer, KU_KEY_CERT_SIGN)) + return X509_V_ERR_KEYUSAGE_NO_CERTSIGN; + return X509_V_OK; +} + +/*- * Various checks to see if one certificate issued the second. * This can be used to prune a set of possible issuer certificates * which have been looked up using some simple method such as by @@ -800,13 +833,24 @@ static int no_check(const X509_PURPOSE *xp, const X509 *x, int ca) * These are: * 1. Check issuer_name(subject) == subject_name(issuer) * 2. If akid(subject) exists check it matches issuer - * 3. If key_usage(issuer) exists check it supports certificate signing + * 3. Check that issuer public key algorithm matches subject signature algorithm + * 4. If key_usage(issuer) exists check it supports certificate signing * returns 0 for OK, positive for reason for mismatch, reasons match * codes for X509_verify_cert() */ int X509_check_issued(X509 *issuer, X509 *subject) { + int ret; + + if ((ret = x509_likely_issued(issuer, subject)) != X509_V_OK) + return ret; + return x509_signing_allowed(issuer, subject); +} + +/* do the checks 1., 2., and 3. as described above for X509_check_issued() */ +int x509_likely_issued(X509 *issuer, X509 *subject) +{ if (X509_NAME_cmp(X509_get_subject_name(issuer), X509_get_issuer_name(subject))) return X509_V_ERR_SUBJECT_ISSUER_MISMATCH; @@ -824,12 +868,8 @@ int X509_check_issued(X509 *issuer, X509 *subject) return ret; } - if (subject->ex_flags & EXFLAG_PROXY) { - if (ku_reject(issuer, KU_DIGITAL_SIGNATURE)) - return X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE; - } else if (ku_reject(issuer, KU_KEY_CERT_SIGN)) - return X509_V_ERR_KEYUSAGE_NO_CERTSIGN; - return X509_V_OK; + /* check if the subject signature alg matches the issuer's PUBKEY alg */ + return check_sig_alg_match(X509_get0_pubkey(issuer), subject); } int X509_check_akid(X509 *issuer, AUTHORITY_KEYID *akid) diff --git a/crypto/openssl/doc/man1/CA.pl.pod b/crypto/openssl/doc/man1/CA.pl.pod index 6949ec6228ac3..4e8958e554dd4 100644 --- a/crypto/openssl/doc/man1/CA.pl.pod +++ b/crypto/openssl/doc/man1/CA.pl.pod @@ -91,7 +91,7 @@ to standard output. Leverages B<openssl ca> command. =item B<-signCA> -This option is the same as the B<-signreq> option except it uses the +This option is the same as the B<-sign> option except it uses the configuration file section B<v3_ca> and so makes the signed request a valid CA certificate. This is useful when creating intermediate CA from a root CA. Extra params are passed on to B<openssl ca> command. @@ -143,7 +143,7 @@ the request and finally create a PKCS#12 file containing it. CA.pl -newca CA.pl -newreq - CA.pl -signreq + CA.pl -sign CA.pl -pkcs12 "My Test Certificate" =head1 DSA CERTIFICATES @@ -164,7 +164,7 @@ Create the CA directories and files: CA.pl -newca -enter cacert.pem when prompted for the CA file name. +enter cacert.pem when prompted for the CA filename. Create a DSA certificate request and private key (a different set of parameters can optionally be created first): @@ -173,7 +173,7 @@ can optionally be created first): Sign the request: - CA.pl -signreq + CA.pl -sign =head1 NOTES @@ -204,7 +204,7 @@ L<config(5)> =head1 COPYRIGHT -Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/crypto/openssl/doc/man1/ca.pod b/crypto/openssl/doc/man1/ca.pod index 27bb31493a7ff..159d9d8125650 100644 --- a/crypto/openssl/doc/man1/ca.pod +++ b/crypto/openssl/doc/man1/ca.pod @@ -219,7 +219,7 @@ DNs match the order of the request. This is not needed for Xenroll. =item B<-noemailDN> The DN of a certificate can contain the EMAIL field if present in the -request DN, however it is good policy just having the e-mail set into +request DN, however, it is good policy just having the e-mail set into the altName extension of the certificate. When this option is set the EMAIL field is removed from the certificate' subject and set only in the, eventually present, extensions. The B<email_in_dn> keyword can be @@ -759,7 +759,7 @@ L<config(5)>, L<x509v3_config(5)> =head1 COPYRIGHT -Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/crypto/openssl/doc/man1/dgst.pod b/crypto/openssl/doc/man1/dgst.pod index ea2c4e3e1598b..4c6034cdd6ce6 100644 --- a/crypto/openssl/doc/man1/dgst.pod +++ b/crypto/openssl/doc/man1/dgst.pod @@ -94,8 +94,7 @@ Filename to output to, or standard output by default. =item B<-sign filename> Digitally sign the digest using the private key in "filename". Note this option -does not support Ed25519 or Ed448 private keys. Use the B<pkeyutl> command -instead for this. +does not support Ed25519 or Ed448 private keys. =item B<-keyform arg> @@ -242,7 +241,7 @@ The FIPS-related options were removed in OpenSSL 1.1.0. =head1 COPYRIGHT -Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/crypto/openssl/doc/man1/enc.pod b/crypto/openssl/doc/man1/enc.pod index 6f20ac1fc7d56..7bba89ee0783d 100644 --- a/crypto/openssl/doc/man1/enc.pod +++ b/crypto/openssl/doc/man1/enc.pod @@ -240,7 +240,7 @@ a strong block cipher, such as AES, in CBC mode. All the block ciphers normally use PKCS#5 padding, also known as standard block padding. This allows a rudimentary integrity or password check to -be performed. However since the chance of random data passing the test +be performed. However, since the chance of random data passing the test is better than 1 in 256 it isn't a very good test. If padding is disabled then the input data must be a multiple of the cipher @@ -428,7 +428,7 @@ The B<-list> option was added in OpenSSL 1.1.1e. =head1 COPYRIGHT -Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/crypto/openssl/doc/man1/ocsp.pod b/crypto/openssl/doc/man1/ocsp.pod index 736055b1b6691..1f724b42bde4c 100644 --- a/crypto/openssl/doc/man1/ocsp.pod +++ b/crypto/openssl/doc/man1/ocsp.pod @@ -176,7 +176,7 @@ Specify the responder URL. Both HTTP and HTTPS (SSL/TLS) URLs can be specified. =item B<-host hostname:port>, B<-path pathname> If the B<host> option is present then the OCSP request is sent to the host -B<hostname> on port B<port>. B<path> specifies the HTTP path name to use +B<hostname> on port B<port>. B<path> specifies the HTTP pathname to use or "/" by default. This is equivalent to specifying B<-url> with scheme http:// and the given hostname, port, and pathname. @@ -490,7 +490,7 @@ The -no_alt_chains option was added in OpenSSL 1.1.0. =head1 COPYRIGHT -Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2001-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/crypto/openssl/doc/man1/pkcs12.pod b/crypto/openssl/doc/man1/pkcs12.pod index da887a469978c..fdaf6e49cd1d9 100644 --- a/crypto/openssl/doc/man1/pkcs12.pod +++ b/crypto/openssl/doc/man1/pkcs12.pod @@ -245,7 +245,7 @@ This option is only interpreted by MSIE and similar MS software. Normally encryption purposes but arbitrary length keys for signing. The B<-keysig> option marks the key for signing only. Signing only keys can be used for S/MIME signing, authenticode (ActiveX control signing) and SSL client -authentication, however due to a bug only MSIE 5.0 and later support +authentication, however, due to a bug only MSIE 5.0 and later support the use of signing only keys for SSL client authentication. =item B<-macalg digest> @@ -383,7 +383,7 @@ L<pkcs8(1)> =head1 COPYRIGHT -Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/crypto/openssl/doc/man1/pkcs8.pod b/crypto/openssl/doc/man1/pkcs8.pod index b079885d2fc78..9efc8bc11e77f 100644 --- a/crypto/openssl/doc/man1/pkcs8.pod +++ b/crypto/openssl/doc/man1/pkcs8.pod @@ -285,7 +285,7 @@ one million iterations of the password: Test vectors from this PKCS#5 v2.0 implementation were posted to the pkcs-tng mailing list using triple DES, DES and RC2 with high iteration counts, several people confirmed that they could decrypt the private -keys produced and Therefore it can be assumed that the PKCS#5 v2.0 +keys produced and therefore, it can be assumed that the PKCS#5 v2.0 implementation is reasonably accurate at least as far as these algorithms are concerned. @@ -309,7 +309,7 @@ The B<-iter> option was added in OpenSSL 1.1.0. =head1 COPYRIGHT -Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/crypto/openssl/doc/man1/pkeyutl.pod b/crypto/openssl/doc/man1/pkeyutl.pod index dffc449a4e0ed..ae24fdc100458 100644 --- a/crypto/openssl/doc/man1/pkeyutl.pod +++ b/crypto/openssl/doc/man1/pkeyutl.pod @@ -38,7 +38,7 @@ B<openssl> B<pkeyutl> =head1 DESCRIPTION -The B<pkeyutl> command can be used to perform low level public key operations +The B<pkeyutl> command can be used to perform low-level public key operations using any supported algorithm. =head1 OPTIONS @@ -327,7 +327,7 @@ L<EVP_PKEY_CTX_set_hkdf_md(3)>, L<EVP_PKEY_CTX_set_tls1_prf_md(3)> =head1 COPYRIGHT -Copyright 2006-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2006-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/crypto/openssl/doc/man1/s_client.pod b/crypto/openssl/doc/man1/s_client.pod index 68a152a272bd4..132778b4d907c 100644 --- a/crypto/openssl/doc/man1/s_client.pod +++ b/crypto/openssl/doc/man1/s_client.pod @@ -427,11 +427,11 @@ File to send output of B<-msg> or B<-trace> to, default standard output. =item B<-nbio_test> -Tests non-blocking I/O +Tests nonblocking I/O =item B<-nbio> -Turns on non-blocking I/O +Turns on nonblocking I/O =item B<-crlf> @@ -781,14 +781,14 @@ is that a web client complains it has no certificates or gives an empty list to choose from. This is normally because the server is not sending the clients certificate authority in its "acceptable CA list" when it requests a certificate. By using B<s_client> the CA list can be viewed -and checked. However some servers only request client authentication +and checked. However, some servers only request client authentication after a specific URL is requested. To obtain the list in this case it is necessary to use the B<-prexit> option and send an HTTP request for an appropriate page. If a certificate is specified on the command line using the B<-cert> option it will not be used unless the server specifically requests -a client certificate. Therefor merely including a client certificate +a client certificate. Therefore, merely including a client certificate on the command line is no guarantee that the certificate works. If there are problems verifying a server certificate then the diff --git a/crypto/openssl/doc/man1/s_server.pod b/crypto/openssl/doc/man1/s_server.pod index 7fa382a8ae332..c78a677abcfcd 100644 --- a/crypto/openssl/doc/man1/s_server.pod +++ b/crypto/openssl/doc/man1/s_server.pod @@ -432,9 +432,9 @@ used in conjunction with B<-early_data>. =item B<-id_prefix val> Generate SSL/TLS session IDs prefixed by B<val>. This is mostly useful -for testing any SSL/TLS code (eg. proxies) that wish to deal with multiple +for testing any SSL/TLS code (e.g. proxies) that wish to deal with multiple servers, when each of which might be generating a unique range of session -IDs (eg. with a certain prefix). +IDs (e.g. with a certain prefix). =item B<-rand file...> @@ -845,7 +845,7 @@ The =head1 COPYRIGHT -Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/crypto/openssl/doc/man1/s_time.pod b/crypto/openssl/doc/man1/s_time.pod index e1a3bef41cfc3..1085bfbbb44bd 100644 --- a/crypto/openssl/doc/man1/s_time.pod +++ b/crypto/openssl/doc/man1/s_time.pod @@ -177,14 +177,14 @@ is that a web client complains it has no certificates or gives an empty list to choose from. This is normally because the server is not sending the clients certificate authority in its "acceptable CA list" when it requests a certificate. By using L<s_client(1)> the CA list can be -viewed and checked. However some servers only request client authentication +viewed and checked. However, some servers only request client authentication after a specific URL is requested. To obtain the list in this case it is necessary to use the B<-prexit> option of L<s_client(1)> and send an HTTP request for an appropriate page. If a certificate is specified on the command line using the B<-cert> option it will not be used unless the server specifically requests -a client certificate. Therefor merely including a client certificate +a client certificate. Therefore, merely including a client certificate on the command line is no guarantee that the certificate works. =head1 BUGS diff --git a/crypto/openssl/doc/man1/sess_id.pod b/crypto/openssl/doc/man1/sess_id.pod index 6c54ed988bbec..543b5b7de7ff9 100644 --- a/crypto/openssl/doc/man1/sess_id.pod +++ b/crypto/openssl/doc/man1/sess_id.pod @@ -142,7 +142,7 @@ The PEM encoded session format uses the header and footer lines: Since the SSL session output contains the master key it is possible to read the contents of an encrypted session using this -information. Therefore appropriate security precautions should be taken if +information. Therefore, appropriate security precautions should be taken if the information is being output by a "real" application. This is however strongly discouraged and should only be used for debugging purposes. diff --git a/crypto/openssl/doc/man1/ts.pod b/crypto/openssl/doc/man1/ts.pod index ec57ec7ebbd4b..ee700a8f6ea42 100644 --- a/crypto/openssl/doc/man1/ts.pod +++ b/crypto/openssl/doc/man1/ts.pod @@ -101,23 +101,23 @@ the hash to the TSA. =item 2. The TSA attaches the current date and time to the received hash value, -signs them and sends the time stamp token back to the client. By +signs them and sends the timestamp token back to the client. By creating this token the TSA certifies the existence of the original data file at the time of response generation. =item 3. -The TSA client receives the time stamp token and verifies the +The TSA client receives the timestamp token and verifies the signature on it. It also checks if the token contains the same hash value that it had sent to the TSA. =back -There is one DER encoded protocol data unit defined for transporting a time -stamp request to the TSA and one for sending the time stamp response +There is one DER encoded protocol data unit defined for transporting +a timestamp request to the TSA and one for sending the timestamp response back to the client. The B<ts> command has three main functions: -creating a time stamp request based on a data file, -creating a time stamp response based on a request, verifying if a +creating a timestamp request based on a data file, +creating a timestamp response based on a request, verifying if a response corresponds to a particular request or a data file. There is no support for sending the requests/responses automatically @@ -128,7 +128,7 @@ requests either by ftp or e-mail. =head2 Time Stamp Request generation -The B<-query> switch can be used for creating and printing a time stamp +The B<-query> switch can be used for creating and printing a timestamp request with the following options: =over 4 @@ -154,7 +154,7 @@ see L<openssl(1)/COMMAND SUMMARY>. =item B<-data> file_to_hash -The data file for which the time stamp request needs to be +The data file for which the timestamp request needs to be created. stdin is the default if neither the B<-data> nor the B<-digest> parameter is specified. (Optional) @@ -175,7 +175,7 @@ The default is SHA-1. (Optional) =item B<-tspolicy> object_id The policy that the client expects the TSA to use for creating the -time stamp token. Either the dotted OID notation or OID names defined +timestamp token. Either the dotted OID notation or OID names defined in the config file can be used. If no policy is requested the TSA will use its own default policy. (Optional) @@ -193,7 +193,7 @@ response. (Optional) =item B<-in> request.tsq -This option specifies a previously created time stamp request in DER +This option specifies a previously created timestamp request in DER format that will be printed into the output file. Useful when you need to examine the content of a request in human-readable format. (Optional) @@ -212,13 +212,13 @@ instead of DER. (Optional) =head2 Time Stamp Response generation -A time stamp response (TimeStampResp) consists of a response status -and the time stamp token itself (ContentInfo), if the token generation was -successful. The B<-reply> command is for creating a time stamp -response or time stamp token based on a request and printing the +A timestamp response (TimeStampResp) consists of a response status +and the timestamp token itself (ContentInfo), if the token generation was +successful. The B<-reply> command is for creating a timestamp +response or timestamp token based on a request and printing the response/token in human-readable format. If B<-token_out> is not -specified the output is always a time stamp response (TimeStampResp), -otherwise it is a time stamp token (ContentInfo). +specified the output is always a timestamp response (TimeStampResp), +otherwise it is a timestamp token (ContentInfo). =over 4 @@ -237,7 +237,7 @@ used, see B<CONFIGURATION FILE OPTIONS> for details. (Optional) =item B<-queryfile> request.tsq -The name of the file containing a DER encoded time stamp request. (Optional) +The name of the file containing a DER encoded timestamp request. (Optional) =item B<-passin> password_src @@ -282,19 +282,19 @@ B<default_policy> config file option. (Optional) =item B<-in> response.tsr -Specifies a previously created time stamp response or time stamp token +Specifies a previously created timestamp response or timestamp token (if B<-token_in> is also specified) in DER format that will be written to the output file. This option does not require a request, it is useful e.g. when you need to examine the content of a response or -token or you want to extract the time stamp token from a response. If -the input is a token and the output is a time stamp response a default +token or you want to extract the timestamp token from a response. If +the input is a token and the output is a timestamp response a default 'granted' status info is added to the token. (Optional) =item B<-token_in> This flag can be used together with the B<-in> option and indicates -that the input is a DER encoded time stamp token (ContentInfo) instead -of a time stamp response (TimeStampResp). (Optional) +that the input is a DER encoded timestamp token (ContentInfo) instead +of a timestamp response (TimeStampResp). (Optional) =item B<-out> response.tsr @@ -304,7 +304,7 @@ stdout. (Optional) =item B<-token_out> -The output is a time stamp token (ContentInfo) instead of time stamp +The output is a timestamp token (ContentInfo) instead of timestamp response (TimeStampResp). (Optional) =item B<-text> @@ -323,8 +323,8 @@ for all available algorithms. Default is builtin. (Optional) =head2 Time Stamp Response verification -The B<-verify> command is for verifying if a time stamp response or time -stamp token is valid and matches a particular time stamp request or +The B<-verify> command is for verifying if a timestamp response or +timestamp token is valid and matches a particular timestamp request or data file. The B<-verify> command does not use the configuration file. =over 4 @@ -345,18 +345,18 @@ specified with this one. (Optional) =item B<-queryfile> request.tsq -The original time stamp request in DER format. The B<-data> and B<-digest> +The original timestamp request in DER format. The B<-data> and B<-digest> options must not be specified with this one. (Optional) =item B<-in> response.tsr -The time stamp response that needs to be verified in DER format. (Mandatory) +The timestamp response that needs to be verified in DER format. (Mandatory) =item B<-token_in> This flag can be used together with the B<-in> option and indicates -that the input is a DER encoded time stamp token (ContentInfo) instead -of a time stamp response (TimeStampResp). (Optional) +that the input is a DER encoded timestamp token (ContentInfo) instead +of a timestamp response (TimeStampResp). (Optional) =item B<-CApath> trusted_cert_path @@ -430,7 +430,7 @@ See L<ca(1)> for description. (Optional) =item B<serial> The name of the file containing the hexadecimal serial number of the -last time stamp response created. This number is incremented by 1 for +last timestamp response created. This number is incremented by 1 for each response. If the file does not exist at the time of response generation a new file is created with serial number 1. (Mandatory) @@ -487,7 +487,7 @@ the components is missing zero is assumed for that field. (Optional) =item B<clock_precision_digits> Specifies the maximum number of digits, which represent the fraction of -seconds, that need to be included in the time field. The trailing zeroes +seconds, that need to be included in the time field. The trailing zeros must be removed from the time, so there might actually be fewer digits, or no fraction of seconds at all. Supported only on UNIX platforms. The maximum value is 6, default is 0. @@ -530,13 +530,13 @@ openssl/apps/openssl.cnf will do. =head2 Time Stamp Request -To create a time stamp request for design1.txt with SHA-1 +To create a timestamp request for design1.txt with SHA-1 without nonce and policy and no certificate is required in the response: openssl ts -query -data design1.txt -no_nonce \ -out design1.tsq -To create a similar time stamp request with specifying the message imprint +To create a similar timestamp request with specifying the message imprint explicitly: openssl ts -query -digest b7e5d3f93198b38379852f2c04e78d73abdd0f4b \ @@ -546,7 +546,7 @@ To print the content of the previous request in human readable format: openssl ts -query -in design1.tsq -text -To create a time stamp request which includes the MD-5 digest +To create a timestamp request which includes the MD-5 digest of design2.txt, requests the signer certificate and nonce, specifies a policy id (assuming the tsa_policy1 name is defined in the OID section of the config file): @@ -568,7 +568,7 @@ below assume that cacert.pem contains the certificate of the CA, tsacert.pem is the signing certificate issued by cacert.pem and tsakey.pem is the private key of the TSA. -To create a time stamp response for a request: +To create a timestamp response for a request: openssl ts -reply -queryfile design1.tsq -inkey tsakey.pem \ -signer tsacert.pem -out design1.tsr @@ -577,44 +577,44 @@ If you want to use the settings in the config file you could just write: openssl ts -reply -queryfile design1.tsq -out design1.tsr -To print a time stamp reply to stdout in human readable format: +To print a timestamp reply to stdout in human readable format: openssl ts -reply -in design1.tsr -text -To create a time stamp token instead of time stamp response: +To create a timestamp token instead of timestamp response: openssl ts -reply -queryfile design1.tsq -out design1_token.der -token_out -To print a time stamp token to stdout in human readable format: +To print a timestamp token to stdout in human readable format: openssl ts -reply -in design1_token.der -token_in -text -token_out -To extract the time stamp token from a response: +To extract the timestamp token from a response: openssl ts -reply -in design1.tsr -out design1_token.der -token_out -To add 'granted' status info to a time stamp token thereby creating a +To add 'granted' status info to a timestamp token thereby creating a valid response: openssl ts -reply -in design1_token.der -token_in -out design1.tsr =head2 Time Stamp Verification -To verify a time stamp reply against a request: +To verify a timestamp reply against a request: openssl ts -verify -queryfile design1.tsq -in design1.tsr \ -CAfile cacert.pem -untrusted tsacert.pem -To verify a time stamp reply that includes the certificate chain: +To verify a timestamp reply that includes the certificate chain: openssl ts -verify -queryfile design2.tsq -in design2.tsr \ -CAfile cacert.pem -To verify a time stamp token against the original data file: +To verify a timestamp token against the original data file: openssl ts -verify -data design2.txt -in design2.tsr \ -CAfile cacert.pem -To verify a time stamp token against a message imprint: +To verify a timestamp token against a message imprint: openssl ts -verify -digest b7e5d3f93198b38379852f2c04e78d73abdd0f4b \ -in design2.tsr -CAfile cacert.pem @@ -628,7 +628,7 @@ You could also look at the 'test' directory for more examples. =item * -No support for time stamps over SMTP, though it is quite easy +No support for timestamps over SMTP, though it is quite easy to implement an automatic e-mail based TSA with L<procmail(1)> and L<perl(1)>. HTTP server support is provided in the form of a separate apache module. HTTP client support is provided by @@ -638,7 +638,7 @@ L<tsget(1)>. Pure TCP/IP protocol is not supported. The file containing the last serial number of the TSA is not locked when being read or written. This is a problem if more than one -instance of L<openssl(1)> is trying to create a time stamp +instance of L<openssl(1)> is trying to create a timestamp response at the same time. This is not an issue when using the apache server module, it does proper locking. @@ -665,7 +665,7 @@ L<config(5)> =head1 COPYRIGHT -Copyright 2006-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2006-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/crypto/openssl/doc/man1/tsget.pod b/crypto/openssl/doc/man1/tsget.pod index 43bf2c7e35ac5..8fe417f2a06f8 100644 --- a/crypto/openssl/doc/man1/tsget.pod +++ b/crypto/openssl/doc/man1/tsget.pod @@ -24,15 +24,15 @@ B<-h> server_url =head1 DESCRIPTION -The B<tsget> command can be used for sending a time stamp request, as -specified in B<RFC 3161>, to a time stamp server over HTTP or HTTPS and storing -the time stamp response in a file. This tool cannot be used for creating the +The B<tsget> command can be used for sending a timestamp request, as +specified in B<RFC 3161>, to a timestamp server over HTTP or HTTPS and storing +the timestamp response in a file. This tool cannot be used for creating the requests and verifying responses, you can use the OpenSSL B<ts(1)> command to do that. B<tsget> can send several requests to the server without closing the TCP connection if more than one requests are specified on the command line. -The tool sends the following HTTP request for each time stamp request: +The tool sends the following HTTP request for each timestamp request: POST url HTTP/1.1 User-Agent: OpenTSA tsget.pl/<version> @@ -53,7 +53,7 @@ written to a file without any interpretation. =item B<-h> server_url -The URL of the HTTP/HTTPS server listening for time stamp requests. +The URL of the HTTP/HTTPS server listening for timestamp requests. =item B<-e> extension @@ -64,8 +64,8 @@ the input files. Default extension is '.tsr'. (Optional) =item B<-o> output This option can be specified only when just one request is sent to the -server. The time stamp response will be written to the given output file. '-' -means standard output. In case of multiple time stamp requests or the absence +server. The timestamp response will be written to the given output file. '-' +means standard output. In case of multiple timestamp requests or the absence of this argument the names of the output files will be derived from the names of the input files and the default or specified extension argument. (Optional) @@ -124,7 +124,7 @@ The name of an EGD socket to get random data from. (Optional) =item [request]... -List of files containing B<RFC 3161> DER-encoded time stamp requests. If no +List of files containing B<RFC 3161> DER-encoded timestamp requests. If no requests are specified only one request will be sent to the server and it will be read from the standard input. (Optional) @@ -139,35 +139,35 @@ arguments. =head1 EXAMPLES The examples below presume that B<file1.tsq> and B<file2.tsq> contain valid -time stamp requests, tsa.opentsa.org listens at port 8080 for HTTP requests +timestamp requests, tsa.opentsa.org listens at port 8080 for HTTP requests and at port 8443 for HTTPS requests, the TSA service is available at the /tsa absolute path. -Get a time stamp response for file1.tsq over HTTP, output is written to +Get a timestamp response for file1.tsq over HTTP, output is written to file1.tsr: tsget -h http://tsa.opentsa.org:8080/tsa file1.tsq -Get a time stamp response for file1.tsq and file2.tsq over HTTP showing +Get a timestamp response for file1.tsq and file2.tsq over HTTP showing progress, output is written to file1.reply and file2.reply respectively: tsget -h http://tsa.opentsa.org:8080/tsa -v -e .reply \ file1.tsq file2.tsq -Create a time stamp request, write it to file3.tsq, send it to the server and +Create a timestamp request, write it to file3.tsq, send it to the server and write the response to file3.tsr: openssl ts -query -data file3.txt -cert | tee file3.tsq \ | tsget -h http://tsa.opentsa.org:8080/tsa \ -o file3.tsr -Get a time stamp response for file1.tsq over HTTPS without client +Get a timestamp response for file1.tsq over HTTPS without client authentication: tsget -h https://tsa.opentsa.org:8443/tsa \ -C cacerts.pem file1.tsq -Get a time stamp response for file1.tsq over HTTPS with certificate-based +Get a timestamp response for file1.tsq over HTTPS with certificate-based client authentication (it will ask for the passphrase if client_key.pem is protected): @@ -192,7 +192,7 @@ B<RFC 3161> =head1 COPYRIGHT -Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2006-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/crypto/openssl/doc/man1/verify.pod b/crypto/openssl/doc/man1/verify.pod index 63ba850b915db..71288be40d4c9 100644 --- a/crypto/openssl/doc/man1/verify.pod +++ b/crypto/openssl/doc/man1/verify.pod @@ -98,8 +98,11 @@ current system time. B<timestamp> is the number of seconds since =item B<-check_ss_sig> -Verify the signature on the self-signed root CA. This is disabled by default -because it doesn't add any security. +Verify the signature of +the last certificate in a chain if the certificate is supposedly self-signed. +This is prohibited and will result in an error if it is a non-conforming CA +certificate with key usage restrictions not including the keyCertSign bit. +This verification is disabled by default because it doesn't add any security. =item B<-CRLfile file> @@ -333,7 +336,7 @@ in PEM format. =head1 VERIFY OPERATION The B<verify> program uses the same functions as the internal SSL and S/MIME -verification, therefore this description applies to these verify operations +verification, therefore, this description applies to these verify operations too. There is one crucial difference between the verify operations performed @@ -769,7 +772,7 @@ is silently ignored. =head1 COPYRIGHT -Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/crypto/openssl/doc/man1/x509.pod b/crypto/openssl/doc/man1/x509.pod index 65cec9dbda676..98d285e414b91 100644 --- a/crypto/openssl/doc/man1/x509.pod +++ b/crypto/openssl/doc/man1/x509.pod @@ -255,7 +255,7 @@ Prints out the start and expiry dates of a certificate. =item B<-checkend arg> Checks if the certificate expires within the next B<arg> seconds and exits -non-zero if yes it will expire or zero if not. +nonzero if yes it will expire or zero if not. =item B<-fingerprint> diff --git a/crypto/openssl/doc/man3/ASN1_INTEGER_get_int64.pod b/crypto/openssl/doc/man3/ASN1_INTEGER_get_int64.pod index ac6a5799df9d1..faf34eb186375 100644 --- a/crypto/openssl/doc/man3/ASN1_INTEGER_get_int64.pod +++ b/crypto/openssl/doc/man3/ASN1_INTEGER_get_int64.pod @@ -81,7 +81,7 @@ instead. In general an B<ASN1_INTEGER> or B<ASN1_ENUMERATED> type can contain an integer of almost arbitrary size and so cannot always be represented by a C -B<int64_t> type. However in many cases (for example version numbers) they +B<int64_t> type. However, in many cases (for example version numbers) they represent small integers which can be more easily manipulated if converted to an appropriate C integer type. @@ -123,7 +123,7 @@ were added in OpenSSL 1.1.0. =head1 COPYRIGHT -Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/crypto/openssl/doc/man3/ASN1_STRING_length.pod b/crypto/openssl/doc/man3/ASN1_STRING_length.pod index 85d356540bc3e..ab109c2ede78d 100644 --- a/crypto/openssl/doc/man3/ASN1_STRING_length.pod +++ b/crypto/openssl/doc/man3/ASN1_STRING_length.pod @@ -72,7 +72,7 @@ In general it cannot be assumed that the data returned by ASN1_STRING_data() is null terminated or does not contain embedded nulls. The actual format of the data will depend on the actual string type itself: for example for an IA5String the data will be ASCII, for a BMPString two bytes per -character in big endian format, and for an UTF8String it will be in UTF8 format. +character in big endian format, and for a UTF8String it will be in UTF8 format. Similar care should be take to ensure the data is in the correct format when calling ASN1_STRING_set(). @@ -103,7 +103,7 @@ L<ERR_get_error(3)> =head1 COPYRIGHT -Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2002-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/crypto/openssl/doc/man3/ASN1_TIME_set.pod b/crypto/openssl/doc/man3/ASN1_TIME_set.pod index 5ed817517dc6e..584ae232acf69 100644 --- a/crypto/openssl/doc/man3/ASN1_TIME_set.pod +++ b/crypto/openssl/doc/man3/ASN1_TIME_set.pod @@ -117,7 +117,7 @@ one or both (depending on the time difference) of B<*pday> and B<*psec> will be positive. If B<to> represents a time earlier than B<from> then one or both of B<*pday> and B<*psec> will be negative. If B<to> and B<from> represent the same time then B<*pday> and B<*psec> will both be zero. -If both B<*pday> and B<*psec> are non-zero they will always have the same +If both B<*pday> and B<*psec> are nonzero they will always have the same sign. The value of B<*psec> will always be less than the number of seconds in a day. If B<from> or B<to> is NULL the current time is used. @@ -167,7 +167,7 @@ format. =head1 BUGS ASN1_TIME_print(), ASN1_UTCTIME_print() and ASN1_GENERALIZEDTIME_print() -do not print out the time zone: it either prints out "GMT" or nothing. But all +do not print out the timezone: it either prints out "GMT" or nothing. But all certificates complying with RFC5280 et al use GMT anyway. Use the ASN1_TIME_normalize() function to normalize the time value before @@ -248,7 +248,7 @@ The ASN1_TIME_compare() function was added in OpenSSL 1.1.1. =head1 COPYRIGHT -Copyright 2015-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/crypto/openssl/doc/man3/ASN1_TYPE_get.pod b/crypto/openssl/doc/man3/ASN1_TYPE_get.pod index fb797220a47f0..f14850b39f591 100644 --- a/crypto/openssl/doc/man3/ASN1_TYPE_get.pod +++ b/crypto/openssl/doc/man3/ASN1_TYPE_get.pod @@ -33,7 +33,7 @@ up after the call. ASN1_TYPE_set1() sets the value of B<a> to B<type> a copy of B<value>. ASN1_TYPE_cmp() compares ASN.1 types B<a> and B<b> and returns 0 if -they are identical and non-zero otherwise. +they are identical and nonzero otherwise. ASN1_TYPE_unpack_sequence() attempts to parse the SEQUENCE present in B<t> using the ASN.1 structure B<it>. If successful it returns a pointer @@ -62,12 +62,12 @@ length octets). ASN1_TYPE_cmp() may not return zero if two types are equivalent but have different encodings. For example the single content octet of the boolean TRUE -value under BER can have any non-zero encoding but ASN1_TYPE_cmp() will +value under BER can have any nonzero encoding but ASN1_TYPE_cmp() will only return zero if the values are the same. If either or both of the parameters passed to ASN1_TYPE_cmp() is NULL the -return value is non-zero. Technically if both parameters are NULL the two -types could be absent OPTIONAL fields and so should match, however passing +return value is nonzero. Technically if both parameters are NULL the two +types could be absent OPTIONAL fields and so should match, however, passing NULL values could also indicate a programming error (for example an unparsable type which returns NULL) for types which do B<not> match. So applications should handle the case of two absent values separately. @@ -80,7 +80,7 @@ ASN1_TYPE_set() does not return a value. ASN1_TYPE_set1() returns 1 for success and 0 for failure. -ASN1_TYPE_cmp() returns 0 if the types are identical and non-zero otherwise. +ASN1_TYPE_cmp() returns 0 if the types are identical and nonzero otherwise. ASN1_TYPE_unpack_sequence() returns a pointer to an ASN.1 structure or NULL on failure. diff --git a/crypto/openssl/doc/man3/ASYNC_WAIT_CTX_new.pod b/crypto/openssl/doc/man3/ASYNC_WAIT_CTX_new.pod index e4d809c08fd16..0e8c1d8010a25 100644 --- a/crypto/openssl/doc/man3/ASYNC_WAIT_CTX_new.pod +++ b/crypto/openssl/doc/man3/ASYNC_WAIT_CTX_new.pod @@ -50,7 +50,7 @@ job in B<*fd>. The number of file descriptors returned will be stored in B<*numfds>. It is the caller's responsibility to ensure that sufficient memory has been allocated in B<*fd> to receive all the file descriptors. Calling ASYNC_WAIT_CTX_get_all_fds() with a NULL B<fd> value will return no file -descriptors but will still populate B<*numfds>. Therefore application code is +descriptors but will still populate B<*numfds>. Therefore, application code is typically expected to call this function twice: once to get the number of fds, and then again when sufficient memory has been allocated. If only one asynchronous engine is being used then normally this call will only ever return @@ -117,7 +117,7 @@ success or 0 on error. On Windows platforms the openssl/async.h header is dependent on some of the types customarily made available by including windows.h. The application developer is likely to require control over when the latter -is included, commonly as one of the first included headers. Therefore +is included, commonly as one of the first included headers. Therefore, it is defined as an application developer's responsibility to include windows.h prior to async.h. @@ -134,7 +134,7 @@ were added in OpenSSL 1.1.0. =head1 COPYRIGHT -Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/crypto/openssl/doc/man3/ASYNC_start_job.pod b/crypto/openssl/doc/man3/ASYNC_start_job.pod index b06db76708a29..810b9678731fe 100644 --- a/crypto/openssl/doc/man3/ASYNC_start_job.pod +++ b/crypto/openssl/doc/man3/ASYNC_start_job.pod @@ -166,7 +166,7 @@ otherwise. On Windows platforms the openssl/async.h header is dependent on some of the types customarily made available by including windows.h. The application developer is likely to require control over when the latter -is included, commonly as one of the first included headers. Therefore +is included, commonly as one of the first included headers. Therefore, it is defined as an application developer's responsibility to include windows.h prior to async.h. @@ -321,7 +321,7 @@ added in OpenSSL 1.1.0. =head1 COPYRIGHT -Copyright 2015-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/crypto/openssl/doc/man3/BF_encrypt.pod b/crypto/openssl/doc/man3/BF_encrypt.pod index b20f634da6f51..02e04b7f34cb1 100644 --- a/crypto/openssl/doc/man3/BF_encrypt.pod +++ b/crypto/openssl/doc/man3/BF_encrypt.pod @@ -60,7 +60,7 @@ recipient needs to know what it was initialized with, or it won't be able to decrypt. Some programs and protocols simplify this, like SSH, where B<ivec> is simply initialized to zero. BF_cbc_encrypt() operates on data that is a multiple of 8 bytes long, while -BF_cfb64_encrypt() and BF_ofb64_encrypt() are used to encrypt an variable +BF_cfb64_encrypt() and BF_ofb64_encrypt() are used to encrypt a variable number of bytes (the amount does not have to be an exact multiple of 8). The purpose of the latter two is to simulate stream ciphers, and therefore, they need the parameter B<num>, which is a pointer to an integer where the current @@ -109,7 +109,7 @@ L<des_modes(7)> =head1 COPYRIGHT -Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/crypto/openssl/doc/man3/BIO_ADDR.pod b/crypto/openssl/doc/man3/BIO_ADDR.pod index 4b169e8a89c40..e9652ed550e2d 100644 --- a/crypto/openssl/doc/man3/BIO_ADDR.pod +++ b/crypto/openssl/doc/man3/BIO_ADDR.pod @@ -42,7 +42,7 @@ BIO_ADDR_free() frees a B<BIO_ADDR> created with BIO_ADDR_new(). BIO_ADDR_clear() clears any data held within the provided B<BIO_ADDR> and sets it back to an uninitialised state. -BIO_ADDR_rawmake() takes a protocol B<family>, an byte array of +BIO_ADDR_rawmake() takes a protocol B<family>, a byte array of size B<wherelen> with an address in network byte order pointed at by B<where> and a port number in network byte order in B<port> (except for the B<AF_UNIX> protocol family, where B<port> is meaningless and @@ -115,7 +115,7 @@ L<BIO_connect(3)>, L<BIO_s_connect(3)> =head1 COPYRIGHT -Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/crypto/openssl/doc/man3/BIO_ADDRINFO.pod b/crypto/openssl/doc/man3/BIO_ADDRINFO.pod index 8ca6454abbcb2..37609666fdbf2 100644 --- a/crypto/openssl/doc/man3/BIO_ADDRINFO.pod +++ b/crypto/openssl/doc/man3/BIO_ADDRINFO.pod @@ -94,7 +94,7 @@ information they should return isn't available. The BIO_lookup_ex() implementation uses the platform provided getaddrinfo() function. On Linux it is known that specifying 0 for the protocol will not -return any SCTP based addresses when calling getaddrinfo(). Therefore if an SCTP +return any SCTP based addresses when calling getaddrinfo(). Therefore, if an SCTP address is required then the B<protocol> parameter to BIO_lookup_ex() should be explicitly set to IPPROTO_SCTP. The same may be true on other platforms. @@ -104,7 +104,7 @@ The BIO_lookup_ex() function was added in OpenSSL 1.1.1. =head1 COPYRIGHT -Copyright 2016-2017 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/crypto/openssl/doc/man3/BIO_connect.pod b/crypto/openssl/doc/man3/BIO_connect.pod index 853315aa46a4c..0ebf17cacf476 100644 --- a/crypto/openssl/doc/man3/BIO_connect.pod +++ b/crypto/openssl/doc/man3/BIO_connect.pod @@ -55,7 +55,7 @@ Enables regular sending of keep-alive messages. =item BIO_SOCK_NONBLOCK -Sets the socket to non-blocking mode. +Sets the socket to nonblocking mode. =item BIO_SOCK_NODELAY @@ -107,7 +107,7 @@ Use the functions described above instead. =head1 COPYRIGHT -Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/crypto/openssl/doc/man3/BIO_ctrl.pod b/crypto/openssl/doc/man3/BIO_ctrl.pod index 60cd10883b543..2e438c3ce9528 100644 --- a/crypto/openssl/doc/man3/BIO_ctrl.pod +++ b/crypto/openssl/doc/man3/BIO_ctrl.pod @@ -109,7 +109,7 @@ Filter BIOs if they do not internally handle a particular BIO_ctrl() operation usually pass the operation to the next BIO in the chain. This often means there is no need to locate the required BIO for a particular operation, it can be called on a chain and it will -be automatically passed to the relevant BIO. However this can cause +be automatically passed to the relevant BIO. However, this can cause unexpected results: for example no current filter BIOs implement BIO_seek(), but this may still succeed if the chain ends in a FILE or file descriptor BIO. @@ -126,7 +126,7 @@ the case of BIO_seek() on a file BIO for a successful operation. =head1 COPYRIGHT -Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/crypto/openssl/doc/man3/BIO_get_data.pod b/crypto/openssl/doc/man3/BIO_get_data.pod index c3137c4c55882..da1651c7576f4 100644 --- a/crypto/openssl/doc/man3/BIO_get_data.pod +++ b/crypto/openssl/doc/man3/BIO_get_data.pod @@ -25,7 +25,7 @@ the BIO. This data can subsequently be retrieved via a call to BIO_get_data(). This can be used by custom BIOs for storing implementation specific information. The BIO_set_init() function sets the value of the BIO's "init" flag to indicate -whether initialisation has been completed for this BIO or not. A non-zero value +whether initialisation has been completed for this BIO or not. A nonzero value indicates that initialisation is complete, whilst zero indicates that it is not. Often initialisation will complete during initial construction of the BIO. For some BIOs however, initialisation may not complete until after additional steps @@ -55,7 +55,7 @@ The functions described here were added in OpenSSL 1.1.0. =head1 COPYRIGHT -Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/crypto/openssl/doc/man3/BIO_parse_hostserv.pod b/crypto/openssl/doc/man3/BIO_parse_hostserv.pod index 73cb6100d74ee..35c14d1bc1c9f 100644 --- a/crypto/openssl/doc/man3/BIO_parse_hostserv.pod +++ b/crypto/openssl/doc/man3/BIO_parse_hostserv.pod @@ -19,10 +19,10 @@ BIO_parse_hostserv =head1 DESCRIPTION BIO_parse_hostserv() will parse the information given in B<hostserv>, -create strings with the host name and service name and give those +create strings with the hostname and service name and give those back via B<host> and B<service>. Those will need to be freed after they are used. B<hostserv_prio> helps determine if B<hostserv> shall -be interpreted primarily as a host name or a service name in ambiguous +be interpreted primarily as a hostname or a service name in ambiguous cases. The syntax the BIO_parse_hostserv() recognises is: @@ -68,7 +68,7 @@ L<BIO_ADDRINFO(3)> =head1 COPYRIGHT -Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/crypto/openssl/doc/man3/BIO_read.pod b/crypto/openssl/doc/man3/BIO_read.pod index 270ab533e543e..d0ebf32caace4 100644 --- a/crypto/openssl/doc/man3/BIO_read.pod +++ b/crypto/openssl/doc/man3/BIO_read.pod @@ -55,7 +55,7 @@ NUL is not included in the length returned by BIO_gets(). =head1 NOTES A 0 or -1 return is not necessarily an indication of an error. In -particular when the source/sink is non-blocking or of a certain type +particular when the source/sink is nonblocking or of a certain type it may merely be an indication that no data is currently available and that the application should retry the operation later. @@ -87,7 +87,7 @@ keep the '\n' at the end of the line in the buffer. =head1 COPYRIGHT -Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/crypto/openssl/doc/man3/BIO_s_accept.pod b/crypto/openssl/doc/man3/BIO_s_accept.pod index 37b6f4d839129..312c881bbc49b 100644 --- a/crypto/openssl/doc/man3/BIO_s_accept.pod +++ b/crypto/openssl/doc/man3/BIO_s_accept.pod @@ -143,7 +143,7 @@ however because the accept BIO will still accept additional incoming connections. This can be resolved by using BIO_pop() (see above) and freeing up the accept BIO after the initial connection. -If the underlying accept socket is non-blocking and BIO_do_accept() is +If the underlying accept socket is nonblocking and BIO_do_accept() is called to await an incoming connection it is possible for BIO_should_io_special() with the reason BIO_RR_ACCEPT. If this happens then it is an indication that an accept attempt would block: the application @@ -224,7 +224,7 @@ down each and finally closes both down. =head1 COPYRIGHT -Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/crypto/openssl/doc/man3/BIO_s_bio.pod b/crypto/openssl/doc/man3/BIO_s_bio.pod index f78fe13489c67..4837d19440bbd 100644 --- a/crypto/openssl/doc/man3/BIO_s_bio.pod +++ b/crypto/openssl/doc/man3/BIO_s_bio.pod @@ -144,7 +144,7 @@ without having to go through the SSL-interface. ... BIO_new_bio_pair(&internal_bio, 0, &network_bio, 0); SSL_set_bio(ssl, internal_bio, internal_bio); - SSL_operations(); /* e.g SSL_read and SSL_write */ + SSL_operations(); /* e.g. SSL_read and SSL_write */ ... application | TLS-engine @@ -167,7 +167,7 @@ without having to go through the SSL-interface. ... As the BIO pair will only buffer the data and never directly access the -connection, it behaves non-blocking and will return as soon as the write +connection, it behaves nonblocking and will return as soon as the write buffer is full or the read buffer is drained. Then the application has to flush the write buffer and/or fill the read buffer. @@ -191,7 +191,7 @@ L<BIO_should_retry(3)>, L<BIO_read_ex(3)> =head1 COPYRIGHT -Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/crypto/openssl/doc/man3/BIO_s_connect.pod b/crypto/openssl/doc/man3/BIO_s_connect.pod index 4f145297c5876..1223fad831cb6 100644 --- a/crypto/openssl/doc/man3/BIO_s_connect.pod +++ b/crypto/openssl/doc/man3/BIO_s_connect.pod @@ -106,7 +106,7 @@ If blocking I/O is set then a non positive return value from any I/O call is caused by an error condition, although a zero return will normally mean that the connection was closed. -If the port name is supplied as part of the host name then this will +If the port name is supplied as part of the hostname then this will override any value set with BIO_set_conn_port(). This may be undesirable if the application does not wish to allow connection to arbitrary ports. This can be avoided by checking for the presence of the ':' @@ -203,7 +203,7 @@ Use BIO_set_conn_address() and BIO_get_conn_address() instead. =head1 COPYRIGHT -Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/crypto/openssl/doc/man3/BIO_s_file.pod b/crypto/openssl/doc/man3/BIO_s_file.pod index 2ed0bb3c0f353..f1a75f7c627ac 100644 --- a/crypto/openssl/doc/man3/BIO_s_file.pod +++ b/crypto/openssl/doc/man3/BIO_s_file.pod @@ -78,7 +78,7 @@ in stdio behaviour will be mirrored by the corresponding BIO. On Windows BIO_new_files reserves for the filename argument to be UTF-8 encoded. In other words if you have to make it work in multi- -lingual environment, encode file names in UTF-8. +lingual environment, encode filenames in UTF-8. =head1 RETURN VALUES @@ -158,7 +158,7 @@ L<BIO_set_close(3)>, L<BIO_get_close(3)> =head1 COPYRIGHT -Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/crypto/openssl/doc/man3/BIO_set_callback.pod b/crypto/openssl/doc/man3/BIO_set_callback.pod index 291456baa42a2..f7ee104c28556 100644 --- a/crypto/openssl/doc/man3/BIO_set_callback.pod +++ b/crypto/openssl/doc/man3/BIO_set_callback.pod @@ -31,7 +31,7 @@ BIO_callback_fn_ex, BIO_callback_fn =head1 DESCRIPTION BIO_set_callback_ex() and BIO_get_callback_ex() set and retrieve the BIO -callback. The callback is called during most high level BIO operations. It can +callback. The callback is called during most high-level BIO operations. It can be used for debugging purposes to trace operations on a BIO or to modify its operation. @@ -230,7 +230,7 @@ in crypto/bio/bio_cb.c =head1 COPYRIGHT -Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/crypto/openssl/doc/man3/BN_add.pod b/crypto/openssl/doc/man3/BN_add.pod index 0f0e49556d72a..dccd4790ede7f 100644 --- a/crypto/openssl/doc/man3/BN_add.pod +++ b/crypto/openssl/doc/man3/BN_add.pod @@ -68,16 +68,16 @@ For division by powers of 2, use BN_rshift(3). BN_mod() corresponds to BN_div() with I<dv> set to B<NULL>. -BN_nnmod() reduces I<a> modulo I<m> and places the non-negative +BN_nnmod() reduces I<a> modulo I<m> and places the nonnegative remainder in I<r>. -BN_mod_add() adds I<a> to I<b> modulo I<m> and places the non-negative +BN_mod_add() adds I<a> to I<b> modulo I<m> and places the nonnegative result in I<r>. BN_mod_sub() subtracts I<b> from I<a> modulo I<m> and places the -non-negative result in I<r>. +nonnegative result in I<r>. -BN_mod_mul() multiplies I<a> by I<b> and finds the non-negative +BN_mod_mul() multiplies I<a> by I<b> and finds the nonnegative remainder respective to modulus I<m> (C<r=(a*b) mod m>). I<r> may be the same B<BIGNUM> as I<a> or I<b>. For more efficient algorithms for repeated computations using the same modulus, see @@ -119,7 +119,7 @@ L<BN_add_word(3)>, L<BN_set_bit(3)> =head1 COPYRIGHT -Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/crypto/openssl/doc/man3/BN_bn2bin.pod b/crypto/openssl/doc/man3/BN_bn2bin.pod index b3cbc8cb665cb..67595e05b85ad 100644 --- a/crypto/openssl/doc/man3/BN_bn2bin.pod +++ b/crypto/openssl/doc/man3/BN_bn2bin.pod @@ -37,7 +37,7 @@ memory. BN_bn2binpad() also converts the absolute value of B<a> into big-endian form and stores it at B<to>. B<tolen> indicates the length of the output buffer -B<to>. The result is padded with zeroes if necessary. If B<tolen> is less than +B<to>. The result is padded with zeros if necessary. If B<tolen> is less than BN_num_bytes(B<a>) an error is returned. BN_bin2bn() converts the positive integer in big-endian form of length @@ -106,7 +106,7 @@ L<BN_num_bytes(3)> =head1 COPYRIGHT -Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/crypto/openssl/doc/man3/BN_generate_prime.pod b/crypto/openssl/doc/man3/BN_generate_prime.pod index f1e63f3b3c4aa..25674d0348f78 100644 --- a/crypto/openssl/doc/man3/BN_generate_prime.pod +++ b/crypto/openssl/doc/man3/BN_generate_prime.pod @@ -127,7 +127,7 @@ For instance, to reach the 128 bit security level, B<nchecks> should be set to If B<cb> is not B<NULL>, B<BN_GENCB_call(cb, 1, j)> is called after the j-th iteration (j = 0, 1, ...). B<ctx> is a -pre-allocated B<BN_CTX> (to save the overhead of allocating and +preallocated B<BN_CTX> (to save the overhead of allocating and freeing the structure in a loop), or B<NULL>. BN_GENCB_call() calls the callback function held in the B<BN_GENCB> structure diff --git a/crypto/openssl/doc/man3/BN_mod_mul_montgomery.pod b/crypto/openssl/doc/man3/BN_mod_mul_montgomery.pod index 7f47e94c2b72a..911945fd9dbaf 100644 --- a/crypto/openssl/doc/man3/BN_mod_mul_montgomery.pod +++ b/crypto/openssl/doc/man3/BN_mod_mul_montgomery.pod @@ -49,7 +49,7 @@ the result in I<r>. BN_from_montgomery() performs the Montgomery reduction I<r> = I<a>*R^-1. BN_to_montgomery() computes Mont(I<a>,R^2), i.e. I<a>*R. -Note that I<a> must be non-negative and smaller than the modulus. +Note that I<a> must be nonnegative and smaller than the modulus. For all functions, I<ctx> is a previously allocated B<BN_CTX> used for temporary variables. @@ -80,7 +80,7 @@ BN_MONT_CTX_init() was removed in OpenSSL 1.1.0 =head1 COPYRIGHT -Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/crypto/openssl/doc/man3/BN_set_bit.pod b/crypto/openssl/doc/man3/BN_set_bit.pod index af02983c8fb14..67c2bac241024 100644 --- a/crypto/openssl/doc/man3/BN_set_bit.pod +++ b/crypto/openssl/doc/man3/BN_set_bit.pod @@ -37,11 +37,11 @@ BN_mask_bits() truncates B<a> to an B<n> bit number shorter than B<n> bits. BN_lshift() shifts B<a> left by B<n> bits and places the result in -B<r> (C<r=a*2^n>). Note that B<n> must be non-negative. BN_lshift1() shifts +B<r> (C<r=a*2^n>). Note that B<n> must be nonnegative. BN_lshift1() shifts B<a> left by one and places the result in B<r> (C<r=2*a>). BN_rshift() shifts B<a> right by B<n> bits and places the result in -B<r> (C<r=a/2^n>). Note that B<n> must be non-negative. BN_rshift1() shifts +B<r> (C<r=a/2^n>). Note that B<n> must be nonnegative. BN_rshift1() shifts B<a> right by one and places the result in B<r> (C<r=a/2>). For the shift functions, B<r> and B<a> may be the same variable. @@ -59,7 +59,7 @@ L<BN_num_bytes(3)>, L<BN_add(3)> =head1 COPYRIGHT -Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/crypto/openssl/doc/man3/CMS_verify.pod b/crypto/openssl/doc/man3/CMS_verify.pod index be688681cbc62..c7dbb6b6c275b 100644 --- a/crypto/openssl/doc/man3/CMS_verify.pod +++ b/crypto/openssl/doc/man3/CMS_verify.pod @@ -24,7 +24,7 @@ present in B<cms>. The content is written to B<out> if it is not NULL. B<flags> is an optional set of flags, which can be used to modify the verify operation. -CMS_get0_signers() retrieves the signing certificate(s) from B<cms>, it must +CMS_get0_signers() retrieves the signing certificate(s) from B<cms>, it may only be called after a successful CMS_verify() operation. =head1 VERIFY PROCESS @@ -94,7 +94,7 @@ useful if one merely wishes to write the content to B<out> and its validity is not considered important. Chain verification should arguably be performed using the signing time rather -than the current time. However since the signing time is supplied by the +than the current time. However, since the signing time is supplied by the signer it cannot be trusted without additional evidence (such as a trusted timestamp). @@ -122,7 +122,7 @@ L<ERR_get_error(3)>, L<CMS_sign(3)> =head1 COPYRIGHT -Copyright 2008-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2008-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/crypto/openssl/doc/man3/CRYPTO_THREAD_run_once.pod b/crypto/openssl/doc/man3/CRYPTO_THREAD_run_once.pod index b919e2e478164..946147e5d24ed 100644 --- a/crypto/openssl/doc/man3/CRYPTO_THREAD_run_once.pod +++ b/crypto/openssl/doc/man3/CRYPTO_THREAD_run_once.pod @@ -93,7 +93,7 @@ On Windows platforms the CRYPTO_THREAD_* types and functions in the openssl/crypto.h header are dependent on some of the types customarily made available by including windows.h. The application developer is likely to require control over when the latter is included, commonly as -one of the first included headers. Therefore it is defined as an +one of the first included headers. Therefore, it is defined as an application developer's responsibility to include windows.h prior to crypto.h where use of CRYPTO_THREAD_* types and functions is required. @@ -161,7 +161,7 @@ L<crypto(7)> =head1 COPYRIGHT -Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/crypto/openssl/doc/man3/CRYPTO_memcmp.pod b/crypto/openssl/doc/man3/CRYPTO_memcmp.pod index 9182d00796c9f..20578c557b9eb 100644 --- a/crypto/openssl/doc/man3/CRYPTO_memcmp.pod +++ b/crypto/openssl/doc/man3/CRYPTO_memcmp.pod @@ -19,17 +19,17 @@ contents of the memory regions pointed to by B<a> and B<b>. =head1 RETURN VALUES -CRYPTO_memcmp() returns 0 if the memory regions are equal and non-zero +CRYPTO_memcmp() returns 0 if the memory regions are equal and nonzero otherwise. =head1 NOTES Unlike memcmp(2), this function cannot be used to order the two memory regions -as the return value when they differ is undefined, other than being non-zero. +as the return value when they differ is undefined, other than being nonzero. =head1 COPYRIGHT -Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/crypto/openssl/doc/man3/DES_random_key.pod b/crypto/openssl/doc/man3/DES_random_key.pod index 04df6ec0dfde3..a52099053ec8e 100644 --- a/crypto/openssl/doc/man3/DES_random_key.pod +++ b/crypto/openssl/doc/man3/DES_random_key.pod @@ -120,7 +120,7 @@ is returned. If the key is a weak key, then -2 is returned. If an error is returned, the key schedule is not generated. DES_set_key() works like -DES_set_key_checked() if the I<DES_check_key> flag is non-zero, +DES_set_key_checked() if the I<DES_check_key> flag is nonzero, otherwise like DES_set_key_unchecked(). These functions are available for compatibility; it is recommended to use a function that does not depend on a global variable. @@ -137,7 +137,7 @@ DES_ecb_encrypt() is the basic DES encryption routine that encrypts or decrypts a single 8-byte I<DES_cblock> in I<electronic code book> (ECB) mode. It always transforms the input data, pointed to by I<input>, into the output data, pointed to by the I<output> argument. -If the I<encrypt> argument is non-zero (DES_ENCRYPT), the I<input> +If the I<encrypt> argument is nonzero (DES_ENCRYPT), the I<input> (cleartext) is encrypted in to the I<output> (ciphertext) using the key_schedule specified by the I<schedule> argument, previously set via I<DES_set_key>. If I<encrypt> is zero (DES_DECRYPT), the I<input> (now @@ -156,7 +156,7 @@ The macro DES_ecb2_encrypt() is provided to perform two-key Triple-DES encryption by using I<ks1> for the final encryption. DES_ncbc_encrypt() encrypts/decrypts using the I<cipher-block-chaining> -(CBC) mode of DES. If the I<encrypt> argument is non-zero, the +(CBC) mode of DES. If the I<encrypt> argument is nonzero, the routine cipher-block-chain encrypts the cleartext data pointed to by the I<input> argument into the ciphertext pointed to by the I<output> argument, using the key schedule provided by the I<schedule> argument, @@ -313,7 +313,7 @@ on some platforms. =head1 COPYRIGHT -Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/crypto/openssl/doc/man3/DH_get0_pqg.pod b/crypto/openssl/doc/man3/DH_get0_pqg.pod index e878fa0051496..6b5e843e4832a 100644 --- a/crypto/openssl/doc/man3/DH_get0_pqg.pod +++ b/crypto/openssl/doc/man3/DH_get0_pqg.pod @@ -81,7 +81,7 @@ DH_get0_engine() returns a handle to the ENGINE that has been set for this DH object, or NULL if no such ENGINE has been set. The DH_get_length() and DH_set_length() functions get and set the optional -length parameter associated with this DH object. If the length is non-zero then +length parameter associated with this DH object. If the length is nonzero then it is used, otherwise it is ignored. The B<length> parameter indicates the length of the secret exponent (private key) in bits. @@ -118,7 +118,7 @@ The functions described here were added in OpenSSL 1.1.0. =head1 COPYRIGHT -Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/crypto/openssl/doc/man3/DH_set_method.pod b/crypto/openssl/doc/man3/DH_set_method.pod index ea45961f15001..b36011d627f3b 100644 --- a/crypto/openssl/doc/man3/DH_set_method.pod +++ b/crypto/openssl/doc/man3/DH_set_method.pod @@ -45,7 +45,7 @@ DH_set_method() selects B<meth> to perform all operations using the key B<dh>. This will replace the DH_METHOD used by the DH key and if the previous method was supplied by an ENGINE, the handle to that ENGINE will be released during the change. It is possible to have DH keys that only work with certain DH_METHOD -implementations (eg. from an ENGINE module that supports embedded +implementations (e.g. from an ENGINE module that supports embedded hardware-protected keys), and in such cases attempting to change the DH_METHOD for the key can have unexpected results. @@ -64,7 +64,7 @@ B<DH_METHOD>s. DH_set_default_method() returns no value. -DH_set_method() returns non-zero if the provided B<meth> was successfully set as +DH_set_method() returns nonzero if the provided B<meth> was successfully set as the method for B<dh> (including unloading the ENGINE handle if the previous method was supplied by an ENGINE). @@ -78,7 +78,7 @@ L<DH_new(3)>, L<DH_new(3)>, L<DH_meth_new(3)> =head1 COPYRIGHT -Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/crypto/openssl/doc/man3/DSA_set_method.pod b/crypto/openssl/doc/man3/DSA_set_method.pod index f10307e66d66c..f6eb260c316c6 100644 --- a/crypto/openssl/doc/man3/DSA_set_method.pod +++ b/crypto/openssl/doc/man3/DSA_set_method.pod @@ -46,7 +46,7 @@ DSA_set_method() selects B<meth> to perform all operations using the key B<rsa>. This will replace the DSA_METHOD used by the DSA key and if the previous method was supplied by an ENGINE, the handle to that ENGINE will be released during the change. It is possible to have DSA keys that only -work with certain DSA_METHOD implementations (eg. from an ENGINE module +work with certain DSA_METHOD implementations (e.g. from an ENGINE module that supports embedded hardware-protected keys), and in such cases attempting to change the DSA_METHOD for the key can have unexpected results. See L<DSA_meth_new> for information on constructing custom DSA_METHOD @@ -64,7 +64,7 @@ B<DSA_METHOD>s. DSA_set_default_method() returns no value. -DSA_set_method() returns non-zero if the provided B<meth> was successfully set as +DSA_set_method() returns nonzero if the provided B<meth> was successfully set as the method for B<dsa> (including unloading the ENGINE handle if the previous method was supplied by an ENGINE). @@ -78,7 +78,7 @@ L<DSA_new(3)>, L<DSA_new(3)>, L<DSA_meth_new(3)> =head1 COPYRIGHT -Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/crypto/openssl/doc/man3/DTLSv1_listen.pod b/crypto/openssl/doc/man3/DTLSv1_listen.pod index 98511a475f9fd..272a8c2ee0999 100644 --- a/crypto/openssl/doc/man3/DTLSv1_listen.pod +++ b/crypto/openssl/doc/man3/DTLSv1_listen.pod @@ -35,7 +35,7 @@ message then the amplification attack has succeeded. If DTLS is used over UDP (or any datagram based protocol that does not validate the source IP) then it is susceptible to this type of attack. TLSv1.3 is designed to operate over a stream-based transport protocol (such as TCP). -If TCP is being used then there is no need to use SSL_stateless(). However some +If TCP is being used then there is no need to use SSL_stateless(). However, some stream-based transport protocols (e.g. QUIC) may not validate the source address. In this case a TLSv1.3 application would be susceptible to this attack. @@ -98,7 +98,7 @@ will be set up ready to continue the handshake. the B<peer> value will also be filled in. A return value of 0 indicates a non-fatal error. This could (for -example) be because of non-blocking IO, or some invalid message having been +example) be because of nonblocking IO, or some invalid message having been received from a peer. Errors may be placed on the OpenSSL error queue with further information if appropriate. Typically user code is expected to retry the call to DTLSv1_listen() in the event of a non-fatal error. @@ -126,7 +126,7 @@ The type of "peer" also changed in OpenSSL 1.1.0. =head1 COPYRIGHT -Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/crypto/openssl/doc/man3/ECDSA_SIG_new.pod b/crypto/openssl/doc/man3/ECDSA_SIG_new.pod index 6a7d107079d51..010c163c414a5 100644 --- a/crypto/openssl/doc/man3/ECDSA_SIG_new.pod +++ b/crypto/openssl/doc/man3/ECDSA_SIG_new.pod @@ -5,7 +5,7 @@ ECDSA_SIG_get0, ECDSA_SIG_get0_r, ECDSA_SIG_get0_s, ECDSA_SIG_set0, ECDSA_SIG_new, ECDSA_SIG_free, ECDSA_size, ECDSA_sign, ECDSA_do_sign, ECDSA_verify, ECDSA_do_verify, ECDSA_sign_setup, ECDSA_sign_ex, -ECDSA_do_sign_ex - low level elliptic curve digital signature algorithm (ECDSA) +ECDSA_do_sign_ex - low-level elliptic curve digital signature algorithm (ECDSA) functions =head1 SYNOPSIS @@ -40,7 +40,7 @@ functions =head1 DESCRIPTION -Note: these functions provide a low level interface to ECDSA. Most +Note: these functions provide a low-level interface to ECDSA. Most applications should use the higher level B<EVP> interface such as L<EVP_DigestSignInit(3)> or L<EVP_DigestVerifyInit(3)> instead. @@ -199,7 +199,7 @@ L<d2i_ECDSA_SIG(3)> =head1 COPYRIGHT -Copyright 2004-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2004-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/crypto/openssl/doc/man3/EC_GROUP_new.pod b/crypto/openssl/doc/man3/EC_GROUP_new.pod index c80b191785c4d..b1141a0777392 100644 --- a/crypto/openssl/doc/man3/EC_GROUP_new.pod +++ b/crypto/openssl/doc/man3/EC_GROUP_new.pod @@ -84,7 +84,7 @@ specific PK B<params>. EC_GROUP_set_curve() sets the curve parameters B<p>, B<a> and B<b>. For a curve over Fp B<p> is the prime for the field. For a curve over F2^m B<p> represents the irreducible polynomial - each bit represents a term in the polynomial. -Therefore there will either be three or five bits set dependent on whether the +Therefore, there will either be three or five bits set dependent on whether the polynomial is a trinomial or a pentanomial. In either case, B<a> and B<b> represents the coefficients a and b from the relevant equation introduced above. @@ -152,7 +152,7 @@ L<EC_GFp_simple_method(3)>, L<d2i_ECPKParameters(3)> =head1 COPYRIGHT -Copyright 2013-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2013-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/crypto/openssl/doc/man3/EC_KEY_new.pod b/crypto/openssl/doc/man3/EC_KEY_new.pod index 9d32d78a399e2..6507dc95cdffb 100644 --- a/crypto/openssl/doc/man3/EC_KEY_new.pod +++ b/crypto/openssl/doc/man3/EC_KEY_new.pod @@ -9,7 +9,8 @@ EC_KEY_get0_engine, EC_KEY_get0_group, EC_KEY_set_group, EC_KEY_get0_private_key, EC_KEY_set_private_key, EC_KEY_get0_public_key, EC_KEY_set_public_key, EC_KEY_get_conv_form, -EC_KEY_set_conv_form, EC_KEY_set_asn1_flag, EC_KEY_precompute_mult, +EC_KEY_set_conv_form, EC_KEY_set_asn1_flag, +EC_KEY_decoded_from_explicit_params, EC_KEY_precompute_mult, EC_KEY_generate_key, EC_KEY_check_key, EC_KEY_set_public_key_affine_coordinates, EC_KEY_oct2key, EC_KEY_key2buf, EC_KEY_oct2priv, EC_KEY_priv2oct, EC_KEY_priv2buf - Functions for creating, destroying and manipulating @@ -38,6 +39,7 @@ EC_KEY objects point_conversion_form_t EC_KEY_get_conv_form(const EC_KEY *key); void EC_KEY_set_conv_form(EC_KEY *eckey, point_conversion_form_t cform); void EC_KEY_set_asn1_flag(EC_KEY *eckey, int asn1_flag); + int EC_KEY_decoded_from_explicit_params(const EC_KEY *key); int EC_KEY_precompute_mult(EC_KEY *key, BN_CTX *ctx); int EC_KEY_generate_key(EC_KEY *key); int EC_KEY_check_key(const EC_KEY *key); @@ -118,11 +120,15 @@ EC_KEY_set_asn1_flag() sets the asn1_flag on the underlying EC_GROUP object (if set). Refer to L<EC_GROUP_copy(3)> for further information on the asn1_flag. +EC_KEY_decoded_from_explicit_params() returns 1 if the group of the I<key> was +decoded from data with explicitly encoded group parameters, -1 if the I<key> +is NULL or the group parameters are missing, and 0 otherwise. + EC_KEY_precompute_mult() stores multiples of the underlying EC_GROUP generator for faster point multiplication. See also L<EC_POINT_add(3)>. EC_KEY_oct2key() and EC_KEY_key2buf() are identical to the functions -EC_POINT_oct2point() and EC_KEY_point2buf() except they use the public key +EC_POINT_oct2point() and EC_POINT_point2buf() except they use the public key EC_POINT in B<eckey>. EC_KEY_oct2priv() and EC_KEY_priv2oct() convert between the private key @@ -178,7 +184,7 @@ L<d2i_ECPKParameters(3)> =head1 COPYRIGHT -Copyright 2013-2017 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2013-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/crypto/openssl/doc/man3/EC_POINT_new.pod b/crypto/openssl/doc/man3/EC_POINT_new.pod index 8cadaa75f145d..5d2c3f2e9b229 100644 --- a/crypto/openssl/doc/man3/EC_POINT_new.pod +++ b/crypto/openssl/doc/man3/EC_POINT_new.pod @@ -148,7 +148,7 @@ EC_POINT_get_Jprojective_coordinates_GFp() respectively. Points can also be described in terms of their compressed co-ordinates. For a point (x, y), for any given value for x such that the point is on the curve -there will only ever be two possible values for y. Therefore a point can be set +there will only ever be two possible values for y. Therefore, a point can be set using the EC_POINT_set_compressed_coordinates() function where B<x> is the x co-ordinate and B<y_bit> is a value 0 or 1 to identify which of the two possible values for y should be used. @@ -243,7 +243,7 @@ L<EC_GFp_simple_method(3)>, L<d2i_ECPKParameters(3)> =head1 COPYRIGHT -Copyright 2013-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2013-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/crypto/openssl/doc/man3/ENGINE_add.pod b/crypto/openssl/doc/man3/ENGINE_add.pod index a2fc299482fc0..369900c248c5b 100644 --- a/crypto/openssl/doc/man3/ENGINE_add.pod +++ b/crypto/openssl/doc/man3/ENGINE_add.pod @@ -181,7 +181,7 @@ implementation includes the following abstractions; =head2 Reference counting and handles Due to the modular nature of the ENGINE API, pointers to ENGINEs need to be -treated as handles - ie. not only as pointers, but also as references to +treated as handles - i.e. not only as pointers, but also as references to the underlying ENGINE object. Ie. one should obtain a new reference when making copies of an ENGINE pointer if the copies will be used (and released) independently. @@ -252,15 +252,15 @@ operational ENGINE for a given cryptographic purpose. To obtain a functional reference from an existing structural reference, call the ENGINE_init() function. This returns zero if the ENGINE was not -already operational and couldn't be successfully initialised (eg. lack of +already operational and couldn't be successfully initialised (e.g. lack of system drivers, no special hardware attached, etc), otherwise it will -return non-zero to indicate that the ENGINE is now operational and will +return nonzero to indicate that the ENGINE is now operational and will have allocated a new B<functional> reference to the ENGINE. All functional references are released by calling ENGINE_finish() (which removes the implicit structural reference as well). The second way to get a functional reference is by asking OpenSSL for a -default implementation for a given task, eg. by ENGINE_get_default_RSA(), +default implementation for a given task, e.g. by ENGINE_get_default_RSA(), ENGINE_get_default_cipher_engine(), etc. These are discussed in the next section, though they are not usually required by application programmers as they are used automatically when creating and using the relevant @@ -278,7 +278,7 @@ In the case of other abstractions like RSA, DSA, etc, there is only one "algorithm" so all implementations implicitly register using the same 'nid' index. -When a default ENGINE is requested for a given abstraction/algorithm/mode, (eg. +When a default ENGINE is requested for a given abstraction/algorithm/mode, (e.g. when calling RSA_new_method(NULL)), a "get_default" call will be made to the ENGINE subsystem to process the corresponding state table and return a functional reference to an initialised ENGINE whose implementation should be @@ -328,7 +328,7 @@ is something for the application to control. Some applications will want to allow the user to specify exactly which ENGINE they want used if any is to be used at all. Others may prefer to load all support and have OpenSSL automatically use at run-time any ENGINE that is able to -successfully initialise - ie. to assume that this corresponds to +successfully initialise - i.e. to assume that this corresponds to acceleration hardware attached to the machine or some such thing. There are probably numerous other ways in which applications may prefer to handle things, so we will simply illustrate the consequences as they apply to a @@ -417,7 +417,7 @@ so that it can be initialised for use. This could include the path to any driver or config files it needs to load, required network addresses, smart-card identifiers, passwords to initialise protected devices, logging information, etc etc. This class of commands typically needs to be -passed to an ENGINE B<before> attempting to initialise it, ie. before +passed to an ENGINE B<before> attempting to initialise it, i.e. before calling ENGINE_init(). The other class of commands consist of settings or operations that tweak certain behaviour or cause certain operations to take place, and these commands may work either before or after ENGINE_init(), or @@ -477,7 +477,7 @@ boolean success or failure. } Note that ENGINE_ctrl_cmd_string() accepts a boolean argument that can -relax the semantics of the function - if set non-zero it will only return +relax the semantics of the function - if set nonzero it will only return failure if the ENGINE supported the given command name but failed while executing it, if the ENGINE doesn't support the command name it will simply return success without doing anything. In this case we assume the user is @@ -490,7 +490,7 @@ It is possible to discover at run-time the names, numerical-ids, descriptions and input parameters of the control commands supported by an ENGINE using a structural reference. Note that some control commands are defined by OpenSSL itself and it will intercept and handle these control commands on behalf of the -ENGINE, ie. the ENGINE's ctrl() handler is not used for the control command. +ENGINE, i.e. the ENGINE's ctrl() handler is not used for the control command. openssl/engine.h defines an index, ENGINE_CMD_BASE, that all control commands implemented by ENGINEs should be numbered from. Any command value lower than this symbol is considered a "generic" command is handled directly by the @@ -556,7 +556,7 @@ by applications, administrations, users, etc. These can support arbitrary operations via ENGINE_ctrl(), including passing to and/or from the control commands data of any arbitrary type. These commands are supported in the discovery mechanisms simply to allow applications to determine if an ENGINE -supports certain specific commands it might want to use (eg. application "foo" +supports certain specific commands it might want to use (e.g. application "foo" might query various ENGINEs to see if they implement "FOO_GET_VENDOR_LOGO_GIF" - and ENGINE could therefore decide whether or not to support this "foo"-specific extension). @@ -657,7 +657,7 @@ and should not be used. =head1 COPYRIGHT -Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2002-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/crypto/openssl/doc/man3/ERR_get_error.pod b/crypto/openssl/doc/man3/ERR_get_error.pod index a76df03882d8e..fc155ad081999 100644 --- a/crypto/openssl/doc/man3/ERR_get_error.pod +++ b/crypto/openssl/doc/man3/ERR_get_error.pod @@ -45,7 +45,7 @@ messages. ERR_get_error_line(), ERR_peek_error_line() and ERR_peek_last_error_line() are the same as the above, but they -additionally store the file name and line number where +additionally store the filename and line number where the error occurred in *B<file> and *B<line>, unless these are B<NULL>. ERR_get_error_line_data(), ERR_peek_error_line_data() and @@ -69,7 +69,7 @@ L<ERR_GET_LIB(3)> =head1 COPYRIGHT -Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/crypto/openssl/doc/man3/ERR_print_errors.pod b/crypto/openssl/doc/man3/ERR_print_errors.pod index f7e612f618869..78a4b6a8d9106 100644 --- a/crypto/openssl/doc/man3/ERR_print_errors.pod +++ b/crypto/openssl/doc/man3/ERR_print_errors.pod @@ -29,7 +29,7 @@ B<u> as the callback parameters. The error strings will have the following format: - [pid]:error:[error code]:[library name]:[function name]:[reason string]:[file name]:[line]:[optional text message] + [pid]:error:[error code]:[library name]:[function name]:[reason string]:[filename]:[line]:[optional text message] I<error code> is an 8 digit hexadecimal number. I<library name>, I<function name> and I<reason string> are ASCII text, as is I<optional @@ -49,7 +49,7 @@ L<ERR_get_error(3)> =head1 COPYRIGHT -Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/crypto/openssl/doc/man3/ERR_put_error.pod b/crypto/openssl/doc/man3/ERR_put_error.pod index 4fba618db4f25..ee6a61ffe2c25 100644 --- a/crypto/openssl/doc/man3/ERR_put_error.pod +++ b/crypto/openssl/doc/man3/ERR_put_error.pod @@ -39,14 +39,14 @@ descriptions. For example, the function ssl3_read_bytes() reports a SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_SSL_HANDSHAKE_FAILURE); -Function and reason codes should consist of upper case characters, +Function and reason codes should consist of uppercase characters, numbers and underscores only. The error file generation script translates function codes into function names by looking in the header files for an appropriate function name, if none is found it just uses the capitalized form such as "SSL3_READ_BYTES" in the above example. The trailing section of a reason code (after the "_R_") is translated -into lower case and underscores changed to spaces. +into lowercase and underscores changed to spaces. Although a library will normally report errors using its own specific XXXerr macro, another library's macro can be used. This is normally @@ -65,7 +65,7 @@ L<ERR_load_strings(3)> =head1 COPYRIGHT -Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/crypto/openssl/doc/man3/EVP_DigestInit.pod b/crypto/openssl/doc/man3/EVP_DigestInit.pod index 434e22030fdd3..a0ed943a3f604 100644 --- a/crypto/openssl/doc/man3/EVP_DigestInit.pod +++ b/crypto/openssl/doc/man3/EVP_DigestInit.pod @@ -68,7 +68,7 @@ EVP_MD_CTX_pkey_ctx, EVP_MD_CTX_set_pkey_ctx - EVP digest routines =head1 DESCRIPTION -The EVP digest routines are a high level interface to message digests, +The EVP digest routines are a high-level interface to message digests, and should be used instead of the cipher-specific functions. =over 4 @@ -338,7 +338,7 @@ This function has no return value. =head1 NOTES The B<EVP> interface to message digests should almost always be used in -preference to the low level interfaces. This is because the code then becomes +preference to the low-level interfaces. This is because the code then becomes transparent to the digest used and much more flexible. New applications should use the SHA-2 (such as L<EVP_sha256(3)>) or the SHA-3 @@ -443,7 +443,7 @@ The EVP_MD_CTX_set_pkey_ctx() function was added in 1.1.1. =head1 COPYRIGHT -Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/crypto/openssl/doc/man3/EVP_DigestSignInit.pod b/crypto/openssl/doc/man3/EVP_DigestSignInit.pod index 912880a5e1c5c..4efc8a4974915 100644 --- a/crypto/openssl/doc/man3/EVP_DigestSignInit.pod +++ b/crypto/openssl/doc/man3/EVP_DigestSignInit.pod @@ -20,7 +20,7 @@ EVP_DigestSign - EVP signing functions =head1 DESCRIPTION -The EVP signature routines are a high level interface to digital signatures. +The EVP signature routines are a high-level interface to digital signatures. EVP_DigestSignInit() sets up signing context B<ctx> to use digest B<type> from ENGINE B<e> and private key B<pkey>. B<ctx> must be created with @@ -110,7 +110,7 @@ The error codes can be obtained from L<ERR_get_error(3)>. =head1 NOTES The B<EVP> interface to digital signatures should almost always be used in -preference to the low level interfaces. This is because the code then becomes +preference to the low-level interfaces. This is because the code then becomes transparent to the algorithm used and much more flexible. EVP_DigestSign() is a one shot operation which signs a single block of data diff --git a/crypto/openssl/doc/man3/EVP_DigestVerifyInit.pod b/crypto/openssl/doc/man3/EVP_DigestVerifyInit.pod index 0806cd5d58c4d..e7d8c83184458 100644 --- a/crypto/openssl/doc/man3/EVP_DigestVerifyInit.pod +++ b/crypto/openssl/doc/man3/EVP_DigestVerifyInit.pod @@ -19,7 +19,7 @@ EVP_DigestVerify - EVP signature verification functions =head1 DESCRIPTION -The EVP signature routines are a high level interface to digital signatures. +The EVP signature routines are a high-level interface to digital signatures. EVP_DigestVerifyInit() sets up verification context B<ctx> to use digest B<type> from ENGINE B<e> and public key B<pkey>. B<ctx> must be created @@ -62,7 +62,7 @@ The error codes can be obtained from L<ERR_get_error(3)>. =head1 NOTES The B<EVP> interface to digital signatures should almost always be used in -preference to the low level interfaces. This is because the code then becomes +preference to the low-level interfaces. This is because the code then becomes transparent to the algorithm used and much more flexible. EVP_DigestVerify() is a one shot operation which verifies a single block of @@ -104,7 +104,7 @@ were added in OpenSSL 1.0.0. =head1 COPYRIGHT -Copyright 2006-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2006-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/crypto/openssl/doc/man3/EVP_EncodeInit.pod b/crypto/openssl/doc/man3/EVP_EncodeInit.pod index 8055b100b2522..e8b65d3818907 100644 --- a/crypto/openssl/doc/man3/EVP_EncodeInit.pod +++ b/crypto/openssl/doc/man3/EVP_EncodeInit.pod @@ -29,7 +29,7 @@ EVP_DecodeBlock - EVP base 64 encode/decode routines =head1 DESCRIPTION -The EVP encode routines provide a high level interface to base 64 encoding and +The EVP encode routines provide a high-level interface to base 64 encoding and decoding. Base 64 encoding converts binary data into a printable form that uses the characters A-Z, a-z, 0-9, "+" and "/" to represent the data. For every 3 bytes of binary data provided 4 bytes of base 64 encoded data will be produced @@ -83,8 +83,8 @@ EVP_ENCODE_CTX_num() will return the number of as yet unprocessed bytes still to be encoded or decoded that are pending in the B<ctx> object. EVP_EncodeBlock() encodes a full block of input data in B<f> and of length -B<dlen> and stores it in B<t>. For every 3 bytes of input provided 4 bytes of -output data will be produced. If B<dlen> is not divisible by 3 then the block is +B<n> and stores it in B<t>. For every 3 bytes of input provided 4 bytes of +output data will be produced. If B<n> is not divisible by 3 then the block is encoded as a final block of data and the output is padded such that it is always divisible by 4. Additionally a NUL terminator character will be added. For example if 16 bytes of input data is provided then 24 bytes of encoded data is @@ -151,7 +151,7 @@ L<evp(7)> =head1 COPYRIGHT -Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/crypto/openssl/doc/man3/EVP_EncryptInit.pod b/crypto/openssl/doc/man3/EVP_EncryptInit.pod index aaf9975c4c267..0d8a780bb794a 100644 --- a/crypto/openssl/doc/man3/EVP_EncryptInit.pod +++ b/crypto/openssl/doc/man3/EVP_EncryptInit.pod @@ -120,7 +120,7 @@ EVP_enc_null =head1 DESCRIPTION -The EVP cipher routines are a high level interface to certain +The EVP cipher routines are a high-level interface to certain symmetric ciphers. EVP_CIPHER_CTX_new() creates a cipher context. @@ -146,10 +146,15 @@ appropriate. EVP_EncryptUpdate() encrypts B<inl> bytes from the buffer B<in> and writes the encrypted version to B<out>. This function can be called multiple times to encrypt successive blocks of data. The amount -of data written depends on the block alignment of the encrypted data: -as a result the amount of data written may be anything from zero bytes -to (inl + cipher_block_size - 1) so B<out> should contain sufficient -room. The actual number of bytes written is placed in B<outl>. It also +of data written depends on the block alignment of the encrypted data. +For most ciphers and modes, the amount of data written can be anything +from zero bytes to (inl + cipher_block_size - 1) bytes. +For wrap cipher modes, the amount of data written can be anything +from zero bytes to (inl + cipher_block_size) bytes. +For stream ciphers, the amount of data written can be anything from zero +bytes to inl bytes. +Thus, B<out> should contain sufficient room for the operation being performed. +The actual number of bytes written is placed in B<outl>. It also checks if B<in> and B<out> are partially overlapping, and if they are 0 is returned to indicate failure. @@ -422,8 +427,8 @@ Sets the CCM B<L> value. If not set a default is used (8 for AES). =item EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, ivlen, NULL) -Sets the CCM nonce (IV) length. This call can only be made before specifying an -nonce value. The nonce length is given by B<15 - L> so it is 7 by default for +Sets the CCM nonce (IV) length. This call can only be made before specifying +a nonce value. The nonce length is given by B<15 - L> so it is 7 by default for AES. =back @@ -463,10 +468,10 @@ This call is only valid when decrypting data. =head1 NOTES Where possible the B<EVP> interface to symmetric ciphers should be used in -preference to the low level interfaces. This is because the code then becomes +preference to the low-level interfaces. This is because the code then becomes transparent to the cipher used and much more flexible. Additionally, the B<EVP> interface will ensure the use of platform specific cryptographic -acceleration such as AES-NI (the low level interfaces do not provide the +acceleration such as AES-NI (the low-level interfaces do not provide the guarantee). PKCS padding works by adding B<n> padding bytes of value B<n> to make the total @@ -591,7 +596,7 @@ with a 128-bit key: /* Don't set key or IV right away; we want to check lengths */ ctx = EVP_CIPHER_CTX_new(); - EVP_CipherInit_ex(&ctx, EVP_aes_128_cbc(), NULL, NULL, NULL, + EVP_CipherInit_ex(ctx, EVP_aes_128_cbc(), NULL, NULL, NULL, do_encrypt); OPENSSL_assert(EVP_CIPHER_CTX_key_length(ctx) == 16); OPENSSL_assert(EVP_CIPHER_CTX_iv_length(ctx) == 16); @@ -654,7 +659,7 @@ EVP_CIPHER_CTX_reset(). =head1 COPYRIGHT -Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/crypto/openssl/doc/man3/EVP_OpenInit.pod b/crypto/openssl/doc/man3/EVP_OpenInit.pod index 61b4307bca31d..37223c8abf4c4 100644 --- a/crypto/openssl/doc/man3/EVP_OpenInit.pod +++ b/crypto/openssl/doc/man3/EVP_OpenInit.pod @@ -16,7 +16,7 @@ EVP_OpenInit, EVP_OpenUpdate, EVP_OpenFinal - EVP envelope decryption =head1 DESCRIPTION -The EVP envelope routines are a high level interface to envelope +The EVP envelope routines are a high-level interface to envelope decryption. They decrypt a public key encrypted symmetric key and then decrypt data using it. @@ -59,7 +59,7 @@ L<EVP_SealInit(3)> =head1 COPYRIGHT -Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/crypto/openssl/doc/man3/EVP_PKEY_CTX_ctrl.pod b/crypto/openssl/doc/man3/EVP_PKEY_CTX_ctrl.pod index 16d8462a42637..e4753168abf72 100644 --- a/crypto/openssl/doc/man3/EVP_PKEY_CTX_ctrl.pod +++ b/crypto/openssl/doc/man3/EVP_PKEY_CTX_ctrl.pod @@ -290,7 +290,7 @@ parameter generation. Use 0 for PKCS#3 DH and 1 for X9.42 DH. The default is 0. The EVP_PKEY_CTX_set_dh_pad() macro sets the DH padding mode. If B<pad> is -1 the shared secret is padded with zeroes up to the size of the DH prime B<p>. +1 the shared secret is padded with zeros up to the size of the DH prime B<p>. If B<pad> is zero (the default) then no padding is performed. EVP_PKEY_CTX_set_dh_nid() sets the DH parameters to values corresponding to @@ -459,7 +459,7 @@ macros were added in 1.1.1, other functions were added in OpenSSL 1.0.0. =head1 COPYRIGHT -Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2006-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/crypto/openssl/doc/man3/EVP_PKEY_CTX_new.pod b/crypto/openssl/doc/man3/EVP_PKEY_CTX_new.pod index f01fc97522979..8c3c796f6fdd5 100644 --- a/crypto/openssl/doc/man3/EVP_PKEY_CTX_new.pod +++ b/crypto/openssl/doc/man3/EVP_PKEY_CTX_new.pod @@ -31,7 +31,7 @@ If B<ctx> is NULL, nothing is done. =head1 NOTES The B<EVP_PKEY_CTX> structure is an opaque public key algorithm context used -by the OpenSSL high level public key API. Contexts B<MUST NOT> be shared between +by the OpenSSL high-level public key API. Contexts B<MUST NOT> be shared between threads: that is it is not permissible to use the same context simultaneously in two threads. @@ -52,7 +52,7 @@ These functions were added in OpenSSL 1.0.0. =head1 COPYRIGHT -Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2006-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/crypto/openssl/doc/man3/EVP_PKEY_keygen.pod b/crypto/openssl/doc/man3/EVP_PKEY_keygen.pod index 83cebe7ce2f40..82df153630353 100644 --- a/crypto/openssl/doc/man3/EVP_PKEY_keygen.pod +++ b/crypto/openssl/doc/man3/EVP_PKEY_keygen.pod @@ -51,7 +51,7 @@ generation callback. The function EVP_PKEY_CTX_get_keygen_info() returns parameters associated with the generation operation. If B<idx> is -1 the total number of parameters available is returned. Any non negative value returns the value of -that parameter. EVP_PKEY_CTX_gen_keygen_info() with a non-negative value for +that parameter. EVP_PKEY_CTX_gen_keygen_info() with a nonnegative value for B<idx> should only be called within the generation callback. If the callback returns 0 then the key generation operation is aborted and an @@ -196,7 +196,7 @@ in OpenSSL 1.1.1. =head1 COPYRIGHT -Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2006-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/crypto/openssl/doc/man3/EVP_PKEY_new.pod b/crypto/openssl/doc/man3/EVP_PKEY_new.pod index 667269cc624e5..faf5a117e5ae3 100644 --- a/crypto/openssl/doc/man3/EVP_PKEY_new.pod +++ b/crypto/openssl/doc/man3/EVP_PKEY_new.pod @@ -66,7 +66,8 @@ B<EVP_PKEY_X25519>, B<EVP_PKEY_ED25519>, B<EVP_PKEY_X448> or B<EVP_PKEY_ED448>. EVP_PKEY_new_CMAC_key() works in the same way as EVP_PKEY_new_raw_private_key() except it is only for the B<EVP_PKEY_CMAC> algorithm type. In addition to the raw private key data, it also takes a cipher algorithm to be used during -creation of a CMAC in the B<cipher> argument. +creation of a CMAC in the B<cipher> argument. The cipher should be a standard +encryption only cipher. For example AEAD and XTS ciphers should not be used. EVP_PKEY_new_mac_key() works in the same way as EVP_PKEY_new_raw_private_key(). New applications should use EVP_PKEY_new_raw_private_key() instead. diff --git a/crypto/openssl/doc/man3/EVP_SealInit.pod b/crypto/openssl/doc/man3/EVP_SealInit.pod index 2c2c89a71b51e..4bee44922d53d 100644 --- a/crypto/openssl/doc/man3/EVP_SealInit.pod +++ b/crypto/openssl/doc/man3/EVP_SealInit.pod @@ -17,7 +17,7 @@ EVP_SealInit, EVP_SealUpdate, EVP_SealFinal - EVP envelope encryption =head1 DESCRIPTION -The EVP envelope routines are a high level interface to envelope +The EVP envelope routines are a high-level interface to envelope encryption. They generate a random key and IV (if required) then "envelope" it by using public key encryption. Data can then be encrypted using this key. @@ -82,7 +82,7 @@ L<RAND(7)> =head1 COPYRIGHT -Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/crypto/openssl/doc/man3/EVP_SignInit.pod b/crypto/openssl/doc/man3/EVP_SignInit.pod index 22ce747d333f7..299c5cf312ee4 100644 --- a/crypto/openssl/doc/man3/EVP_SignInit.pod +++ b/crypto/openssl/doc/man3/EVP_SignInit.pod @@ -17,7 +17,7 @@ EVP_SignInit, EVP_SignInit_ex, EVP_SignUpdate, EVP_SignFinal =head1 DESCRIPTION -The EVP signature routines are a high level interface to digital +The EVP signature routines are a high-level interface to digital signatures. EVP_SignInit_ex() sets up signing context I<ctx> to use digest @@ -48,7 +48,7 @@ The error codes can be obtained by L<ERR_get_error(3)>. =head1 NOTES The B<EVP> interface to digital signatures should almost always be used in -preference to the low level interfaces. This is because the code then becomes +preference to the low-level interfaces. This is because the code then becomes transparent to the algorithm used and much more flexible. When signing with DSA private keys the random number generator must be seeded. diff --git a/crypto/openssl/doc/man3/EVP_VerifyInit.pod b/crypto/openssl/doc/man3/EVP_VerifyInit.pod index 647c99bceb5aa..3c6b2daeca78c 100644 --- a/crypto/openssl/doc/man3/EVP_VerifyInit.pod +++ b/crypto/openssl/doc/man3/EVP_VerifyInit.pod @@ -19,7 +19,7 @@ EVP_VerifyInit, EVP_VerifyUpdate, EVP_VerifyFinal =head1 DESCRIPTION -The EVP signature verification routines are a high level interface to digital +The EVP signature verification routines are a high-level interface to digital signatures. EVP_VerifyInit_ex() sets up verification context B<ctx> to use digest @@ -49,7 +49,7 @@ The error codes can be obtained by L<ERR_get_error(3)>. =head1 NOTES The B<EVP> interface to digital signatures should almost always be used in -preference to the low level interfaces. This is because the code then becomes +preference to the low-level interfaces. This is because the code then becomes transparent to the algorithm used and much more flexible. The call to EVP_VerifyFinal() internally finalizes a copy of the digest context. @@ -85,7 +85,7 @@ L<SHA1(3)>, L<dgst(1)> =head1 COPYRIGHT -Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/crypto/openssl/doc/man3/HMAC.pod b/crypto/openssl/doc/man3/HMAC.pod index 30c0e6bac3921..27022686f7aa4 100644 --- a/crypto/openssl/doc/man3/HMAC.pod +++ b/crypto/openssl/doc/man3/HMAC.pod @@ -21,7 +21,7 @@ HMAC_size #include <openssl/hmac.h> unsigned char *HMAC(const EVP_MD *evp_md, const void *key, - int key_len, const unsigned char *d, int n, + int key_len, const unsigned char *d, size_t n, unsigned char *md, unsigned int *md_len); HMAC_CTX *HMAC_CTX_new(void); @@ -29,7 +29,7 @@ HMAC_size int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int key_len, const EVP_MD *md, ENGINE *impl); - int HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, int len); + int HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, size_t len); int HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len); void HMAC_CTX_free(HMAC_CTX *ctx); @@ -69,7 +69,7 @@ EVP_shake256(). HMAC_CTX_new() creates a new HMAC_CTX in heap memory. -HMAC_CTX_reset() zeroes an existing B<HMAC_CTX> and associated +HMAC_CTX_reset() zeros an existing B<HMAC_CTX> and associated resources, making it suitable for new computations as if it was newly created with HMAC_CTX_new(). @@ -149,7 +149,7 @@ OpenSSL before version 1.0.0. =head1 COPYRIGHT -Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/crypto/openssl/doc/man3/OCSP_cert_to_id.pod b/crypto/openssl/doc/man3/OCSP_cert_to_id.pod index c8d39c1913589..49393f7329a05 100644 --- a/crypto/openssl/doc/man3/OCSP_cert_to_id.pod +++ b/crypto/openssl/doc/man3/OCSP_cert_to_id.pod @@ -52,7 +52,7 @@ corresponding parameter can be set to B<NULL>. OCSP_cert_to_id() and OCSP_cert_id_new() return either a pointer to a valid B<OCSP_CERTID> structure or B<NULL> if an error occurred. -OCSP_id_cmp() and OCSP_id_issuer_cmp() returns zero for a match and non-zero +OCSP_id_cmp() and OCSP_id_issuer_cmp() returns zero for a match and nonzero otherwise. OCSP_CERTID_free() does not return a value. @@ -79,7 +79,7 @@ L<OCSP_sendreq_new(3)> =head1 COPYRIGHT -Copyright 2015-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/crypto/openssl/doc/man3/OCSP_request_add1_nonce.pod b/crypto/openssl/doc/man3/OCSP_request_add1_nonce.pod index 81bf645108f3d..777d876d04af6 100644 --- a/crypto/openssl/doc/man3/OCSP_request_add1_nonce.pod +++ b/crypto/openssl/doc/man3/OCSP_request_add1_nonce.pod @@ -57,7 +57,7 @@ performance reasons. As a result they do not support nonces. The return values of OCSP_check_nonce() can be checked to cover each case. A positive return value effectively indicates success: nonces are both present -and match, both absent or present in the response only. A non-zero return +and match, both absent or present in the response only. A nonzero return additionally covers the case where the nonce is present in the request only: this will happen if the responder doesn't support nonces. A zero return value indicates present and mismatched nonces: this should be treated as an error diff --git a/crypto/openssl/doc/man3/OCSP_resp_find_status.pod b/crypto/openssl/doc/man3/OCSP_resp_find_status.pod index 35f7d35e99764..72dcc426c649f 100644 --- a/crypto/openssl/doc/man3/OCSP_resp_find_status.pod +++ b/crypto/openssl/doc/man3/OCSP_resp_find_status.pod @@ -112,7 +112,7 @@ no freeing of the results is necessary. OCSP_check_validity() checks the validity of B<thisupd> and B<nextupd> values which will be typically obtained from OCSP_resp_find_status() or -OCSP_single_get0_status(). If B<sec> is non-zero it indicates how many seconds +OCSP_single_get0_status(). If B<sec> is nonzero it indicates how many seconds leeway should be allowed in the check. If B<maxsec> is positive it indicates the maximum age of B<thisupd> in seconds. @@ -167,7 +167,7 @@ can then take appropriate action based on the status of the certificate. An OCSP response for a certificate contains B<thisUpdate> and B<nextUpdate> fields. Normally the current time should be between these two values. To -account for clock skew the B<maxsec> field can be set to non-zero in +account for clock skew the B<maxsec> field can be set to nonzero in OCSP_check_validity(). Some responders do not set the B<nextUpdate> field, this would otherwise mean an ancient response would be considered valid: the B<maxsec> parameter to OCSP_check_validity() can be used to limit the permitted @@ -189,7 +189,7 @@ L<OCSP_sendreq_new(3)> =head1 COPYRIGHT -Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/crypto/openssl/doc/man3/OCSP_sendreq_new.pod b/crypto/openssl/doc/man3/OCSP_sendreq_new.pod index a129a16bf23c1..16d5a21dfcaec 100644 --- a/crypto/openssl/doc/man3/OCSP_sendreq_new.pod +++ b/crypto/openssl/doc/man3/OCSP_sendreq_new.pod @@ -34,7 +34,7 @@ response header maximum line length of B<maxline>. If B<maxline> is zero a default value of 4k is used. The OCSP request B<req> may be set to B<NULL> and provided later if required. -OCSP_sendreq_nbio() performs non-blocking I/O on the OCSP request context +OCSP_sendreq_nbio() performs nonblocking I/O on the OCSP request context B<rctx>. When the operation is complete it returns the response in B<*presp>. OCSP_REQ_CTX_free() frees up the OCSP context B<rctx>. @@ -96,7 +96,7 @@ corresponding BIO can be examined to determine which operation (read or write) should be retried and appropriate action taken (for example a select() call on the underlying socket). -OCSP_sendreq_bio() does not support retries and so cannot handle non-blocking +OCSP_sendreq_bio() does not support retries and so cannot handle nonblocking I/O efficiently. It is retained for compatibility and its use in new applications is not recommended. diff --git a/crypto/openssl/doc/man3/OPENSSL_LH_COMPFUNC.pod b/crypto/openssl/doc/man3/OPENSSL_LH_COMPFUNC.pod index a312ef7342f4b..ae0a4bbf978b7 100644 --- a/crypto/openssl/doc/man3/OPENSSL_LH_COMPFUNC.pod +++ b/crypto/openssl/doc/man3/OPENSSL_LH_COMPFUNC.pod @@ -51,7 +51,7 @@ an unsigned long hash value for its key field. The hash value is normally truncated to a power of 2, so make sure that your hash function returns well mixed low order bits. The B<compare> callback takes two arguments (pointers to two hash table entries), and returns -0 if their keys are equal, non-zero otherwise. +0 if their keys are equal, nonzero otherwise. If your hash table will contain items of some particular type and the B<hash> and @@ -196,7 +196,7 @@ all such parameters as constant. As an example, a hash table may be maintained by code that, for reasons of encapsulation, has only "const" access to the data being -indexed in the hash table (ie. it is returned as "const" from +indexed in the hash table (i.e. it is returned as "const" from elsewhere in their code) - in this case the LHASH prototypes are appropriate as-is. Conversely, if the caller is responsible for the life-time of the data in question, then they may well wish to make @@ -229,7 +229,7 @@ type checking. =head1 COPYRIGHT -Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/crypto/openssl/doc/man3/OPENSSL_config.pod b/crypto/openssl/doc/man3/OPENSSL_config.pod index 6294ee1d1be1c..528eef0cf927c 100644 --- a/crypto/openssl/doc/man3/OPENSSL_config.pod +++ b/crypto/openssl/doc/man3/OPENSSL_config.pod @@ -41,7 +41,7 @@ initialization (that is before starting any threads). There are several reasons why calling the OpenSSL configuration routines is advisable. For example, to load dynamic ENGINEs from shared libraries (DSOs). -However very few applications currently support the control interface and so +However, very few applications currently support the control interface and so very few can load and use dynamic ENGINEs. Equally in future more sophisticated ENGINEs will require certain control operations to customize them. If an application calls OPENSSL_config() it doesn't need to know or care about @@ -75,7 +75,7 @@ deprecated in OpenSSL 1.1.0 by OPENSSL_init_crypto(). =head1 COPYRIGHT -Copyright 2004-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2004-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/crypto/openssl/doc/man3/OPENSSL_ia32cap.pod b/crypto/openssl/doc/man3/OPENSSL_ia32cap.pod index 08a181168f79c..73c96d70e698e 100644 --- a/crypto/openssl/doc/man3/OPENSSL_ia32cap.pod +++ b/crypto/openssl/doc/man3/OPENSSL_ia32cap.pod @@ -102,7 +102,7 @@ and RORX; =item bit #64+19 denoting availability of ADCX and ADOX instructions; =item bit #64+21 denoting availability of VPMADD52[LH]UQ instructions, -a.k.a. AVX512IFMA extension; +aka AVX512IFMA extension; =item bit #64+29 denoting availability of SHA extension; @@ -157,7 +157,7 @@ Not available. =head1 COPYRIGHT -Copyright 2004-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2004-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/crypto/openssl/doc/man3/OPENSSL_init_crypto.pod b/crypto/openssl/doc/man3/OPENSSL_init_crypto.pod index c7823e32d6df8..3447f5f1138fb 100644 --- a/crypto/openssl/doc/man3/OPENSSL_init_crypto.pod +++ b/crypto/openssl/doc/man3/OPENSSL_init_crypto.pod @@ -39,13 +39,13 @@ needs so no explicit initialisation is required. Similarly it will also automatically deinitialise as required. However, there may be situations when explicit initialisation is desirable or -needed, for example when some non-default initialisation is required. The +needed, for example when some nondefault initialisation is required. The function OPENSSL_init_crypto() can be used for this purpose for libcrypto (see also L<OPENSSL_init_ssl(3)> for the libssl equivalent). Numerous internal OpenSSL functions call OPENSSL_init_crypto(). -Therefore, in order to perform non-default initialisation, +Therefore, in order to perform nondefault initialisation, OPENSSL_init_crypto() MUST be called by application code prior to any other OpenSSL function calls. @@ -216,10 +216,10 @@ The filename, application name, and flags can be customized by providing a non-null B<OPENSSL_INIT_SETTINGS> object. The object can be allocated via B<OPENSSL_init_new()>. The B<OPENSSL_INIT_set_config_filename()> function can be used to specify a -non-default filename, which is copied and need not refer to persistent storage. +nondefault filename, which is copied and need not refer to persistent storage. Similarly, OPENSSL_INIT_set_config_appname() can be used to specify a -non-default application name. -Finally, OPENSSL_INIT_set_file_flags can be used to specify non-default flags. +nondefault application name. +Finally, OPENSSL_INIT_set_file_flags can be used to specify nondefault flags. If the B<CONF_MFLAGS_IGNORE_RETURN_CODES> flag is not included, any errors in the configuration file will cause an error return from B<OPENSSL_init_crypto> or indirectly L<OPENSSL_init_ssl(3)>. @@ -264,7 +264,7 @@ and OPENSSL_INIT_free() functions were added in OpenSSL 1.1.0. =head1 COPYRIGHT -Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/crypto/openssl/doc/man3/OPENSSL_init_ssl.pod b/crypto/openssl/doc/man3/OPENSSL_init_ssl.pod index b963e5e7a926c..cf4f089114096 100644 --- a/crypto/openssl/doc/man3/OPENSSL_init_ssl.pod +++ b/crypto/openssl/doc/man3/OPENSSL_init_ssl.pod @@ -23,14 +23,14 @@ needs so no explicit initialisation is required. Similarly it will also automatically deinitialise as required. However, there may be situations when explicit initialisation is desirable or -needed, for example when some non-default initialisation is required. The +needed, for example when some nondefault initialisation is required. The function OPENSSL_init_ssl() can be used for this purpose. Calling this function will explicitly initialise BOTH libcrypto and libssl. To explicitly initialise ONLY libcrypto see the L<OPENSSL_init_crypto(3)> function. Numerous internal OpenSSL functions call OPENSSL_init_ssl(). -Therefore, in order to perform non-default initialisation, +Therefore, in order to perform nondefault initialisation, OPENSSL_init_ssl() MUST be called by application code prior to any other OpenSSL function calls. @@ -74,7 +74,7 @@ The OPENSSL_init_ssl() function was added in OpenSSL 1.1.0. =head1 COPYRIGHT -Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/crypto/openssl/doc/man3/OSSL_STORE_open.pod b/crypto/openssl/doc/man3/OSSL_STORE_open.pod index 1e8ebf7ce1ce9..71fdd6932f827 100644 --- a/crypto/openssl/doc/man3/OSSL_STORE_open.pod +++ b/crypto/openssl/doc/man3/OSSL_STORE_open.pod @@ -46,21 +46,22 @@ OSSL_STORE_close() to work together. =head2 Functions -OSSL_STORE_open() takes a uri or path B<uri>, password UI method -B<ui_method> with associated data B<ui_data>, and post processing -callback B<post_process> with associated data B<post_process_data>, +OSSL_STORE_open() takes a uri or path I<uri>, password UI method +I<ui_method> with associated data I<ui_data>, and post processing +callback I<post_process> with associated data I<post_process_data>, opens a channel to the data located at that URI and returns a B<OSSL_STORE_CTX> with all necessary internal information. -The given B<ui_method> and B<ui_data_data> will be reused by all -functions that use B<OSSL_STORE_CTX> when interaction is needed. -The given B<post_process> and B<post_process_data> will be reused by +The given I<ui_method> and I<ui_data> will be reused by all +functions that use B<OSSL_STORE_CTX> when interaction is needed, +for instance to provide a password. +The given I<post_process> and I<post_process_data> will be reused by OSSL_STORE_load() to manipulate or drop the value to be returned. -The B<post_process> function drops values by returning B<NULL>, which +The I<post_process> function drops values by returning NULL, which will cause OSSL_STORE_load() to start its process over with loading -the next object, until B<post_process> returns something other than -B<NULL>, or the end of data is reached as indicated by OSSL_STORE_eof(). +the next object, until I<post_process> returns something other than +NULL, or the end of data is reached as indicated by OSSL_STORE_eof(). -OSSL_STORE_ctrl() takes a B<OSSL_STORE_CTX>, and command number B<cmd> and +OSSL_STORE_ctrl() takes a B<OSSL_STORE_CTX>, and command number I<cmd> and more arguments not specified here. The available loader specific command numbers and arguments they each take depends on the loader that's used and is documented together with @@ -94,6 +95,7 @@ OSSL_STORE_eof() shows that the end of data has been reached. OSSL_STORE_close() takes a B<OSSL_STORE_CTX>, closes the channel that was opened by OSSL_STORE_open() and frees all other information that was stored in the B<OSSL_STORE_CTX>, as well as the B<OSSL_STORE_CTX> itself. +If I<ctx> is NULL it does nothing. =head1 SUPPORTED SCHEMES @@ -123,12 +125,12 @@ See L<passphrase-encoding(7)> for further information. =head1 RETURN VALUES OSSL_STORE_open() returns a pointer to a B<OSSL_STORE_CTX> on success, or -B<NULL> on failure. +NULL on failure. OSSL_STORE_load() returns a pointer to a B<OSSL_STORE_INFO> on success, or -B<NULL> on error or when end of data is reached. +NULL on error or when end of data is reached. Use OSSL_STORE_error() and OSSL_STORE_eof() to determine the meaning of a -returned B<NULL>. +returned NULL. OSSL_STORE_eof() returns 1 if the end of data has been reached, otherwise 0. @@ -149,9 +151,12 @@ OSSL_STORE_CTX(), OSSL_STORE_post_process_info_fn(), OSSL_STORE_open(), OSSL_STORE_ctrl(), OSSL_STORE_load(), OSSL_STORE_eof() and OSSL_STORE_close() were added in OpenSSL 1.1.1. +Handling of NULL I<ctx> argument for OSSL_STORE_close() +was introduced in OpenSSL 1.1.1h. + =head1 COPYRIGHT -Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/crypto/openssl/doc/man3/PEM_read_bio_PrivateKey.pod b/crypto/openssl/doc/man3/PEM_read_bio_PrivateKey.pod index a8306500fb3c5..233df7fca2170 100644 --- a/crypto/openssl/doc/man3/PEM_read_bio_PrivateKey.pod +++ b/crypto/openssl/doc/man3/PEM_read_bio_PrivateKey.pod @@ -206,7 +206,7 @@ RSA structure. The public key is encoded using a PKCS#1 RSAPublicKey structure. The B<RSA_PUBKEY> functions also process an RSA public key using -an RSA structure. However the public key is encoded using a +an RSA structure. However, the public key is encoded using a SubjectPublicKeyInfo structure and an error occurs if the public key is not RSA. @@ -387,7 +387,7 @@ The pseudo code to derive the key would look similar to: =head1 BUGS The PEM read routines in some versions of OpenSSL will not correctly reuse -an existing structure. Therefore the following: +an existing structure. Therefore, the following: PEM_read_bio_X509(bp, &x, 0, NULL); @@ -483,7 +483,7 @@ as they will be formally deprecated in a future releases. =head1 COPYRIGHT -Copyright 2001-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2001-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/crypto/openssl/doc/man3/PKCS7_verify.pod b/crypto/openssl/doc/man3/PKCS7_verify.pod index ebcdde0795fbc..9e238c565952e 100644 --- a/crypto/openssl/doc/man3/PKCS7_verify.pod +++ b/crypto/openssl/doc/man3/PKCS7_verify.pod @@ -91,7 +91,7 @@ useful if one merely wishes to write the content to B<out> and its validity is not considered important. Chain verification should arguably be performed using the signing time rather -than the current time. However since the signing time is supplied by the +than the current time. However, since the signing time is supplied by the signer it cannot be trusted without additional evidence (such as a trusted timestamp). @@ -119,7 +119,7 @@ L<ERR_get_error(3)>, L<PKCS7_sign(3)> =head1 COPYRIGHT -Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2002-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/crypto/openssl/doc/man3/RAND_DRBG_new.pod b/crypto/openssl/doc/man3/RAND_DRBG_new.pod index 5da91be9dfabb..ca52e2f3ddfc4 100644 --- a/crypto/openssl/doc/man3/RAND_DRBG_new.pod +++ b/crypto/openssl/doc/man3/RAND_DRBG_new.pod @@ -56,7 +56,7 @@ its type and to instantiate it. The optional B<flags> argument specifies a set of bit flags which can be joined using the | operator. Currently, the only flag is -RAND_DRBG_FLAG_CTR_NO_DF, which disables the use of a the derivation function +RAND_DRBG_FLAG_CTR_NO_DF, which disables the use of the derivation function ctr_df. For an explanation, see [NIST SP 800-90A Rev. 1]. If a B<parent> instance is specified then this will be used instead of @@ -117,7 +117,7 @@ The RAND_DRBG functions were added in OpenSSL 1.1.1. =head1 COPYRIGHT -Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2017-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/crypto/openssl/doc/man3/RAND_DRBG_set_callbacks.pod b/crypto/openssl/doc/man3/RAND_DRBG_set_callbacks.pod index 55e9a8b7af779..4d04645694ce9 100644 --- a/crypto/openssl/doc/man3/RAND_DRBG_set_callbacks.pod +++ b/crypto/openssl/doc/man3/RAND_DRBG_set_callbacks.pod @@ -77,7 +77,7 @@ does not satisfy the conditions requested by [NIST SP 800-90C], then it must also indicate an error by returning a buffer length of 0. See NOTES section for more details. -The B<cleanup_entropy>() callback is called from the B<drbg> to to clear and +The B<cleanup_entropy>() callback is called from the B<drbg> to clear and free the buffer allocated previously by get_entropy(). The values B<out> and B<outlen> are the random buffer's address and length, as returned by the get_entropy() callback. @@ -136,7 +136,7 @@ The RAND_DRBG functions were added in OpenSSL 1.1.1. =head1 COPYRIGHT -Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2017-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/crypto/openssl/doc/man3/RAND_add.pod b/crypto/openssl/doc/man3/RAND_add.pod index 4ba6ff977dd13..e4454d44124e4 100644 --- a/crypto/openssl/doc/man3/RAND_add.pod +++ b/crypto/openssl/doc/man3/RAND_add.pod @@ -62,7 +62,7 @@ usage by the random seed sources. Some seed sources maintain open file descriptors by default, which allows such sources to operate in a chroot(2) jail without the associated device nodes being available. When the B<keep> argument is zero, this call disables the retention of file -descriptors. Conversely, a non-zero argument enables the retention of +descriptors. Conversely, a nonzero argument enables the retention of file descriptors. This function is usually called during initialization and it takes effect immediately. @@ -94,7 +94,7 @@ not be used. =head1 COPYRIGHT -Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/crypto/openssl/doc/man3/RAND_load_file.pod b/crypto/openssl/doc/man3/RAND_load_file.pod index 24f8fdcf4fe8d..6ddd2c89b0d6e 100644 --- a/crypto/openssl/doc/man3/RAND_load_file.pod +++ b/crypto/openssl/doc/man3/RAND_load_file.pod @@ -17,7 +17,7 @@ RAND_load_file, RAND_write_file, RAND_file_name - PRNG seed file =head1 DESCRIPTION RAND_load_file() reads a number of bytes from file B<filename> and -adds them to the PRNG. If B<max_bytes> is non-negative, +adds them to the PRNG. If B<max_bytes> is nonnegative, up to B<max_bytes> are read; if B<max_bytes> is -1, the complete file is read. Do not load the same file multiple times unless its contents have @@ -37,7 +37,7 @@ file. B<buf> points to a buffer of size B<num> in which to store the filename. On all systems, if the environment variable B<RANDFILE> is set, its -value will be used as the seed file name. +value will be used as the seed filename. Otherwise, the file is called C<.rnd>, found in platform dependent locations: =over 4 @@ -57,7 +57,7 @@ Otherwise, the file is called C<.rnd>, found in platform dependent locations: =back If C<$HOME> (on non-Windows and non-VMS system) is not set either, or -B<num> is too small for the path name, an error occurs. +B<num> is too small for the pathname, an error occurs. =head1 RETURN VALUES @@ -77,7 +77,7 @@ L<RAND(7)> =head1 COPYRIGHT -Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/crypto/openssl/doc/man3/RSA_blinding_on.pod b/crypto/openssl/doc/man3/RSA_blinding_on.pod index 5db127f16e3cc..85f4453b5cc8e 100644 --- a/crypto/openssl/doc/man3/RSA_blinding_on.pod +++ b/crypto/openssl/doc/man3/RSA_blinding_on.pod @@ -19,7 +19,7 @@ measure the time of RSA decryption or signature operations, blinding must be used to protect the RSA operation from that attack. RSA_blinding_on() turns blinding on for key B<rsa> and generates a -random blinding factor. B<ctx> is B<NULL> or a pre-allocated and +random blinding factor. B<ctx> is B<NULL> or a preallocated and initialized B<BN_CTX>. RSA_blinding_off() turns blinding off and frees the memory used for @@ -33,7 +33,7 @@ RSA_blinding_off() returns no value. =head1 COPYRIGHT -Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/crypto/openssl/doc/man3/RSA_private_encrypt.pod b/crypto/openssl/doc/man3/RSA_private_encrypt.pod index 060a9000f8b4c..6629fff3c95bb 100644 --- a/crypto/openssl/doc/man3/RSA_private_encrypt.pod +++ b/crypto/openssl/doc/man3/RSA_private_encrypt.pod @@ -2,7 +2,7 @@ =head1 NAME -RSA_private_encrypt, RSA_public_decrypt - low level signature operations +RSA_private_encrypt, RSA_public_decrypt - low-level signature operations =head1 SYNOPSIS @@ -16,7 +16,7 @@ RSA_private_encrypt, RSA_public_decrypt - low level signature operations =head1 DESCRIPTION -These functions handle RSA signatures at a low level. +These functions handle RSA signatures at a low-level. RSA_private_encrypt() signs the B<flen> bytes at B<from> (usually a message digest with an algorithm identifier) using the private key @@ -64,7 +64,7 @@ L<RSA_sign(3)>, L<RSA_verify(3)> =head1 COPYRIGHT -Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/crypto/openssl/doc/man3/RSA_set_method.pod b/crypto/openssl/doc/man3/RSA_set_method.pod index 4bb63962cfe1a..449b841ed2ad5 100644 --- a/crypto/openssl/doc/man3/RSA_set_method.pod +++ b/crypto/openssl/doc/man3/RSA_set_method.pod @@ -51,7 +51,7 @@ RSA_set_method() selects B<meth> to perform all operations using the key B<rsa>. This will replace the RSA_METHOD used by the RSA key and if the previous method was supplied by an ENGINE, the handle to that ENGINE will be released during the change. It is possible to have RSA keys that only -work with certain RSA_METHOD implementations (eg. from an ENGINE module +work with certain RSA_METHOD implementations (e.g. from an ENGINE module that supports embedded hardware-protected keys), and in such cases attempting to change the RSA_METHOD for the key can have unexpected results. @@ -176,7 +176,7 @@ was replaced to always return NULL in OpenSSL 1.1.1. =head1 COPYRIGHT -Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/crypto/openssl/doc/man3/SHA256_Init.pod b/crypto/openssl/doc/man3/SHA256_Init.pod index 6a8f2fa0db0eb..f50839db63854 100644 --- a/crypto/openssl/doc/man3/SHA256_Init.pod +++ b/crypto/openssl/doc/man3/SHA256_Init.pod @@ -75,9 +75,6 @@ SHA512_DIGEST_LENGTH). Also note that, as for the SHA1() function above, the SHA224(), SHA256(), SHA384() and SHA512() functions are not thread safe if B<md> is NULL. -The predecessor of SHA-1, SHA, is also implemented, but it should be -used only when backward compatibility is required. - =head1 RETURN VALUES SHA1(), SHA224(), SHA256(), SHA384() and SHA512() return a pointer to the hash @@ -98,7 +95,7 @@ L<EVP_DigestInit(3)> =head1 COPYRIGHT -Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/crypto/openssl/doc/man3/SSL_CONF_cmd.pod b/crypto/openssl/doc/man3/SSL_CONF_cmd.pod index 7f2449e379b93..900c4f3a56480 100644 --- a/crypto/openssl/doc/man3/SSL_CONF_cmd.pod +++ b/crypto/openssl/doc/man3/SSL_CONF_cmd.pod @@ -79,7 +79,7 @@ B<ClientHello>. The B<value> argument is a colon separated list of groups. The group can be either the B<NIST> name (e.g. B<P-256>), some other commonly used name where -applicable (e.g. B<X25519>) or an OpenSSL OID name (e.g B<prime256v1>). Group +applicable (e.g. B<X25519>) or an OpenSSL OID name (e.g. B<prime256v1>). Group names are case sensitive. The list should be in order of preference with the most preferred group first. @@ -95,7 +95,7 @@ servers The B<value> argument is a curve name or the special value B<auto> which picks an appropriate curve based on client and server preferences. The curve can be either the B<NIST> name (e.g. B<P-256>) or an OpenSSL OID name -(e.g B<prime256v1>). Curve names are case sensitive. +(e.g. B<prime256v1>). Curve names are case sensitive. =item B<-cipher> @@ -147,13 +147,16 @@ B<SSL_OP_NO_RENEGOTIATION>. =item B<-min_protocol>, B<-max_protocol> Sets the minimum and maximum supported protocol. -Currently supported protocol values are B<SSLv3>, B<TLSv1>, -B<TLSv1.1>, B<TLSv1.2>, B<TLSv1.3> for TLS and B<DTLSv1>, B<DTLSv1.2> for DTLS, -and B<None> for no limit. -If either bound is not specified then only the other bound applies, -if specified. -To restrict the supported protocol versions use these commands rather -than the deprecated alternative commands below. +Currently supported protocol values are B<SSLv3>, B<TLSv1>, B<TLSv1.1>, +B<TLSv1.2>, B<TLSv1.3> for TLS; B<DTLSv1>, B<DTLSv1.2> for DTLS, and B<None> +for no limit. +If either the lower or upper bound is not specified then only the other bound +applies, if specified. +If your application supports both TLS and DTLS you can specify any of these +options twice, once with a bound for TLS and again with an appropriate bound +for DTLS. +To restrict the supported protocol versions use these commands rather than the +deprecated alternative commands below. =item B<-no_ssl3>, B<-no_tls1>, B<-no_tls1_1>, B<-no_tls1_2>, B<-no_tls1_3> @@ -356,7 +359,7 @@ B<ClientHello>. The B<value> argument is a colon separated list of groups. The group can be either the B<NIST> name (e.g. B<P-256>), some other commonly used name where -applicable (e.g. B<X25519>) or an OpenSSL OID name (e.g B<prime256v1>). Group +applicable (e.g. B<X25519>) or an OpenSSL OID name (e.g. B<prime256v1>). Group names are case sensitive. The list should be in order of preference with the most preferred group first. @@ -370,7 +373,11 @@ This sets the minimum supported SSL, TLS or DTLS version. Currently supported protocol values are B<SSLv3>, B<TLSv1>, B<TLSv1.1>, B<TLSv1.2>, B<TLSv1.3>, B<DTLSv1> and B<DTLSv1.2>. -The value B<None> will disable the limit. +The SSL and TLS bounds apply only to TLS-based contexts, while the DTLS bounds +apply only to DTLS-based contexts. +The command can be repeated with one instance setting a TLS bound, and the +other setting a DTLS bound. +The value B<None> applies to both types of contexts and disables the limits. =item B<MaxProtocol> @@ -378,7 +385,11 @@ This sets the maximum supported SSL, TLS or DTLS version. Currently supported protocol values are B<SSLv3>, B<TLSv1>, B<TLSv1.1>, B<TLSv1.2>, B<TLSv1.3>, B<DTLSv1> and B<DTLSv1.2>. -The value B<None> will disable the limit. +The SSL and TLS bounds apply only to TLS-based contexts, while the DTLS bounds +apply only to DTLS-based contexts. +The command can be repeated with one instance setting a TLS bound, and the +other setting a DTLS bound. +The value B<None> applies to both types of contexts and disables the limits. =item B<Protocol> @@ -537,7 +548,7 @@ The value is a string without any specific structure. =item B<SSL_CONF_TYPE_FILE> -The value is a file name. +The value is a filename. =item B<SSL_CONF_TYPE_DIR> @@ -683,7 +694,7 @@ B<AllowNoDHEKEX> and B<PrioritizeChaCha> were added in OpenSSL 1.1.1. =head1 COPYRIGHT -Copyright 2012-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2012-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/crypto/openssl/doc/man3/SSL_CTX_dane_enable.pod b/crypto/openssl/doc/man3/SSL_CTX_dane_enable.pod index 7168bd64fda8c..6f9514ae77da1 100644 --- a/crypto/openssl/doc/man3/SSL_CTX_dane_enable.pod +++ b/crypto/openssl/doc/man3/SSL_CTX_dane_enable.pod @@ -122,7 +122,7 @@ SSL_get0_dane_tlsa() can be used to retrieve the fields of the TLSA record that matched the peer certificate chain. The return value indicates the match depth or failure to match just as with SSL_get0_dane_authority(). -When the return value is non-negative, the storage pointed to by the B<usage>, +When the return value is nonnegative, the storage pointed to by the B<usage>, B<selector>, B<mtype> and B<data> parameters is updated to the corresponding TLSA record fields. The B<data> field is in binary wire form, and is therefore not NUL-terminated, @@ -136,7 +136,7 @@ SSL_CTX_dane_set_flags() and SSL_dane_set_flags() can be used to enable optional DANE verification features. SSL_CTX_dane_clear_flags() and SSL_dane_clear_flags() can be used to disable the same features. -The B<flags> argument is a bitmask of the features to enable or disable. +The B<flags> argument is a bit mask of the features to enable or disable. The B<flags> set for an B<SSL_CTX> context are copied to each B<SSL> handle associated with that context at the time the handle is created. Subsequent changes in the context's B<flags> have no effect on the B<flags> set @@ -173,7 +173,7 @@ certificate or a public key that fails to parse. The functions SSL_get0_dane_authority() and SSL_get0_dane_tlsa() return a negative value when DANE authentication failed or was not enabled, a -non-negative value indicates the chain depth at which the TLSA record matched a +nonnegative value indicates the chain depth at which the TLSA record matched a chain certificate, or the depth of the top-most certificate, when the TLSA record is a full public key that is its signer. @@ -372,7 +372,7 @@ These functions were added in OpenSSL 1.1.0. =head1 COPYRIGHT -Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/crypto/openssl/doc/man3/SSL_CTX_set_alpn_select_cb.pod b/crypto/openssl/doc/man3/SSL_CTX_set_alpn_select_cb.pod index 56c86097b602e..e90caecda4251 100644 --- a/crypto/openssl/doc/man3/SSL_CTX_set_alpn_select_cb.pod +++ b/crypto/openssl/doc/man3/SSL_CTX_set_alpn_select_cb.pod @@ -114,7 +114,7 @@ provided by the callback. =head1 NOTES The protocol-lists must be in wire-format, which is defined as a vector of -non-empty, 8-bit length-prefixed, byte strings. The length-prefix byte is not +nonempty, 8-bit length-prefixed, byte strings. The length-prefix byte is not included in the length. Each string is limited to 255 bytes. A byte-string length of 0 is invalid. A truncated byte-string is invalid. The length of the vector is not in the vector itself, but in a separate variable. @@ -187,7 +187,7 @@ L<SSL_CTX_set_tlsext_servername_arg(3)> =head1 COPYRIGHT -Copyright 2016-2017 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/crypto/openssl/doc/man3/SSL_CTX_set_generate_session_id.pod b/crypto/openssl/doc/man3/SSL_CTX_set_generate_session_id.pod index 1735c6271b5a5..2ad3bf0fbf9df 100644 --- a/crypto/openssl/doc/man3/SSL_CTX_set_generate_session_id.pod +++ b/crypto/openssl/doc/man3/SSL_CTX_set_generate_session_id.pod @@ -108,8 +108,8 @@ server id given, and will fill the rest with pseudo random bytes: /* * Prefix the session_id with the required prefix. NB: If our * prefix is too long, clip it - but there will be worse effects - * anyway, eg. the server could only possibly create 1 session - * ID (ie. the prefix!) so all future session negotiations will + * anyway, e.g. the server could only possibly create 1 session + * ID (i.e. the prefix!) so all future session negotiations will * fail due to conflicts. */ memcpy(id, session_id_prefix, strlen(session_id_prefix) < *id_len ? @@ -128,7 +128,7 @@ L<ssl(7)>, L<SSL_get_version(3)> =head1 COPYRIGHT -Copyright 2001-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2001-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/crypto/openssl/doc/man3/SSL_CTX_set_info_callback.pod b/crypto/openssl/doc/man3/SSL_CTX_set_info_callback.pod index 01b03f9a59ae3..cc032f870934a 100644 --- a/crypto/openssl/doc/man3/SSL_CTX_set_info_callback.pod +++ b/crypto/openssl/doc/man3/SSL_CTX_set_info_callback.pod @@ -50,7 +50,7 @@ the callback function was called. If B<ret> is 0, an error condition occurred. If an alert is handled, SSL_CB_ALERT is set and B<ret> specifies the alert information. -B<where> is a bitmask made up of the following bits: +B<where> is a bit mask made up of the following bits: =over 4 @@ -64,7 +64,7 @@ per state in some situations. Callback has been called to indicate exit of a handshake function. This will happen after the end of a handshake, but may happen at other times too such as -on error or when IO might otherwise block and non-blocking is being used. +on error or when IO might otherwise block and nonblocking is being used. =item SSL_CB_READ @@ -156,7 +156,7 @@ L<SSL_alert_type_string(3)> =head1 COPYRIGHT -Copyright 2001-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2001-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/crypto/openssl/doc/man3/SSL_CTX_set_max_cert_list.pod b/crypto/openssl/doc/man3/SSL_CTX_set_max_cert_list.pod index 01936c58470ca..3996c97682bc5 100644 --- a/crypto/openssl/doc/man3/SSL_CTX_set_max_cert_list.pod +++ b/crypto/openssl/doc/man3/SSL_CTX_set_max_cert_list.pod @@ -39,7 +39,7 @@ received from a faulty or malicious peer, a maximum size for the certificate chain is set. The default value for the maximum certificate chain size is 100kB (30kB -on the 16bit DOS platform). This should be sufficient for usual certificate +on the 16-bit DOS platform). This should be sufficient for usual certificate chains (OpenSSL's default maximum chain length is 10, see L<SSL_CTX_set_verify(3)>, and certificates without special extensions have a typical size of 1-2kB). @@ -72,7 +72,7 @@ L<SSL_CTX_set_verify(3)> =head1 COPYRIGHT -Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2001-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/crypto/openssl/doc/man3/SSL_CTX_set_mode.pod b/crypto/openssl/doc/man3/SSL_CTX_set_mode.pod index 387d1ec1ef048..85e3353e0e2c5 100644 --- a/crypto/openssl/doc/man3/SSL_CTX_set_mode.pod +++ b/crypto/openssl/doc/man3/SSL_CTX_set_mode.pod @@ -18,13 +18,13 @@ SSL_CTX_set_mode, SSL_CTX_clear_mode, SSL_set_mode, SSL_clear_mode, SSL_CTX_get_ =head1 DESCRIPTION -SSL_CTX_set_mode() adds the mode set via bitmask in B<mode> to B<ctx>. +SSL_CTX_set_mode() adds the mode set via bit mask in B<mode> to B<ctx>. Options already set before are not cleared. -SSL_CTX_clear_mode() removes the mode set via bitmask in B<mode> from B<ctx>. +SSL_CTX_clear_mode() removes the mode set via bit mask in B<mode> from B<ctx>. -SSL_set_mode() adds the mode set via bitmask in B<mode> to B<ssl>. +SSL_set_mode() adds the mode set via bit mask in B<mode> to B<ssl>. Options already set before are not cleared. -SSL_clear_mode() removes the mode set via bitmask in B<mode> from B<ssl>. +SSL_clear_mode() removes the mode set via bit mask in B<mode> from B<ssl>. SSL_CTX_get_mode() returns the mode set for B<ctx>. @@ -50,8 +50,8 @@ the behaviour of write(). Make it possible to retry SSL_write_ex() or SSL_write() with changed buffer location (the buffer contents must stay the same). This is not the default to -avoid the misconception that non-blocking SSL_write() behaves like -non-blocking write(). +avoid the misconception that nonblocking SSL_write() behaves like +nonblocking write(). =item SSL_MODE_AUTO_RETRY @@ -64,9 +64,9 @@ If such a non-application data record was processed, the flag B<SSL_MODE_AUTO_RETRY> causes it to try to process the next record instead of returning. -In a non-blocking environment applications must be prepared to handle +In a nonblocking environment applications must be prepared to handle incomplete read/write operations. -Setting B<SSL_MODE_AUTO_RETRY> for a non-blocking B<BIO> will process +Setting B<SSL_MODE_AUTO_RETRY> for a nonblocking B<BIO> will process non-application data records until either no more data is available or an application data record has been processed. @@ -121,10 +121,10 @@ default since 1.1.1. =head1 RETURN VALUES -SSL_CTX_set_mode() and SSL_set_mode() return the new mode bitmask +SSL_CTX_set_mode() and SSL_set_mode() return the new mode bit mask after adding B<mode>. -SSL_CTX_get_mode() and SSL_get_mode() return the current bitmask. +SSL_CTX_get_mode() and SSL_get_mode() return the current bit mask. =head1 SEE ALSO @@ -137,7 +137,7 @@ SSL_MODE_ASYNC was added in OpenSSL 1.1.0. =head1 COPYRIGHT -Copyright 2001-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2001-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/crypto/openssl/doc/man3/SSL_CTX_set_options.pod b/crypto/openssl/doc/man3/SSL_CTX_set_options.pod index 2d840b62cb24a..969e0366c45a4 100644 --- a/crypto/openssl/doc/man3/SSL_CTX_set_options.pod +++ b/crypto/openssl/doc/man3/SSL_CTX_set_options.pod @@ -23,16 +23,16 @@ SSL_get_secure_renegotiation_support - manipulate SSL options =head1 DESCRIPTION -SSL_CTX_set_options() adds the options set via bitmask in B<options> to B<ctx>. +SSL_CTX_set_options() adds the options set via bit mask in B<options> to B<ctx>. Options already set before are not cleared! -SSL_set_options() adds the options set via bitmask in B<options> to B<ssl>. +SSL_set_options() adds the options set via bit mask in B<options> to B<ssl>. Options already set before are not cleared! -SSL_CTX_clear_options() clears the options set via bitmask in B<options> +SSL_CTX_clear_options() clears the options set via bit mask in B<options> to B<ctx>. -SSL_clear_options() clears the options set via bitmask in B<options> to B<ssl>. +SSL_clear_options() clears the options set via bit mask in B<options> to B<ssl>. SSL_CTX_get_options() returns the options set for B<ctx>. @@ -45,7 +45,7 @@ Note, this is implemented via a macro. =head1 NOTES The behaviour of the SSL library can be changed by setting several options. -The options are coded as bitmasks and can be combined by a bitwise B<or> +The options are coded as bit masks and can be combined by a bitwise B<or> operation (|). SSL_CTX_set_options() and SSL_set_options() affect the (external) @@ -161,7 +161,7 @@ the session. In this way the server can operate statelessly - no session information needs to be cached locally. The TLSv1.3 protocol only supports tickets and does not directly support session -ids. However OpenSSL allows two modes of ticket operation in TLSv1.3: stateful +ids. However, OpenSSL allows two modes of ticket operation in TLSv1.3: stateful and stateless. Stateless tickets work the same way as in TLSv1.2 and below. Stateful tickets mimic the session id behaviour available in TLSv1.2 and below. The session information is cached on the server and the session id is wrapped up @@ -340,13 +340,13 @@ and renegotiation between OpenSSL and unpatched clients or servers. =head1 RETURN VALUES -SSL_CTX_set_options() and SSL_set_options() return the new options bitmask +SSL_CTX_set_options() and SSL_set_options() return the new options bit mask after adding B<options>. -SSL_CTX_clear_options() and SSL_clear_options() return the new options bitmask +SSL_CTX_clear_options() and SSL_clear_options() return the new options bit mask after clearing B<options>. -SSL_CTX_get_options() and SSL_get_options() return the current bitmask. +SSL_CTX_get_options() and SSL_get_options() return the current bit mask. SSL_get_secure_renegotiation_support() returns 1 is the peer supports secure renegotiation and 0 if it does not. @@ -368,7 +368,7 @@ were added in OpenSSL 1.1.1. =head1 COPYRIGHT -Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2001-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/crypto/openssl/doc/man3/SSL_CTX_set_psk_client_callback.pod b/crypto/openssl/doc/man3/SSL_CTX_set_psk_client_callback.pod index eb4e4f5fa424a..0273ccb97a831 100644 --- a/crypto/openssl/doc/man3/SSL_CTX_set_psk_client_callback.pod +++ b/crypto/openssl/doc/man3/SSL_CTX_set_psk_client_callback.pod @@ -123,7 +123,9 @@ and it will use that in preference. If no such callback is present then it will check to see if a callback has been set via SSL_CTX_set_psk_client_callback() or SSL_set_psk_client_callback() and use that. In this case the B<hint> value will always be NULL and the handshake digest will default to SHA-256 for any returned -PSK. +PSK. TLSv1.3 early data exchanges are possible in PSK connections only with the +B<SSL_psk_use_session_cb_func> callback, and are not possible with the +B<SSL_psk_client_cb_func> callback. =head1 NOTES @@ -133,7 +135,7 @@ A connection established via a TLSv1.3 PSK will appear as if session resumption has occurred so that L<SSL_session_reused(3)> will return true. There are no known security issues with sharing the same PSK between TLSv1.2 (or -below) and TLSv1.3. However the RFC has this note of caution: +below) and TLSv1.3. However, the RFC has this note of caution: "While there is no known way in which the same PSK might produce related output in both versions, only limited analysis has been done. Implementations can @@ -166,7 +168,7 @@ were added in OpenSSL 1.1.1. =head1 COPYRIGHT -Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2006-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/crypto/openssl/doc/man3/SSL_CTX_set_read_ahead.pod b/crypto/openssl/doc/man3/SSL_CTX_set_read_ahead.pod index ff037d938dcd0..6d1e8bd5e8e92 100644 --- a/crypto/openssl/doc/man3/SSL_CTX_set_read_ahead.pod +++ b/crypto/openssl/doc/man3/SSL_CTX_set_read_ahead.pod @@ -21,7 +21,7 @@ SSL_CTX_get_default_read_ahead =head1 DESCRIPTION SSL_CTX_set_read_ahead() and SSL_set_read_ahead() set whether we should read as -many input bytes as possible (for non-blocking reads) or not. For example if +many input bytes as possible (for nonblocking reads) or not. For example if B<x> bytes are currently required by OpenSSL, but B<y> bytes are available from the underlying BIO (where B<y> > B<x>), then OpenSSL will read all B<y> bytes into its buffer (providing that the buffer is large enough) if reading ahead is @@ -64,7 +64,7 @@ L<ssl(7)>, L<SSL_pending(3)> =head1 COPYRIGHT -Copyright 2015-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/crypto/openssl/doc/man3/SSL_CTX_set_security_level.pod b/crypto/openssl/doc/man3/SSL_CTX_set_security_level.pod index 0cb6c1f52a223..f85959e7c0452 100644 --- a/crypto/openssl/doc/man3/SSL_CTX_set_security_level.pod +++ b/crypto/openssl/doc/man3/SSL_CTX_set_security_level.pod @@ -114,12 +114,6 @@ I<Documentation to be provided.> =head1 NOTES -B<WARNING> at this time setting the security level higher than 1 for -general internet use is likely to cause B<considerable> interoperability -issues and is not recommended. This is because the B<SHA1> algorithm -is very widely used in certificates and will be rejected at levels -higher than 1 because it only offers 80 bits of security. - The default security level can be configured when OpenSSL is compiled by setting B<-DOPENSSL_TLS_SECURITY_LEVEL=level>. If not set then 1 is used. @@ -180,7 +174,7 @@ These functions were added in OpenSSL 1.1.0. =head1 COPYRIGHT -Copyright 2014-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2014-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/crypto/openssl/doc/man3/SSL_CTX_set_session_cache_mode.pod b/crypto/openssl/doc/man3/SSL_CTX_set_session_cache_mode.pod index 18c9783fe0b27..38603f250dabb 100644 --- a/crypto/openssl/doc/man3/SSL_CTX_set_session_cache_mode.pod +++ b/crypto/openssl/doc/man3/SSL_CTX_set_session_cache_mode.pod @@ -96,7 +96,7 @@ session caching (callback) that is configured for the SSL_CTX. This flag will prevent sessions being stored in the internal cache (though the application can add them manually using L<SSL_CTX_add_session(3)>). Note: in any SSL/TLS servers where external caching is configured, any successful -session lookups in the external cache (ie. for session-resume requests) would +session lookups in the external cache (i.e. for session-resume requests) would normally be copied into the local cache before processing continues - this flag prevents these additions to the internal cache as well. @@ -131,7 +131,7 @@ L<SSL_CTX_flush_sessions(3)> =head1 COPYRIGHT -Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2001-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/crypto/openssl/doc/man3/SSL_CTX_set_session_id_context.pod b/crypto/openssl/doc/man3/SSL_CTX_set_session_id_context.pod index 4036d3c7b323f..ccd37ba681d3f 100644 --- a/crypto/openssl/doc/man3/SSL_CTX_set_session_id_context.pod +++ b/crypto/openssl/doc/man3/SSL_CTX_set_session_id_context.pod @@ -26,7 +26,7 @@ B<sid_ctx_len> within which a session can be reused for the B<ssl> object. Sessions are generated within a certain context. When exporting/importing sessions with B<i2d_SSL_SESSION>/B<d2i_SSL_SESSION> it would be possible, to re-import a session generated from another context (e.g. another -application), which might lead to malfunctions. Therefore each application +application), which might lead to malfunctions. Therefore, each application must set its own session id context B<sid_ctx> which is used to distinguish the contexts and is stored in exported sessions. The B<sid_ctx> can be any kind of binary data with a given length, it is therefore possible @@ -82,7 +82,7 @@ L<ssl(7)> =head1 COPYRIGHT -Copyright 2001-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2001-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/crypto/openssl/doc/man3/SSL_CTX_set_session_ticket_cb.pod b/crypto/openssl/doc/man3/SSL_CTX_set_session_ticket_cb.pod index f3dfb62c231c6..aa520f4a62619 100644 --- a/crypto/openssl/doc/man3/SSL_CTX_set_session_ticket_cb.pod +++ b/crypto/openssl/doc/man3/SSL_CTX_set_session_ticket_cb.pod @@ -107,7 +107,7 @@ The return value can be any of these values: The handshake should be aborted, either because of an error or because of some policy. Note that in TLSv1.3 a client may send more than one ticket in a single -handshake. Therefore just because one ticket is unacceptable it does not mean +handshake. Therefore, just because one ticket is unacceptable it does not mean that all of them are. For this reason this option should be used with caution. =item SSL_TICKET_RETURN_IGNORE @@ -177,12 +177,12 @@ L<SSL_get_session(3)> =head1 HISTORY -The SSL_CTX_set_session_ticket_cb(), SSSL_SESSION_set1_ticket_appdata() +The SSL_CTX_set_session_ticket_cb(), SSL_SESSION_set1_ticket_appdata() and SSL_SESSION_get_ticket_appdata() functions were added in OpenSSL 1.1.1. =head1 COPYRIGHT -Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2017-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/crypto/openssl/doc/man3/SSL_CTX_set_split_send_fragment.pod b/crypto/openssl/doc/man3/SSL_CTX_set_split_send_fragment.pod index d63ca4157e098..d8fd3f5390c8c 100644 --- a/crypto/openssl/doc/man3/SSL_CTX_set_split_send_fragment.pod +++ b/crypto/openssl/doc/man3/SSL_CTX_set_split_send_fragment.pod @@ -41,7 +41,7 @@ capability is known as "pipelining" within OpenSSL. In order to benefit from the pipelining capability. You need to have an engine that provides ciphers that support this. The OpenSSL "dasync" engine provides -AES128-SHA based ciphers that have this capability. However these are for +AES128-SHA based ciphers that have this capability. However, these are for development and test purposes only. SSL_CTX_set_max_send_fragment() and SSL_set_max_send_fragment() set the @@ -178,7 +178,7 @@ and SSL_SESSION_get_max_fragment_length() functions were added in OpenSSL 1.1.1. =head1 COPYRIGHT -Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/crypto/openssl/doc/man3/SSL_CTX_set_tlsext_servername_callback.pod b/crypto/openssl/doc/man3/SSL_CTX_set_tlsext_servername_callback.pod index e971035734e17..0c21cfdb6bc7e 100644 --- a/crypto/openssl/doc/man3/SSL_CTX_set_tlsext_servername_callback.pod +++ b/crypto/openssl/doc/man3/SSL_CTX_set_tlsext_servername_callback.pod @@ -51,7 +51,7 @@ value is initialised to SSL_AD_UNRECOGNIZED_NAME. =item SSL_TLSEXT_ERR_ALERT_WARNING If this value is returned then the servername is not accepted by the server. -However the handshake will continue and send a warning alert instead. The value +However, the handshake will continue and send a warning alert instead. The value of the alert should be stored in the location pointed to by the B<al> parameter as for SSL_TLSEXT_ERR_ALERT_FATAL above. Note that TLSv1.3 does not support warning alerts, so if TLSv1.3 has been negotiated then this return value is @@ -88,7 +88,7 @@ Otherwise it returns NULL. =item On the client, during or after the handshake and a TLSv1.2 (or below) resumption occurred -If the session from the orignal handshake had a servername accepted by the +If the session from the original handshake had a servername accepted by the server then it will return that servername. Otherwise it returns the servername set via SSL_set_tlsext_host_name() or NULL @@ -157,12 +157,12 @@ corner cases. This has been fixed from OpenSSL 1.1.1e. Prior to 1.1.1e, when the client requested a servername in an initial TLSv1.2 handshake, the server accepted it, and then the client successfully resumed but -set a different explict servername in the second handshake then when called by +set a different explicit servername in the second handshake then when called by the client it returned the servername from the second handshake. This has now been changed to return the servername requested in the original handshake. Also prior to 1.1.1e, if the client sent a servername in the first handshake but -the server did not accept it, and then a second handshake occured where TLSv1.2 +the server did not accept it, and then a second handshake occurred where TLSv1.2 resumption was successful then when called by the server it returned the servername requested in the original handshake. This has now been changed to NULL. diff --git a/crypto/openssl/doc/man3/SSL_CTX_set_tlsext_ticket_key_cb.pod b/crypto/openssl/doc/man3/SSL_CTX_set_tlsext_ticket_key_cb.pod index 43bddc51e8cf1..b2637efc1a727 100644 --- a/crypto/openssl/doc/man3/SSL_CTX_set_tlsext_ticket_key_cb.pod +++ b/crypto/openssl/doc/man3/SSL_CTX_set_tlsext_ticket_key_cb.pod @@ -136,6 +136,8 @@ Reference Implementation: unsigned char *iv, EVP_CIPHER_CTX *ctx, HMAC_CTX *hctx, int enc) { + your_type_t *key; /* something that you need to implement */ + if (enc) { /* create new session */ if (RAND_bytes(iv, EVP_MAX_IV_LENGTH) <= 0) return -1; /* insufficient random */ @@ -154,21 +156,22 @@ Reference Implementation: } memcpy(key_name, key->name, 16); - EVP_EncryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, key->aes_key, iv); - HMAC_Init_ex(&hctx, key->hmac_key, 16, EVP_sha256(), NULL); + EVP_EncryptInit_ex(&ctx, EVP_aes_256_cbc(), NULL, key->aes_key, iv); + HMAC_Init_ex(&hctx, key->hmac_key, 32, EVP_sha256(), NULL); return 1; } else { /* retrieve session */ - key = findkey(name); + time_t t = time(NULL); + key = findkey(key_name); /* something that you need to implement */ - if (key == NULL || key->expire < now()) + if (key == NULL || key->expire < t) return 0; - HMAC_Init_ex(&hctx, key->hmac_key, 16, EVP_sha256(), NULL); - EVP_DecryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, key->aes_key, iv); + HMAC_Init_ex(&hctx, key->hmac_key, 32, EVP_sha256(), NULL); + EVP_DecryptInit_ex(&ctx, EVP_aes_256_cbc(), NULL, key->aes_key, iv); - if (key->expire < now() - RENEW_TIME) { + if (key->expire < t - RENEW_TIME) { /* RENEW_TIME: implement */ /* * return 2 - This session will get a new ticket even though the * current one is still valid. @@ -190,7 +193,7 @@ L<SSL_CTX_set_session_id_context(3)>, =head1 COPYRIGHT -Copyright 2014-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2014-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/crypto/openssl/doc/man3/SSL_CTX_use_psk_identity_hint.pod b/crypto/openssl/doc/man3/SSL_CTX_use_psk_identity_hint.pod index 0957ade5e106d..b39fc09169ac6 100644 --- a/crypto/openssl/doc/man3/SSL_CTX_use_psk_identity_hint.pod +++ b/crypto/openssl/doc/man3/SSL_CTX_use_psk_identity_hint.pod @@ -83,7 +83,9 @@ via SSL_CTX_set_psk_find_session_callback() or SSL_set_psk_find_session_callback and it will use that in preference. If no such callback is present then it will check to see if a callback has been set via SSL_CTX_set_psk_server_callback() or SSL_set_psk_server_callback() and use that. In this case the handshake digest -will default to SHA-256 for any returned PSK. +will default to SHA-256 for any returned PSK. TLSv1.3 early data exchanges are +possible in PSK connections only with the B<SSL_psk_find_session_cb_func> +callback, and are not possible with the B<SSL_psk_server_cb_func> callback. =head1 NOTES @@ -126,7 +128,7 @@ failure. In the event of failure the connection setup fails. =head1 NOTES There are no known security issues with sharing the same PSK between TLSv1.2 (or -below) and TLSv1.3. However the RFC has this note of caution: +below) and TLSv1.3. However, the RFC has this note of caution: "While there is no known way in which the same PSK might produce related output in both versions, only limited analysis has been done. Implementations can @@ -145,7 +147,7 @@ were added in OpenSSL 1.1.1. =head1 COPYRIGHT -Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2006-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/crypto/openssl/doc/man3/SSL_accept.pod b/crypto/openssl/doc/man3/SSL_accept.pod index b1595f7acf347..81c9dbea57488 100644 --- a/crypto/openssl/doc/man3/SSL_accept.pod +++ b/crypto/openssl/doc/man3/SSL_accept.pod @@ -23,14 +23,14 @@ The behaviour of SSL_accept() depends on the underlying BIO. If the underlying BIO is B<blocking>, SSL_accept() will only return once the handshake has been finished or an error occurred. -If the underlying BIO is B<non-blocking>, SSL_accept() will also return +If the underlying BIO is B<nonblocking>, SSL_accept() will also return when the underlying BIO could not satisfy the needs of SSL_accept() to continue the handshake, indicating the problem by the return value -1. In this case a call to SSL_get_error() with the return value of SSL_accept() will yield B<SSL_ERROR_WANT_READ> or B<SSL_ERROR_WANT_WRITE>. The calling process then must repeat the call after taking appropriate action to satisfy the needs of SSL_accept(). -The action depends on the underlying BIO. When using a non-blocking socket, +The action depends on the underlying BIO. When using a nonblocking socket, nothing is to be done, but select() can be used to check for the required condition. When using a buffering BIO, like a BIO pair, data must be written into or retrieved out of the BIO before being able to continue. @@ -57,7 +57,7 @@ established. The TLS/SSL handshake was not successful because a fatal error occurred either at the protocol level or a connection failure occurred. The shutdown was not clean. It can also occur if action is needed to continue the operation -for non-blocking BIOs. Call SSL_get_error() with the return value B<ret> +for nonblocking BIOs. Call SSL_get_error() with the return value B<ret> to find out the reason. =back diff --git a/crypto/openssl/doc/man3/SSL_alloc_buffers.pod b/crypto/openssl/doc/man3/SSL_alloc_buffers.pod index 94bd05840c84d..ac3bd814c67cd 100644 --- a/crypto/openssl/doc/man3/SSL_alloc_buffers.pod +++ b/crypto/openssl/doc/man3/SSL_alloc_buffers.pod @@ -22,7 +22,7 @@ control when buffers are freed and allocated. After freeing the buffers, the buffers are automatically reallocated upon a new read or write. The SSL_alloc_buffers() does not need to be called, but -can be used to make sure the buffers are pre-allocated. This can be used to +can be used to make sure the buffers are preallocated. This can be used to avoid allocation during data processing or with CRYPTO_set_mem_functions() to control where and how buffers are allocated. @@ -57,7 +57,7 @@ L<CRYPTO_set_mem_functions> =head1 COPYRIGHT -Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2017-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/crypto/openssl/doc/man3/SSL_connect.pod b/crypto/openssl/doc/man3/SSL_connect.pod index f7d9e57db6224..0e6b6253586cc 100644 --- a/crypto/openssl/doc/man3/SSL_connect.pod +++ b/crypto/openssl/doc/man3/SSL_connect.pod @@ -23,14 +23,14 @@ The behaviour of SSL_connect() depends on the underlying BIO. If the underlying BIO is B<blocking>, SSL_connect() will only return once the handshake has been finished or an error occurred. -If the underlying BIO is B<non-blocking>, SSL_connect() will also return +If the underlying BIO is B<nonblocking>, SSL_connect() will also return when the underlying BIO could not satisfy the needs of SSL_connect() to continue the handshake, indicating the problem by the return value -1. In this case a call to SSL_get_error() with the return value of SSL_connect() will yield B<SSL_ERROR_WANT_READ> or B<SSL_ERROR_WANT_WRITE>. The calling process then must repeat the call after taking appropriate action to satisfy the needs of SSL_connect(). -The action depends on the underlying BIO. When using a non-blocking socket, +The action depends on the underlying BIO. When using a nonblocking socket, nothing is to be done, but select() can be used to check for the required condition. When using a buffering BIO, like a BIO pair, data must be written into or retrieved out of the BIO before being able to continue. @@ -72,7 +72,7 @@ established. The TLS/SSL handshake was not successful, because a fatal error occurred either at the protocol level or a connection failure occurred. The shutdown was not clean. It can also occur if action is needed to continue the operation -for non-blocking BIOs. Call SSL_get_error() with the return value B<ret> +for nonblocking BIOs. Call SSL_get_error() with the return value B<ret> to find out the reason. =back diff --git a/crypto/openssl/doc/man3/SSL_do_handshake.pod b/crypto/openssl/doc/man3/SSL_do_handshake.pod index 8852f9d3e3dce..fa133d76a8edf 100644 --- a/crypto/openssl/doc/man3/SSL_do_handshake.pod +++ b/crypto/openssl/doc/man3/SSL_do_handshake.pod @@ -25,13 +25,13 @@ The behaviour of SSL_do_handshake() depends on the underlying BIO. If the underlying BIO is B<blocking>, SSL_do_handshake() will only return once the handshake has been finished or an error occurred. -If the underlying BIO is B<non-blocking>, SSL_do_handshake() will also return +If the underlying BIO is B<nonblocking>, SSL_do_handshake() will also return when the underlying BIO could not satisfy the needs of SSL_do_handshake() to continue the handshake. In this case a call to SSL_get_error() with the return value of SSL_do_handshake() will yield B<SSL_ERROR_WANT_READ> or B<SSL_ERROR_WANT_WRITE>. The calling process then must repeat the call after taking appropriate action to satisfy the needs of SSL_do_handshake(). -The action depends on the underlying BIO. When using a non-blocking socket, +The action depends on the underlying BIO. When using a nonblocking socket, nothing is to be done, but select() can be used to check for the required condition. When using a buffering BIO, like a BIO pair, data must be written into or retrieved out of the BIO before being able to continue. @@ -58,7 +58,7 @@ established. The TLS/SSL handshake was not successful because a fatal error occurred either at the protocol level or a connection failure occurred. The shutdown was not clean. It can also occur if action is needed to continue the operation -for non-blocking BIOs. Call SSL_get_error() with the return value B<ret> +for nonblocking BIOs. Call SSL_get_error() with the return value B<ret> to find out the reason. =back diff --git a/crypto/openssl/doc/man3/SSL_get_all_async_fds.pod b/crypto/openssl/doc/man3/SSL_get_all_async_fds.pod index 5b17f091e3533..6fa6ed4a62efd 100644 --- a/crypto/openssl/doc/man3/SSL_get_all_async_fds.pod +++ b/crypto/openssl/doc/man3/SSL_get_all_async_fds.pod @@ -32,7 +32,7 @@ appearing as "read ready" on the file descriptor (no actual data should be read from the file descriptor). This function should only be called if the SSL object is currently waiting for asynchronous work to complete (i.e. SSL_ERROR_WANT_ASYNC has been received - see L<SSL_get_error(3)>). Typically the -list will only contain one file descriptor. However if multiple asynchronous +list will only contain one file descriptor. However, if multiple asynchronous capable engines are in use then more than one is possible. The number of file descriptors returned is stored in B<*numfds> and the file descriptors themselves are in B<*fds>. The B<fds> parameter may be NULL in which case no file @@ -63,7 +63,7 @@ SSL_get_all_async_fds() and SSL_get_changed_async_fds() return 1 on success or On Windows platforms the openssl/async.h header is dependent on some of the types customarily made available by including windows.h. The application developer is likely to require control over when the latter -is included, commonly as one of the first included headers. Therefore +is included, commonly as one of the first included headers. Therefore, it is defined as an application developer's responsibility to include windows.h prior to async.h. @@ -78,7 +78,7 @@ and SSL_get_changed_async_fds() functions were added in OpenSSL 1.1.0. =head1 COPYRIGHT -Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/crypto/openssl/doc/man3/SSL_get_error.pod b/crypto/openssl/doc/man3/SSL_get_error.pod index 5221ccfe18049..e6a1e8b63def9 100644 --- a/crypto/openssl/doc/man3/SSL_get_error.pod +++ b/crypto/openssl/doc/man3/SSL_get_error.pod @@ -49,7 +49,7 @@ indicate that the underlying transport has been closed. The operation did not complete and can be retried later. B<SSL_ERROR_WANT_READ> is returned when the last operation was a read -operation from a non-blocking B<BIO>. +operation from a nonblocking B<BIO>. It means that not enough data was available at this time to complete the operation. If at a later time the underlying B<BIO> has data available for reading the same @@ -61,8 +61,8 @@ for a blocking B<BIO>. See L<SSL_read(3)> for more information. B<SSL_ERROR_WANT_WRITE> is returned when the last operation was a write -to a non-blocking B<BIO> and it was unable to sent all data to the B<BIO>. -When the B<BIO> is writeable again, the same function can be called again. +to a nonblocking B<BIO> and it was unable to sent all data to the B<BIO>. +When the B<BIO> is writable again, the same function can be called again. Note that the retry may again lead to an B<SSL_ERROR_WANT_READ> or B<SSL_ERROR_WANT_WRITE> condition. @@ -72,7 +72,7 @@ protocol level. It is safe to call SSL_read() or SSL_read_ex() when more data is available even when the call that set this error was an SSL_write() or SSL_write_ex(). -However if the call was an SSL_write() or SSL_write_ex(), it should be called +However, if the call was an SSL_write() or SSL_write_ex(), it should be called again to continue sending the application data. For socket B<BIO>s (e.g. when SSL_set_fd() was used), select() or diff --git a/crypto/openssl/doc/man3/SSL_new.pod b/crypto/openssl/doc/man3/SSL_new.pod index 222e9d5886d3c..b8680526b8db5 100644 --- a/crypto/openssl/doc/man3/SSL_new.pod +++ b/crypto/openssl/doc/man3/SSL_new.pod @@ -26,10 +26,75 @@ structure are freed. SSL_up_ref() increments the reference count for an existing B<SSL> structure. -SSL_dup() duplicates an existing B<SSL> structure into a new allocated one. All -settings are inherited from the original B<SSL> structure. Dynamic data (i.e. -existing connection details) are not copied, the new B<SSL> is set into an -initial accept (server) or connect (client) state. +The function SSL_dup() creates and returns a new B<SSL> structure from the same +B<SSL_CTX> that was used to create I<s>. It additionally duplicates a subset of +the settings in I<s> into the new B<SSL> object. + +For SSL_dup() to work, the connection MUST be in its initial state and +MUST NOT have yet started the SSL handshake. For connections that are not in +their initial state SSL_dup() just increments an internal +reference count and returns the I<same> handle. It may be possible to +use L<SSL_clear(3)> to recycle an SSL handle that is not in its initial +state for re-use, but this is best avoided. Instead, save and restore +the session, if desired, and construct a fresh handle for each connection. + +The subset of settings in I<s> that are duplicated are: + +=over 4 + +=item any session data if configured (including the session_id_context) + +=item any tmp_dh settings set via L<SSL_set_tmp_dh(3)>, +L<SSL_set_tmp_dh_callback(3)>, or L<SSL_set_dh_auto(3)> + +=item any configured certificates, private keys or certificate chains + +=item any configured signature algorithms, or client signature algorithms + +=item any DANE settings + +=item any Options set via L<SSL_set_options(3)> + +=item any Mode set via L<SSL_set_mode(3)> + +=item any minimum or maximum protocol settings set via +L<SSL_set_min_proto_version(3)> or L<SSL_set_max_proto_version(3)> (Note: Only +from OpenSSL 1.1.1h and above) + +=item any Verify mode, callback or depth set via L<SSL_set_verify(3)> or +L<SSL_set_verify_depth(3)> or any configured X509 verification parameters + +=item any msg callback or info callback set via L<SSL_set_msg_callback(3)> or +L<SSL_set_info_callback(3)> + +=item any default password callback set via L<SSL_set_default_passwd_cb(3)> + +=item any session id generation callback set via L<SSL_set_generate_session_id(3)> + +=item any configured Cipher List + +=item initial accept (server) or connect (client) state + +=item the max cert list value set via L<SSL_set_max_cert_list(3)> + +=item the read_ahead value set via L<SSL_set_read_ahead(3)> + +=item application specific data set via L<SSL_set_ex_data(3)> + +=item any CA list or client CA list set via L<SSL_set0_CA_list(3)>, +SSL_set0_client_CA_list() or similar functions + +=item any security level settings or callbacks + +=item any configured serverinfo data + +=item any configured PSK identity hint + +=item any configured custom extensions + +=item any client certificate types configured via SSL_set1_client_certificate_types + +=back =head1 RETURN VALUES @@ -59,7 +124,7 @@ L<ssl(7)> =head1 COPYRIGHT -Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/crypto/openssl/doc/man3/SSL_pending.pod b/crypto/openssl/doc/man3/SSL_pending.pod index c077a318c20e8..eb42b554895eb 100644 --- a/crypto/openssl/doc/man3/SSL_pending.pod +++ b/crypto/openssl/doc/man3/SSL_pending.pod @@ -27,7 +27,7 @@ record) may have been read containing more TLS/SSL records. This also applies to DTLS and pipelining (see L<SSL_CTX_set_split_send_fragment(3)>). These additional bytes will be buffered by OpenSSL but will remain unprocessed until they are needed. As these bytes are still in an unprocessed state SSL_pending() -will ignore them. Therefore it is possible for no more bytes to be readable from +will ignore them. Therefore, it is possible for no more bytes to be readable from the underlying BIO (because OpenSSL has already read them) and for SSL_pending() to return 0, even though readable application data bytes are available (because the data is in unprocessed buffered records). @@ -59,7 +59,7 @@ The SSL_has_pending() function was added in OpenSSL 1.1.0. =head1 COPYRIGHT -Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/crypto/openssl/doc/man3/SSL_read.pod b/crypto/openssl/doc/man3/SSL_read.pod index 4da7ad1ae1f41..29ccd9947c32a 100644 --- a/crypto/openssl/doc/man3/SSL_read.pod +++ b/crypto/openssl/doc/man3/SSL_read.pod @@ -45,7 +45,7 @@ invocation of a read function. The read functions work based on the SSL/TLS records. The data are received in records (with a maximum record size of 16kB). Only when a record has been completely received, can it be processed (decryption and check of integrity). -Therefore data that was not retrieved at the last read call can still be +Therefore, data that was not retrieved at the last read call can still be buffered inside the SSL layer and will be retrieved on the next read call. If B<num> is higher than the number of bytes buffered then the read functions will return with the bytes buffered. If no more bytes are in the @@ -72,7 +72,7 @@ not set. Note that if B<SSL_MODE_AUTO_RETRY> is set and only non-application data is available the call will hang. -If the underlying BIO is B<non-blocking>, a read function will also return when +If the underlying BIO is B<nonblocking>, a read function will also return when the underlying BIO could not satisfy the needs of the function to continue the operation. In this case a call to L<SSL_get_error(3)> with the @@ -83,7 +83,7 @@ a read function can also cause write operations. The calling process then must repeat the call after taking appropriate action to satisfy the needs of the read function. The action depends on the underlying BIO. -When using a non-blocking socket, nothing is to be done, but select() can be +When using a nonblocking socket, nothing is to be done, but select() can be used to check for the required condition. When using a buffering BIO, like a BIO pair, data must be written into or retrieved out of the BIO before being able to continue. @@ -142,7 +142,7 @@ The SSL_read_ex() and SSL_peek_ex() functions were added in OpenSSL 1.1.1. =head1 COPYRIGHT -Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/crypto/openssl/doc/man3/SSL_read_early_data.pod b/crypto/openssl/doc/man3/SSL_read_early_data.pod index c51fe1359dc3c..178bad731f1f9 100644 --- a/crypto/openssl/doc/man3/SSL_read_early_data.pod +++ b/crypto/openssl/doc/man3/SSL_read_early_data.pod @@ -58,10 +58,11 @@ SSL_set_allow_early_data_cb These functions are used to send and receive early data where TLSv1.3 has been negotiated. Early data can be sent by the client immediately after its initial ClientHello without having to wait for the server to complete the handshake. -Early data can only be sent if a session has previously been established with -the server, and the server is known to support it. Additionally these functions -can be used to send data from the server to the client when the client has not -yet completed the authentication stage of the handshake. +Early data can be sent if a session has previously been established with the +server or when establishing a new session using an out-of-band PSK, and only +when the server is known to support it. Additionally these functions can be used +to send data from the server to the client when the client has not yet completed +the authentication stage of the handshake. Early data has weaker security properties than other data sent over an SSL/TLS connection. In particular the data does not have forward secrecy. There are also @@ -202,7 +203,7 @@ early data settings for the SSL_CTX and SSL objects respectively. Generally a server application will either use both of SSL_read_early_data() and SSL_CTX_set_max_early_data() (or SSL_set_max_early_data()), or neither of them, since there is no practical benefit from using only one of them. If the maximum -early data setting for a server is non-zero then replay protection is +early data setting for a server is nonzero then replay protection is automatically enabled (see L</REPLAY PROTECTION> below). If the server rejects the early data sent by a client then it will skip over @@ -220,7 +221,7 @@ max_early_data for the session and the recv_max_early_data setting for the server. If a client sends more data than this then the connection will abort. The configured value for max_early_data on a server may change over time as -required. However clients may have tickets containing the previously configured +required. However, clients may have tickets containing the previously configured max_early_data value. The recv_max_early_data should always be equal to or higher than any recently configured max_early_data value in order to avoid aborted connections. The recv_max_early_data should never be set to less than @@ -285,7 +286,7 @@ retry with a lower maximum protocol version. When early data is in use the TLS protocol provides no security guarantees that the same early data was not replayed across multiple connections. As a mitigation for this issue OpenSSL automatically enables replay protection if the -server is configured with a non-zero max early data value. With replay +server is configured with a nonzero max early data value. With replay protection enabled sessions are forced to be single use only. If a client attempts to reuse a session ticket more than once, then the second and subsequent attempts will fall back to a full handshake (and any early data that @@ -316,7 +317,7 @@ cache. Applications should be designed with this in mind in order to minimise the possibility of replay attacks. The OpenSSL replay protection does not apply to external Pre Shared Keys (PSKs) -(e.g. see SSL_CTX_set_psk_find_session_callback(3)). Therefore extreme caution +(e.g. see SSL_CTX_set_psk_find_session_callback(3)). Therefore, extreme caution should be applied when combining external PSKs with early data. Some applications may mitigate the replay risks in other ways. For those @@ -364,7 +365,7 @@ All of the functions described above were added in OpenSSL 1.1.1. =head1 COPYRIGHT -Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2017-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/crypto/openssl/doc/man3/SSL_set1_host.pod b/crypto/openssl/doc/man3/SSL_set1_host.pod index 4ae9f6e7f3d19..5754d480c84aa 100644 --- a/crypto/openssl/doc/man3/SSL_set1_host.pod +++ b/crypto/openssl/doc/man3/SSL_set1_host.pod @@ -19,9 +19,9 @@ SSL server verification parameters These functions configure server hostname checks in the SSL client. SSL_set1_host() sets the expected DNS hostname to B<name> clearing -any previously specified host name or names. If B<name> is NULL, +any previously specified hostname or names. If B<name> is NULL, or the empty string the list of hostnames is cleared, and name -checks are not performed on the peer certificate. When a non-empty +checks are not performed on the peer certificate. When a nonempty B<name> is specified, certificate verification automatically checks the peer hostname via L<X509_check_host(3)> with B<flags> as specified via SSL_set_hostflags(). Clients that enable DANE TLSA authentication @@ -108,7 +108,7 @@ These functions were added in OpenSSL 1.1.0. =head1 COPYRIGHT -Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/crypto/openssl/doc/man3/SSL_set_bio.pod b/crypto/openssl/doc/man3/SSL_set_bio.pod index 1fa0d34926008..b824b5ae20ac3 100644 --- a/crypto/openssl/doc/man3/SSL_set_bio.pod +++ b/crypto/openssl/doc/man3/SSL_set_bio.pod @@ -16,7 +16,7 @@ SSL_set_bio, SSL_set0_rbio, SSL_set0_wbio - connect the SSL object with a BIO SSL_set0_rbio() connects the BIO B<rbio> for the read operations of the B<ssl> object. The SSL engine inherits the behaviour of B<rbio>. If the BIO is -non-blocking then the B<ssl> object will also have non-blocking behaviour. This +nonblocking then the B<ssl> object will also have nonblocking behaviour. This function transfers ownership of B<rbio> to B<ssl>. It will be automatically freed using L<BIO_free_all(3)> when the B<ssl> is freed. On calling this function, any existing B<rbio> that was previously set will also be freed via a @@ -26,7 +26,7 @@ the same value as previously). SSL_set0_wbio() works in the same as SSL_set0_rbio() except that it connects the BIO B<wbio> for the write operations of the B<ssl> object. Note that if the rbio and wbio are the same then SSL_set0_rbio() and SSL_set0_wbio() each take -ownership of one reference. Therefore it may be necessary to increment the +ownership of one reference. Therefore, it may be necessary to increment the number of references available using L<BIO_up_ref(3)> before calling the set0 functions. @@ -104,7 +104,7 @@ SSL_set0_rbio() and SSL_set0_wbio() were added in OpenSSL 1.1.0. =head1 COPYRIGHT -Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/crypto/openssl/doc/man3/SSL_set_fd.pod b/crypto/openssl/doc/man3/SSL_set_fd.pod index d5ec951e0bb84..6780d515f91fe 100644 --- a/crypto/openssl/doc/man3/SSL_set_fd.pod +++ b/crypto/openssl/doc/man3/SSL_set_fd.pod @@ -20,8 +20,8 @@ socket file descriptor of a network connection. When performing the operation, a B<socket BIO> is automatically created to interface between the B<ssl> and B<fd>. The BIO and hence the SSL engine -inherit the behaviour of B<fd>. If B<fd> is non-blocking, the B<ssl> will -also have non-blocking behaviour. +inherit the behaviour of B<fd>. If B<fd> is nonblocking, the B<ssl> will +also have nonblocking behaviour. If there was already a BIO connected to B<ssl>, BIO_free() will be called (for both the reading and writing side, if different). @@ -53,7 +53,7 @@ L<SSL_shutdown(3)>, L<ssl(7)> , L<bio(7)> =head1 COPYRIGHT -Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/crypto/openssl/doc/man3/SSL_set_shutdown.pod b/crypto/openssl/doc/man3/SSL_set_shutdown.pod index b1cf58920be4d..1d08f6c2cf0f9 100644 --- a/crypto/openssl/doc/man3/SSL_set_shutdown.pod +++ b/crypto/openssl/doc/man3/SSL_set_shutdown.pod @@ -20,7 +20,7 @@ SSL_get_shutdown() returns the shutdown mode of B<ssl>. =head1 NOTES -The shutdown state of an ssl connection is a bitmask of: +The shutdown state of an ssl connection is a bit mask of: =over 4 @@ -71,7 +71,7 @@ L<SSL_clear(3)>, L<SSL_free(3)> =head1 COPYRIGHT -Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2001-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/crypto/openssl/doc/man3/SSL_shutdown.pod b/crypto/openssl/doc/man3/SSL_shutdown.pod index 732e5ada04ae3..a77721c85269e 100644 --- a/crypto/openssl/doc/man3/SSL_shutdown.pod +++ b/crypto/openssl/doc/man3/SSL_shutdown.pod @@ -95,13 +95,13 @@ The behaviour of SSL_shutdown() additionally depends on the underlying BIO. If the underlying BIO is B<blocking>, SSL_shutdown() will only return once the handshake step has been finished or an error occurred. -If the underlying BIO is B<non-blocking>, SSL_shutdown() will also return +If the underlying BIO is B<nonblocking>, SSL_shutdown() will also return when the underlying BIO could not satisfy the needs of SSL_shutdown() to continue the handshake. In this case a call to SSL_get_error() with the return value of SSL_shutdown() will yield B<SSL_ERROR_WANT_READ> or B<SSL_ERROR_WANT_WRITE>. The calling process then must repeat the call after taking appropriate action to satisfy the needs of SSL_shutdown(). -The action depends on the underlying BIO. When using a non-blocking socket, +The action depends on the underlying BIO. When using a nonblocking socket, nothing is to be done, but select() can be used to check for the required condition. When using a buffering BIO, like a BIO pair, data must be written into or retrieved out of the BIO before being able to continue. @@ -116,6 +116,16 @@ state but not actually send the close_notify alert messages, see L<SSL_CTX_set_quiet_shutdown(3)>. When "quiet shutdown" is enabled, SSL_shutdown() will always succeed and return 1. +Note that this is not standard compliant behaviour. +It should only be done when the peer has a way to make sure all +data has been received and doesn't wait for the close_notify alert +message, otherwise an unexpected EOF will be reported. + +There are implementations that do not send the required close_notify alert. +If there is a need to communicate with such an implementation, and it's clear +that all data has been received, do not wait for the peer's close_notify alert. +Waiting for the close_notify alert when the peer just closes the connection will +result in an error being generated. =head1 RETURN VALUES @@ -128,8 +138,10 @@ The following return values can occur: The shutdown is not yet finished: the close_notify was sent but the peer did not send it back yet. Call SSL_read() to do a bidirectional shutdown. -The output of L<SSL_get_error(3)> may be misleading, as an -erroneous SSL_ERROR_SYSCALL may be flagged even though no error occurred. + +Unlike most other function, returning 0 does not indicate an error. +L<SSL_get_error(3)> should not get called, it may misleadingly +indicate an error even though no error occurred. =item Z<>1 @@ -140,7 +152,7 @@ and the peer's close_notify alert was received. The shutdown was not successful. Call L<SSL_get_error(3)> with the return value B<ret> to find out the reason. -It can occur if an action is needed to continue the operation for non-blocking +It can occur if an action is needed to continue the operation for nonblocking BIOs. It can also occur when not all data was read using SSL_read(). @@ -157,7 +169,7 @@ L<ssl(7)>, L<bio(7)> =head1 COPYRIGHT -Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/crypto/openssl/doc/man3/SSL_state_string.pod b/crypto/openssl/doc/man3/SSL_state_string.pod index 505945a942524..54dfdd6c231fb 100644 --- a/crypto/openssl/doc/man3/SSL_state_string.pod +++ b/crypto/openssl/doc/man3/SSL_state_string.pod @@ -26,11 +26,11 @@ maintained. Querying the state information is not very informative before or when a connection has been established. It however can be of significant interest during the handshake. -When using non-blocking sockets, the function call performing the handshake +When using nonblocking sockets, the function call performing the handshake may return with SSL_ERROR_WANT_READ or SSL_ERROR_WANT_WRITE condition, so that SSL_state_string[_long]() may be called. -For both blocking or non-blocking sockets, the details state information +For both blocking or nonblocking sockets, the details state information can be used within the info_callback function set with the SSL_set_info_callback() call. @@ -44,7 +44,7 @@ L<ssl(7)>, L<SSL_CTX_set_info_callback(3)> =head1 COPYRIGHT -Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2001-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/crypto/openssl/doc/man3/SSL_want.pod b/crypto/openssl/doc/man3/SSL_want.pod index 6840ccbfb626f..4827e7eeac7f0 100644 --- a/crypto/openssl/doc/man3/SSL_want.pod +++ b/crypto/openssl/doc/man3/SSL_want.pod @@ -33,7 +33,7 @@ return values are similar to that of L<SSL_get_error(3)>. Unlike L<SSL_get_error(3)>, which also evaluates the error queue, the results are obtained by examining an internal state flag only. The information must therefore only be used for normal operation under -non-blocking I/O. Error conditions are not handled and must be treated +nonblocking I/O. Error conditions are not handled and must be treated using L<SSL_get_error(3)>. The result returned by SSL_want() should always be consistent with @@ -106,7 +106,7 @@ were added in OpenSSL 1.1.1. =head1 COPYRIGHT -Copyright 2001-2017 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2001-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/crypto/openssl/doc/man3/SSL_write.pod b/crypto/openssl/doc/man3/SSL_write.pod index a76ffbb8fd154..5e3ce1e7e4dd0 100644 --- a/crypto/openssl/doc/man3/SSL_write.pod +++ b/crypto/openssl/doc/man3/SSL_write.pod @@ -36,7 +36,7 @@ before the first call to a write function. If the underlying BIO is B<blocking>, the write functions will only return, once the write operation has been finished or an error occurred. -If the underlying BIO is B<non-blocking> the write functions will also return +If the underlying BIO is B<nonblocking> the write functions will also return when the underlying BIO could not satisfy the needs of the function to continue the operation. In this case a call to L<SSL_get_error(3)> with the return value of the write function will yield B<SSL_ERROR_WANT_READ> @@ -44,7 +44,7 @@ or B<SSL_ERROR_WANT_WRITE>. As at any time a re-negotiation is possible, a call to a write function can also cause read operations! The calling process then must repeat the call after taking appropriate action to satisfy the needs of the write function. The action depends on the underlying BIO. When using a -non-blocking socket, nothing is to be done, but select() can be used to check +nonblocking socket, nothing is to be done, but select() can be used to check for the required condition. When using a buffering BIO, like a BIO pair, data must be written into or retrieved out of the BIO before being able to continue. @@ -118,7 +118,7 @@ The SSL_write_ex() function was added in OpenSSL 1.1.1. =head1 COPYRIGHT -Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/crypto/openssl/doc/man3/UI_UTIL_read_pw.pod b/crypto/openssl/doc/man3/UI_UTIL_read_pw.pod index a59cc4f3862ab..a6528a0300aaa 100644 --- a/crypto/openssl/doc/man3/UI_UTIL_read_pw.pod +++ b/crypto/openssl/doc/man3/UI_UTIL_read_pw.pod @@ -21,7 +21,7 @@ UI_UTIL_read_pw_string() asks for a passphrase, using B<prompt> as a prompt, and stores it in B<buf>. The maximum allowed size is given with B<length>, including the terminating NUL byte. -If B<verify> is non-zero, the password will be verified as well. +If B<verify> is nonzero, the password will be verified as well. UI_UTIL_read_pw() does the same as UI_UTIL_read_pw_string(), the difference is that you can give it an external buffer B<buff> for the @@ -62,7 +62,7 @@ L<UI_get_default_method(3)> =head1 COPYRIGHT -Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2001-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/crypto/openssl/doc/man3/UI_create_method.pod b/crypto/openssl/doc/man3/UI_create_method.pod index a01e1012dcf9b..c9295ff52649a 100644 --- a/crypto/openssl/doc/man3/UI_create_method.pod +++ b/crypto/openssl/doc/man3/UI_create_method.pod @@ -51,7 +51,7 @@ interface method creation and destruction =head1 DESCRIPTION -A method contains a few functions that implement the low level of the +A method contains a few functions that implement the low-level of the User Interface. These functions are: @@ -210,7 +210,7 @@ and UI_method_get_data_destructor() functions were added in OpenSSL 1.1.1. =head1 COPYRIGHT -Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2001-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/crypto/openssl/doc/man3/UI_new.pod b/crypto/openssl/doc/man3/UI_new.pod index 3042b13f1f1a1..f40b65df40e92 100644 --- a/crypto/openssl/doc/man3/UI_new.pod +++ b/crypto/openssl/doc/man3/UI_new.pod @@ -152,7 +152,7 @@ UI_construct_prompt() is a helper function that can be used to create a prompt from two pieces of information: an description and a name. The default constructor (if there is none provided by the method used) creates a string "Enter I<description> for I<name>:". With the -description "pass phrase" and the file name "foo.key", that becomes +description "pass phrase" and the filename "foo.key", that becomes "Enter pass phrase for foo.key:". Other methods may create whatever string and may include encodings that will be processed by the other method functions. @@ -243,7 +243,7 @@ The UI_dup_user_data() function was added in OpenSSL 1.1.1. =head1 COPYRIGHT -Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2001-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/crypto/openssl/doc/man3/X509V3_get_d2i.pod b/crypto/openssl/doc/man3/X509V3_get_d2i.pod index ac560b21e9782..159948b17029a 100644 --- a/crypto/openssl/doc/man3/X509V3_get_d2i.pod +++ b/crypto/openssl/doc/man3/X509V3_get_d2i.pod @@ -78,7 +78,7 @@ of a certificate a CRL or a CRL entry respectively. =head1 NOTES In almost all cases an extension can occur at most once and multiple -occurrences is an error. Therefore the B<idx> parameter is usually B<NULL>. +occurrences is an error. Therefore, the B<idx> parameter is usually B<NULL>. The B<flags> parameter may be one of the following values. @@ -231,7 +231,7 @@ L<X509_verify_cert(3)> =head1 COPYRIGHT -Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/crypto/openssl/doc/man3/X509_ALGOR_dup.pod b/crypto/openssl/doc/man3/X509_ALGOR_dup.pod index 4aeaa591ebec3..de2faf8547afc 100644 --- a/crypto/openssl/doc/man3/X509_ALGOR_dup.pod +++ b/crypto/openssl/doc/man3/X509_ALGOR_dup.pod @@ -2,7 +2,7 @@ =head1 NAME -X509_ALGOR_dup, X509_ALGOR_set0, X509_ALGOR_get0, X509_ALGOR_set_md, X509_ALGOR_cmp - AlgorithmIdentifier functions +X509_ALGOR_dup, X509_ALGOR_set0, X509_ALGOR_get0, X509_ALGOR_set_md, X509_ALGOR_cmp, X509_ALGOR_copy - AlgorithmIdentifier functions =head1 SYNOPSIS @@ -14,6 +14,7 @@ X509_ALGOR_dup, X509_ALGOR_set0, X509_ALGOR_get0, X509_ALGOR_set_md, X509_ALGOR_ const void **ppval, const X509_ALGOR *alg); void X509_ALGOR_set_md(X509_ALGOR *alg, const EVP_MD *md); int X509_ALGOR_cmp(const X509_ALGOR *a, const X509_ALGOR *b); + int X509_ALGOR_copy(X509_ALGOR *dest, const X509_ALGOR *src); =head1 DESCRIPTION @@ -34,23 +35,30 @@ X509_ALGOR_set_md() sets the B<AlgorithmIdentifier> B<alg> to appropriate values for the message digest B<md>. X509_ALGOR_cmp() compares B<a> and B<b> and returns 0 if they have identical -encodings and non-zero otherwise. +encodings and nonzero otherwise. + +X509_ALGOR_copy() copies the source values into the dest structs; making +a duplicate of each (and free any thing pointed to from within *dest). =head1 RETURN VALUES X509_ALGOR_dup() returns a valid B<X509_ALGOR> structure or NULL if an error occurred. -X509_ALGOR_set0() returns 1 on success or 0 on error. +X509_ALGOR_set0() and X509_ALGOR_copy() return 1 on success or 0 on error. X509_ALGOR_get0() and X509_ALGOR_set_md() return no values. X509_ALGOR_cmp() returns 0 if the two parameters have identical encodings and -non-zero otherwise. +nonzero otherwise. + +=head1 HISTORY + +The X509_ALGOR_copy() was added in 1.1.1e. =head1 COPYRIGHT -Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2002-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/crypto/openssl/doc/man3/X509_LOOKUP_hash_dir.pod b/crypto/openssl/doc/man3/X509_LOOKUP_hash_dir.pod index dd41f78b12408..365d0dea1c76c 100644 --- a/crypto/openssl/doc/man3/X509_LOOKUP_hash_dir.pod +++ b/crypto/openssl/doc/man3/X509_LOOKUP_hash_dir.pod @@ -80,7 +80,7 @@ upon each lookup, so that newer CRLs are as soon as they appear in the directory. The directory should contain one certificate or CRL per file in PEM format, -with a file name of the form I<hash>.I<N> for a certificate, or +with a filename of the form I<hash>.I<N> for a certificate, or I<hash>.B<r>I<N> for a CRL. The I<hash> is the value returned by the L<X509_NAME_hash(3)> function applied to the subject name for certificates or issuer name for CRLs. @@ -129,7 +129,7 @@ L<X509_LOOKUP_meth_new(3)>, =head1 COPYRIGHT -Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/crypto/openssl/doc/man3/X509_LOOKUP_meth_new.pod b/crypto/openssl/doc/man3/X509_LOOKUP_meth_new.pod index a4e7466395dd0..ad581d4b421e9 100644 --- a/crypto/openssl/doc/man3/X509_LOOKUP_meth_new.pod +++ b/crypto/openssl/doc/man3/X509_LOOKUP_meth_new.pod @@ -151,7 +151,7 @@ Implementations must add objects they find to the B<X509_STORE> object using X509_STORE_add_cert() or X509_STORE_add_crl(). This increments its reference count. However, the X509_STORE_CTX_get_by_subject() function also increases the reference count which leads to one too -many references being held. Therefore applications should +many references being held. Therefore, applications should additionally call X509_free() or X509_CRL_free() to decrement the reference count again. diff --git a/crypto/openssl/doc/man3/X509_STORE_CTX_get_error.pod b/crypto/openssl/doc/man3/X509_STORE_CTX_get_error.pod index bdbf86ae9695b..74a28c07aa53f 100644 --- a/crypto/openssl/doc/man3/X509_STORE_CTX_get_error.pod +++ b/crypto/openssl/doc/man3/X509_STORE_CTX_get_error.pod @@ -38,7 +38,7 @@ it might be used in a verification callback to set an error based on additional checks. X509_STORE_CTX_get_error_depth() returns the B<depth> of the error. This is a -non-negative integer representing where in the certificate chain the error +nonnegative integer representing where in the certificate chain the error occurred. If it is zero it occurred in the end entity certificate, one if it is the certificate which signed the end entity certificate and so on. @@ -79,7 +79,7 @@ verification error B<n>. X509_STORE_CTX_get_error() returns B<X509_V_OK> or an error code. -X509_STORE_CTX_get_error_depth() returns a non-negative error depth. +X509_STORE_CTX_get_error_depth() returns a nonnegative error depth. X509_STORE_CTX_get_current_cert() returns the certificate which caused the error or B<NULL> if no certificate is relevant to the error. @@ -328,7 +328,7 @@ L<X509_free(3)>. =head1 COPYRIGHT -Copyright 2009-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2009-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/crypto/openssl/doc/man3/X509_STORE_CTX_new.pod b/crypto/openssl/doc/man3/X509_STORE_CTX_new.pod index c5042858be853..aba7fff781e57 100644 --- a/crypto/openssl/doc/man3/X509_STORE_CTX_new.pod +++ b/crypto/openssl/doc/man3/X509_STORE_CTX_new.pod @@ -52,7 +52,7 @@ by X509_verify_cert(). X509_STORE_CTX_new() returns a newly initialised B<X509_STORE_CTX> structure. X509_STORE_CTX_cleanup() internally cleans up an B<X509_STORE_CTX> structure. -The context can then be reused with an new call to X509_STORE_CTX_init(). +The context can then be reused with a new call to X509_STORE_CTX_init(). X509_STORE_CTX_free() completely frees up B<ctx>. After this call B<ctx> is no longer valid. @@ -80,7 +80,7 @@ X509_STORE_CTX_set0_verified_chain() sets the validated chain used by B<ctx> to be B<chain>. Ownership of the chain is transferred to B<ctx> and should not be free'd by the caller. -X509_STORE_CTX_get0_chain() returns a the internal pointer used by the +X509_STORE_CTX_get0_chain() returns the internal pointer used by the B<ctx> that contains the validated chain. X509_STORE_CTX_set0_crls() sets a set of CRLs to use to aid certificate @@ -133,7 +133,7 @@ should be made or reference counts increased instead. =head1 RETURN VALUES -X509_STORE_CTX_new() returns an newly allocates context or B<NULL> is an +X509_STORE_CTX_new() returns a newly allocated context or B<NULL> if an error occurred. X509_STORE_CTX_init() returns 1 for success or 0 if an error occurred. @@ -164,7 +164,7 @@ The X509_STORE_CTX_get_num_untrusted() function was added in OpenSSL 1.1.0. =head1 COPYRIGHT -Copyright 2009-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2009-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/crypto/openssl/doc/man3/X509_STORE_CTX_set_verify_cb.pod b/crypto/openssl/doc/man3/X509_STORE_CTX_set_verify_cb.pod index 7cd661f215c10..81fe0b25a9b25 100644 --- a/crypto/openssl/doc/man3/X509_STORE_CTX_set_verify_cb.pod +++ b/crypto/openssl/doc/man3/X509_STORE_CTX_set_verify_cb.pod @@ -48,7 +48,7 @@ The verification callback can be used to customise the operation of certificate verification, either by overriding error conditions or logging errors for debugging purposes. -However a verification callback is B<not> essential and the default operation +However, a verification callback is B<not> essential and the default operation is often sufficient. The B<ok> parameter to the callback indicates the value the callback should @@ -202,7 +202,7 @@ and X509_STORE_CTX_get_cleanup() functions were added in OpenSSL 1.1.0. =head1 COPYRIGHT -Copyright 2009-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2009-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/crypto/openssl/doc/man3/X509_STORE_set_verify_cb_func.pod b/crypto/openssl/doc/man3/X509_STORE_set_verify_cb_func.pod index d16881edd83dd..526790938acd5 100644 --- a/crypto/openssl/doc/man3/X509_STORE_set_verify_cb_func.pod +++ b/crypto/openssl/doc/man3/X509_STORE_set_verify_cb_func.pod @@ -137,7 +137,9 @@ I<If no function to get the issuer is provided, the internal default function will be used instead.> X509_STORE_set_check_issued() sets the function to check that a given -certificate B<x> is issued with the issuer certificate B<issuer>. +certificate B<x> is issued by the issuer certificate B<issuer> and +the issuer is not yet in the chain contained in <ctx>, where the exceptional +case that B<x> is self-issued and ctx->chain has just one element is allowed. This function must return 0 on failure (among others if B<x> hasn't been issued with B<issuer>) and 1 on success. I<If no function to get the issuer is provided, the internal default @@ -256,7 +258,7 @@ were added in OpenSSL 1.1.0. =head1 COPYRIGHT -Copyright 2009-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2009-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/crypto/openssl/doc/man3/X509_VERIFY_PARAM_set_flags.pod b/crypto/openssl/doc/man3/X509_VERIFY_PARAM_set_flags.pod index 7593dea7dab95..f6f304bf7bd04 100644 --- a/crypto/openssl/doc/man3/X509_VERIFY_PARAM_set_flags.pod +++ b/crypto/openssl/doc/man3/X509_VERIFY_PARAM_set_flags.pod @@ -129,7 +129,7 @@ interoperable, though it will, for example, reject MD5 signatures or RSA keys shorter than 1024 bits. X509_VERIFY_PARAM_set1_host() sets the expected DNS hostname to -B<name> clearing any previously specified host name or names. If +B<name> clearing any previously specified hostname or names. If B<name> is NULL, or empty the list of hostnames is cleared, and name checks are not performed on the peer certificate. If B<name> is NUL-terminated, B<namelen> may be zero, otherwise B<namelen> @@ -264,12 +264,15 @@ they are enabled. If B<X509_V_FLAG_USE_DELTAS> is set delta CRLs (if present) are used to determine certificate status. If not set deltas are ignored. -B<X509_V_FLAG_CHECK_SS_SIGNATURE> enables checking of the root CA self signed -certificate signature. By default this check is disabled because it doesn't +B<X509_V_FLAG_CHECK_SS_SIGNATURE> requests checking the signature of +the last certificate in a chain if the certificate is supposedly self-signed. +This is prohibited and will result in an error if it is a non-conforming CA +certificate with key usage restrictions not including the keyCertSign bit. +By default this check is disabled because it doesn't add any additional security but in some cases applications might want to -check the signature anyway. A side effect of not checking the root CA -signature is that disabled or unsupported message digests on the root CA -are not treated as fatal errors. +check the signature anyway. A side effect of not checking the self-signature +of such a certificate is that disabled or unsupported message digests used for +the signature are not treated as fatal errors. When B<X509_V_FLAG_TRUSTED_FIRST> is set, construction of the certificate chain in L<X509_verify_cert(3)> will search the trust store for issuer certificates @@ -376,7 +379,7 @@ The X509_VERIFY_PARAM_get_hostflags() function was added in OpenSSL 1.1.0i. =head1 COPYRIGHT -Copyright 2009-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2009-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/crypto/openssl/doc/man3/X509_check_ca.pod b/crypto/openssl/doc/man3/X509_check_ca.pod index 38f0811dd0f54..b70ecb787a689 100644 --- a/crypto/openssl/doc/man3/X509_check_ca.pod +++ b/crypto/openssl/doc/man3/X509_check_ca.pod @@ -24,7 +24,7 @@ B<keyUsage> extension with bit B<keyCertSign> set, but without B<basicConstraints>, and 5 if it has outdated Netscape Certificate Type extension telling that it is CA certificate. -Actually, any non-zero value means that this certificate could have been +Actually, any nonzero value means that this certificate could have been used to sign other certificates. =head1 SEE ALSO @@ -35,7 +35,7 @@ L<X509_check_purpose(3)> =head1 COPYRIGHT -Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/crypto/openssl/doc/man3/X509_check_host.pod b/crypto/openssl/doc/man3/X509_check_host.pod index dba6a6976e071..b8bdd4c831560 100644 --- a/crypto/openssl/doc/man3/X509_check_host.pod +++ b/crypto/openssl/doc/man3/X509_check_host.pod @@ -19,13 +19,13 @@ X509_check_host, X509_check_email, X509_check_ip, X509_check_ip_asc - X.509 cert =head1 DESCRIPTION The certificate matching functions are used to check whether a -certificate matches a given host name, email address, or IP address. +certificate matches a given hostname, email address, or IP address. The validity of the certificate and its trust level has to be checked by other means. X509_check_host() checks if the certificate Subject Alternative -Name (SAN) or Subject CommonName (CN) matches the specified host -name, which must be encoded in the preferred name syntax described +Name (SAN) or Subject CommonName (CN) matches the specified hostname, +which must be encoded in the preferred name syntax described in section 3.5 of RFC 1034. By default, wildcards are supported and they match only in the left-most label; but they may match part of that label with an explicit prefix or suffix. For example, @@ -37,7 +37,7 @@ Per section 6.4.2 of RFC 6125, B<name> values representing international domain names must be given in A-label form. The B<namelen> argument must be the number of characters in the name string or zero in which case the length is calculated with strlen(B<name>). When B<name> starts -with a dot (e.g ".example.com"), it will be matched by a certificate +with a dot (e.g. ".example.com"), it will be matched by a certificate valid for any sub-domain of B<name>, (see also B<X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS> below). @@ -150,7 +150,7 @@ These functions were added in OpenSSL 1.0.2. =head1 COPYRIGHT -Copyright 2012-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2012-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/crypto/openssl/doc/man3/X509_check_issued.pod b/crypto/openssl/doc/man3/X509_check_issued.pod index f9a541ef71def..55f75ac84bb47 100644 --- a/crypto/openssl/doc/man3/X509_check_issued.pod +++ b/crypto/openssl/doc/man3/X509_check_issued.pod @@ -2,7 +2,7 @@ =head1 NAME -X509_check_issued - checks if certificate is issued by another +X509_check_issued - checks if certificate is apparently issued by another certificate =head1 SYNOPSIS @@ -14,13 +14,14 @@ certificate =head1 DESCRIPTION -This function checks if certificate I<subject> was issued using CA -certificate I<issuer>. This function takes into account not only -matching of issuer field of I<subject> with subject field of I<issuer>, -but also compares B<authorityKeyIdentifier> extension of I<subject> with -B<subjectKeyIdentifier> of I<issuer> if B<authorityKeyIdentifier> -present in the I<subject> certificate and checks B<keyUsage> field of -I<issuer>. +X509_check_issued() checks if certificate I<subject> was apparently issued +using (CA) certificate I<issuer>. This function takes into account not only +matching of the issuer field of I<subject> with the subject field of I<issuer>, +but also compares all sub-fields of the B<authorityKeyIdentifier> extension of +I<subject>, as far as present, with the respective B<subjectKeyIdentifier>, +serial number, and issuer fields of I<issuer>, as far as present. It also checks +if the B<keyUsage> field (if present) of I<issuer> allows certificate signing. +It does not check the certificate signature. =head1 RETURN VALUES @@ -35,7 +36,7 @@ L<verify(1)> =head1 COPYRIGHT -Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/crypto/openssl/doc/man3/X509_check_purpose.pod b/crypto/openssl/doc/man3/X509_check_purpose.pod index bc38138743cdd..6af9e79815e4d 100644 --- a/crypto/openssl/doc/man3/X509_check_purpose.pod +++ b/crypto/openssl/doc/man3/X509_check_purpose.pod @@ -35,7 +35,7 @@ For non-CA checks =over 4 -=item -1 an error condition has occured +=item -1 an error condition has occurred =item E<32>1 if the certificate was created to perform the purpose represented by I<id> @@ -47,7 +47,7 @@ For CA checks the below integers could be returned with the following meanings: =over 4 -=item -1 an error condition has occured +=item -1 an error condition has occurred =item E<32>0 not a CA or does not have the purpose represented by I<id> diff --git a/crypto/openssl/doc/man3/X509_get0_signature.pod b/crypto/openssl/doc/man3/X509_get0_signature.pod index 4133bc37a9afd..99565e2a1d800 100644 --- a/crypto/openssl/doc/man3/X509_get0_signature.pod +++ b/crypto/openssl/doc/man3/X509_get0_signature.pod @@ -2,10 +2,10 @@ =head1 NAME -X509_get0_signature, X509_get_signature_nid, X509_get0_tbs_sigalg, -X509_REQ_get0_signature, X509_REQ_get_signature_nid, X509_CRL_get0_signature, -X509_CRL_get_signature_nid, X509_get_signature_info, X509_SIG_INFO_get, -X509_SIG_INFO_set - signature information +X509_get0_signature, X509_REQ_set0_signature, X509_REQ_set1_signature_algo, +X509_get_signature_nid, X509_get0_tbs_sigalg, X509_REQ_get0_signature, +X509_REQ_get_signature_nid, X509_CRL_get0_signature, X509_CRL_get_signature_nid, +X509_get_signature_info, X509_SIG_INFO_get, X509_SIG_INFO_set - signature information =head1 SYNOPSIS @@ -14,6 +14,8 @@ X509_SIG_INFO_set - signature information void X509_get0_signature(const ASN1_BIT_STRING **psig, const X509_ALGOR **palg, const X509 *x); + void X509_REQ_set0_signature(X509_REQ *req, ASN1_BIT_STRING *psig); + int X509_REQ_set1_signature_algo(X509_REQ *req, X509_ALGOR *palg); int X509_get_signature_nid(const X509 *x); const X509_ALGOR *X509_get0_tbs_sigalg(const X509 *x); @@ -41,6 +43,9 @@ X509_get0_signature() sets B<*psig> to the signature of B<x> and B<*palg> to the signature algorithm of B<x>. The values returned are internal pointers which B<MUST NOT> be freed up after the call. +X509_set0_signature() and X509_REQ_set1_signature_algo() are the +equivalent setters for the two values of X509_get0_signature(). + X509_get0_tbs_sigalg() returns the signature algorithm in the signed portion of B<x>. @@ -88,6 +93,10 @@ X509_get_signature_info() returns 1 if the signature information returned is valid or 0 if the information is not available (e.g. unknown algorithms or malformed parameters). +X509_REQ_set1_signature_algo() returns 0 on success; or 1 on an +error (e.g. null ALGO pointer). X509_REQ_set0_signature does +not return an error value. + =head1 SEE ALSO L<d2i_X509(3)>, @@ -118,9 +127,12 @@ X509_REQ_get0_signature(), X509_REQ_get_signature_nid(), X509_CRL_get0_signature() and X509_CRL_get_signature_nid() were added in OpenSSL 1.1.0. +The X509_REQ_set0_signature() and X509_REQ_set1_signature_algo() +were added in OpenSSL 1.1.1e. + =head1 COPYRIGHT -Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/crypto/openssl/doc/man3/X509v3_get_ext_by_NID.pod b/crypto/openssl/doc/man3/X509v3_get_ext_by_NID.pod index c81d46365099f..67a7df58823db 100644 --- a/crypto/openssl/doc/man3/X509v3_get_ext_by_NID.pod +++ b/crypto/openssl/doc/man3/X509v3_get_ext_by_NID.pod @@ -71,7 +71,7 @@ the extension is found its index is returned otherwise B<-1> is returned. X509v3_get_ext_by_critical() is similar to X509v3_get_ext_by_NID() except it looks for an extension of criticality B<crit>. A zero value for B<crit> -looks for a non-critical extension a non-zero value looks for a critical +looks for a non-critical extension a nonzero value looks for a critical extension. X509v3_delete_ext() deletes the extension with index B<loc> from B<x>. The @@ -132,7 +132,7 @@ L<X509V3_get_d2i(3)> =head1 COPYRIGHT -Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/crypto/openssl/doc/man3/d2i_DHparams.pod b/crypto/openssl/doc/man3/d2i_DHparams.pod index d4e34fe877feb..5be0c2986e53a 100644 --- a/crypto/openssl/doc/man3/d2i_DHparams.pod +++ b/crypto/openssl/doc/man3/d2i_DHparams.pod @@ -8,7 +8,7 @@ d2i_DHparams, i2d_DHparams - PKCS#3 DH parameter functions #include <openssl/dh.h> - DH *d2i_DHparams(DH **a, unsigned char **pp, long length); + DH *d2i_DHparams(DH **a, const unsigned char **pp, long length); int i2d_DHparams(DH *a, unsigned char **pp); =head1 DESCRIPTION @@ -32,7 +32,7 @@ L<d2i_X509(3)> =head1 COPYRIGHT -Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/crypto/openssl/doc/man3/d2i_X509.pod b/crypto/openssl/doc/man3/d2i_X509.pod index a8319bd4715b6..e42049d2baec5 100644 --- a/crypto/openssl/doc/man3/d2i_X509.pod +++ b/crypto/openssl/doc/man3/d2i_X509.pod @@ -365,7 +365,7 @@ i2d_X509_VAL, =for comment generic - TYPE *d2i_TYPE(TYPE **a, unsigned char **ppin, long length); + TYPE *d2i_TYPE(TYPE **a, const unsigned char **ppin, long length); TYPE *d2i_TYPE_bio(BIO *bp, TYPE **a); TYPE *d2i_TYPE_fp(FILE *fp, TYPE **a); @@ -436,8 +436,8 @@ The actual TYPE structure passed to i2d_TYPE() must be a valid populated B<TYPE> structure -- it B<cannot> simply be fed with an empty structure such as that returned by TYPE_new(). -The encoded data is in binary form and may contain embedded zeroes. -Therefore any FILE pointers or BIOs should be opened in binary mode. +The encoded data is in binary form and may contain embedded zeros. +Therefore, any FILE pointers or BIOs should be opened in binary mode. Functions such as strlen() will B<not> return the correct length of the encoded structure. @@ -529,7 +529,8 @@ Allocate and encode the DER encoding of an X509 structure: Attempt to decode a buffer: X509 *x; - unsigned char *buf, *p; + unsigned char *buf; + const unsigned char *p; int len; /* Set up buf and len to point to the input buffer. */ @@ -541,7 +542,8 @@ Attempt to decode a buffer: Alternative technique: X509 *x; - unsigned char *buf, *p; + unsigned char *buf; + const unsigned char *p; int len; /* Set up buf and len to point to the input buffer. */ diff --git a/crypto/openssl/doc/man5/config.pod b/crypto/openssl/doc/man5/config.pod index 7b50b099198cd..3cc2d73a526df 100644 --- a/crypto/openssl/doc/man5/config.pod +++ b/crypto/openssl/doc/man5/config.pod @@ -262,13 +262,11 @@ Example of a configuration with the system default: ssl_conf = ssl_sect [ssl_sect] - system_default = system_default_sect [system_default_sect] - MinProtocol = TLSv1.2 - + MinProtocol = DTLSv1.2 =head1 NOTES @@ -355,8 +353,8 @@ Simple OpenSSL library configuration example to enter FIPS mode: Note: in the above example you will get an error in non FIPS capable versions of OpenSSL. -Simple OpenSSL library configuration to make TLS 1.3 the system-default -minimum TLS version: +Simple OpenSSL library configuration to make TLS 1.2 and DTLS 1.2 the +system-default minimum TLS and DTLS versions, respectively: # Toplevel section for openssl (including libssl) openssl_conf = default_conf_section @@ -369,7 +367,12 @@ minimum TLS version: system_default = system_default_section [system_default_section] - MinProtocol = TLSv1.3 + MinProtocol = TLSv1.2 + MinProtocol = DTLSv1.2 + +The minimum TLS protocol is applied to B<SSL_CTX> objects that are TLS-based, +and the minimum DTLS protocol to those are DTLS-based. +The same applies also to maximum versions set with B<MaxProtocol>. More complex OpenSSL library configuration. Add OID and don't enter FIPS mode: @@ -432,7 +435,7 @@ the value. The escaping isn't quite right: if you want to use sequences like B<\n> you can't use any quote escaping on the same line. -Files are loaded in a single pass. This means that an variable expansion +Files are loaded in a single pass. This means that a variable expansion will only work if the variables referenced are defined earlier in the file. diff --git a/crypto/openssl/doc/man5/x509v3_config.pod b/crypto/openssl/doc/man5/x509v3_config.pod index 803b12b3edebb..5c0caa5b2bf69 100644 --- a/crypto/openssl/doc/man5/x509v3_config.pod +++ b/crypto/openssl/doc/man5/x509v3_config.pod @@ -60,8 +60,8 @@ The following sections describe each supported extension in detail. This is a multi valued extension which indicates whether a certificate is a CA certificate. The first (mandatory) name is B<CA> followed by B<TRUE> or -B<FALSE>. If B<CA> is B<TRUE> then an optional B<pathlen> name followed by an -non-negative value can be included. +B<FALSE>. If B<CA> is B<TRUE> then an optional B<pathlen> name followed by a +nonnegative value can be included. For example: @@ -534,7 +534,7 @@ L<ASN1_generate_nconf(3)> =head1 COPYRIGHT -Copyright 2004-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2004-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/crypto/openssl/doc/man7/SM2.pod b/crypto/openssl/doc/man7/SM2.pod index c8fceffa1cfcd..43786749b1eb7 100644 --- a/crypto/openssl/doc/man7/SM2.pod +++ b/crypto/openssl/doc/man7/SM2.pod @@ -33,7 +33,7 @@ Then an ID should be set by calling: EVP_PKEY_CTX_set1_id(pctx, id, id_len); When calling the EVP_DigestSignInit() or EVP_DigestVerifyInit() functions, a -pre-allocated B<EVP_PKEY_CTX> should be assigned to the B<EVP_MD_CTX>. This is +preallocated B<EVP_PKEY_CTX> should be assigned to the B<EVP_MD_CTX>. This is done by calling: EVP_MD_CTX_set_pkey_ctx(mctx, pctx); @@ -69,7 +69,7 @@ L<EVP_MD_CTX_set_pkey_ctx(3)> =head1 COPYRIGHT -Copyright 2018-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2018-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/crypto/openssl/doc/man7/evp.pod b/crypto/openssl/doc/man7/evp.pod index e493dacd23135..fd8d6c7fe38d0 100644 --- a/crypto/openssl/doc/man7/evp.pod +++ b/crypto/openssl/doc/man7/evp.pod @@ -25,7 +25,7 @@ functions. Symmetric encryption is available with the L<B<EVP_Encrypt>I<XXX>|EVP_EncryptInit(3)> functions. The L<B<EVP_Digest>I<XXX>|EVP_DigestInit(3)> functions provide message digests. -The B<EVP_PKEY>I<XXX> functions provide a high level interface to +The B<EVP_PKEY>I<XXX> functions provide a high-level interface to asymmetric algorithms. To create a new EVP_PKEY see L<EVP_PKEY_new(3)>. EVP_PKEYs can be associated with a private key of a particular algorithm by using the functions @@ -43,7 +43,7 @@ The EVP_PKEY functions support the full range of asymmetric algorithm operations =item For signing and verifying see L<EVP_PKEY_sign(3)>, L<EVP_PKEY_verify(3)> and L<EVP_PKEY_verify_recover(3)>. However, note that -these functions do not perform a digest of the data to be signed. Therefore +these functions do not perform a digest of the data to be signed. Therefore, normally you would use the L<EVP_DigestSignInit(3)> functions for this purpose. @@ -72,12 +72,12 @@ as defaults, then the various EVP functions will automatically use those implementations automatically in preference to built in software implementations. For more information, consult the engine(3) man page. -Although low level algorithm specific functions exist for many algorithms +Although low-level algorithm specific functions exist for many algorithms their use is discouraged. They cannot be used with an ENGINE and ENGINE -versions of new algorithms cannot be accessed using the low level functions. +versions of new algorithms cannot be accessed using the low-level functions. Also makes code harder to adapt to new algorithms and some options are not -cleanly supported at the low level and some operations are more efficient -using the high level interface. +cleanly supported at the low-level and some operations are more efficient +using the high-level interface. =head1 SEE ALSO @@ -104,7 +104,7 @@ L<ENGINE_by_id(3)> =head1 COPYRIGHT -Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/crypto/openssl/doc/man7/ossl_store.pod b/crypto/openssl/doc/man7/ossl_store.pod index 6e75abd314b70..b70619685103e 100644 --- a/crypto/openssl/doc/man7/ossl_store.pod +++ b/crypto/openssl/doc/man7/ossl_store.pod @@ -15,7 +15,7 @@ ossl_store - Store retrieval functions =head2 General A STORE is a layer of functionality to retrieve a number of supported -objects from a repository of any kind, addressable as a file name or +objects from a repository of any kind, addressable as a filename or as a URI. The functionality supports the pattern "open a channel to the @@ -77,7 +77,7 @@ L<OSSL_STORE_SEARCH(3)> =head1 COPYRIGHT -Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/crypto/openssl/e_os.h b/crypto/openssl/e_os.h index 34223a0bcdb60..9af7f3758d94d 100644 --- a/crypto/openssl/e_os.h +++ b/crypto/openssl/e_os.h @@ -308,7 +308,7 @@ extern FILE *_imp___iob; # if defined(OPENSSL_SYS_WINDOWS) # define strcasecmp _stricmp # define strncasecmp _strnicmp -# if (_MSC_VER >= 1310) +# if (_MSC_VER >= 1310) && !defined(_WIN32_WCE) # define open _open # define fdopen _fdopen # define close _close diff --git a/crypto/openssl/include/openssl/bn.h b/crypto/openssl/include/openssl/bn.h index 8af05d00e59a9..d87766049a42d 100644 --- a/crypto/openssl/include/openssl/bn.h +++ b/crypto/openssl/include/openssl/bn.h @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * * Licensed under the OpenSSL license (the "License"). You may not use @@ -56,7 +56,7 @@ extern "C" { * avoid leaking exponent information through timing, * BN_mod_exp_mont() will call BN_mod_exp_mont_consttime, * BN_div() will call BN_div_no_branch, - * BN_mod_inverse() will call BN_mod_inverse_no_branch. + * BN_mod_inverse() will call bn_mod_inverse_no_branch. */ # define BN_FLG_CONSTTIME 0x04 # define BN_FLG_SECURE 0x08 diff --git a/crypto/openssl/include/openssl/e_os2.h b/crypto/openssl/include/openssl/e_os2.h index 97a776cdacc76..cf308eee2cd25 100644 --- a/crypto/openssl/include/openssl/e_os2.h +++ b/crypto/openssl/include/openssl/e_os2.h @@ -1,5 +1,5 @@ /* - * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -241,7 +241,7 @@ typedef UINT64 uint64_t; defined(__osf__) || defined(__sgi) || defined(__hpux) || \ defined(OPENSSL_SYS_VMS) || defined (__OpenBSD__) # include <inttypes.h> -# elif defined(_MSC_VER) && _MSC_VER<=1500 +# elif defined(_MSC_VER) && _MSC_VER<1600 /* * minimally required typdefs for systems not supporting inttypes.h or * stdint.h: currently just older VC++ diff --git a/crypto/openssl/include/openssl/ec.h b/crypto/openssl/include/openssl/ec.h index 5af9ebdc7fce6..44cc139966ef1 100644 --- a/crypto/openssl/include/openssl/ec.h +++ b/crypto/openssl/include/openssl/ec.h @@ -1,5 +1,5 @@ /* - * Copyright 2002-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2002-2020 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * * Licensed under the OpenSSL license (the "License"). You may not use @@ -829,6 +829,8 @@ void EC_KEY_set_flags(EC_KEY *key, int flags); void EC_KEY_clear_flags(EC_KEY *key, int flags); +int EC_KEY_decoded_from_explicit_params(const EC_KEY *key); + /** Creates a new EC_KEY object using a named curve as underlying * EC_GROUP object. * \param nid NID of the named curve. diff --git a/crypto/openssl/include/openssl/ecerr.h b/crypto/openssl/include/openssl/ecerr.h index f7b91834564e2..51738113dc7d0 100644 --- a/crypto/openssl/include/openssl/ecerr.h +++ b/crypto/openssl/include/openssl/ecerr.h @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -243,6 +243,7 @@ int ERR_load_EC_strings(void); # define EC_R_LADDER_POST_FAILURE 136 # define EC_R_LADDER_PRE_FAILURE 153 # define EC_R_LADDER_STEP_FAILURE 162 +# define EC_R_MISSING_OID 167 # define EC_R_MISSING_PARAMETERS 124 # define EC_R_MISSING_PRIVATE_KEY 125 # define EC_R_NEED_NEW_SETUP_VALUES 157 diff --git a/crypto/openssl/include/openssl/opensslconf.h.in b/crypto/openssl/include/openssl/opensslconf.h.in index bc98cad51a64c..06270922c2aca 100644 --- a/crypto/openssl/include/openssl/opensslconf.h.in +++ b/crypto/openssl/include/openssl/opensslconf.h.in @@ -1,7 +1,7 @@ /* * {- join("\n * ", @autowarntext) -} * - * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -77,6 +77,11 @@ extern "C" { # undef DECLARE_DEPRECATED # define DECLARE_DEPRECATED(f) f __attribute__ ((deprecated)); # endif +# elif defined(__SUNPRO_C) +# if (__SUNPRO_C >= 0x5130) +# undef DECLARE_DEPRECATED +# define DECLARE_DEPRECATED(f) f __attribute__ ((deprecated)); +# endif # endif #endif diff --git a/crypto/openssl/include/openssl/opensslv.h b/crypto/openssl/include/openssl/opensslv.h index faa5aece20616..68f715fe61649 100644 --- a/crypto/openssl/include/openssl/opensslv.h +++ b/crypto/openssl/include/openssl/opensslv.h @@ -39,8 +39,8 @@ extern "C" { * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for * major minor fix final patch/beta) */ -# define OPENSSL_VERSION_NUMBER 0x1010107fL -# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1g-freebsd 21 Apr 2020" +# define OPENSSL_VERSION_NUMBER 0x1010108fL +# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1h-freebsd 22 Sep 2020" /*- * The macros below are to be used for shared library (.so, .dll, ...) diff --git a/crypto/openssl/include/openssl/pemerr.h b/crypto/openssl/include/openssl/pemerr.h index 0c45918f3c1d2..4f7e3574b34a8 100644 --- a/crypto/openssl/include/openssl/pemerr.h +++ b/crypto/openssl/include/openssl/pemerr.h @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -61,6 +61,7 @@ int ERR_load_PEM_strings(void); # define PEM_F_PEM_SIGNFINAL 112 # define PEM_F_PEM_WRITE 113 # define PEM_F_PEM_WRITE_BIO 114 +# define PEM_F_PEM_WRITE_BIO_PRIVATEKEY_TRADITIONAL 147 # define PEM_F_PEM_WRITE_PRIVATEKEY 139 # define PEM_F_PEM_X509_INFO_READ 115 # define PEM_F_PEM_X509_INFO_READ_BIO 116 @@ -99,5 +100,6 @@ int ERR_load_PEM_strings(void); # define PEM_R_UNSUPPORTED_CIPHER 113 # define PEM_R_UNSUPPORTED_ENCRYPTION 114 # define PEM_R_UNSUPPORTED_KEY_COMPONENTS 126 +# define PEM_R_UNSUPPORTED_PUBLIC_KEY_TYPE 110 #endif diff --git a/crypto/openssl/include/openssl/ssl.h b/crypto/openssl/include/openssl/ssl.h index 6724ccf2d2521..fd0c5a99967ff 100644 --- a/crypto/openssl/include/openssl/ssl.h +++ b/crypto/openssl/include/openssl/ssl.h @@ -1,5 +1,5 @@ /* - * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * Copyright 2005 Nokia. All rights reserved. * @@ -1393,7 +1393,7 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) # define SSL_get1_groups(s, glist) \ SSL_ctrl(s,SSL_CTRL_GET_GROUPS,0,(int*)(glist)) # define SSL_CTX_set1_groups(ctx, glist, glistlen) \ - SSL_CTX_ctrl(ctx,SSL_CTRL_SET_GROUPS,glistlen,(char *)(glist)) + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_GROUPS,glistlen,(int *)(glist)) # define SSL_CTX_set1_groups_list(ctx, s) \ SSL_CTX_ctrl(ctx,SSL_CTRL_SET_GROUPS_LIST,0,(char *)(s)) # define SSL_set1_groups(s, glist, glistlen) \ diff --git a/crypto/openssl/include/openssl/ssl3.h b/crypto/openssl/include/openssl/ssl3.h index 8d01fcc487651..07effba287d37 100644 --- a/crypto/openssl/include/openssl/ssl3.h +++ b/crypto/openssl/include/openssl/ssl3.h @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * * Licensed under the OpenSSL license (the "License"). You may not use @@ -292,6 +292,9 @@ extern "C" { # define TLS1_FLAGS_STATELESS 0x0800 +/* Set if extended master secret extension required on renegotiation */ +# define TLS1_FLAGS_REQUIRED_EXTMS 0x1000 + # define SSL3_MT_HELLO_REQUEST 0 # define SSL3_MT_CLIENT_HELLO 1 # define SSL3_MT_SERVER_HELLO 2 diff --git a/crypto/openssl/include/openssl/x509.h b/crypto/openssl/include/openssl/x509.h index 39ca0ba575615..b97ec342e2c9c 100644 --- a/crypto/openssl/include/openssl/x509.h +++ b/crypto/openssl/include/openssl/x509.h @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * * Licensed under the OpenSSL license (the "License"). You may not use @@ -478,6 +478,7 @@ void X509_ALGOR_get0(const ASN1_OBJECT **paobj, int *pptype, const void **ppval, const X509_ALGOR *algor); void X509_ALGOR_set_md(X509_ALGOR *alg, const EVP_MD *md); int X509_ALGOR_cmp(const X509_ALGOR *a, const X509_ALGOR *b); +int X509_ALGOR_copy(X509_ALGOR *dest, const X509_ALGOR *src); X509_NAME *X509_NAME_dup(X509_NAME *xn); X509_NAME_ENTRY *X509_NAME_ENTRY_dup(X509_NAME_ENTRY *ne); @@ -679,6 +680,8 @@ X509_NAME *X509_REQ_get_subject_name(const X509_REQ *req); int X509_REQ_set_subject_name(X509_REQ *req, X509_NAME *name); void X509_REQ_get0_signature(const X509_REQ *req, const ASN1_BIT_STRING **psig, const X509_ALGOR **palg); +void X509_REQ_set0_signature(X509_REQ *req, ASN1_BIT_STRING *psig); +int X509_REQ_set1_signature_algo(X509_REQ *req, X509_ALGOR *palg); int X509_REQ_get_signature_nid(const X509_REQ *req); int i2d_re_X509_REQ_tbs(X509_REQ *req, unsigned char **pp); int X509_REQ_set_pubkey(X509_REQ *x, EVP_PKEY *pkey); diff --git a/crypto/openssl/include/openssl/x509_vfy.h b/crypto/openssl/include/openssl/x509_vfy.h index adb8bce7cb437..25c79f1be2f01 100644 --- a/crypto/openssl/include/openssl/x509_vfy.h +++ b/crypto/openssl/include/openssl/x509_vfy.h @@ -1,5 +1,5 @@ /* - * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -184,6 +184,10 @@ void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth); # define X509_V_ERR_OCSP_VERIFY_NEEDED 73 /* Need OCSP verification */ # define X509_V_ERR_OCSP_VERIFY_FAILED 74 /* Couldn't verify cert through OCSP */ # define X509_V_ERR_OCSP_CERT_UNKNOWN 75 /* Certificate wasn't recognized by the OCSP responder */ +# define X509_V_ERR_SIGNATURE_ALGORITHM_MISMATCH 76 +# define X509_V_ERR_NO_ISSUER_PUBLIC_KEY 77 +# define X509_V_ERR_UNSUPPORTED_SIGNATURE_ALGORITHM 78 +# define X509_V_ERR_EC_KEY_EXPLICIT_PARAMS 79 /* Certificate verify flags */ diff --git a/crypto/openssl/include/openssl/x509err.h b/crypto/openssl/include/openssl/x509err.h index 0273853172d98..cd08673f8f69b 100644 --- a/crypto/openssl/include/openssl/x509err.h +++ b/crypto/openssl/include/openssl/x509err.h @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -11,9 +11,7 @@ #ifndef HEADER_X509ERR_H # define HEADER_X509ERR_H -# ifndef HEADER_SYMHACKS_H -# include <openssl/symhacks.h> -# endif +# include <openssl/symhacks.h> # ifdef __cplusplus extern "C" @@ -65,6 +63,7 @@ int ERR_load_X509_strings(void); # define X509_F_X509_OBJECT_NEW 150 # define X509_F_X509_PRINT_EX_FP 118 # define X509_F_X509_PUBKEY_DECODE 148 +# define X509_F_X509_PUBKEY_GET 161 # define X509_F_X509_PUBKEY_GET0 119 # define X509_F_X509_PUBKEY_SET 120 # define X509_F_X509_REQ_CHECK_PRIVATE_KEY 144 diff --git a/crypto/openssl/ssl/bio_ssl.c b/crypto/openssl/ssl/bio_ssl.c index ab9e6668cd57f..53129bfb88111 100644 --- a/crypto/openssl/ssl/bio_ssl.c +++ b/crypto/openssl/ssl/bio_ssl.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -284,6 +284,7 @@ static long ssl_ctrl(BIO *b, int cmd, long num, void *ptr) ssl_free(b); if (!ssl_new(b)) return 0; + bs = BIO_get_data(b); } BIO_set_shutdown(b, num); ssl = (SSL *)ptr; diff --git a/crypto/openssl/ssl/record/ssl3_buffer.c b/crypto/openssl/ssl/record/ssl3_buffer.c index 605f8f9b75be8..9b2a6964c6891 100644 --- a/crypto/openssl/ssl/record/ssl3_buffer.c +++ b/crypto/openssl/ssl/record/ssl3_buffer.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -94,7 +94,7 @@ int ssl3_setup_write_buffer(SSL *s, size_t numwpipes, size_t len) headerlen = SSL3_RT_HEADER_LENGTH; #if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD!=0 - align = (-SSL3_RT_HEADER_LENGTH) & (SSL3_ALIGN_PAYLOAD - 1); + align = SSL3_ALIGN_PAYLOAD - 1; #endif len = ssl_get_max_send_fragment(s) diff --git a/crypto/openssl/ssl/ssl_conf.c b/crypto/openssl/ssl/ssl_conf.c index 8ef29bb345353..0a3fef7c8c14b 100644 --- a/crypto/openssl/ssl/ssl_conf.c +++ b/crypto/openssl/ssl/ssl_conf.c @@ -1,5 +1,5 @@ /* - * Copyright 2012-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2012-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -305,6 +305,13 @@ static int protocol_from_string(const char *value) const char *name; int version; }; + /* + * Note: To avoid breaking previously valid configurations, we must retain + * legacy entries in this table even if the underlying protocol is no + * longer supported. This also means that the constants SSL3_VERSION, ... + * need to be retained indefinitely. This table can only grow, never + * shrink. + */ static const struct protocol_versions versions[] = { {"None", 0}, {"SSLv3", SSL3_VERSION}, diff --git a/crypto/openssl/ssl/ssl_lib.c b/crypto/openssl/ssl/ssl_lib.c index 7c7e59789ccdc..b1df374817c7e 100644 --- a/crypto/openssl/ssl/ssl_lib.c +++ b/crypto/openssl/ssl/ssl_lib.c @@ -1200,6 +1200,8 @@ void SSL_free(SSL *s) OPENSSL_free(s->ext.ocsp.resp); OPENSSL_free(s->ext.alpn); OPENSSL_free(s->ext.tls13_cookie); + if (s->clienthello != NULL) + OPENSSL_free(s->clienthello->pre_proc_exts); OPENSSL_free(s->clienthello); OPENSSL_free(s->pha_context); EVP_MD_CTX_free(s->pha_dgst); @@ -2895,7 +2897,8 @@ int SSL_export_keying_material(SSL *s, unsigned char *out, size_t olen, const unsigned char *context, size_t contextlen, int use_context) { - if (s->version < TLS1_VERSION && s->version != DTLS1_BAD_VER) + if (s->session == NULL + || (s->version < TLS1_VERSION && s->version != DTLS1_BAD_VER)) return -1; return s->method->ssl3_enc->export_keying_material(s, out, olen, label, @@ -3824,6 +3827,8 @@ SSL *SSL_dup(SSL *s) goto err; ret->version = s->version; ret->options = s->options; + ret->min_proto_version = s->min_proto_version; + ret->max_proto_version = s->max_proto_version; ret->mode = s->mode; SSL_set_max_cert_list(ret, SSL_get_max_cert_list(s)); SSL_set_read_ahead(ret, SSL_get_read_ahead(s)); @@ -3839,21 +3844,6 @@ SSL *SSL_dup(SSL *s) if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_SSL, &ret->ex_data, &s->ex_data)) goto err; - /* setup rbio, and wbio */ - if (s->rbio != NULL) { - if (!BIO_dup_state(s->rbio, (char *)&ret->rbio)) - goto err; - } - if (s->wbio != NULL) { - if (s->wbio != s->rbio) { - if (!BIO_dup_state(s->wbio, (char *)&ret->wbio)) - goto err; - } else { - BIO_up_ref(ret->rbio); - ret->wbio = ret->rbio; - } - } - ret->server = s->server; if (s->handshake_func) { if (s->server) diff --git a/crypto/openssl/ssl/ssl_rsa.c b/crypto/openssl/ssl/ssl_rsa.c index b9693527b3d2c..6457c0c0efa37 100644 --- a/crypto/openssl/ssl/ssl_rsa.c +++ b/crypto/openssl/ssl/ssl_rsa.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -148,15 +148,6 @@ static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey) EVP_PKEY_copy_parameters(pktmp, pkey); ERR_clear_error(); -#ifndef OPENSSL_NO_RSA - /* - * Don't check the public/private key, this is mostly for smart - * cards. - */ - if (EVP_PKEY_id(pkey) == EVP_PKEY_RSA - && RSA_flags(EVP_PKEY_get0_RSA(pkey)) & RSA_METHOD_FLAG_NO_CHECK) ; - else -#endif if (!X509_check_private_key(c->pkeys[i].x509, pkey)) { X509_free(c->pkeys[i].x509); c->pkeys[i].x509 = NULL; @@ -342,16 +333,6 @@ static int ssl_set_cert(CERT *c, X509 *x) EVP_PKEY_copy_parameters(pkey, c->pkeys[i].privatekey); ERR_clear_error(); -#ifndef OPENSSL_NO_RSA - /* - * Don't check the public/private key, this is mostly for smart - * cards. - */ - if (EVP_PKEY_id(c->pkeys[i].privatekey) == EVP_PKEY_RSA - && RSA_flags(EVP_PKEY_get0_RSA(c->pkeys[i].privatekey)) & - RSA_METHOD_FLAG_NO_CHECK) ; - else -#endif /* OPENSSL_NO_RSA */ if (!X509_check_private_key(x, c->pkeys[i].privatekey)) { /* * don't fail for a cert/key mismatch, just free current private @@ -1082,13 +1063,6 @@ static int ssl_set_cert_and_key(SSL *ssl, SSL_CTX *ctx, X509 *x509, EVP_PKEY *pr EVP_PKEY_copy_parameters(pubkey, privatekey); } /* else both have parameters */ - /* Copied from ssl_set_cert/pkey */ -#ifndef OPENSSL_NO_RSA - if ((EVP_PKEY_id(privatekey) == EVP_PKEY_RSA) && - ((RSA_flags(EVP_PKEY_get0_RSA(privatekey)) & RSA_METHOD_FLAG_NO_CHECK))) - /* no-op */ ; - else -#endif /* check that key <-> cert match */ if (EVP_PKEY_cmp(pubkey, privatekey) != 1) { SSLerr(SSL_F_SSL_SET_CERT_AND_KEY, SSL_R_PRIVATE_KEY_MISMATCH); diff --git a/crypto/openssl/ssl/statem/extensions.c b/crypto/openssl/ssl/statem/extensions.c index 4ef8b417b8207..c785ab785d380 100644 --- a/crypto/openssl/ssl/statem/extensions.c +++ b/crypto/openssl/ssl/statem/extensions.c @@ -1168,14 +1168,26 @@ static int init_etm(SSL *s, unsigned int context) static int init_ems(SSL *s, unsigned int context) { - if (!s->server) + if (s->s3->flags & TLS1_FLAGS_RECEIVED_EXTMS) { s->s3->flags &= ~TLS1_FLAGS_RECEIVED_EXTMS; + s->s3->flags |= TLS1_FLAGS_REQUIRED_EXTMS; + } return 1; } static int final_ems(SSL *s, unsigned int context, int sent) { + /* + * Check extended master secret extension is not dropped on + * renegotiation. + */ + if (!(s->s3->flags & TLS1_FLAGS_RECEIVED_EXTMS) + && (s->s3->flags & TLS1_FLAGS_REQUIRED_EXTMS)) { + SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_F_FINAL_EMS, + SSL_R_INCONSISTENT_EXTMS); + return 0; + } if (!s->server && s->hit) { /* * Check extended master secret extension is consistent with diff --git a/crypto/openssl/ssl/statem/extensions_srvr.c b/crypto/openssl/ssl/statem/extensions_srvr.c index 3b07c6b940f4b..3c7395c0eb263 100644 --- a/crypto/openssl/ssl/statem/extensions_srvr.c +++ b/crypto/openssl/ssl/statem/extensions_srvr.c @@ -1151,7 +1151,7 @@ int tls_parse_ctos_psk(SSL *s, PACKET *pkt, unsigned int context, X509 *x, if (sesstmp == NULL) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_CTOS_PSK, ERR_R_INTERNAL_ERROR); - return 0; + goto err; } SSL_SESSION_free(sess); sess = sesstmp; diff --git a/crypto/openssl/ssl/statem/statem_lib.c b/crypto/openssl/ssl/statem/statem_lib.c index 43d6fd5de941b..364f77f08a4e4 100644 --- a/crypto/openssl/ssl/statem/statem_lib.c +++ b/crypto/openssl/ssl/statem/statem_lib.c @@ -1341,6 +1341,7 @@ int tls_get_message_body(SSL *s, size_t *len) static const X509ERR2ALERT x509table[] = { {X509_V_ERR_APPLICATION_VERIFICATION, SSL_AD_HANDSHAKE_FAILURE}, {X509_V_ERR_CA_KEY_TOO_SMALL, SSL_AD_BAD_CERTIFICATE}, + {X509_V_ERR_EC_KEY_EXPLICIT_PARAMS, SSL_AD_BAD_CERTIFICATE}, {X509_V_ERR_CA_MD_TOO_WEAK, SSL_AD_BAD_CERTIFICATE}, {X509_V_ERR_CERT_CHAIN_TOO_LONG, SSL_AD_UNKNOWN_CA}, {X509_V_ERR_CERT_HAS_EXPIRED, SSL_AD_CERTIFICATE_EXPIRED}, @@ -1656,11 +1657,22 @@ int ssl_check_version_downgrade(SSL *s) */ int ssl_set_version_bound(int method_version, int version, int *bound) { + int valid_tls; + int valid_dtls; + if (version == 0) { *bound = version; return 1; } + valid_tls = version >= SSL3_VERSION && version <= TLS_MAX_VERSION; + valid_dtls = + DTLS_VERSION_LE(version, DTLS_MAX_VERSION) && + DTLS_VERSION_GE(version, DTLS1_BAD_VER); + + if (!valid_tls && !valid_dtls) + return 0; + /*- * Restrict TLS methods to TLS protocol versions. * Restrict DTLS methods to DTLS protocol versions. @@ -1671,31 +1683,24 @@ int ssl_set_version_bound(int method_version, int version, int *bound) * configurations. If the MIN (supported) version ever rises, the user's * "floor" remains valid even if no longer available. We don't expect the * MAX ceiling to ever get lower, so making that variable makes sense. + * + * We ignore attempts to set bounds on version-inflexible methods, + * returning success. */ switch (method_version) { default: - /* - * XXX For fixed version methods, should we always fail and not set any - * bounds, always succeed and not set any bounds, or set the bounds and - * arrange to fail later if they are not met? At present fixed-version - * methods are not subject to controls that disable individual protocol - * versions. - */ - return 0; + break; case TLS_ANY_VERSION: - if (version < SSL3_VERSION || version > TLS_MAX_VERSION) - return 0; + if (valid_tls) + *bound = version; break; case DTLS_ANY_VERSION: - if (DTLS_VERSION_GT(version, DTLS_MAX_VERSION) || - DTLS_VERSION_LT(version, DTLS1_BAD_VER)) - return 0; + if (valid_dtls) + *bound = version; break; } - - *bound = version; return 1; } diff --git a/crypto/openssl/ssl/t1_lib.c b/crypto/openssl/ssl/t1_lib.c index 76b4baa38893f..48d46f8a48bdc 100644 --- a/crypto/openssl/ssl/t1_lib.c +++ b/crypto/openssl/ssl/t1_lib.c @@ -2439,46 +2439,48 @@ int SSL_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain) #ifndef OPENSSL_NO_DH DH *ssl_get_auto_dh(SSL *s) { + DH *dhp = NULL; + BIGNUM *p = NULL, *g = NULL; int dh_secbits = 80; - if (s->cert->dh_tmp_auto == 2) - return DH_get_1024_160(); - if (s->s3->tmp.new_cipher->algorithm_auth & (SSL_aNULL | SSL_aPSK)) { - if (s->s3->tmp.new_cipher->strength_bits == 256) - dh_secbits = 128; - else - dh_secbits = 80; - } else { - if (s->s3->tmp.cert == NULL) - return NULL; - dh_secbits = EVP_PKEY_security_bits(s->s3->tmp.cert->privatekey); + if (s->cert->dh_tmp_auto != 2) { + if (s->s3->tmp.new_cipher->algorithm_auth & (SSL_aNULL | SSL_aPSK)) { + if (s->s3->tmp.new_cipher->strength_bits == 256) + dh_secbits = 128; + else + dh_secbits = 80; + } else { + if (s->s3->tmp.cert == NULL) + return NULL; + dh_secbits = EVP_PKEY_security_bits(s->s3->tmp.cert->privatekey); + } } - if (dh_secbits >= 128) { - DH *dhp = DH_new(); - BIGNUM *p, *g; - if (dhp == NULL) - return NULL; - g = BN_new(); - if (g == NULL || !BN_set_word(g, 2)) { - DH_free(dhp); - BN_free(g); - return NULL; - } - if (dh_secbits >= 192) - p = BN_get_rfc3526_prime_8192(NULL); - else - p = BN_get_rfc3526_prime_3072(NULL); - if (p == NULL || !DH_set0_pqg(dhp, p, NULL, g)) { - DH_free(dhp); - BN_free(p); - BN_free(g); - return NULL; - } - return dhp; + dhp = DH_new(); + if (dhp == NULL) + return NULL; + g = BN_new(); + if (g == NULL || !BN_set_word(g, 2)) { + DH_free(dhp); + BN_free(g); + return NULL; + } + if (dh_secbits >= 192) + p = BN_get_rfc3526_prime_8192(NULL); + else if (dh_secbits >= 152) + p = BN_get_rfc3526_prime_4096(NULL); + else if (dh_secbits >= 128) + p = BN_get_rfc3526_prime_3072(NULL); + else if (dh_secbits >= 112) + p = BN_get_rfc3526_prime_2048(NULL); + else + p = BN_get_rfc2409_prime_1024(NULL); + if (p == NULL || !DH_set0_pqg(dhp, p, NULL, g)) { + DH_free(dhp); + BN_free(p); + BN_free(g); + return NULL; } - if (dh_secbits >= 112) - return DH_get_2048_224(); - return DH_get_1024_160(); + return dhp; } #endif diff --git a/crypto/openssl/ssl/t1_trce.c b/crypto/openssl/ssl/t1_trce.c index 5c84339314cdf..e2c397b756575 100644 --- a/crypto/openssl/ssl/t1_trce.c +++ b/crypto/openssl/ssl/t1_trce.c @@ -1,5 +1,5 @@ /* - * Copyright 2012-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2012-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -656,7 +656,10 @@ static int ssl_print_random(BIO *bio, int indent, if (*pmsglen < 32) return 0; - tm = (p[0] << 24) | (p[1] << 16) | (p[2] << 8) | p[3]; + tm = ((unsigned int)p[0] << 24) + | ((unsigned int)p[1] << 16) + | ((unsigned int)p[2] << 8) + | (unsigned int)p[3]; p += 4; BIO_indent(bio, indent, 80); BIO_puts(bio, "Random:\n"); @@ -864,8 +867,10 @@ static int ssl_print_extension(BIO *bio, int indent, int server, break; if (extlen != 4) return 0; - max_early_data = (ext[0] << 24) | (ext[1] << 16) | (ext[2] << 8) - | ext[3]; + max_early_data = ((unsigned int)ext[0] << 24) + | ((unsigned int)ext[1] << 16) + | ((unsigned int)ext[2] << 8) + | (unsigned int)ext[3]; BIO_indent(bio, indent + 2, 80); BIO_printf(bio, "max_early_data=%u\n", max_early_data); break; @@ -1356,7 +1361,10 @@ static int ssl_print_ticket(BIO *bio, int indent, const SSL *ssl, } if (msglen < 4) return 0; - tick_life = (msg[0] << 24) | (msg[1] << 16) | (msg[2] << 8) | msg[3]; + tick_life = ((unsigned int)msg[0] << 24) + | ((unsigned int)msg[1] << 16) + | ((unsigned int)msg[2] << 8) + | (unsigned int)msg[3]; msglen -= 4; msg += 4; BIO_indent(bio, indent + 2, 80); @@ -1367,7 +1375,10 @@ static int ssl_print_ticket(BIO *bio, int indent, const SSL *ssl, if (msglen < 4) return 0; ticket_age_add = - (msg[0] << 24) | (msg[1] << 16) | (msg[2] << 8) | msg[3]; + ((unsigned int)msg[0] << 24) + | ((unsigned int)msg[1] << 16) + | ((unsigned int)msg[2] << 8) + | (unsigned int)msg[3]; msglen -= 4; msg += 4; BIO_indent(bio, indent + 2, 80); diff --git a/crypto/openssl/ssl/tls13_enc.c b/crypto/openssl/ssl/tls13_enc.c index 86754dc9677ca..b8fb07f210ef2 100644 --- a/crypto/openssl/ssl/tls13_enc.c +++ b/crypto/openssl/ssl/tls13_enc.c @@ -390,11 +390,18 @@ static int derive_secret_key_and_iv(SSL *s, int sending, const EVP_MD *md, uint32_t algenc; ivlen = EVP_CCM_TLS_IV_LEN; - if (s->s3->tmp.new_cipher == NULL) { + if (s->s3->tmp.new_cipher != NULL) { + algenc = s->s3->tmp.new_cipher->algorithm_enc; + } else if (s->session->cipher != NULL) { /* We've not selected a cipher yet - we must be doing early data */ algenc = s->session->cipher->algorithm_enc; + } else if (s->psksession != NULL && s->psksession->cipher != NULL) { + /* We must be doing early data with out-of-band PSK */ + algenc = s->psksession->cipher->algorithm_enc; } else { - algenc = s->s3->tmp.new_cipher->algorithm_enc; + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DERIVE_SECRET_KEY_AND_IV, + ERR_R_EVP_LIB); + goto err; } if (algenc & (SSL_AES128CCM8 | SSL_AES256CCM8)) taglen = EVP_CCM8_TLS_TAG_LEN; diff --git a/secure/lib/libcrypto/Makefile.inc b/secure/lib/libcrypto/Makefile.inc index 139dbb69a0ae9..859c7f646fa6a 100644 --- a/secure/lib/libcrypto/Makefile.inc +++ b/secure/lib/libcrypto/Makefile.inc @@ -3,8 +3,8 @@ .include <bsd.own.mk> # OpenSSL version used for manual page generation -OPENSSL_VER= 1.1.1g -OPENSSL_DATE= 2020-04-21 +OPENSSL_VER= 1.1.1h +OPENSSL_DATE= 2020-09-22 LCRYPTO_SRC= ${SRCTOP}/crypto/openssl LCRYPTO_DOC= ${LCRYPTO_SRC}/doc diff --git a/secure/lib/libcrypto/arm/ecp_nistz256-armv4.S b/secure/lib/libcrypto/arm/ecp_nistz256-armv4.S index 5a049d99e666f..25ee8d5464f35 100644 --- a/secure/lib/libcrypto/arm/ecp_nistz256-armv4.S +++ b/secure/lib/libcrypto/arm/ecp_nistz256-armv4.S @@ -3852,9 +3852,9 @@ ecp_nistz256_point_add: ldr r14,[sp,#32*18+12] @ ~is_equal(S1,S2) mvn r10,r10 @ -1/0 -> 0/-1 mvn r12,r12 @ -1/0 -> 0/-1 - orr r11,r10 - orr r11,r12 - orrs r11,r14 @ set flags + orr r11,r11,r10 + orr r11,r11,r12 + orrs r11,r11,r14 @ set flags @ if(~is_equal(U1,U2) | in1infty | in2infty | ~is_equal(S1,S2)) bne .Ladd_proceed diff --git a/secure/lib/libcrypto/man/man3/ADMISSIONS.3 b/secure/lib/libcrypto/man/man3/ADMISSIONS.3 index b75663dae3ad2..cee5c8462c48e 100644 --- a/secure/lib/libcrypto/man/man3/ADMISSIONS.3 +++ b/secure/lib/libcrypto/man/man3/ADMISSIONS.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "ADMISSIONS 3" -.TH ADMISSIONS 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH ADMISSIONS 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/ASN1_INTEGER_get_int64.3 b/secure/lib/libcrypto/man/man3/ASN1_INTEGER_get_int64.3 index d91d2462b323e..996757950ce10 100644 --- a/secure/lib/libcrypto/man/man3/ASN1_INTEGER_get_int64.3 +++ b/secure/lib/libcrypto/man/man3/ASN1_INTEGER_get_int64.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "ASN1_INTEGER_GET_INT64 3" -.TH ASN1_INTEGER_GET_INT64 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH ASN1_INTEGER_GET_INT64 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -215,7 +215,7 @@ instead. .IX Header "NOTES" In general an \fB\s-1ASN1_INTEGER\s0\fR or \fB\s-1ASN1_ENUMERATED\s0\fR type can contain an integer of almost arbitrary size and so cannot always be represented by a C -\&\fBint64_t\fR type. However in many cases (for example version numbers) they +\&\fBint64_t\fR type. However, in many cases (for example version numbers) they represent small integers which can be more easily manipulated if converted to an appropriate C integer type. .SH "BUGS" @@ -252,7 +252,7 @@ of \s-1NULL\s0 if an error occurs. They can fail if the passed type is incorrect were added in OpenSSL 1.1.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2015\-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2015\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/secure/lib/libcrypto/man/man3/ASN1_ITEM_lookup.3 b/secure/lib/libcrypto/man/man3/ASN1_ITEM_lookup.3 index ce356fbfe70cb..1a7baad1b3442 100644 --- a/secure/lib/libcrypto/man/man3/ASN1_ITEM_lookup.3 +++ b/secure/lib/libcrypto/man/man3/ASN1_ITEM_lookup.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "ASN1_ITEM_LOOKUP 3" -.TH ASN1_ITEM_LOOKUP 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH ASN1_ITEM_LOOKUP 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/ASN1_OBJECT_new.3 b/secure/lib/libcrypto/man/man3/ASN1_OBJECT_new.3 index 334c3ae191676..370ec984eaa43 100644 --- a/secure/lib/libcrypto/man/man3/ASN1_OBJECT_new.3 +++ b/secure/lib/libcrypto/man/man3/ASN1_OBJECT_new.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "ASN1_OBJECT_NEW 3" -.TH ASN1_OBJECT_NEW 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH ASN1_OBJECT_NEW 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/ASN1_STRING_TABLE_add.3 b/secure/lib/libcrypto/man/man3/ASN1_STRING_TABLE_add.3 index 121c98822f4d6..f8fdeaf856b75 100644 --- a/secure/lib/libcrypto/man/man3/ASN1_STRING_TABLE_add.3 +++ b/secure/lib/libcrypto/man/man3/ASN1_STRING_TABLE_add.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "ASN1_STRING_TABLE_ADD 3" -.TH ASN1_STRING_TABLE_ADD 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH ASN1_STRING_TABLE_ADD 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/ASN1_STRING_length.3 b/secure/lib/libcrypto/man/man3/ASN1_STRING_length.3 index 1480984bfc19a..6625524fea603 100644 --- a/secure/lib/libcrypto/man/man3/ASN1_STRING_length.3 +++ b/secure/lib/libcrypto/man/man3/ASN1_STRING_length.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "ASN1_STRING_LENGTH 3" -.TH ASN1_STRING_LENGTH 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH ASN1_STRING_LENGTH 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -206,7 +206,7 @@ In general it cannot be assumed that the data returned by \fBASN1_STRING_data()\ is null terminated or does not contain embedded nulls. The actual format of the data will depend on the actual string type itself: for example for an IA5String the data will be \s-1ASCII,\s0 for a BMPString two bytes per -character in big endian format, and for an UTF8String it will be in \s-1UTF8\s0 format. +character in big endian format, and for a UTF8String it will be in \s-1UTF8\s0 format. .PP Similar care should be take to ensure the data is in the correct format when calling \fBASN1_STRING_set()\fR. @@ -234,7 +234,7 @@ negative value if an error occurred. \&\fBERR_get_error\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2002\-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2002\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/secure/lib/libcrypto/man/man3/ASN1_STRING_new.3 b/secure/lib/libcrypto/man/man3/ASN1_STRING_new.3 index c5d121a476dec..48c29ff1ac3cf 100644 --- a/secure/lib/libcrypto/man/man3/ASN1_STRING_new.3 +++ b/secure/lib/libcrypto/man/man3/ASN1_STRING_new.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "ASN1_STRING_NEW 3" -.TH ASN1_STRING_NEW 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH ASN1_STRING_NEW 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/ASN1_STRING_print_ex.3 b/secure/lib/libcrypto/man/man3/ASN1_STRING_print_ex.3 index 23272efe8998b..3106e82e7eebe 100644 --- a/secure/lib/libcrypto/man/man3/ASN1_STRING_print_ex.3 +++ b/secure/lib/libcrypto/man/man3/ASN1_STRING_print_ex.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "ASN1_STRING_PRINT_EX 3" -.TH ASN1_STRING_PRINT_EX 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH ASN1_STRING_PRINT_EX 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/ASN1_TIME_set.3 b/secure/lib/libcrypto/man/man3/ASN1_TIME_set.3 index 774b72cd958ad..f2364eb2b3fb5 100644 --- a/secure/lib/libcrypto/man/man3/ASN1_TIME_set.3 +++ b/secure/lib/libcrypto/man/man3/ASN1_TIME_set.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "ASN1_TIME_SET 3" -.TH ASN1_TIME_SET 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH ASN1_TIME_SET 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -243,7 +243,7 @@ one or both (depending on the time difference) of \fB*pday\fR and \fB*psec\fR will be positive. If \fBto\fR represents a time earlier than \fBfrom\fR then one or both of \fB*pday\fR and \fB*psec\fR will be negative. If \fBto\fR and \fBfrom\fR represent the same time then \fB*pday\fR and \fB*psec\fR will both be zero. -If both \fB*pday\fR and \fB*psec\fR are non-zero they will always have the same +If both \fB*pday\fR and \fB*psec\fR are nonzero they will always have the same sign. The value of \fB*psec\fR will always be less than the number of seconds in a day. If \fBfrom\fR or \fBto\fR is \s-1NULL\s0 the current time is used. .PP @@ -291,7 +291,7 @@ format. .SH "BUGS" .IX Header "BUGS" \&\fBASN1_TIME_print()\fR, \fBASN1_UTCTIME_print()\fR and \fBASN1_GENERALIZEDTIME_print()\fR -do not print out the time zone: it either prints out \*(L"\s-1GMT\*(R"\s0 or nothing. But all +do not print out the timezone: it either prints out \*(L"\s-1GMT\*(R"\s0 or nothing. But all certificates complying with \s-1RFC5280\s0 et al use \s-1GMT\s0 anyway. .PP Use the \fBASN1_TIME_normalize()\fR function to normalize the time value before @@ -372,7 +372,7 @@ The \fBASN1_TIME_cmp_time_t()\fR function was added in OpenSSL 1.1.1. The \fBASN1_TIME_compare()\fR function was added in OpenSSL 1.1.1. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2015\-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2015\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/secure/lib/libcrypto/man/man3/ASN1_TYPE_get.3 b/secure/lib/libcrypto/man/man3/ASN1_TYPE_get.3 index 99ed9567c1349..f8882749da0fa 100644 --- a/secure/lib/libcrypto/man/man3/ASN1_TYPE_get.3 +++ b/secure/lib/libcrypto/man/man3/ASN1_TYPE_get.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "ASN1_TYPE_GET 3" -.TH ASN1_TYPE_GET 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH ASN1_TYPE_GET 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -169,7 +169,7 @@ up after the call. \&\fBASN1_TYPE_set1()\fR sets the value of \fBa\fR to \fBtype\fR a copy of \fBvalue\fR. .PP \&\fBASN1_TYPE_cmp()\fR compares \s-1ASN.1\s0 types \fBa\fR and \fBb\fR and returns 0 if -they are identical and non-zero otherwise. +they are identical and nonzero otherwise. .PP \&\fBASN1_TYPE_unpack_sequence()\fR attempts to parse the \s-1SEQUENCE\s0 present in \&\fBt\fR using the \s-1ASN.1\s0 structure \fBit\fR. If successful it returns a pointer @@ -197,12 +197,12 @@ length octets). .PP \&\fBASN1_TYPE_cmp()\fR may not return zero if two types are equivalent but have different encodings. For example the single content octet of the boolean \s-1TRUE\s0 -value under \s-1BER\s0 can have any non-zero encoding but \fBASN1_TYPE_cmp()\fR will +value under \s-1BER\s0 can have any nonzero encoding but \fBASN1_TYPE_cmp()\fR will only return zero if the values are the same. .PP If either or both of the parameters passed to \fBASN1_TYPE_cmp()\fR is \s-1NULL\s0 the -return value is non-zero. Technically if both parameters are \s-1NULL\s0 the two -types could be absent \s-1OPTIONAL\s0 fields and so should match, however passing +return value is nonzero. Technically if both parameters are \s-1NULL\s0 the two +types could be absent \s-1OPTIONAL\s0 fields and so should match, however, passing \&\s-1NULL\s0 values could also indicate a programming error (for example an unparsable type which returns \s-1NULL\s0) for types which do \fBnot\fR match. So applications should handle the case of two absent values separately. @@ -214,7 +214,7 @@ applications should handle the case of two absent values separately. .PP \&\fBASN1_TYPE_set1()\fR returns 1 for success and 0 for failure. .PP -\&\fBASN1_TYPE_cmp()\fR returns 0 if the types are identical and non-zero otherwise. +\&\fBASN1_TYPE_cmp()\fR returns 0 if the types are identical and nonzero otherwise. .PP \&\fBASN1_TYPE_unpack_sequence()\fR returns a pointer to an \s-1ASN.1\s0 structure or \&\s-1NULL\s0 on failure. diff --git a/secure/lib/libcrypto/man/man3/ASN1_generate_nconf.3 b/secure/lib/libcrypto/man/man3/ASN1_generate_nconf.3 index 7a4627ca958c0..e4bacf8de7fa9 100644 --- a/secure/lib/libcrypto/man/man3/ASN1_generate_nconf.3 +++ b/secure/lib/libcrypto/man/man3/ASN1_generate_nconf.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "ASN1_GENERATE_NCONF 3" -.TH ASN1_GENERATE_NCONF 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH ASN1_GENERATE_NCONF 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/ASYNC_WAIT_CTX_new.3 b/secure/lib/libcrypto/man/man3/ASYNC_WAIT_CTX_new.3 index 945d580354dc0..581b98ae7aaa9 100644 --- a/secure/lib/libcrypto/man/man3/ASYNC_WAIT_CTX_new.3 +++ b/secure/lib/libcrypto/man/man3/ASYNC_WAIT_CTX_new.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "ASYNC_WAIT_CTX_NEW 3" -.TH ASYNC_WAIT_CTX_NEW 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH ASYNC_WAIT_CTX_NEW 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -183,7 +183,7 @@ job in \fB*fd\fR. The number of file descriptors returned will be stored in \&\fB*numfds\fR. It is the caller's responsibility to ensure that sufficient memory has been allocated in \fB*fd\fR to receive all the file descriptors. Calling \&\fBASYNC_WAIT_CTX_get_all_fds()\fR with a \s-1NULL\s0 \fBfd\fR value will return no file -descriptors but will still populate \fB*numfds\fR. Therefore application code is +descriptors but will still populate \fB*numfds\fR. Therefore, application code is typically expected to call this function twice: once to get the number of fds, and then again when sufficient memory has been allocated. If only one asynchronous engine is being used then normally this call will only ever return @@ -248,7 +248,7 @@ success or 0 on error. On Windows platforms the openssl/async.h header is dependent on some of the types customarily made available by including windows.h. The application developer is likely to require control over when the latter -is included, commonly as one of the first included headers. Therefore +is included, commonly as one of the first included headers. Therefore, it is defined as an application developer's responsibility to include windows.h prior to async.h. .SH "SEE ALSO" @@ -262,7 +262,7 @@ windows.h prior to async.h. were added in OpenSSL 1.1.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2016\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/secure/lib/libcrypto/man/man3/ASYNC_start_job.3 b/secure/lib/libcrypto/man/man3/ASYNC_start_job.3 index 9f729f8063e35..2bdc3195fdc29 100644 --- a/secure/lib/libcrypto/man/man3/ASYNC_start_job.3 +++ b/secure/lib/libcrypto/man/man3/ASYNC_start_job.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "ASYNC_START_JOB 3" -.TH ASYNC_START_JOB 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH ASYNC_START_JOB 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -290,7 +290,7 @@ otherwise. On Windows platforms the openssl/async.h header is dependent on some of the types customarily made available by including windows.h. The application developer is likely to require control over when the latter -is included, commonly as one of the first included headers. Therefore +is included, commonly as one of the first included headers. Therefore, it is defined as an application developer's responsibility to include windows.h prior to async.h. .SH "EXAMPLES" @@ -445,7 +445,7 @@ ASYNC_start_job, ASYNC_pause_job, ASYNC_get_current_job, \fBASYNC_get_wait_ctx() added in OpenSSL 1.1.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2015\-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2015\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/secure/lib/libcrypto/man/man3/BF_encrypt.3 b/secure/lib/libcrypto/man/man3/BF_encrypt.3 index e4f0bf7789ed5..6fc9c316392da 100644 --- a/secure/lib/libcrypto/man/man3/BF_encrypt.3 +++ b/secure/lib/libcrypto/man/man3/BF_encrypt.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BF_ENCRYPT 3" -.TH BF_ENCRYPT 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH BF_ENCRYPT 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -196,7 +196,7 @@ recipient needs to know what it was initialized with, or it won't be able to decrypt. Some programs and protocols simplify this, like \s-1SSH,\s0 where \&\fBivec\fR is simply initialized to zero. \&\fBBF_cbc_encrypt()\fR operates on data that is a multiple of 8 bytes long, while -\&\fBBF_cfb64_encrypt()\fR and \fBBF_ofb64_encrypt()\fR are used to encrypt an variable +\&\fBBF_cfb64_encrypt()\fR and \fBBF_ofb64_encrypt()\fR are used to encrypt a variable number of bytes (the amount does not have to be an exact multiple of 8). The purpose of the latter two is to simulate stream ciphers, and therefore, they need the parameter \fBnum\fR, which is a pointer to an integer where the current @@ -241,7 +241,7 @@ functions directly. \&\fBdes_modes\fR\|(7) .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/secure/lib/libcrypto/man/man3/BIO_ADDR.3 b/secure/lib/libcrypto/man/man3/BIO_ADDR.3 index d41e5d963ec1c..bbae9de81ec22 100644 --- a/secure/lib/libcrypto/man/man3/BIO_ADDR.3 +++ b/secure/lib/libcrypto/man/man3/BIO_ADDR.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BIO_ADDR 3" -.TH BIO_ADDR 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH BIO_ADDR 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -176,7 +176,7 @@ with routines that will fill it with information, such as \&\fBBIO_ADDR_clear()\fR clears any data held within the provided \fB\s-1BIO_ADDR\s0\fR and sets it back to an uninitialised state. .PP -\&\fBBIO_ADDR_rawmake()\fR takes a protocol \fBfamily\fR, an byte array of +\&\fBBIO_ADDR_rawmake()\fR takes a protocol \fBfamily\fR, a byte array of size \fBwherelen\fR with an address in network byte order pointed at by \fBwhere\fR and a port number in network byte order in \fBport\fR (except for the \fB\s-1AF_UNIX\s0\fR protocol family, where \fBport\fR is meaningless and @@ -245,7 +245,7 @@ information they should return isn't available. \&\fBBIO_connect\fR\|(3), \fBBIO_s_connect\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2016\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/secure/lib/libcrypto/man/man3/BIO_ADDRINFO.3 b/secure/lib/libcrypto/man/man3/BIO_ADDRINFO.3 index 8d9534026d1a2..27d04cb0ade6b 100644 --- a/secure/lib/libcrypto/man/man3/BIO_ADDRINFO.3 +++ b/secure/lib/libcrypto/man/man3/BIO_ADDRINFO.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BIO_ADDRINFO 3" -.TH BIO_ADDRINFO 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH BIO_ADDRINFO 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -223,7 +223,7 @@ information they should return isn't available. .IX Header "NOTES" The \fBBIO_lookup_ex()\fR implementation uses the platform provided \fBgetaddrinfo()\fR function. On Linux it is known that specifying 0 for the protocol will not -return any \s-1SCTP\s0 based addresses when calling \fBgetaddrinfo()\fR. Therefore if an \s-1SCTP\s0 +return any \s-1SCTP\s0 based addresses when calling \fBgetaddrinfo()\fR. Therefore, if an \s-1SCTP\s0 address is required then the \fBprotocol\fR parameter to \fBBIO_lookup_ex()\fR should be explicitly set to \s-1IPPROTO_SCTP.\s0 The same may be true on other platforms. .SH "HISTORY" @@ -231,7 +231,7 @@ explicitly set to \s-1IPPROTO_SCTP.\s0 The same may be true on other platforms. The \fBBIO_lookup_ex()\fR function was added in OpenSSL 1.1.1. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2016\-2017 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2016\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/secure/lib/libcrypto/man/man3/BIO_connect.3 b/secure/lib/libcrypto/man/man3/BIO_connect.3 index 5d4c3eed329f9..a7357b271d4e6 100644 --- a/secure/lib/libcrypto/man/man3/BIO_connect.3 +++ b/secure/lib/libcrypto/man/man3/BIO_connect.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BIO_CONNECT 3" -.TH BIO_CONNECT 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH BIO_CONNECT 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -187,7 +187,7 @@ on the accepted socket. The flags are described in \*(L"\s-1FLAGS\*(R"\s0 below Enables regular sending of keep-alive messages. .IP "\s-1BIO_SOCK_NONBLOCK\s0" 4 .IX Item "BIO_SOCK_NONBLOCK" -Sets the socket to non-blocking mode. +Sets the socket to nonblocking mode. .IP "\s-1BIO_SOCK_NODELAY\s0" 4 .IX Item "BIO_SOCK_NODELAY" Corresponds to \fB\s-1TCP_NODELAY\s0\fR, and disables the Nagle algorithm. With @@ -232,7 +232,7 @@ error. Use the functions described above instead. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2016\-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2016\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/secure/lib/libcrypto/man/man3/BIO_ctrl.3 b/secure/lib/libcrypto/man/man3/BIO_ctrl.3 index 18e026659d934..a354e35bc14a8 100644 --- a/secure/lib/libcrypto/man/man3/BIO_ctrl.3 +++ b/secure/lib/libcrypto/man/man3/BIO_ctrl.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BIO_CTRL 3" -.TH BIO_CTRL 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH BIO_CTRL 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -240,7 +240,7 @@ Filter BIOs if they do not internally handle a particular \fBBIO_ctrl()\fR operation usually pass the operation to the next \s-1BIO\s0 in the chain. This often means there is no need to locate the required \s-1BIO\s0 for a particular operation, it can be called on a chain and it will -be automatically passed to the relevant \s-1BIO.\s0 However this can cause +be automatically passed to the relevant \s-1BIO.\s0 However, this can cause unexpected results: for example no current filter BIOs implement \&\fBBIO_seek()\fR, but this may still succeed if the chain ends in a \s-1FILE\s0 or file descriptor \s-1BIO.\s0 @@ -255,7 +255,7 @@ supported, if an error occurred, if \s-1EOF\s0 has not been reached and in the case of \fBBIO_seek()\fR on a file \s-1BIO\s0 for a successful operation. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/secure/lib/libcrypto/man/man3/BIO_f_base64.3 b/secure/lib/libcrypto/man/man3/BIO_f_base64.3 index 980a779379ec2..6c2c7de56ed16 100644 --- a/secure/lib/libcrypto/man/man3/BIO_f_base64.3 +++ b/secure/lib/libcrypto/man/man3/BIO_f_base64.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BIO_F_BASE64 3" -.TH BIO_F_BASE64 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH BIO_F_BASE64 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/BIO_f_buffer.3 b/secure/lib/libcrypto/man/man3/BIO_f_buffer.3 index 84651ef65a0ec..ecc130c79c7df 100644 --- a/secure/lib/libcrypto/man/man3/BIO_f_buffer.3 +++ b/secure/lib/libcrypto/man/man3/BIO_f_buffer.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BIO_F_BUFFER 3" -.TH BIO_F_BUFFER 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH BIO_F_BUFFER 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/BIO_f_cipher.3 b/secure/lib/libcrypto/man/man3/BIO_f_cipher.3 index 200be940d9f87..8b2db38b1df0e 100644 --- a/secure/lib/libcrypto/man/man3/BIO_f_cipher.3 +++ b/secure/lib/libcrypto/man/man3/BIO_f_cipher.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BIO_F_CIPHER 3" -.TH BIO_F_CIPHER 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH BIO_F_CIPHER 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/BIO_f_md.3 b/secure/lib/libcrypto/man/man3/BIO_f_md.3 index c7662e8cc13fe..ef1f212fd6340 100644 --- a/secure/lib/libcrypto/man/man3/BIO_f_md.3 +++ b/secure/lib/libcrypto/man/man3/BIO_f_md.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BIO_F_MD 3" -.TH BIO_F_MD 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH BIO_F_MD 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/BIO_f_null.3 b/secure/lib/libcrypto/man/man3/BIO_f_null.3 index a57b2f1748a59..e01f9b021520b 100644 --- a/secure/lib/libcrypto/man/man3/BIO_f_null.3 +++ b/secure/lib/libcrypto/man/man3/BIO_f_null.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BIO_F_NULL 3" -.TH BIO_F_NULL 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH BIO_F_NULL 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/BIO_f_ssl.3 b/secure/lib/libcrypto/man/man3/BIO_f_ssl.3 index 25e78cc47240b..fc942b507d546 100644 --- a/secure/lib/libcrypto/man/man3/BIO_f_ssl.3 +++ b/secure/lib/libcrypto/man/man3/BIO_f_ssl.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BIO_F_SSL 3" -.TH BIO_F_SSL 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH BIO_F_SSL 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/BIO_find_type.3 b/secure/lib/libcrypto/man/man3/BIO_find_type.3 index 78a1b46313cdc..3c0e6dba3b592 100644 --- a/secure/lib/libcrypto/man/man3/BIO_find_type.3 +++ b/secure/lib/libcrypto/man/man3/BIO_find_type.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BIO_FIND_TYPE 3" -.TH BIO_FIND_TYPE 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH BIO_FIND_TYPE 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/BIO_get_data.3 b/secure/lib/libcrypto/man/man3/BIO_get_data.3 index 7294a3d138987..bc1e8c4ceda01 100644 --- a/secure/lib/libcrypto/man/man3/BIO_get_data.3 +++ b/secure/lib/libcrypto/man/man3/BIO_get_data.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BIO_GET_DATA 3" -.TH BIO_GET_DATA 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH BIO_GET_DATA 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -161,7 +161,7 @@ the \s-1BIO.\s0 This data can subsequently be retrieved via a call to \fBBIO_get This can be used by custom BIOs for storing implementation specific information. .PP The \fBBIO_set_init()\fR function sets the value of the \s-1BIO\s0's \*(L"init\*(R" flag to indicate -whether initialisation has been completed for this \s-1BIO\s0 or not. A non-zero value +whether initialisation has been completed for this \s-1BIO\s0 or not. A nonzero value indicates that initialisation is complete, whilst zero indicates that it is not. Often initialisation will complete during initial construction of the \s-1BIO.\s0 For some BIOs however, initialisation may not complete until after additional steps @@ -187,7 +187,7 @@ bio, BIO_meth_new The functions described here were added in OpenSSL 1.1.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2016\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/secure/lib/libcrypto/man/man3/BIO_get_ex_new_index.3 b/secure/lib/libcrypto/man/man3/BIO_get_ex_new_index.3 index 7fb8a5d5368db..df2450746ccaf 100644 --- a/secure/lib/libcrypto/man/man3/BIO_get_ex_new_index.3 +++ b/secure/lib/libcrypto/man/man3/BIO_get_ex_new_index.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BIO_GET_EX_NEW_INDEX 3" -.TH BIO_GET_EX_NEW_INDEX 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH BIO_GET_EX_NEW_INDEX 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/BIO_meth_new.3 b/secure/lib/libcrypto/man/man3/BIO_meth_new.3 index 468d160f001e9..1620524bc3b1d 100644 --- a/secure/lib/libcrypto/man/man3/BIO_meth_new.3 +++ b/secure/lib/libcrypto/man/man3/BIO_meth_new.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BIO_METH_NEW 3" -.TH BIO_METH_NEW 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH BIO_METH_NEW 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/BIO_new.3 b/secure/lib/libcrypto/man/man3/BIO_new.3 index 4c393ebc7cf1b..96f9743d866a9 100644 --- a/secure/lib/libcrypto/man/man3/BIO_new.3 +++ b/secure/lib/libcrypto/man/man3/BIO_new.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BIO_NEW 3" -.TH BIO_NEW 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH BIO_NEW 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/BIO_new_CMS.3 b/secure/lib/libcrypto/man/man3/BIO_new_CMS.3 index ac41a112cc7f1..28148aa1694ff 100644 --- a/secure/lib/libcrypto/man/man3/BIO_new_CMS.3 +++ b/secure/lib/libcrypto/man/man3/BIO_new_CMS.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BIO_NEW_CMS 3" -.TH BIO_NEW_CMS 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH BIO_NEW_CMS 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/BIO_parse_hostserv.3 b/secure/lib/libcrypto/man/man3/BIO_parse_hostserv.3 index 5d26974262714..5a6f0d644c161 100644 --- a/secure/lib/libcrypto/man/man3/BIO_parse_hostserv.3 +++ b/secure/lib/libcrypto/man/man3/BIO_parse_hostserv.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BIO_PARSE_HOSTSERV 3" -.TH BIO_PARSE_HOSTSERV 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH BIO_PARSE_HOSTSERV 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -154,10 +154,10 @@ BIO_hostserv_priorities, BIO_parse_hostserv \&\- utility routines to parse a sta .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBBIO_parse_hostserv()\fR will parse the information given in \fBhostserv\fR, -create strings with the host name and service name and give those +create strings with the hostname and service name and give those back via \fBhost\fR and \fBservice\fR. Those will need to be freed after they are used. \fBhostserv_prio\fR helps determine if \fBhostserv\fR shall -be interpreted primarily as a host name or a service name in ambiguous +be interpreted primarily as a hostname or a service name in ambiguous cases. .PP The syntax the \fBBIO_parse_hostserv()\fR recognises is: @@ -204,7 +204,7 @@ and \fBhostserv_prio\fR, as follows: \&\s-1\fBBIO_ADDRINFO\s0\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2016\-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2016\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/secure/lib/libcrypto/man/man3/BIO_printf.3 b/secure/lib/libcrypto/man/man3/BIO_printf.3 index ead5337dc86b5..bae410fed24f1 100644 --- a/secure/lib/libcrypto/man/man3/BIO_printf.3 +++ b/secure/lib/libcrypto/man/man3/BIO_printf.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BIO_PRINTF 3" -.TH BIO_PRINTF 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH BIO_PRINTF 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/BIO_push.3 b/secure/lib/libcrypto/man/man3/BIO_push.3 index b50ea6ab603a7..a2f21048a704d 100644 --- a/secure/lib/libcrypto/man/man3/BIO_push.3 +++ b/secure/lib/libcrypto/man/man3/BIO_push.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BIO_PUSH 3" -.TH BIO_PUSH 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH BIO_PUSH 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/BIO_read.3 b/secure/lib/libcrypto/man/man3/BIO_read.3 index 45694821369b4..5be85e67b912a 100644 --- a/secure/lib/libcrypto/man/man3/BIO_read.3 +++ b/secure/lib/libcrypto/man/man3/BIO_read.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BIO_READ 3" -.TH BIO_READ 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH BIO_READ 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -189,7 +189,7 @@ the operation is not implemented in the specific \s-1BIO\s0 type. The trailing .SH "NOTES" .IX Header "NOTES" A 0 or \-1 return is not necessarily an indication of an error. In -particular when the source/sink is non-blocking or of a certain type +particular when the source/sink is nonblocking or of a certain type it may merely be an indication that no data is currently available and that the application should retry the operation later. .PP @@ -218,7 +218,7 @@ to the chain. keep the '\en' at the end of the line in the buffer. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/secure/lib/libcrypto/man/man3/BIO_s_accept.3 b/secure/lib/libcrypto/man/man3/BIO_s_accept.3 index 7eb09b98e6db2..1577b09420a48 100644 --- a/secure/lib/libcrypto/man/man3/BIO_s_accept.3 +++ b/secure/lib/libcrypto/man/man3/BIO_s_accept.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BIO_S_ACCEPT 3" -.TH BIO_S_ACCEPT 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH BIO_S_ACCEPT 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -277,7 +277,7 @@ however because the accept \s-1BIO\s0 will still accept additional incoming connections. This can be resolved by using \fBBIO_pop()\fR (see above) and freeing up the accept \s-1BIO\s0 after the initial connection. .PP -If the underlying accept socket is non-blocking and \fBBIO_do_accept()\fR is +If the underlying accept socket is nonblocking and \fBBIO_do_accept()\fR is called to await an incoming connection it is possible for \&\fBBIO_should_io_special()\fR with the reason \s-1BIO_RR_ACCEPT.\s0 If this happens then it is an indication that an accept attempt would block: the application @@ -357,7 +357,7 @@ down each and finally closes both down. .Ve .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/secure/lib/libcrypto/man/man3/BIO_s_bio.3 b/secure/lib/libcrypto/man/man3/BIO_s_bio.3 index 3676f74e3d0e0..7651c94d35e8f 100644 --- a/secure/lib/libcrypto/man/man3/BIO_s_bio.3 +++ b/secure/lib/libcrypto/man/man3/BIO_s_bio.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BIO_S_BIO 3" -.TH BIO_S_BIO 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH BIO_S_BIO 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -276,7 +276,7 @@ without having to go through the SSL-interface. \& ... \& BIO_new_bio_pair(&internal_bio, 0, &network_bio, 0); \& SSL_set_bio(ssl, internal_bio, internal_bio); -\& SSL_operations(); /* e.g SSL_read and SSL_write */ +\& SSL_operations(); /* e.g. SSL_read and SSL_write */ \& ... \& \& application | TLS\-engine @@ -300,7 +300,7 @@ without having to go through the SSL-interface. .Ve .PP As the \s-1BIO\s0 pair will only buffer the data and never directly access the -connection, it behaves non-blocking and will return as soon as the write +connection, it behaves nonblocking and will return as soon as the write buffer is full or the read buffer is drained. Then the application has to flush the write buffer and/or fill the read buffer. .PP @@ -321,7 +321,7 @@ the peer might be waiting for the data before being able to continue. \&\fBBIO_should_retry\fR\|(3), \fBBIO_read_ex\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/secure/lib/libcrypto/man/man3/BIO_s_connect.3 b/secure/lib/libcrypto/man/man3/BIO_s_connect.3 index b62f7f0e39cce..9bea884ff1baa 100644 --- a/secure/lib/libcrypto/man/man3/BIO_s_connect.3 +++ b/secure/lib/libcrypto/man/man3/BIO_s_connect.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BIO_S_CONNECT 3" -.TH BIO_S_CONNECT 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH BIO_S_CONNECT 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -238,7 +238,7 @@ If blocking I/O is set then a non positive return value from any I/O call is caused by an error condition, although a zero return will normally mean that the connection was closed. .PP -If the port name is supplied as part of the host name then this will +If the port name is supplied as part of the hostname then this will override any value set with \fBBIO_set_conn_port()\fR. This may be undesirable if the application does not wish to allow connection to arbitrary ports. This can be avoided by checking for the presence of the ':' @@ -330,7 +330,7 @@ were removed in OpenSSL 1.1.0. Use \fBBIO_set_conn_address()\fR and \fBBIO_get_conn_address()\fR instead. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/secure/lib/libcrypto/man/man3/BIO_s_fd.3 b/secure/lib/libcrypto/man/man3/BIO_s_fd.3 index d1c4e1cd71656..fe05931c69f40 100644 --- a/secure/lib/libcrypto/man/man3/BIO_s_fd.3 +++ b/secure/lib/libcrypto/man/man3/BIO_s_fd.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BIO_S_FD 3" -.TH BIO_S_FD 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH BIO_S_FD 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/BIO_s_file.3 b/secure/lib/libcrypto/man/man3/BIO_s_file.3 index 9c157f66382e9..af6981b853a2f 100644 --- a/secure/lib/libcrypto/man/man3/BIO_s_file.3 +++ b/secure/lib/libcrypto/man/man3/BIO_s_file.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BIO_S_FILE 3" -.TH BIO_S_FILE 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH BIO_S_FILE 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -212,7 +212,7 @@ in stdio behaviour will be mirrored by the corresponding \s-1BIO.\s0 .PP On Windows BIO_new_files reserves for the filename argument to be \&\s-1UTF\-8\s0 encoded. In other words if you have to make it work in multi\- -lingual environment, encode file names in \s-1UTF\-8.\s0 +lingual environment, encode filenames in \s-1UTF\-8.\s0 .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBBIO_s_file()\fR returns the file \s-1BIO\s0 method. @@ -295,7 +295,7 @@ occurred this differs from other types of \s-1BIO\s0 which will typically return \&\fBBIO_set_close\fR\|(3), \fBBIO_get_close\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/secure/lib/libcrypto/man/man3/BIO_s_mem.3 b/secure/lib/libcrypto/man/man3/BIO_s_mem.3 index ad42cf7287351..b67a5191316dd 100644 --- a/secure/lib/libcrypto/man/man3/BIO_s_mem.3 +++ b/secure/lib/libcrypto/man/man3/BIO_s_mem.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BIO_S_MEM 3" -.TH BIO_S_MEM 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH BIO_S_MEM 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/BIO_s_null.3 b/secure/lib/libcrypto/man/man3/BIO_s_null.3 index dd2f105c161ce..31455d4d42f99 100644 --- a/secure/lib/libcrypto/man/man3/BIO_s_null.3 +++ b/secure/lib/libcrypto/man/man3/BIO_s_null.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BIO_S_NULL 3" -.TH BIO_S_NULL 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH BIO_S_NULL 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/BIO_s_socket.3 b/secure/lib/libcrypto/man/man3/BIO_s_socket.3 index 291e1a31b1dcd..6fe9272e34969 100644 --- a/secure/lib/libcrypto/man/man3/BIO_s_socket.3 +++ b/secure/lib/libcrypto/man/man3/BIO_s_socket.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BIO_S_SOCKET 3" -.TH BIO_S_SOCKET 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH BIO_S_SOCKET 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/BIO_set_callback.3 b/secure/lib/libcrypto/man/man3/BIO_set_callback.3 index f468ccb43991b..abd453361ea04 100644 --- a/secure/lib/libcrypto/man/man3/BIO_set_callback.3 +++ b/secure/lib/libcrypto/man/man3/BIO_set_callback.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BIO_SET_CALLBACK 3" -.TH BIO_SET_CALLBACK 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH BIO_SET_CALLBACK 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -165,7 +165,7 @@ BIO_set_callback_ex, BIO_get_callback_ex, BIO_set_callback, BIO_get_callback, BI .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBBIO_set_callback_ex()\fR and \fBBIO_get_callback_ex()\fR set and retrieve the \s-1BIO\s0 -callback. The callback is called during most high level \s-1BIO\s0 operations. It can +callback. The callback is called during most high-level \s-1BIO\s0 operations. It can be used for debugging purposes to trace operations on a \s-1BIO\s0 or to modify its operation. .PP @@ -384,7 +384,7 @@ The \fBBIO_debug_callback()\fR function is a good example, its source is in crypto/bio/bio_cb.c .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/secure/lib/libcrypto/man/man3/BIO_should_retry.3 b/secure/lib/libcrypto/man/man3/BIO_should_retry.3 index 8938f3e7337e1..c01e8f89f527f 100644 --- a/secure/lib/libcrypto/man/man3/BIO_should_retry.3 +++ b/secure/lib/libcrypto/man/man3/BIO_should_retry.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BIO_SHOULD_RETRY 3" -.TH BIO_SHOULD_RETRY 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH BIO_SHOULD_RETRY 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/BN_BLINDING_new.3 b/secure/lib/libcrypto/man/man3/BN_BLINDING_new.3 index 539eb64613ab0..71dc01f86233b 100644 --- a/secure/lib/libcrypto/man/man3/BN_BLINDING_new.3 +++ b/secure/lib/libcrypto/man/man3/BN_BLINDING_new.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BN_BLINDING_NEW 3" -.TH BN_BLINDING_NEW 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH BN_BLINDING_NEW 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/BN_CTX_new.3 b/secure/lib/libcrypto/man/man3/BN_CTX_new.3 index 28157150a4e1c..82f41d056e5a8 100644 --- a/secure/lib/libcrypto/man/man3/BN_CTX_new.3 +++ b/secure/lib/libcrypto/man/man3/BN_CTX_new.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BN_CTX_NEW 3" -.TH BN_CTX_NEW 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH BN_CTX_NEW 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/BN_CTX_start.3 b/secure/lib/libcrypto/man/man3/BN_CTX_start.3 index 68298e68f093b..e19dd14f59c6a 100644 --- a/secure/lib/libcrypto/man/man3/BN_CTX_start.3 +++ b/secure/lib/libcrypto/man/man3/BN_CTX_start.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BN_CTX_START 3" -.TH BN_CTX_START 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH BN_CTX_START 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/BN_add.3 b/secure/lib/libcrypto/man/man3/BN_add.3 index 3777c89c59c2d..0a6e83ca765f3 100644 --- a/secure/lib/libcrypto/man/man3/BN_add.3 +++ b/secure/lib/libcrypto/man/man3/BN_add.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BN_ADD 3" -.TH BN_ADD 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH BN_ADD 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -203,16 +203,16 @@ For division by powers of 2, use \fBBN_rshift\fR\|(3). .PP \&\fBBN_mod()\fR corresponds to \fBBN_div()\fR with \fIdv\fR set to \fB\s-1NULL\s0\fR. .PP -\&\fBBN_nnmod()\fR reduces \fIa\fR modulo \fIm\fR and places the non-negative +\&\fBBN_nnmod()\fR reduces \fIa\fR modulo \fIm\fR and places the nonnegative remainder in \fIr\fR. .PP -\&\fBBN_mod_add()\fR adds \fIa\fR to \fIb\fR modulo \fIm\fR and places the non-negative +\&\fBBN_mod_add()\fR adds \fIa\fR to \fIb\fR modulo \fIm\fR and places the nonnegative result in \fIr\fR. .PP \&\fBBN_mod_sub()\fR subtracts \fIb\fR from \fIa\fR modulo \fIm\fR and places the -non-negative result in \fIr\fR. +nonnegative result in \fIr\fR. .PP -\&\fBBN_mod_mul()\fR multiplies \fIa\fR by \fIb\fR and finds the non-negative +\&\fBBN_mod_mul()\fR multiplies \fIa\fR by \fIb\fR and finds the nonnegative remainder respective to modulus \fIm\fR (\f(CW\*(C`r=(a*b) mod m\*(C'\fR). \fIr\fR may be the same \fB\s-1BIGNUM\s0\fR as \fIa\fR or \fIb\fR. For more efficient algorithms for repeated computations using the same modulus, see @@ -251,7 +251,7 @@ The error codes can be obtained by \fBERR_get_error\fR\|(3). \&\fBBN_add_word\fR\|(3), \fBBN_set_bit\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/secure/lib/libcrypto/man/man3/BN_add_word.3 b/secure/lib/libcrypto/man/man3/BN_add_word.3 index 7f3acf4c08c4a..94c896c48766a 100644 --- a/secure/lib/libcrypto/man/man3/BN_add_word.3 +++ b/secure/lib/libcrypto/man/man3/BN_add_word.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BN_ADD_WORD 3" -.TH BN_ADD_WORD 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH BN_ADD_WORD 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/BN_bn2bin.3 b/secure/lib/libcrypto/man/man3/BN_bn2bin.3 index ebf86e8c54b8d..9714788b9e556 100644 --- a/secure/lib/libcrypto/man/man3/BN_bn2bin.3 +++ b/secure/lib/libcrypto/man/man3/BN_bn2bin.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BN_BN2BIN 3" -.TH BN_BN2BIN 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH BN_BN2BIN 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -171,7 +171,7 @@ memory. .PP \&\fBBN_bn2binpad()\fR also converts the absolute value of \fBa\fR into big-endian form and stores it at \fBto\fR. \fBtolen\fR indicates the length of the output buffer -\&\fBto\fR. The result is padded with zeroes if necessary. If \fBtolen\fR is less than +\&\fBto\fR. The result is padded with zeros if necessary. If \fBtolen\fR is less than BN_num_bytes(\fBa\fR) an error is returned. .PP \&\fBBN_bin2bn()\fR converts the positive integer in big-endian form of length @@ -237,7 +237,7 @@ The error codes can be obtained by \fBERR_get_error\fR\|(3). \&\fBBN_num_bytes\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/secure/lib/libcrypto/man/man3/BN_cmp.3 b/secure/lib/libcrypto/man/man3/BN_cmp.3 index d2299d67c4e8a..0f2febc1775f8 100644 --- a/secure/lib/libcrypto/man/man3/BN_cmp.3 +++ b/secure/lib/libcrypto/man/man3/BN_cmp.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BN_CMP 3" -.TH BN_CMP 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH BN_CMP 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/BN_copy.3 b/secure/lib/libcrypto/man/man3/BN_copy.3 index bc7cb5ce4fe84..d8151e120e58f 100644 --- a/secure/lib/libcrypto/man/man3/BN_copy.3 +++ b/secure/lib/libcrypto/man/man3/BN_copy.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BN_COPY 3" -.TH BN_COPY 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH BN_COPY 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/BN_generate_prime.3 b/secure/lib/libcrypto/man/man3/BN_generate_prime.3 index 1a4b834429f9f..029b2c9bb4d06 100644 --- a/secure/lib/libcrypto/man/man3/BN_generate_prime.3 +++ b/secure/lib/libcrypto/man/man3/BN_generate_prime.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BN_GENERATE_PRIME 3" -.TH BN_GENERATE_PRIME 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH BN_GENERATE_PRIME 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -251,7 +251,7 @@ For instance, to reach the 128 bit security level, \fBnchecks\fR should be set t .PP If \fBcb\fR is not \fB\s-1NULL\s0\fR, \fBBN_GENCB_call(cb, 1, j)\fR is called after the j\-th iteration (j = 0, 1, ...). \fBctx\fR is a -pre-allocated \fB\s-1BN_CTX\s0\fR (to save the overhead of allocating and +preallocated \fB\s-1BN_CTX\s0\fR (to save the overhead of allocating and freeing the structure in a loop), or \fB\s-1NULL\s0\fR. .PP \&\fBBN_GENCB_call()\fR calls the callback function held in the \fB\s-1BN_GENCB\s0\fR structure diff --git a/secure/lib/libcrypto/man/man3/BN_mod_inverse.3 b/secure/lib/libcrypto/man/man3/BN_mod_inverse.3 index 901508432d5ff..9d74b598cfad7 100644 --- a/secure/lib/libcrypto/man/man3/BN_mod_inverse.3 +++ b/secure/lib/libcrypto/man/man3/BN_mod_inverse.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BN_MOD_INVERSE 3" -.TH BN_MOD_INVERSE 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH BN_MOD_INVERSE 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/BN_mod_mul_montgomery.3 b/secure/lib/libcrypto/man/man3/BN_mod_mul_montgomery.3 index 76e1c1e5cf0d0..d20e40a38f815 100644 --- a/secure/lib/libcrypto/man/man3/BN_mod_mul_montgomery.3 +++ b/secure/lib/libcrypto/man/man3/BN_mod_mul_montgomery.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BN_MOD_MUL_MONTGOMERY 3" -.TH BN_MOD_MUL_MONTGOMERY 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH BN_MOD_MUL_MONTGOMERY 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -184,7 +184,7 @@ the result in \fIr\fR. \&\fBBN_from_montgomery()\fR performs the Montgomery reduction \fIr\fR = \fIa\fR*R^\-1. .PP \&\fBBN_to_montgomery()\fR computes Mont(\fIa\fR,R^2), i.e. \fIa\fR*R. -Note that \fIa\fR must be non-negative and smaller than the modulus. +Note that \fIa\fR must be nonnegative and smaller than the modulus. .PP For all functions, \fIctx\fR is a previously allocated \fB\s-1BN_CTX\s0\fR used for temporary variables. @@ -210,7 +210,7 @@ outside the expected range. \&\fBBN_MONT_CTX_init()\fR was removed in OpenSSL 1.1.0 .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/secure/lib/libcrypto/man/man3/BN_mod_mul_reciprocal.3 b/secure/lib/libcrypto/man/man3/BN_mod_mul_reciprocal.3 index 2aa6fae043070..f941547e772ee 100644 --- a/secure/lib/libcrypto/man/man3/BN_mod_mul_reciprocal.3 +++ b/secure/lib/libcrypto/man/man3/BN_mod_mul_reciprocal.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BN_MOD_MUL_RECIPROCAL 3" -.TH BN_MOD_MUL_RECIPROCAL 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH BN_MOD_MUL_RECIPROCAL 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/BN_new.3 b/secure/lib/libcrypto/man/man3/BN_new.3 index fcc7e3d786849..eb4b44943b1a2 100644 --- a/secure/lib/libcrypto/man/man3/BN_new.3 +++ b/secure/lib/libcrypto/man/man3/BN_new.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BN_NEW 3" -.TH BN_NEW 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH BN_NEW 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/BN_num_bytes.3 b/secure/lib/libcrypto/man/man3/BN_num_bytes.3 index d866550527cae..bdcb636b21702 100644 --- a/secure/lib/libcrypto/man/man3/BN_num_bytes.3 +++ b/secure/lib/libcrypto/man/man3/BN_num_bytes.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BN_NUM_BYTES 3" -.TH BN_NUM_BYTES 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH BN_NUM_BYTES 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/BN_rand.3 b/secure/lib/libcrypto/man/man3/BN_rand.3 index 391b343216550..a9e17aede912f 100644 --- a/secure/lib/libcrypto/man/man3/BN_rand.3 +++ b/secure/lib/libcrypto/man/man3/BN_rand.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BN_RAND 3" -.TH BN_RAND 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH BN_RAND 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/BN_security_bits.3 b/secure/lib/libcrypto/man/man3/BN_security_bits.3 index 8599c25f3adc3..568efe77a958f 100644 --- a/secure/lib/libcrypto/man/man3/BN_security_bits.3 +++ b/secure/lib/libcrypto/man/man3/BN_security_bits.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BN_SECURITY_BITS 3" -.TH BN_SECURITY_BITS 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH BN_SECURITY_BITS 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/BN_set_bit.3 b/secure/lib/libcrypto/man/man3/BN_set_bit.3 index b917198e5f6bd..c09f7eff6341d 100644 --- a/secure/lib/libcrypto/man/man3/BN_set_bit.3 +++ b/secure/lib/libcrypto/man/man3/BN_set_bit.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BN_SET_BIT 3" -.TH BN_SET_BIT 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH BN_SET_BIT 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -173,11 +173,11 @@ error occurs if \fBa\fR is shorter than \fBn\fR bits. shorter than \fBn\fR bits. .PP \&\fBBN_lshift()\fR shifts \fBa\fR left by \fBn\fR bits and places the result in -\&\fBr\fR (\f(CW\*(C`r=a*2^n\*(C'\fR). Note that \fBn\fR must be non-negative. \fBBN_lshift1()\fR shifts +\&\fBr\fR (\f(CW\*(C`r=a*2^n\*(C'\fR). Note that \fBn\fR must be nonnegative. \fBBN_lshift1()\fR shifts \&\fBa\fR left by one and places the result in \fBr\fR (\f(CW\*(C`r=2*a\*(C'\fR). .PP \&\fBBN_rshift()\fR shifts \fBa\fR right by \fBn\fR bits and places the result in -\&\fBr\fR (\f(CW\*(C`r=a/2^n\*(C'\fR). Note that \fBn\fR must be non-negative. \fBBN_rshift1()\fR shifts +\&\fBr\fR (\f(CW\*(C`r=a/2^n\*(C'\fR). Note that \fBn\fR must be nonnegative. \fBBN_rshift1()\fR shifts \&\fBa\fR right by one and places the result in \fBr\fR (\f(CW\*(C`r=a/2\*(C'\fR). .PP For the shift functions, \fBr\fR and \fBa\fR may be the same variable. @@ -192,7 +192,7 @@ can be obtained by \fBERR_get_error\fR\|(3). \&\fBBN_num_bytes\fR\|(3), \fBBN_add\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/secure/lib/libcrypto/man/man3/BN_swap.3 b/secure/lib/libcrypto/man/man3/BN_swap.3 index 6ee296d2a7dd1..c00a2f1a0df27 100644 --- a/secure/lib/libcrypto/man/man3/BN_swap.3 +++ b/secure/lib/libcrypto/man/man3/BN_swap.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BN_SWAP 3" -.TH BN_SWAP 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH BN_SWAP 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/BN_zero.3 b/secure/lib/libcrypto/man/man3/BN_zero.3 index 0e332f5681b28..070da14ba6365 100644 --- a/secure/lib/libcrypto/man/man3/BN_zero.3 +++ b/secure/lib/libcrypto/man/man3/BN_zero.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BN_ZERO 3" -.TH BN_ZERO 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH BN_ZERO 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/BUF_MEM_new.3 b/secure/lib/libcrypto/man/man3/BUF_MEM_new.3 index 1f1942e975af0..4790bd4198643 100644 --- a/secure/lib/libcrypto/man/man3/BUF_MEM_new.3 +++ b/secure/lib/libcrypto/man/man3/BUF_MEM_new.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BUF_MEM_NEW 3" -.TH BUF_MEM_NEW 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH BUF_MEM_NEW 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/CMS_add0_cert.3 b/secure/lib/libcrypto/man/man3/CMS_add0_cert.3 index 3c7eb19a1c4c4..c06056b5add4a 100644 --- a/secure/lib/libcrypto/man/man3/CMS_add0_cert.3 +++ b/secure/lib/libcrypto/man/man3/CMS_add0_cert.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "CMS_ADD0_CERT 3" -.TH CMS_ADD0_CERT 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH CMS_ADD0_CERT 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/CMS_add1_recipient_cert.3 b/secure/lib/libcrypto/man/man3/CMS_add1_recipient_cert.3 index 73742c64dcdda..331f952d8fd33 100644 --- a/secure/lib/libcrypto/man/man3/CMS_add1_recipient_cert.3 +++ b/secure/lib/libcrypto/man/man3/CMS_add1_recipient_cert.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "CMS_ADD1_RECIPIENT_CERT 3" -.TH CMS_ADD1_RECIPIENT_CERT 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH CMS_ADD1_RECIPIENT_CERT 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/CMS_add1_signer.3 b/secure/lib/libcrypto/man/man3/CMS_add1_signer.3 index 6f15d002904ed..d8ab62a6678e2 100644 --- a/secure/lib/libcrypto/man/man3/CMS_add1_signer.3 +++ b/secure/lib/libcrypto/man/man3/CMS_add1_signer.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "CMS_ADD1_SIGNER 3" -.TH CMS_ADD1_SIGNER 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH CMS_ADD1_SIGNER 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/CMS_compress.3 b/secure/lib/libcrypto/man/man3/CMS_compress.3 index c3345685f6742..ec750a4cabb06 100644 --- a/secure/lib/libcrypto/man/man3/CMS_compress.3 +++ b/secure/lib/libcrypto/man/man3/CMS_compress.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "CMS_COMPRESS 3" -.TH CMS_COMPRESS 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH CMS_COMPRESS 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/CMS_decrypt.3 b/secure/lib/libcrypto/man/man3/CMS_decrypt.3 index 84e975b7dab4e..0611ecbdf87e2 100644 --- a/secure/lib/libcrypto/man/man3/CMS_decrypt.3 +++ b/secure/lib/libcrypto/man/man3/CMS_decrypt.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "CMS_DECRYPT 3" -.TH CMS_DECRYPT 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH CMS_DECRYPT 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/CMS_encrypt.3 b/secure/lib/libcrypto/man/man3/CMS_encrypt.3 index a47e6cab05683..b2be886196e05 100644 --- a/secure/lib/libcrypto/man/man3/CMS_encrypt.3 +++ b/secure/lib/libcrypto/man/man3/CMS_encrypt.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "CMS_ENCRYPT 3" -.TH CMS_ENCRYPT 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH CMS_ENCRYPT 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/CMS_final.3 b/secure/lib/libcrypto/man/man3/CMS_final.3 index 02f6ee57b4960..34aaac1ee90d8 100644 --- a/secure/lib/libcrypto/man/man3/CMS_final.3 +++ b/secure/lib/libcrypto/man/man3/CMS_final.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "CMS_FINAL 3" -.TH CMS_FINAL 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH CMS_FINAL 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/CMS_get0_RecipientInfos.3 b/secure/lib/libcrypto/man/man3/CMS_get0_RecipientInfos.3 index 9d9514b865374..d4c2709c951af 100644 --- a/secure/lib/libcrypto/man/man3/CMS_get0_RecipientInfos.3 +++ b/secure/lib/libcrypto/man/man3/CMS_get0_RecipientInfos.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "CMS_GET0_RECIPIENTINFOS 3" -.TH CMS_GET0_RECIPIENTINFOS 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH CMS_GET0_RECIPIENTINFOS 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/CMS_get0_SignerInfos.3 b/secure/lib/libcrypto/man/man3/CMS_get0_SignerInfos.3 index 5797392178d93..6fb07283cd907 100644 --- a/secure/lib/libcrypto/man/man3/CMS_get0_SignerInfos.3 +++ b/secure/lib/libcrypto/man/man3/CMS_get0_SignerInfos.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "CMS_GET0_SIGNERINFOS 3" -.TH CMS_GET0_SIGNERINFOS 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH CMS_GET0_SIGNERINFOS 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/CMS_get0_type.3 b/secure/lib/libcrypto/man/man3/CMS_get0_type.3 index e237fdeddad2f..c35819658f0b3 100644 --- a/secure/lib/libcrypto/man/man3/CMS_get0_type.3 +++ b/secure/lib/libcrypto/man/man3/CMS_get0_type.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "CMS_GET0_TYPE 3" -.TH CMS_GET0_TYPE 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH CMS_GET0_TYPE 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/CMS_get1_ReceiptRequest.3 b/secure/lib/libcrypto/man/man3/CMS_get1_ReceiptRequest.3 index 4ab98e3ed9d7c..b1de45a455655 100644 --- a/secure/lib/libcrypto/man/man3/CMS_get1_ReceiptRequest.3 +++ b/secure/lib/libcrypto/man/man3/CMS_get1_ReceiptRequest.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "CMS_GET1_RECEIPTREQUEST 3" -.TH CMS_GET1_RECEIPTREQUEST 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH CMS_GET1_RECEIPTREQUEST 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/CMS_sign.3 b/secure/lib/libcrypto/man/man3/CMS_sign.3 index 47b65f8b2c1f8..4e1978894f222 100644 --- a/secure/lib/libcrypto/man/man3/CMS_sign.3 +++ b/secure/lib/libcrypto/man/man3/CMS_sign.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "CMS_SIGN 3" -.TH CMS_SIGN 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH CMS_SIGN 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/CMS_sign_receipt.3 b/secure/lib/libcrypto/man/man3/CMS_sign_receipt.3 index ac957d903b58c..2ef115ad3d130 100644 --- a/secure/lib/libcrypto/man/man3/CMS_sign_receipt.3 +++ b/secure/lib/libcrypto/man/man3/CMS_sign_receipt.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "CMS_SIGN_RECEIPT 3" -.TH CMS_SIGN_RECEIPT 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH CMS_SIGN_RECEIPT 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/CMS_uncompress.3 b/secure/lib/libcrypto/man/man3/CMS_uncompress.3 index 1698f2d9d2bcc..29d8b6b1f03a8 100644 --- a/secure/lib/libcrypto/man/man3/CMS_uncompress.3 +++ b/secure/lib/libcrypto/man/man3/CMS_uncompress.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "CMS_UNCOMPRESS 3" -.TH CMS_UNCOMPRESS 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH CMS_UNCOMPRESS 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/CMS_verify.3 b/secure/lib/libcrypto/man/man3/CMS_verify.3 index 32cbc6cb492d3..4e3761e128a17 100644 --- a/secure/lib/libcrypto/man/man3/CMS_verify.3 +++ b/secure/lib/libcrypto/man/man3/CMS_verify.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "CMS_VERIFY 3" -.TH CMS_VERIFY 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH CMS_VERIFY 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -161,7 +161,7 @@ present in \fBcms\fR. The content is written to \fBout\fR if it is not \s-1NULL. \&\fBflags\fR is an optional set of flags, which can be used to modify the verify operation. .PP -\&\fBCMS_get0_signers()\fR retrieves the signing certificate(s) from \fBcms\fR, it must +\&\fBCMS_get0_signers()\fR retrieves the signing certificate(s) from \fBcms\fR, it may only be called after a successful \fBCMS_verify()\fR operation. .SH "VERIFY PROCESS" .IX Header "VERIFY PROCESS" @@ -229,7 +229,7 @@ useful if one merely wishes to write the content to \fBout\fR and its validity is not considered important. .PP Chain verification should arguably be performed using the signing time rather -than the current time. However since the signing time is supplied by the +than the current time. However, since the signing time is supplied by the signer it cannot be trusted without additional evidence (such as a trusted timestamp). .SH "RETURN VALUES" @@ -253,7 +253,7 @@ be held in memory if it is not detached. \&\fBERR_get_error\fR\|(3), \fBCMS_sign\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2008\-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2008\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/secure/lib/libcrypto/man/man3/CMS_verify_receipt.3 b/secure/lib/libcrypto/man/man3/CMS_verify_receipt.3 index 35ba3e792a149..5ac00fe3e2a15 100644 --- a/secure/lib/libcrypto/man/man3/CMS_verify_receipt.3 +++ b/secure/lib/libcrypto/man/man3/CMS_verify_receipt.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "CMS_VERIFY_RECEIPT 3" -.TH CMS_VERIFY_RECEIPT 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH CMS_VERIFY_RECEIPT 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/CONF_modules_free.3 b/secure/lib/libcrypto/man/man3/CONF_modules_free.3 index 9280af5ea21ac..39cc52d649598 100644 --- a/secure/lib/libcrypto/man/man3/CONF_modules_free.3 +++ b/secure/lib/libcrypto/man/man3/CONF_modules_free.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "CONF_MODULES_FREE 3" -.TH CONF_MODULES_FREE 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH CONF_MODULES_FREE 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/CONF_modules_load_file.3 b/secure/lib/libcrypto/man/man3/CONF_modules_load_file.3 index d848db6b59025..023a0ec15cdb8 100644 --- a/secure/lib/libcrypto/man/man3/CONF_modules_load_file.3 +++ b/secure/lib/libcrypto/man/man3/CONF_modules_load_file.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "CONF_MODULES_LOAD_FILE 3" -.TH CONF_MODULES_LOAD_FILE 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH CONF_MODULES_LOAD_FILE 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/CRYPTO_THREAD_run_once.3 b/secure/lib/libcrypto/man/man3/CRYPTO_THREAD_run_once.3 index 4c00284c694c9..f2604f638c006 100644 --- a/secure/lib/libcrypto/man/man3/CRYPTO_THREAD_run_once.3 +++ b/secure/lib/libcrypto/man/man3/CRYPTO_THREAD_run_once.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "CRYPTO_THREAD_RUN_ONCE 3" -.TH CRYPTO_THREAD_RUN_ONCE 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH CRYPTO_THREAD_RUN_ONCE 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -207,7 +207,7 @@ On Windows platforms the CRYPTO_THREAD_* types and functions in the openssl/crypto.h header are dependent on some of the types customarily made available by including windows.h. The application developer is likely to require control over when the latter is included, commonly as -one of the first included headers. Therefore it is defined as an +one of the first included headers. Therefore, it is defined as an application developer's responsibility to include windows.h prior to crypto.h where use of CRYPTO_THREAD_* types and functions is required. .SH "EXAMPLES" @@ -275,7 +275,7 @@ You can find out if OpenSSL was configured with thread support: \&\fBcrypto\fR\|(7) .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/secure/lib/libcrypto/man/man3/CRYPTO_get_ex_new_index.3 b/secure/lib/libcrypto/man/man3/CRYPTO_get_ex_new_index.3 index 05153350a82ef..089843aee81b4 100644 --- a/secure/lib/libcrypto/man/man3/CRYPTO_get_ex_new_index.3 +++ b/secure/lib/libcrypto/man/man3/CRYPTO_get_ex_new_index.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "CRYPTO_GET_EX_NEW_INDEX 3" -.TH CRYPTO_GET_EX_NEW_INDEX 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH CRYPTO_GET_EX_NEW_INDEX 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/CRYPTO_memcmp.3 b/secure/lib/libcrypto/man/man3/CRYPTO_memcmp.3 index ed9cbd1784c21..548c9b8998da1 100644 --- a/secure/lib/libcrypto/man/man3/CRYPTO_memcmp.3 +++ b/secure/lib/libcrypto/man/man3/CRYPTO_memcmp.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "CRYPTO_MEMCMP 3" -.TH CRYPTO_MEMCMP 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH CRYPTO_MEMCMP 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -155,15 +155,15 @@ It takes an amount of time dependent on \fBlen\fR, but independent of the contents of the memory regions pointed to by \fBa\fR and \fBb\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fBCRYPTO_memcmp()\fR returns 0 if the memory regions are equal and non-zero +\&\fBCRYPTO_memcmp()\fR returns 0 if the memory regions are equal and nonzero otherwise. .SH "NOTES" .IX Header "NOTES" Unlike \fBmemcmp\fR\|(2), this function cannot be used to order the two memory regions -as the return value when they differ is undefined, other than being non-zero. +as the return value when they differ is undefined, other than being nonzero. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2019\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/secure/lib/libcrypto/man/man3/CTLOG_STORE_get0_log_by_id.3 b/secure/lib/libcrypto/man/man3/CTLOG_STORE_get0_log_by_id.3 index 487e72dd7afa8..200267b59eb68 100644 --- a/secure/lib/libcrypto/man/man3/CTLOG_STORE_get0_log_by_id.3 +++ b/secure/lib/libcrypto/man/man3/CTLOG_STORE_get0_log_by_id.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "CTLOG_STORE_GET0_LOG_BY_ID 3" -.TH CTLOG_STORE_GET0_LOG_BY_ID 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH CTLOG_STORE_GET0_LOG_BY_ID 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/CTLOG_STORE_new.3 b/secure/lib/libcrypto/man/man3/CTLOG_STORE_new.3 index 31d08409cdb0d..b0342af58031d 100644 --- a/secure/lib/libcrypto/man/man3/CTLOG_STORE_new.3 +++ b/secure/lib/libcrypto/man/man3/CTLOG_STORE_new.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "CTLOG_STORE_NEW 3" -.TH CTLOG_STORE_NEW 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH CTLOG_STORE_NEW 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/CTLOG_new.3 b/secure/lib/libcrypto/man/man3/CTLOG_new.3 index 9946b02c488a5..a16e97f502084 100644 --- a/secure/lib/libcrypto/man/man3/CTLOG_new.3 +++ b/secure/lib/libcrypto/man/man3/CTLOG_new.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "CTLOG_NEW 3" -.TH CTLOG_NEW 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH CTLOG_NEW 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/CT_POLICY_EVAL_CTX_new.3 b/secure/lib/libcrypto/man/man3/CT_POLICY_EVAL_CTX_new.3 index 8ebd186849fe8..49fbaf16e4f57 100644 --- a/secure/lib/libcrypto/man/man3/CT_POLICY_EVAL_CTX_new.3 +++ b/secure/lib/libcrypto/man/man3/CT_POLICY_EVAL_CTX_new.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "CT_POLICY_EVAL_CTX_NEW 3" -.TH CT_POLICY_EVAL_CTX_NEW 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH CT_POLICY_EVAL_CTX_NEW 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/DEFINE_STACK_OF.3 b/secure/lib/libcrypto/man/man3/DEFINE_STACK_OF.3 index 3c98b1eb0c7e2..987cadb40df4c 100644 --- a/secure/lib/libcrypto/man/man3/DEFINE_STACK_OF.3 +++ b/secure/lib/libcrypto/man/man3/DEFINE_STACK_OF.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "DEFINE_STACK_OF 3" -.TH DEFINE_STACK_OF 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH DEFINE_STACK_OF 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/DES_random_key.3 b/secure/lib/libcrypto/man/man3/DES_random_key.3 index 75ecbfe77f9e4..bbb80c4558bd9 100644 --- a/secure/lib/libcrypto/man/man3/DES_random_key.3 +++ b/secure/lib/libcrypto/man/man3/DES_random_key.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "DES_RANDOM_KEY 3" -.TH DES_RANDOM_KEY 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH DES_RANDOM_KEY 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -249,7 +249,7 @@ is returned. If the key is a weak key, then \-2 is returned. If an error is returned, the key schedule is not generated. .PP \&\fBDES_set_key()\fR works like -\&\fBDES_set_key_checked()\fR if the \fIDES_check_key\fR flag is non-zero, +\&\fBDES_set_key_checked()\fR if the \fIDES_check_key\fR flag is nonzero, otherwise like \fBDES_set_key_unchecked()\fR. These functions are available for compatibility; it is recommended to use a function that does not depend on a global variable. @@ -266,7 +266,7 @@ The following routines mostly operate on an input and output stream of decrypts a single 8\-byte \fIDES_cblock\fR in \fIelectronic code book\fR (\s-1ECB\s0) mode. It always transforms the input data, pointed to by \&\fIinput\fR, into the output data, pointed to by the \fIoutput\fR argument. -If the \fIencrypt\fR argument is non-zero (\s-1DES_ENCRYPT\s0), the \fIinput\fR +If the \fIencrypt\fR argument is nonzero (\s-1DES_ENCRYPT\s0), the \fIinput\fR (cleartext) is encrypted in to the \fIoutput\fR (ciphertext) using the key_schedule specified by the \fIschedule\fR argument, previously set via \&\fIDES_set_key\fR. If \fIencrypt\fR is zero (\s-1DES_DECRYPT\s0), the \fIinput\fR (now @@ -285,7 +285,7 @@ The macro \fBDES_ecb2_encrypt()\fR is provided to perform two-key Triple-DES encryption by using \fIks1\fR for the final encryption. .PP \&\fBDES_ncbc_encrypt()\fR encrypts/decrypts using the \fIcipher-block-chaining\fR -(\s-1CBC\s0) mode of \s-1DES.\s0 If the \fIencrypt\fR argument is non-zero, the +(\s-1CBC\s0) mode of \s-1DES.\s0 If the \fIencrypt\fR argument is nonzero, the routine cipher-block-chain encrypts the cleartext data pointed to by the \fIinput\fR argument into the ciphertext pointed to by the \fIoutput\fR argument, using the key schedule provided by the \fIschedule\fR argument, @@ -436,7 +436,7 @@ if both character were not present, and could crash when given non-ASCII on some platforms. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/secure/lib/libcrypto/man/man3/DH_generate_key.3 b/secure/lib/libcrypto/man/man3/DH_generate_key.3 index 7cc2220cdce05..dda7217f0b223 100644 --- a/secure/lib/libcrypto/man/man3/DH_generate_key.3 +++ b/secure/lib/libcrypto/man/man3/DH_generate_key.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "DH_GENERATE_KEY 3" -.TH DH_GENERATE_KEY 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH DH_GENERATE_KEY 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/DH_generate_parameters.3 b/secure/lib/libcrypto/man/man3/DH_generate_parameters.3 index 7f581b5f15697..7a71a959fdaf7 100644 --- a/secure/lib/libcrypto/man/man3/DH_generate_parameters.3 +++ b/secure/lib/libcrypto/man/man3/DH_generate_parameters.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "DH_GENERATE_PARAMETERS 3" -.TH DH_GENERATE_PARAMETERS 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH DH_GENERATE_PARAMETERS 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/DH_get0_pqg.3 b/secure/lib/libcrypto/man/man3/DH_get0_pqg.3 index 35199167e3579..b28d40a0a1324 100644 --- a/secure/lib/libcrypto/man/man3/DH_get0_pqg.3 +++ b/secure/lib/libcrypto/man/man3/DH_get0_pqg.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "DH_GET0_PQG 3" -.TH DH_GET0_PQG 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH DH_GET0_PQG 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -214,7 +214,7 @@ within the \s-1DH\s0 object. object, or \s-1NULL\s0 if no such \s-1ENGINE\s0 has been set. .PP The \fBDH_get_length()\fR and \fBDH_set_length()\fR functions get and set the optional -length parameter associated with this \s-1DH\s0 object. If the length is non-zero then +length parameter associated with this \s-1DH\s0 object. If the length is nonzero then it is used, otherwise it is ignored. The \fBlength\fR parameter indicates the length of the secret exponent (private key) in bits. .SH "NOTES" @@ -246,7 +246,7 @@ or zero if no such length has been explicitly set. The functions described here were added in OpenSSL 1.1.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2016\-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2016\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/secure/lib/libcrypto/man/man3/DH_get_1024_160.3 b/secure/lib/libcrypto/man/man3/DH_get_1024_160.3 index 950ac6f953f7a..08be2bb3710c9 100644 --- a/secure/lib/libcrypto/man/man3/DH_get_1024_160.3 +++ b/secure/lib/libcrypto/man/man3/DH_get_1024_160.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "DH_GET_1024_160 3" -.TH DH_GET_1024_160 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH DH_GET_1024_160 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/DH_meth_new.3 b/secure/lib/libcrypto/man/man3/DH_meth_new.3 index 61edfe27390cf..d02357f858583 100644 --- a/secure/lib/libcrypto/man/man3/DH_meth_new.3 +++ b/secure/lib/libcrypto/man/man3/DH_meth_new.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "DH_METH_NEW 3" -.TH DH_METH_NEW 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH DH_METH_NEW 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/DH_new.3 b/secure/lib/libcrypto/man/man3/DH_new.3 index 69a5f20b247ad..103a11d2734df 100644 --- a/secure/lib/libcrypto/man/man3/DH_new.3 +++ b/secure/lib/libcrypto/man/man3/DH_new.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "DH_NEW 3" -.TH DH_NEW 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH DH_NEW 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/DH_new_by_nid.3 b/secure/lib/libcrypto/man/man3/DH_new_by_nid.3 index 722c097082852..b87dc4e9f268b 100644 --- a/secure/lib/libcrypto/man/man3/DH_new_by_nid.3 +++ b/secure/lib/libcrypto/man/man3/DH_new_by_nid.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "DH_NEW_BY_NID 3" -.TH DH_NEW_BY_NID 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH DH_NEW_BY_NID 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/DH_set_method.3 b/secure/lib/libcrypto/man/man3/DH_set_method.3 index 91213e5afd9fa..d84a034522bc1 100644 --- a/secure/lib/libcrypto/man/man3/DH_set_method.3 +++ b/secure/lib/libcrypto/man/man3/DH_set_method.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "DH_SET_METHOD 3" -.TH DH_SET_METHOD 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH DH_SET_METHOD 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -181,7 +181,7 @@ API\s0 is being used, so this function is no longer recommended. This will replace the \s-1DH_METHOD\s0 used by the \s-1DH\s0 key and if the previous method was supplied by an \s-1ENGINE,\s0 the handle to that \s-1ENGINE\s0 will be released during the change. It is possible to have \s-1DH\s0 keys that only work with certain \s-1DH_METHOD\s0 -implementations (eg. from an \s-1ENGINE\s0 module that supports embedded +implementations (e.g. from an \s-1ENGINE\s0 module that supports embedded hardware-protected keys), and in such cases attempting to change the \s-1DH_METHOD\s0 for the key can have unexpected results. .PP @@ -199,7 +199,7 @@ A new \s-1DH_METHOD\s0 object may be constructed using \fBDH_meth_new()\fR (see .PP \&\fBDH_set_default_method()\fR returns no value. .PP -\&\fBDH_set_method()\fR returns non-zero if the provided \fBmeth\fR was successfully set as +\&\fBDH_set_method()\fR returns nonzero if the provided \fBmeth\fR was successfully set as the method for \fBdh\fR (including unloading the \s-1ENGINE\s0 handle if the previous method was supplied by an \s-1ENGINE\s0). .PP @@ -211,7 +211,7 @@ returns a pointer to the newly allocated structure. \&\fBDH_new\fR\|(3), \fBDH_new\fR\|(3), \fBDH_meth_new\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/secure/lib/libcrypto/man/man3/DH_size.3 b/secure/lib/libcrypto/man/man3/DH_size.3 index 409b36955fa63..f6ba7ab3b09f2 100644 --- a/secure/lib/libcrypto/man/man3/DH_size.3 +++ b/secure/lib/libcrypto/man/man3/DH_size.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "DH_SIZE 3" -.TH DH_SIZE 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH DH_SIZE 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/DSA_SIG_new.3 b/secure/lib/libcrypto/man/man3/DSA_SIG_new.3 index 3c581f61553ec..e64c8979d11f9 100644 --- a/secure/lib/libcrypto/man/man3/DSA_SIG_new.3 +++ b/secure/lib/libcrypto/man/man3/DSA_SIG_new.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "DSA_SIG_NEW 3" -.TH DSA_SIG_NEW 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH DSA_SIG_NEW 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/DSA_do_sign.3 b/secure/lib/libcrypto/man/man3/DSA_do_sign.3 index 2843c52b072b7..affff8910c3c5 100644 --- a/secure/lib/libcrypto/man/man3/DSA_do_sign.3 +++ b/secure/lib/libcrypto/man/man3/DSA_do_sign.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "DSA_DO_SIGN 3" -.TH DSA_DO_SIGN 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH DSA_DO_SIGN 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/DSA_dup_DH.3 b/secure/lib/libcrypto/man/man3/DSA_dup_DH.3 index 158268b0b0d86..cf78576b0e3c2 100644 --- a/secure/lib/libcrypto/man/man3/DSA_dup_DH.3 +++ b/secure/lib/libcrypto/man/man3/DSA_dup_DH.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "DSA_DUP_DH 3" -.TH DSA_DUP_DH 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH DSA_DUP_DH 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/DSA_generate_key.3 b/secure/lib/libcrypto/man/man3/DSA_generate_key.3 index cf1bd86087b1d..dbe7844014bd4 100644 --- a/secure/lib/libcrypto/man/man3/DSA_generate_key.3 +++ b/secure/lib/libcrypto/man/man3/DSA_generate_key.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "DSA_GENERATE_KEY 3" -.TH DSA_GENERATE_KEY 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH DSA_GENERATE_KEY 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/DSA_generate_parameters.3 b/secure/lib/libcrypto/man/man3/DSA_generate_parameters.3 index e79ae88327782..b5335bfbea903 100644 --- a/secure/lib/libcrypto/man/man3/DSA_generate_parameters.3 +++ b/secure/lib/libcrypto/man/man3/DSA_generate_parameters.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "DSA_GENERATE_PARAMETERS 3" -.TH DSA_GENERATE_PARAMETERS 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH DSA_GENERATE_PARAMETERS 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/DSA_get0_pqg.3 b/secure/lib/libcrypto/man/man3/DSA_get0_pqg.3 index 3bc934a84de53..c4498d446b374 100644 --- a/secure/lib/libcrypto/man/man3/DSA_get0_pqg.3 +++ b/secure/lib/libcrypto/man/man3/DSA_get0_pqg.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "DSA_GET0_PQG 3" -.TH DSA_GET0_PQG 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH DSA_GET0_PQG 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/DSA_meth_new.3 b/secure/lib/libcrypto/man/man3/DSA_meth_new.3 index 9e864a10f4adc..e7eedd96ab7d3 100644 --- a/secure/lib/libcrypto/man/man3/DSA_meth_new.3 +++ b/secure/lib/libcrypto/man/man3/DSA_meth_new.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "DSA_METH_NEW 3" -.TH DSA_METH_NEW 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH DSA_METH_NEW 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/DSA_new.3 b/secure/lib/libcrypto/man/man3/DSA_new.3 index 22ac7371878be..eeb3bae700477 100644 --- a/secure/lib/libcrypto/man/man3/DSA_new.3 +++ b/secure/lib/libcrypto/man/man3/DSA_new.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "DSA_NEW 3" -.TH DSA_NEW 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH DSA_NEW 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/DSA_set_method.3 b/secure/lib/libcrypto/man/man3/DSA_set_method.3 index 9f33fcb32900d..78087c7637403 100644 --- a/secure/lib/libcrypto/man/man3/DSA_set_method.3 +++ b/secure/lib/libcrypto/man/man3/DSA_set_method.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "DSA_SET_METHOD 3" -.TH DSA_SET_METHOD 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH DSA_SET_METHOD 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -182,7 +182,7 @@ recommended. \&\fBrsa\fR. This will replace the \s-1DSA_METHOD\s0 used by the \s-1DSA\s0 key and if the previous method was supplied by an \s-1ENGINE,\s0 the handle to that \s-1ENGINE\s0 will be released during the change. It is possible to have \s-1DSA\s0 keys that only -work with certain \s-1DSA_METHOD\s0 implementations (eg. from an \s-1ENGINE\s0 module +work with certain \s-1DSA_METHOD\s0 implementations (e.g. from an \s-1ENGINE\s0 module that supports embedded hardware-protected keys), and in such cases attempting to change the \s-1DSA_METHOD\s0 for the key can have unexpected results. See DSA_meth_new for information on constructing custom \s-1DSA_METHOD\s0 @@ -199,7 +199,7 @@ controlled by \fBDSA_set_default_method()\fR is used. .PP \&\fBDSA_set_default_method()\fR returns no value. .PP -\&\fBDSA_set_method()\fR returns non-zero if the provided \fBmeth\fR was successfully set as +\&\fBDSA_set_method()\fR returns nonzero if the provided \fBmeth\fR was successfully set as the method for \fBdsa\fR (including unloading the \s-1ENGINE\s0 handle if the previous method was supplied by an \s-1ENGINE\s0). .PP @@ -211,7 +211,7 @@ fails. Otherwise it returns a pointer to the newly allocated structure. \&\fBDSA_new\fR\|(3), \fBDSA_new\fR\|(3), \fBDSA_meth_new\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/secure/lib/libcrypto/man/man3/DSA_sign.3 b/secure/lib/libcrypto/man/man3/DSA_sign.3 index 8bba60eb70280..0d6a6643cf60e 100644 --- a/secure/lib/libcrypto/man/man3/DSA_sign.3 +++ b/secure/lib/libcrypto/man/man3/DSA_sign.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "DSA_SIGN 3" -.TH DSA_SIGN 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH DSA_SIGN 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/DSA_size.3 b/secure/lib/libcrypto/man/man3/DSA_size.3 index d3627c5c64010..6e94e842015a3 100644 --- a/secure/lib/libcrypto/man/man3/DSA_size.3 +++ b/secure/lib/libcrypto/man/man3/DSA_size.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "DSA_SIZE 3" -.TH DSA_SIZE 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH DSA_SIZE 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/DTLS_get_data_mtu.3 b/secure/lib/libcrypto/man/man3/DTLS_get_data_mtu.3 index 5f8bf27a22503..56c4498d1be47 100644 --- a/secure/lib/libcrypto/man/man3/DTLS_get_data_mtu.3 +++ b/secure/lib/libcrypto/man/man3/DTLS_get_data_mtu.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "DTLS_GET_DATA_MTU 3" -.TH DTLS_GET_DATA_MTU 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH DTLS_GET_DATA_MTU 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/DTLS_set_timer_cb.3 b/secure/lib/libcrypto/man/man3/DTLS_set_timer_cb.3 index 2edd30ebfbcf5..0a7c63a95cb59 100644 --- a/secure/lib/libcrypto/man/man3/DTLS_set_timer_cb.3 +++ b/secure/lib/libcrypto/man/man3/DTLS_set_timer_cb.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "DTLS_SET_TIMER_CB 3" -.TH DTLS_SET_TIMER_CB 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH DTLS_SET_TIMER_CB 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/DTLSv1_listen.3 b/secure/lib/libcrypto/man/man3/DTLSv1_listen.3 index 66772dd1a77fb..02a4fe3b65953 100644 --- a/secure/lib/libcrypto/man/man3/DTLSv1_listen.3 +++ b/secure/lib/libcrypto/man/man3/DTLSv1_listen.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "DTLSV1_LISTEN 3" -.TH DTLSV1_LISTEN 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH DTLSV1_LISTEN 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -169,7 +169,7 @@ message then the amplification attack has succeeded. If \s-1DTLS\s0 is used over \s-1UDP\s0 (or any datagram based protocol that does not validate the source \s-1IP\s0) then it is susceptible to this type of attack. TLSv1.3 is designed to operate over a stream-based transport protocol (such as \s-1TCP\s0). -If \s-1TCP\s0 is being used then there is no need to use \fBSSL_stateless()\fR. However some +If \s-1TCP\s0 is being used then there is no need to use \fBSSL_stateless()\fR. However, some stream-based transport protocols (e.g. \s-1QUIC\s0) may not validate the source address. In this case a TLSv1.3 application would be susceptible to this attack. .PP @@ -231,7 +231,7 @@ will be set up ready to continue the handshake. the \fBpeer\fR value will also filled in. .PP A return value of 0 indicates a non-fatal error. This could (for -example) be because of non-blocking \s-1IO,\s0 or some invalid message having been +example) be because of nonblocking \s-1IO,\s0 or some invalid message having been received from a peer. Errors may be placed on the OpenSSL error queue with further information if appropriate. Typically user code is expected to retry the call to \fBDTLSv1_listen()\fR in the event of a non-fatal error. @@ -256,7 +256,7 @@ The \fBDTLSv1_listen()\fR return codes were clarified in OpenSSL 1.1.0. The type of \*(L"peer\*(R" also changed in OpenSSL 1.1.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2015\-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2015\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/secure/lib/libcrypto/man/man3/ECDSA_SIG_new.3 b/secure/lib/libcrypto/man/man3/ECDSA_SIG_new.3 index 64d109b6c369e..923bbba596d97 100644 --- a/secure/lib/libcrypto/man/man3/ECDSA_SIG_new.3 +++ b/secure/lib/libcrypto/man/man3/ECDSA_SIG_new.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,13 +133,13 @@ .\" ======================================================================== .\" .IX Title "ECDSA_SIG_NEW 3" -.TH ECDSA_SIG_NEW 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH ECDSA_SIG_NEW 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -ECDSA_SIG_get0, ECDSA_SIG_get0_r, ECDSA_SIG_get0_s, ECDSA_SIG_set0, ECDSA_SIG_new, ECDSA_SIG_free, ECDSA_size, ECDSA_sign, ECDSA_do_sign, ECDSA_verify, ECDSA_do_verify, ECDSA_sign_setup, ECDSA_sign_ex, ECDSA_do_sign_ex \- low level elliptic curve digital signature algorithm (ECDSA) functions +ECDSA_SIG_get0, ECDSA_SIG_get0_r, ECDSA_SIG_get0_s, ECDSA_SIG_set0, ECDSA_SIG_new, ECDSA_SIG_free, ECDSA_size, ECDSA_sign, ECDSA_do_sign, ECDSA_verify, ECDSA_do_verify, ECDSA_sign_setup, ECDSA_sign_ex, ECDSA_do_sign_ex \- low\-level elliptic curve digital signature algorithm (ECDSA) functions .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 @@ -173,7 +173,7 @@ ECDSA_SIG_get0, ECDSA_SIG_get0_r, ECDSA_SIG_get0_s, ECDSA_SIG_set0, ECDSA_SIG_ne .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -Note: these functions provide a low level interface to \s-1ECDSA.\s0 Most +Note: these functions provide a low-level interface to \s-1ECDSA.\s0 Most applications should use the higher level \fB\s-1EVP\s0\fR interface such as \&\fBEVP_DigestSignInit\fR\|(3) or \fBEVP_DigestVerifyInit\fR\|(3) instead. .PP @@ -339,7 +339,7 @@ and finally evaluate the return value: \&\fBd2i_ECDSA_SIG\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2004\-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2004\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/secure/lib/libcrypto/man/man3/ECPKParameters_print.3 b/secure/lib/libcrypto/man/man3/ECPKParameters_print.3 index f830929b2c7ce..0b9493dbbdbae 100644 --- a/secure/lib/libcrypto/man/man3/ECPKParameters_print.3 +++ b/secure/lib/libcrypto/man/man3/ECPKParameters_print.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "ECPKPARAMETERS_PRINT 3" -.TH ECPKPARAMETERS_PRINT 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH ECPKPARAMETERS_PRINT 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/EC_GFp_simple_method.3 b/secure/lib/libcrypto/man/man3/EC_GFp_simple_method.3 index f0f9a7c9eddae..fa1ee6235be09 100644 --- a/secure/lib/libcrypto/man/man3/EC_GFp_simple_method.3 +++ b/secure/lib/libcrypto/man/man3/EC_GFp_simple_method.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EC_GFP_SIMPLE_METHOD 3" -.TH EC_GFP_SIMPLE_METHOD 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH EC_GFP_SIMPLE_METHOD 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/EC_GROUP_copy.3 b/secure/lib/libcrypto/man/man3/EC_GROUP_copy.3 index f1a541fe90559..b0c1115278658 100644 --- a/secure/lib/libcrypto/man/man3/EC_GROUP_copy.3 +++ b/secure/lib/libcrypto/man/man3/EC_GROUP_copy.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EC_GROUP_COPY 3" -.TH EC_GROUP_COPY 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH EC_GROUP_COPY 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/EC_GROUP_new.3 b/secure/lib/libcrypto/man/man3/EC_GROUP_new.3 index c0f95024651a4..137963102ce85 100644 --- a/secure/lib/libcrypto/man/man3/EC_GROUP_new.3 +++ b/secure/lib/libcrypto/man/man3/EC_GROUP_new.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EC_GROUP_NEW 3" -.TH EC_GROUP_NEW 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH EC_GROUP_NEW 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -204,7 +204,7 @@ specific \s-1PK\s0 \fBparams\fR. \&\fBEC_GROUP_set_curve()\fR sets the curve parameters \fBp\fR, \fBa\fR and \fBb\fR. For a curve over Fp \fBp\fR is the prime for the field. For a curve over F2^m \fBp\fR represents the irreducible polynomial \- each bit represents a term in the polynomial. -Therefore there will either be three or five bits set dependent on whether the +Therefore, there will either be three or five bits set dependent on whether the polynomial is a trinomial or a pentanomial. In either case, \fBa\fR and \fBb\fR represents the coefficients a and b from the relevant equation introduced above. @@ -271,7 +271,7 @@ All EC_GROUP_new* functions return a pointer to the newly constructed group, or \&\fBEC_GFp_simple_method\fR\|(3), \fBd2i_ECPKParameters\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2013\-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2013\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/secure/lib/libcrypto/man/man3/EC_KEY_get_enc_flags.3 b/secure/lib/libcrypto/man/man3/EC_KEY_get_enc_flags.3 index c5aa852742093..9a30efb808ef1 100644 --- a/secure/lib/libcrypto/man/man3/EC_KEY_get_enc_flags.3 +++ b/secure/lib/libcrypto/man/man3/EC_KEY_get_enc_flags.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EC_KEY_GET_ENC_FLAGS 3" -.TH EC_KEY_GET_ENC_FLAGS 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH EC_KEY_GET_ENC_FLAGS 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/EC_KEY_new.3 b/secure/lib/libcrypto/man/man3/EC_KEY_new.3 index ec5e2c6f00ec7..63b190f96a1f7 100644 --- a/secure/lib/libcrypto/man/man3/EC_KEY_new.3 +++ b/secure/lib/libcrypto/man/man3/EC_KEY_new.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,13 +133,13 @@ .\" ======================================================================== .\" .IX Title "EC_KEY_NEW 3" -.TH EC_KEY_NEW 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH EC_KEY_NEW 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -EC_KEY_get_method, EC_KEY_set_method, EC_KEY_new, EC_KEY_get_flags, EC_KEY_set_flags, EC_KEY_clear_flags, EC_KEY_new_by_curve_name, EC_KEY_free, EC_KEY_copy, EC_KEY_dup, EC_KEY_up_ref, EC_KEY_get0_engine, EC_KEY_get0_group, EC_KEY_set_group, EC_KEY_get0_private_key, EC_KEY_set_private_key, EC_KEY_get0_public_key, EC_KEY_set_public_key, EC_KEY_get_conv_form, EC_KEY_set_conv_form, EC_KEY_set_asn1_flag, EC_KEY_precompute_mult, EC_KEY_generate_key, EC_KEY_check_key, EC_KEY_set_public_key_affine_coordinates, EC_KEY_oct2key, EC_KEY_key2buf, EC_KEY_oct2priv, EC_KEY_priv2oct, EC_KEY_priv2buf \- Functions for creating, destroying and manipulating EC_KEY objects +EC_KEY_get_method, EC_KEY_set_method, EC_KEY_new, EC_KEY_get_flags, EC_KEY_set_flags, EC_KEY_clear_flags, EC_KEY_new_by_curve_name, EC_KEY_free, EC_KEY_copy, EC_KEY_dup, EC_KEY_up_ref, EC_KEY_get0_engine, EC_KEY_get0_group, EC_KEY_set_group, EC_KEY_get0_private_key, EC_KEY_set_private_key, EC_KEY_get0_public_key, EC_KEY_set_public_key, EC_KEY_get_conv_form, EC_KEY_set_conv_form, EC_KEY_set_asn1_flag, EC_KEY_decoded_from_explicit_params, EC_KEY_precompute_mult, EC_KEY_generate_key, EC_KEY_check_key, EC_KEY_set_public_key_affine_coordinates, EC_KEY_oct2key, EC_KEY_key2buf, EC_KEY_oct2priv, EC_KEY_priv2oct, EC_KEY_priv2buf \- Functions for creating, destroying and manipulating EC_KEY objects .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 @@ -164,6 +164,7 @@ EC_KEY_get_method, EC_KEY_set_method, EC_KEY_new, EC_KEY_get_flags, EC_KEY_set_f \& point_conversion_form_t EC_KEY_get_conv_form(const EC_KEY *key); \& void EC_KEY_set_conv_form(EC_KEY *eckey, point_conversion_form_t cform); \& void EC_KEY_set_asn1_flag(EC_KEY *eckey, int asn1_flag); +\& int EC_KEY_decoded_from_explicit_params(const EC_KEY *key); \& int EC_KEY_precompute_mult(EC_KEY *key, BN_CTX *ctx); \& int EC_KEY_generate_key(EC_KEY *key); \& int EC_KEY_check_key(const EC_KEY *key); @@ -244,11 +245,15 @@ other flags are left in their existing state. (if set). Refer to \fBEC_GROUP_copy\fR\|(3) for further information on the asn1_flag. .PP +\&\fBEC_KEY_decoded_from_explicit_params()\fR returns 1 if the group of the \fIkey\fR was +decoded from data with explicitly encoded group parameters, \-1 if the \fIkey\fR +is \s-1NULL\s0 or the group parameters are missing, and 0 otherwise. +.PP \&\fBEC_KEY_precompute_mult()\fR stores multiples of the underlying \s-1EC_GROUP\s0 generator for faster point multiplication. See also \fBEC_POINT_add\fR\|(3). .PP \&\fBEC_KEY_oct2key()\fR and \fBEC_KEY_key2buf()\fR are identical to the functions -\&\fBEC_POINT_oct2point()\fR and \fBEC_KEY_point2buf()\fR except they use the public key +\&\fBEC_POINT_oct2point()\fR and \fBEC_POINT_point2buf()\fR except they use the public key \&\s-1EC_POINT\s0 in \fBeckey\fR. .PP \&\fBEC_KEY_oct2priv()\fR and \fBEC_KEY_priv2oct()\fR convert between the private key @@ -301,7 +306,7 @@ of the buffer or 0 on error. \&\fBd2i_ECPKParameters\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2013\-2017 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2013\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/secure/lib/libcrypto/man/man3/EC_POINT_add.3 b/secure/lib/libcrypto/man/man3/EC_POINT_add.3 index 82f2953e48302..ce4998c762ea9 100644 --- a/secure/lib/libcrypto/man/man3/EC_POINT_add.3 +++ b/secure/lib/libcrypto/man/man3/EC_POINT_add.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EC_POINT_ADD 3" -.TH EC_POINT_ADD 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH EC_POINT_ADD 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/EC_POINT_new.3 b/secure/lib/libcrypto/man/man3/EC_POINT_new.3 index f6b60e54fdc41..73f694707ac3c 100644 --- a/secure/lib/libcrypto/man/man3/EC_POINT_new.3 +++ b/secure/lib/libcrypto/man/man3/EC_POINT_new.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EC_POINT_NEW 3" -.TH EC_POINT_NEW 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH EC_POINT_NEW 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -259,7 +259,7 @@ to (x, y, 1). To set or get the projective co-ordinates use .PP Points can also be described in terms of their compressed co-ordinates. For a point (x, y), for any given value for x such that the point is on the curve -there will only ever be two possible values for y. Therefore a point can be set +there will only ever be two possible values for y. Therefore, a point can be set using the \fBEC_POINT_set_compressed_coordinates()\fR function where \fBx\fR is the x co-ordinate and \fBy_bit\fR is a value 0 or 1 to identify which of the two possible values for y should be used. @@ -351,7 +351,7 @@ error. \&\fBEC_GFp_simple_method\fR\|(3), \fBd2i_ECPKParameters\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2013\-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2013\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/secure/lib/libcrypto/man/man3/ENGINE_add.3 b/secure/lib/libcrypto/man/man3/ENGINE_add.3 index 742f0accbb65e..48403adb51870 100644 --- a/secure/lib/libcrypto/man/man3/ENGINE_add.3 +++ b/secure/lib/libcrypto/man/man3/ENGINE_add.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "ENGINE_ADD 3" -.TH ENGINE_ADD 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH ENGINE_ADD 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -283,7 +283,7 @@ implementation includes the following abstractions; .SS "Reference counting and handles" .IX Subsection "Reference counting and handles" Due to the modular nature of the \s-1ENGINE API,\s0 pointers to ENGINEs need to be -treated as handles \- ie. not only as pointers, but also as references to +treated as handles \- i.e. not only as pointers, but also as references to the underlying \s-1ENGINE\s0 object. Ie. one should obtain a new reference when making copies of an \s-1ENGINE\s0 pointer if the copies will be used (and released) independently. @@ -354,15 +354,15 @@ operational \s-1ENGINE\s0 for a given cryptographic purpose. .PP To obtain a functional reference from an existing structural reference, call the \fBENGINE_init()\fR function. This returns zero if the \s-1ENGINE\s0 was not -already operational and couldn't be successfully initialised (eg. lack of +already operational and couldn't be successfully initialised (e.g. lack of system drivers, no special hardware attached, etc), otherwise it will -return non-zero to indicate that the \s-1ENGINE\s0 is now operational and will +return nonzero to indicate that the \s-1ENGINE\s0 is now operational and will have allocated a new \fBfunctional\fR reference to the \s-1ENGINE.\s0 All functional references are released by calling \fBENGINE_finish()\fR (which removes the implicit structural reference as well). .PP The second way to get a functional reference is by asking OpenSSL for a -default implementation for a given task, eg. by \fBENGINE_get_default_RSA()\fR, +default implementation for a given task, e.g. by \fBENGINE_get_default_RSA()\fR, \&\fBENGINE_get_default_cipher_engine()\fR, etc. These are discussed in the next section, though they are not usually required by application programmers as they are used automatically when creating and using the relevant @@ -379,7 +379,7 @@ In the case of other abstractions like \s-1RSA, DSA,\s0 etc, there is only one \&\*(L"algorithm\*(R" so all implementations implicitly register using the same 'nid' index. .PP -When a default \s-1ENGINE\s0 is requested for a given abstraction/algorithm/mode, (eg. +When a default \s-1ENGINE\s0 is requested for a given abstraction/algorithm/mode, (e.g. when calling RSA_new_method(\s-1NULL\s0)), a \*(L"get_default\*(R" call will be made to the \&\s-1ENGINE\s0 subsystem to process the corresponding state table and return a functional reference to an initialised \s-1ENGINE\s0 whose implementation should be @@ -428,7 +428,7 @@ is something for the application to control. Some applications will want to allow the user to specify exactly which \s-1ENGINE\s0 they want used if any is to be used at all. Others may prefer to load all support and have OpenSSL automatically use at run-time any \s-1ENGINE\s0 that is able to -successfully initialise \- ie. to assume that this corresponds to +successfully initialise \- i.e. to assume that this corresponds to acceleration hardware attached to the machine or some such thing. There are probably numerous other ways in which applications may prefer to handle things, so we will simply illustrate the consequences as they apply to a @@ -520,7 +520,7 @@ so that it can be initialised for use. This could include the path to any driver or config files it needs to load, required network addresses, smart-card identifiers, passwords to initialise protected devices, logging information, etc etc. This class of commands typically needs to be -passed to an \s-1ENGINE\s0 \fBbefore\fR attempting to initialise it, ie. before +passed to an \s-1ENGINE\s0 \fBbefore\fR attempting to initialise it, i.e. before calling \fBENGINE_init()\fR. The other class of commands consist of settings or operations that tweak certain behaviour or cause certain operations to take place, and these commands may work either before or after \fBENGINE_init()\fR, or @@ -582,7 +582,7 @@ boolean success or failure. .Ve .PP Note that \fBENGINE_ctrl_cmd_string()\fR accepts a boolean argument that can -relax the semantics of the function \- if set non-zero it will only return +relax the semantics of the function \- if set nonzero it will only return failure if the \s-1ENGINE\s0 supported the given command name but failed while executing it, if the \s-1ENGINE\s0 doesn't support the command name it will simply return success without doing anything. In this case we assume the user is @@ -595,7 +595,7 @@ It is possible to discover at run-time the names, numerical-ids, descriptions and input parameters of the control commands supported by an \s-1ENGINE\s0 using a structural reference. Note that some control commands are defined by OpenSSL itself and it will intercept and handle these control commands on behalf of the -\&\s-1ENGINE,\s0 ie. the \s-1ENGINE\s0's \fBctrl()\fR handler is not used for the control command. +\&\s-1ENGINE,\s0 i.e. the \s-1ENGINE\s0's \fBctrl()\fR handler is not used for the control command. openssl/engine.h defines an index, \s-1ENGINE_CMD_BASE,\s0 that all control commands implemented by ENGINEs should be numbered from. Any command value lower than this symbol is considered a \*(L"generic\*(R" command is handled directly by the @@ -667,7 +667,7 @@ by applications, administrations, users, etc. These can support arbitrary operations via \fBENGINE_ctrl()\fR, including passing to and/or from the control commands data of any arbitrary type. These commands are supported in the discovery mechanisms simply to allow applications to determine if an \s-1ENGINE\s0 -supports certain specific commands it might want to use (eg. application \*(L"foo\*(R" +supports certain specific commands it might want to use (e.g. application \*(L"foo\*(R" might query various ENGINEs to see if they implement \*(L"\s-1FOO_GET_VENDOR_LOGO_GIF\*(R"\s0 \- and \s-1ENGINE\s0 could therefore decide whether or not to support this \*(L"foo\*(R"\-specific extension). @@ -759,7 +759,7 @@ done by \fBOPENSSL_cleanup()\fR and should not be used. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2002\-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2002\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/secure/lib/libcrypto/man/man3/ERR_GET_LIB.3 b/secure/lib/libcrypto/man/man3/ERR_GET_LIB.3 index 8f61ddb1e8ba7..ef454fe4e295a 100644 --- a/secure/lib/libcrypto/man/man3/ERR_GET_LIB.3 +++ b/secure/lib/libcrypto/man/man3/ERR_GET_LIB.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "ERR_GET_LIB 3" -.TH ERR_GET_LIB 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH ERR_GET_LIB 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/ERR_clear_error.3 b/secure/lib/libcrypto/man/man3/ERR_clear_error.3 index b8774cfc2e313..085cf0a65d55d 100644 --- a/secure/lib/libcrypto/man/man3/ERR_clear_error.3 +++ b/secure/lib/libcrypto/man/man3/ERR_clear_error.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "ERR_CLEAR_ERROR 3" -.TH ERR_CLEAR_ERROR 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH ERR_CLEAR_ERROR 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/ERR_error_string.3 b/secure/lib/libcrypto/man/man3/ERR_error_string.3 index 71eea9b442aeb..e02749b83be35 100644 --- a/secure/lib/libcrypto/man/man3/ERR_error_string.3 +++ b/secure/lib/libcrypto/man/man3/ERR_error_string.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "ERR_ERROR_STRING 3" -.TH ERR_ERROR_STRING 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH ERR_ERROR_STRING 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/ERR_get_error.3 b/secure/lib/libcrypto/man/man3/ERR_get_error.3 index 566375445d411..73eedb2b17be4 100644 --- a/secure/lib/libcrypto/man/man3/ERR_get_error.3 +++ b/secure/lib/libcrypto/man/man3/ERR_get_error.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "ERR_GET_ERROR 3" -.TH ERR_GET_ERROR 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH ERR_GET_ERROR 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -179,7 +179,7 @@ messages. .PP \&\fBERR_get_error_line()\fR, \fBERR_peek_error_line()\fR and \&\fBERR_peek_last_error_line()\fR are the same as the above, but they -additionally store the file name and line number where +additionally store the filename and line number where the error occurred in *\fBfile\fR and *\fBline\fR, unless these are \fB\s-1NULL\s0\fR. .PP \&\fBERR_get_error_line_data()\fR, \fBERR_peek_error_line_data()\fR and @@ -200,7 +200,7 @@ The error code, or 0 if there is no error in the queue. \&\s-1\fBERR_GET_LIB\s0\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/secure/lib/libcrypto/man/man3/ERR_load_crypto_strings.3 b/secure/lib/libcrypto/man/man3/ERR_load_crypto_strings.3 index 8af9c730cdc2a..4559877419e4a 100644 --- a/secure/lib/libcrypto/man/man3/ERR_load_crypto_strings.3 +++ b/secure/lib/libcrypto/man/man3/ERR_load_crypto_strings.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "ERR_LOAD_CRYPTO_STRINGS 3" -.TH ERR_LOAD_CRYPTO_STRINGS 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH ERR_LOAD_CRYPTO_STRINGS 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/ERR_load_strings.3 b/secure/lib/libcrypto/man/man3/ERR_load_strings.3 index 3f37e64a53be8..e7c92c27c3a56 100644 --- a/secure/lib/libcrypto/man/man3/ERR_load_strings.3 +++ b/secure/lib/libcrypto/man/man3/ERR_load_strings.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "ERR_LOAD_STRINGS 3" -.TH ERR_LOAD_STRINGS 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH ERR_LOAD_STRINGS 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/ERR_print_errors.3 b/secure/lib/libcrypto/man/man3/ERR_print_errors.3 index 2d2ade9c67788..d893a66df0ba7 100644 --- a/secure/lib/libcrypto/man/man3/ERR_print_errors.3 +++ b/secure/lib/libcrypto/man/man3/ERR_print_errors.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "ERR_PRINT_ERRORS 3" -.TH ERR_PRINT_ERRORS 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH ERR_PRINT_ERRORS 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -165,7 +165,7 @@ emptying the error queue. The error strings will have the following format: .PP .Vb 1 -\& [pid]:error:[error code]:[library name]:[function name]:[reason string]:[file name]:[line]:[optional text message] +\& [pid]:error:[error code]:[library name]:[function name]:[reason string]:[filename]:[line]:[optional text message] .Ve .PP \&\fIerror code\fR is an 8 digit hexadecimal number. \fIlibrary name\fR, @@ -183,7 +183,7 @@ the error string will contain the numeric code. \&\fBERR_get_error\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/secure/lib/libcrypto/man/man3/ERR_put_error.3 b/secure/lib/libcrypto/man/man3/ERR_put_error.3 index dca1503b1dd4f..7f34f9dd62e66 100644 --- a/secure/lib/libcrypto/man/man3/ERR_put_error.3 +++ b/secure/lib/libcrypto/man/man3/ERR_put_error.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "ERR_PUT_ERROR 3" -.TH ERR_PUT_ERROR 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH ERR_PUT_ERROR 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -177,14 +177,14 @@ descriptions. For example, the function \fBssl3_read_bytes()\fR reports a \& SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_SSL_HANDSHAKE_FAILURE); .Ve .PP -Function and reason codes should consist of upper case characters, +Function and reason codes should consist of uppercase characters, numbers and underscores only. The error file generation script translates function codes into function names by looking in the header files for an appropriate function name, if none is found it just uses the capitalized form such as \*(L"\s-1SSL3_READ_BYTES\*(R"\s0 in the above example. .PP The trailing section of a reason code (after the \*(L"_R_\*(R") is translated -into lower case and underscores changed to spaces. +into lowercase and underscores changed to spaces. .PP Although a library will normally report errors using its own specific XXXerr macro, another library's macro can be used. This is normally @@ -199,7 +199,7 @@ no values. \&\fBERR_load_strings\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/secure/lib/libcrypto/man/man3/ERR_remove_state.3 b/secure/lib/libcrypto/man/man3/ERR_remove_state.3 index bfb3a94bf4301..7a48261213f7b 100644 --- a/secure/lib/libcrypto/man/man3/ERR_remove_state.3 +++ b/secure/lib/libcrypto/man/man3/ERR_remove_state.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "ERR_REMOVE_STATE 3" -.TH ERR_REMOVE_STATE 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH ERR_REMOVE_STATE 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/ERR_set_mark.3 b/secure/lib/libcrypto/man/man3/ERR_set_mark.3 index 9578a55956554..3a0f2b26dc2f3 100644 --- a/secure/lib/libcrypto/man/man3/ERR_set_mark.3 +++ b/secure/lib/libcrypto/man/man3/ERR_set_mark.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "ERR_SET_MARK 3" -.TH ERR_SET_MARK 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH ERR_SET_MARK 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/EVP_BytesToKey.3 b/secure/lib/libcrypto/man/man3/EVP_BytesToKey.3 index a3ee6bfd9443e..4621a7bbd3abf 100644 --- a/secure/lib/libcrypto/man/man3/EVP_BytesToKey.3 +++ b/secure/lib/libcrypto/man/man3/EVP_BytesToKey.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EVP_BYTESTOKEY 3" -.TH EVP_BYTESTOKEY 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH EVP_BYTESTOKEY 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/EVP_CIPHER_CTX_get_cipher_data.3 b/secure/lib/libcrypto/man/man3/EVP_CIPHER_CTX_get_cipher_data.3 index dfd55b7dc1ab1..15932c8190478 100644 --- a/secure/lib/libcrypto/man/man3/EVP_CIPHER_CTX_get_cipher_data.3 +++ b/secure/lib/libcrypto/man/man3/EVP_CIPHER_CTX_get_cipher_data.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EVP_CIPHER_CTX_GET_CIPHER_DATA 3" -.TH EVP_CIPHER_CTX_GET_CIPHER_DATA 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH EVP_CIPHER_CTX_GET_CIPHER_DATA 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/EVP_CIPHER_meth_new.3 b/secure/lib/libcrypto/man/man3/EVP_CIPHER_meth_new.3 index d644a02f3d284..ec09fc082dd2f 100644 --- a/secure/lib/libcrypto/man/man3/EVP_CIPHER_meth_new.3 +++ b/secure/lib/libcrypto/man/man3/EVP_CIPHER_meth_new.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EVP_CIPHER_METH_NEW 3" -.TH EVP_CIPHER_METH_NEW 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH EVP_CIPHER_METH_NEW 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/EVP_DigestInit.3 b/secure/lib/libcrypto/man/man3/EVP_DigestInit.3 index d54da2d27b884..18bab29b3809a 100644 --- a/secure/lib/libcrypto/man/man3/EVP_DigestInit.3 +++ b/secure/lib/libcrypto/man/man3/EVP_DigestInit.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EVP_DIGESTINIT 3" -.TH EVP_DIGESTINIT 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH EVP_DIGESTINIT 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -195,7 +195,7 @@ EVP_MD_CTX_new, EVP_MD_CTX_reset, EVP_MD_CTX_free, EVP_MD_CTX_copy, EVP_MD_CTX_c .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -The \s-1EVP\s0 digest routines are a high level interface to message digests, +The \s-1EVP\s0 digest routines are a high-level interface to message digests, and should be used instead of the cipher-specific functions. .IP "\fBEVP_MD_CTX_new()\fR" 4 .IX Item "EVP_MD_CTX_new()" @@ -386,7 +386,7 @@ This function has no return value. .SH "NOTES" .IX Header "NOTES" The \fB\s-1EVP\s0\fR interface to message digests should almost always be used in -preference to the low level interfaces. This is because the code then becomes +preference to the low-level interfaces. This is because the code then becomes transparent to the digest used and much more flexible. .PP New applications should use the \s-1SHA\-2\s0 (such as \fBEVP_sha256\fR\|(3)) or the \s-1SHA\-3\s0 @@ -489,7 +489,7 @@ The \fBEVP_dss1()\fR function was removed in OpenSSL 1.1.0. The \fBEVP_MD_CTX_set_pkey_ctx()\fR function was added in 1.1.1. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/secure/lib/libcrypto/man/man3/EVP_DigestSignInit.3 b/secure/lib/libcrypto/man/man3/EVP_DigestSignInit.3 index bedace7f199de..de7f8c326c3cb 100644 --- a/secure/lib/libcrypto/man/man3/EVP_DigestSignInit.3 +++ b/secure/lib/libcrypto/man/man3/EVP_DigestSignInit.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EVP_DIGESTSIGNINIT 3" -.TH EVP_DIGESTSIGNINIT 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH EVP_DIGESTSIGNINIT 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -156,7 +156,7 @@ EVP_DigestSignInit, EVP_DigestSignUpdate, EVP_DigestSignFinal, EVP_DigestSign \- .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -The \s-1EVP\s0 signature routines are a high level interface to digital signatures. +The \s-1EVP\s0 signature routines are a high-level interface to digital signatures. .PP \&\fBEVP_DigestSignInit()\fR sets up signing context \fBctx\fR to use digest \fBtype\fR from \&\s-1ENGINE\s0 \fBe\fR and private key \fBpkey\fR. \fBctx\fR must be created with @@ -232,7 +232,7 @@ The error codes can be obtained from \fBERR_get_error\fR\|(3). .SH "NOTES" .IX Header "NOTES" The \fB\s-1EVP\s0\fR interface to digital signatures should almost always be used in -preference to the low level interfaces. This is because the code then becomes +preference to the low-level interfaces. This is because the code then becomes transparent to the algorithm used and much more flexible. .PP \&\fBEVP_DigestSign()\fR is a one shot operation which signs a single block of data diff --git a/secure/lib/libcrypto/man/man3/EVP_DigestVerifyInit.3 b/secure/lib/libcrypto/man/man3/EVP_DigestVerifyInit.3 index cad8dc415e854..82bc4e20f294c 100644 --- a/secure/lib/libcrypto/man/man3/EVP_DigestVerifyInit.3 +++ b/secure/lib/libcrypto/man/man3/EVP_DigestVerifyInit.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EVP_DIGESTVERIFYINIT 3" -.TH EVP_DIGESTVERIFYINIT 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH EVP_DIGESTVERIFYINIT 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -155,7 +155,7 @@ EVP_DigestVerifyInit, EVP_DigestVerifyUpdate, EVP_DigestVerifyFinal, EVP_DigestV .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -The \s-1EVP\s0 signature routines are a high level interface to digital signatures. +The \s-1EVP\s0 signature routines are a high-level interface to digital signatures. .PP \&\fBEVP_DigestVerifyInit()\fR sets up verification context \fBctx\fR to use digest \&\fBtype\fR from \s-1ENGINE\s0 \fBe\fR and public key \fBpkey\fR. \fBctx\fR must be created @@ -196,7 +196,7 @@ The error codes can be obtained from \fBERR_get_error\fR\|(3). .SH "NOTES" .IX Header "NOTES" The \fB\s-1EVP\s0\fR interface to digital signatures should almost always be used in -preference to the low level interfaces. This is because the code then becomes +preference to the low-level interfaces. This is because the code then becomes transparent to the algorithm used and much more flexible. .PP \&\fBEVP_DigestVerify()\fR is a one shot operation which verifies a single block of @@ -235,7 +235,7 @@ will occur. were added in OpenSSL 1.0.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2006\-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2006\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/secure/lib/libcrypto/man/man3/EVP_EncodeInit.3 b/secure/lib/libcrypto/man/man3/EVP_EncodeInit.3 index 0998e31beb3bd..87e0c19b4a73c 100644 --- a/secure/lib/libcrypto/man/man3/EVP_EncodeInit.3 +++ b/secure/lib/libcrypto/man/man3/EVP_EncodeInit.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EVP_ENCODEINIT 3" -.TH EVP_ENCODEINIT 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH EVP_ENCODEINIT 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -163,7 +163,7 @@ EVP_ENCODE_CTX_new, EVP_ENCODE_CTX_free, EVP_ENCODE_CTX_copy, EVP_ENCODE_CTX_num .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -The \s-1EVP\s0 encode routines provide a high level interface to base 64 encoding and +The \s-1EVP\s0 encode routines provide a high-level interface to base 64 encoding and decoding. Base 64 encoding converts binary data into a printable form that uses the characters A\-Z, a\-z, 0\-9, \*(L"+\*(R" and \*(L"/\*(R" to represent the data. For every 3 bytes of binary data provided 4 bytes of base 64 encoded data will be produced @@ -217,8 +217,8 @@ sufficiently large to accommodate the output data which will never be more than be encoded or decoded that are pending in the \fBctx\fR object. .PP \&\fBEVP_EncodeBlock()\fR encodes a full block of input data in \fBf\fR and of length -\&\fBdlen\fR and stores it in \fBt\fR. For every 3 bytes of input provided 4 bytes of -output data will be produced. If \fBdlen\fR is not divisible by 3 then the block is +\&\fBn\fR and stores it in \fBt\fR. For every 3 bytes of input provided 4 bytes of +output data will be produced. If \fBn\fR is not divisible by 3 then the block is encoded as a final block of data and the output is padded such that it is always divisible by 4. Additionally a \s-1NUL\s0 terminator character will be added. For example if 16 bytes of input data is provided then 24 bytes of encoded data is @@ -282,7 +282,7 @@ then no more non-padding base 64 characters are expected. \&\fBevp\fR\|(7) .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2016\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/secure/lib/libcrypto/man/man3/EVP_EncryptInit.3 b/secure/lib/libcrypto/man/man3/EVP_EncryptInit.3 index 1ae0efde315fc..e6d1f093d1175 100644 --- a/secure/lib/libcrypto/man/man3/EVP_EncryptInit.3 +++ b/secure/lib/libcrypto/man/man3/EVP_EncryptInit.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EVP_ENCRYPTINIT 3" -.TH EVP_ENCRYPTINIT 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH EVP_ENCRYPTINIT 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -211,7 +211,7 @@ EVP_CIPHER_CTX_new, EVP_CIPHER_CTX_reset, EVP_CIPHER_CTX_free, EVP_EncryptInit_e .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -The \s-1EVP\s0 cipher routines are a high level interface to certain +The \s-1EVP\s0 cipher routines are a high-level interface to certain symmetric ciphers. .PP \&\fBEVP_CIPHER_CTX_new()\fR creates a cipher context. @@ -237,10 +237,15 @@ appropriate. \&\fBEVP_EncryptUpdate()\fR encrypts \fBinl\fR bytes from the buffer \fBin\fR and writes the encrypted version to \fBout\fR. This function can be called multiple times to encrypt successive blocks of data. The amount -of data written depends on the block alignment of the encrypted data: -as a result the amount of data written may be anything from zero bytes -to (inl + cipher_block_size \- 1) so \fBout\fR should contain sufficient -room. The actual number of bytes written is placed in \fBoutl\fR. It also +of data written depends on the block alignment of the encrypted data. +For most ciphers and modes, the amount of data written can be anything +from zero bytes to (inl + cipher_block_size \- 1) bytes. +For wrap cipher modes, the amount of data written can be anything +from zero bytes to (inl + cipher_block_size) bytes. +For stream ciphers, the amount of data written can be anything from zero +bytes to inl bytes. +Thus, \fBout\fR should contain sufficient room for the operation being performed. +The actual number of bytes written is placed in \fBoutl\fR. It also checks if \fBin\fR and \fBout\fR are partially overlapping, and if they are 0 is returned to indicate failure. .PP @@ -491,8 +496,8 @@ passing additional authenticated data (see \*(L"\s-1AEAD\s0 Interface\*(R"). Sets the \s-1CCM\s0 \fBL\fR value. If not set a default is used (8 for \s-1AES\s0). .IP "EVP_CIPHER_CTX_ctrl(ctx, \s-1EVP_CTRL_AEAD_SET_IVLEN,\s0 ivlen, \s-1NULL\s0)" 4 .IX Item "EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, ivlen, NULL)" -Sets the \s-1CCM\s0 nonce (\s-1IV\s0) length. This call can only be made before specifying an -nonce value. The nonce length is given by \fB15 \- L\fR so it is 7 by default for +Sets the \s-1CCM\s0 nonce (\s-1IV\s0) length. This call can only be made before specifying +a nonce value. The nonce length is given by \fB15 \- L\fR so it is 7 by default for \&\s-1AES.\s0 .SS "ChaCha20\-Poly1305" .IX Subsection "ChaCha20-Poly1305" @@ -521,10 +526,10 @@ This call is only valid when decrypting data. .SH "NOTES" .IX Header "NOTES" Where possible the \fB\s-1EVP\s0\fR interface to symmetric ciphers should be used in -preference to the low level interfaces. This is because the code then becomes +preference to the low-level interfaces. This is because the code then becomes transparent to the cipher used and much more flexible. Additionally, the \&\fB\s-1EVP\s0\fR interface will ensure the use of platform specific cryptographic -acceleration such as AES-NI (the low level interfaces do not provide the +acceleration such as AES-NI (the low-level interfaces do not provide the guarantee). .PP \&\s-1PKCS\s0 padding works by adding \fBn\fR padding bytes of value \fBn\fR to make the total @@ -652,7 +657,7 @@ with a 128\-bit key: \& \& /* Don\*(Aqt set key or IV right away; we want to check lengths */ \& ctx = EVP_CIPHER_CTX_new(); -\& EVP_CipherInit_ex(&ctx, EVP_aes_128_cbc(), NULL, NULL, NULL, +\& EVP_CipherInit_ex(ctx, EVP_aes_128_cbc(), NULL, NULL, NULL, \& do_encrypt); \& OPENSSL_assert(EVP_CIPHER_CTX_key_length(ctx) == 16); \& OPENSSL_assert(EVP_CIPHER_CTX_iv_length(ctx) == 16); @@ -712,7 +717,7 @@ disappeared. \fBEVP_CIPHER_CTX_init()\fR remains as an alias for \&\fBEVP_CIPHER_CTX_reset()\fR. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/secure/lib/libcrypto/man/man3/EVP_MD_meth_new.3 b/secure/lib/libcrypto/man/man3/EVP_MD_meth_new.3 index 103277c8e7a18..eefbe373ea990 100644 --- a/secure/lib/libcrypto/man/man3/EVP_MD_meth_new.3 +++ b/secure/lib/libcrypto/man/man3/EVP_MD_meth_new.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EVP_MD_METH_NEW 3" -.TH EVP_MD_METH_NEW 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH EVP_MD_METH_NEW 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/EVP_OpenInit.3 b/secure/lib/libcrypto/man/man3/EVP_OpenInit.3 index 6931c36621002..7ff720404c988 100644 --- a/secure/lib/libcrypto/man/man3/EVP_OpenInit.3 +++ b/secure/lib/libcrypto/man/man3/EVP_OpenInit.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EVP_OPENINIT 3" -.TH EVP_OPENINIT 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH EVP_OPENINIT 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -153,7 +153,7 @@ EVP_OpenInit, EVP_OpenUpdate, EVP_OpenFinal \- EVP envelope decryption .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -The \s-1EVP\s0 envelope routines are a high level interface to envelope +The \s-1EVP\s0 envelope routines are a high-level interface to envelope decryption. They decrypt a public key encrypted symmetric key and then decrypt data using it. .PP @@ -192,7 +192,7 @@ recovered secret key size) if successful. \&\fBEVP_SealInit\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/secure/lib/libcrypto/man/man3/EVP_PKEY_ASN1_METHOD.3 b/secure/lib/libcrypto/man/man3/EVP_PKEY_ASN1_METHOD.3 index a812512868690..39affcfc90b8a 100644 --- a/secure/lib/libcrypto/man/man3/EVP_PKEY_ASN1_METHOD.3 +++ b/secure/lib/libcrypto/man/man3/EVP_PKEY_ASN1_METHOD.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EVP_PKEY_ASN1_METHOD 3" -.TH EVP_PKEY_ASN1_METHOD 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH EVP_PKEY_ASN1_METHOD 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/EVP_PKEY_CTX_ctrl.3 b/secure/lib/libcrypto/man/man3/EVP_PKEY_CTX_ctrl.3 index f8ec5e81aa3a6..51e63f7319709 100644 --- a/secure/lib/libcrypto/man/man3/EVP_PKEY_CTX_ctrl.3 +++ b/secure/lib/libcrypto/man/man3/EVP_PKEY_CTX_ctrl.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EVP_PKEY_CTX_CTRL 3" -.TH EVP_PKEY_CTX_CTRL 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH EVP_PKEY_CTX_CTRL 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -370,7 +370,7 @@ parameter generation. Use 0 for PKCS#3 \s-1DH\s0 and 1 for X9.42 \s-1DH.\s0 The default is 0. .PP The \fBEVP_PKEY_CTX_set_dh_pad()\fR macro sets the \s-1DH\s0 padding mode. If \fBpad\fR is -1 the shared secret is padded with zeroes up to the size of the \s-1DH\s0 prime \fBp\fR. +1 the shared secret is padded with zeros up to the size of the \s-1DH\s0 prime \fBp\fR. If \fBpad\fR is zero (the default) then no padding is performed. .PP \&\fBEVP_PKEY_CTX_set_dh_nid()\fR sets the \s-1DH\s0 parameters to values corresponding to @@ -530,7 +530,7 @@ The macros were added in 1.1.1, other functions were added in OpenSSL 1.0.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2006\-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2006\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/secure/lib/libcrypto/man/man3/EVP_PKEY_CTX_new.3 b/secure/lib/libcrypto/man/man3/EVP_PKEY_CTX_new.3 index 27a7799a7457d..4dc98913e98d1 100644 --- a/secure/lib/libcrypto/man/man3/EVP_PKEY_CTX_new.3 +++ b/secure/lib/libcrypto/man/man3/EVP_PKEY_CTX_new.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EVP_PKEY_CTX_NEW 3" -.TH EVP_PKEY_CTX_NEW 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH EVP_PKEY_CTX_NEW 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -167,7 +167,7 @@ If \fBctx\fR is \s-1NULL,\s0 nothing is done. .SH "NOTES" .IX Header "NOTES" The \fB\s-1EVP_PKEY_CTX\s0\fR structure is an opaque public key algorithm context used -by the OpenSSL high level public key \s-1API.\s0 Contexts \fB\s-1MUST NOT\s0\fR be shared between +by the OpenSSL high-level public key \s-1API.\s0 Contexts \fB\s-1MUST NOT\s0\fR be shared between threads: that is it is not permissible to use the same context simultaneously in two threads. .SH "RETURN VALUES" @@ -184,7 +184,7 @@ the newly allocated \fB\s-1EVP_PKEY_CTX\s0\fR structure of \fB\s-1NULL\s0\fR if These functions were added in OpenSSL 1.0.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2006\-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2006\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/secure/lib/libcrypto/man/man3/EVP_PKEY_CTX_set1_pbe_pass.3 b/secure/lib/libcrypto/man/man3/EVP_PKEY_CTX_set1_pbe_pass.3 index 4cc2f532679c8..f500570788ef3 100644 --- a/secure/lib/libcrypto/man/man3/EVP_PKEY_CTX_set1_pbe_pass.3 +++ b/secure/lib/libcrypto/man/man3/EVP_PKEY_CTX_set1_pbe_pass.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EVP_PKEY_CTX_SET1_PBE_PASS 3" -.TH EVP_PKEY_CTX_SET1_PBE_PASS 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH EVP_PKEY_CTX_SET1_PBE_PASS 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/EVP_PKEY_CTX_set_hkdf_md.3 b/secure/lib/libcrypto/man/man3/EVP_PKEY_CTX_set_hkdf_md.3 index c5749fdefae2e..7488f6648bd96 100644 --- a/secure/lib/libcrypto/man/man3/EVP_PKEY_CTX_set_hkdf_md.3 +++ b/secure/lib/libcrypto/man/man3/EVP_PKEY_CTX_set_hkdf_md.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EVP_PKEY_CTX_SET_HKDF_MD 3" -.TH EVP_PKEY_CTX_SET_HKDF_MD 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH EVP_PKEY_CTX_SET_HKDF_MD 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/EVP_PKEY_CTX_set_rsa_pss_keygen_md.3 b/secure/lib/libcrypto/man/man3/EVP_PKEY_CTX_set_rsa_pss_keygen_md.3 index 5bb6ebd2dfd03..f23d857ef2d8e 100644 --- a/secure/lib/libcrypto/man/man3/EVP_PKEY_CTX_set_rsa_pss_keygen_md.3 +++ b/secure/lib/libcrypto/man/man3/EVP_PKEY_CTX_set_rsa_pss_keygen_md.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EVP_PKEY_CTX_SET_RSA_PSS_KEYGEN_MD 3" -.TH EVP_PKEY_CTX_SET_RSA_PSS_KEYGEN_MD 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH EVP_PKEY_CTX_SET_RSA_PSS_KEYGEN_MD 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/EVP_PKEY_CTX_set_scrypt_N.3 b/secure/lib/libcrypto/man/man3/EVP_PKEY_CTX_set_scrypt_N.3 index e6b9cafaebdce..8b6f3261afd37 100644 --- a/secure/lib/libcrypto/man/man3/EVP_PKEY_CTX_set_scrypt_N.3 +++ b/secure/lib/libcrypto/man/man3/EVP_PKEY_CTX_set_scrypt_N.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EVP_PKEY_CTX_SET_SCRYPT_N 3" -.TH EVP_PKEY_CTX_SET_SCRYPT_N 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH EVP_PKEY_CTX_SET_SCRYPT_N 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/EVP_PKEY_CTX_set_tls1_prf_md.3 b/secure/lib/libcrypto/man/man3/EVP_PKEY_CTX_set_tls1_prf_md.3 index 6f6bd8647cbf0..cf79cee98e8d9 100644 --- a/secure/lib/libcrypto/man/man3/EVP_PKEY_CTX_set_tls1_prf_md.3 +++ b/secure/lib/libcrypto/man/man3/EVP_PKEY_CTX_set_tls1_prf_md.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EVP_PKEY_CTX_SET_TLS1_PRF_MD 3" -.TH EVP_PKEY_CTX_SET_TLS1_PRF_MD 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH EVP_PKEY_CTX_SET_TLS1_PRF_MD 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/EVP_PKEY_asn1_get_count.3 b/secure/lib/libcrypto/man/man3/EVP_PKEY_asn1_get_count.3 index 900c967da1d55..0398283aa3e2c 100644 --- a/secure/lib/libcrypto/man/man3/EVP_PKEY_asn1_get_count.3 +++ b/secure/lib/libcrypto/man/man3/EVP_PKEY_asn1_get_count.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EVP_PKEY_ASN1_GET_COUNT 3" -.TH EVP_PKEY_ASN1_GET_COUNT 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH EVP_PKEY_ASN1_GET_COUNT 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/EVP_PKEY_cmp.3 b/secure/lib/libcrypto/man/man3/EVP_PKEY_cmp.3 index 32cd3c39822a8..d3bb8262c41b8 100644 --- a/secure/lib/libcrypto/man/man3/EVP_PKEY_cmp.3 +++ b/secure/lib/libcrypto/man/man3/EVP_PKEY_cmp.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EVP_PKEY_CMP 3" -.TH EVP_PKEY_CMP 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH EVP_PKEY_CMP 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/EVP_PKEY_decrypt.3 b/secure/lib/libcrypto/man/man3/EVP_PKEY_decrypt.3 index 5c11495500809..cf689f3e5fad8 100644 --- a/secure/lib/libcrypto/man/man3/EVP_PKEY_decrypt.3 +++ b/secure/lib/libcrypto/man/man3/EVP_PKEY_decrypt.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EVP_PKEY_DECRYPT 3" -.TH EVP_PKEY_DECRYPT 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH EVP_PKEY_DECRYPT 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/EVP_PKEY_derive.3 b/secure/lib/libcrypto/man/man3/EVP_PKEY_derive.3 index fe25ec4dc5cea..6a62fca5869a1 100644 --- a/secure/lib/libcrypto/man/man3/EVP_PKEY_derive.3 +++ b/secure/lib/libcrypto/man/man3/EVP_PKEY_derive.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EVP_PKEY_DERIVE 3" -.TH EVP_PKEY_DERIVE 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH EVP_PKEY_DERIVE 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/EVP_PKEY_encrypt.3 b/secure/lib/libcrypto/man/man3/EVP_PKEY_encrypt.3 index a6804b42aa2a5..2a65238faa1f2 100644 --- a/secure/lib/libcrypto/man/man3/EVP_PKEY_encrypt.3 +++ b/secure/lib/libcrypto/man/man3/EVP_PKEY_encrypt.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EVP_PKEY_ENCRYPT 3" -.TH EVP_PKEY_ENCRYPT 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH EVP_PKEY_ENCRYPT 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/EVP_PKEY_get_default_digest_nid.3 b/secure/lib/libcrypto/man/man3/EVP_PKEY_get_default_digest_nid.3 index 82c1e30645621..a2459a9156182 100644 --- a/secure/lib/libcrypto/man/man3/EVP_PKEY_get_default_digest_nid.3 +++ b/secure/lib/libcrypto/man/man3/EVP_PKEY_get_default_digest_nid.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EVP_PKEY_GET_DEFAULT_DIGEST_NID 3" -.TH EVP_PKEY_GET_DEFAULT_DIGEST_NID 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH EVP_PKEY_GET_DEFAULT_DIGEST_NID 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/EVP_PKEY_keygen.3 b/secure/lib/libcrypto/man/man3/EVP_PKEY_keygen.3 index 4ee9f32480d1f..c6589aea22f02 100644 --- a/secure/lib/libcrypto/man/man3/EVP_PKEY_keygen.3 +++ b/secure/lib/libcrypto/man/man3/EVP_PKEY_keygen.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EVP_PKEY_KEYGEN 3" -.TH EVP_PKEY_KEYGEN 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH EVP_PKEY_KEYGEN 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -182,7 +182,7 @@ generation callback. The function \fBEVP_PKEY_CTX_get_keygen_info()\fR returns parameters associated with the generation operation. If \fBidx\fR is \-1 the total number of parameters available is returned. Any non negative value returns the value of -that parameter. \fBEVP_PKEY_CTX_gen_keygen_info()\fR with a non-negative value for +that parameter. \fBEVP_PKEY_CTX_gen_keygen_info()\fR with a nonnegative value for \&\fBidx\fR should only be called within the generation callback. .PP If the callback returns 0 then the key generation operation is aborted and an @@ -327,7 +327,7 @@ These functions were added in OpenSSL 1.0.0. in OpenSSL 1.1.1. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2006\-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2006\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/secure/lib/libcrypto/man/man3/EVP_PKEY_meth_get_count.3 b/secure/lib/libcrypto/man/man3/EVP_PKEY_meth_get_count.3 index 15d87e3db6089..82093cd782e30 100644 --- a/secure/lib/libcrypto/man/man3/EVP_PKEY_meth_get_count.3 +++ b/secure/lib/libcrypto/man/man3/EVP_PKEY_meth_get_count.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EVP_PKEY_METH_GET_COUNT 3" -.TH EVP_PKEY_METH_GET_COUNT 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH EVP_PKEY_METH_GET_COUNT 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/EVP_PKEY_meth_new.3 b/secure/lib/libcrypto/man/man3/EVP_PKEY_meth_new.3 index ff0e615237d83..acf3dcb5dafbe 100644 --- a/secure/lib/libcrypto/man/man3/EVP_PKEY_meth_new.3 +++ b/secure/lib/libcrypto/man/man3/EVP_PKEY_meth_new.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EVP_PKEY_METH_NEW 3" -.TH EVP_PKEY_METH_NEW 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH EVP_PKEY_METH_NEW 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/EVP_PKEY_new.3 b/secure/lib/libcrypto/man/man3/EVP_PKEY_new.3 index e5a92ff8e0785..6b0d64ee70da0 100644 --- a/secure/lib/libcrypto/man/man3/EVP_PKEY_new.3 +++ b/secure/lib/libcrypto/man/man3/EVP_PKEY_new.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EVP_PKEY_NEW 3" -.TH EVP_PKEY_NEW 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH EVP_PKEY_NEW 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -194,7 +194,8 @@ information. Algorithm types that support raw public keys are \&\fBEVP_PKEY_new_CMAC_key()\fR works in the same way as \fBEVP_PKEY_new_raw_private_key()\fR except it is only for the \fB\s-1EVP_PKEY_CMAC\s0\fR algorithm type. In addition to the raw private key data, it also takes a cipher algorithm to be used during -creation of a \s-1CMAC\s0 in the \fBcipher\fR argument. +creation of a \s-1CMAC\s0 in the \fBcipher\fR argument. The cipher should be a standard +encryption only cipher. For example \s-1AEAD\s0 and \s-1XTS\s0 ciphers should not be used. .PP \&\fBEVP_PKEY_new_mac_key()\fR works in the same way as \fBEVP_PKEY_new_raw_private_key()\fR. New applications should use \fBEVP_PKEY_new_raw_private_key()\fR instead. diff --git a/secure/lib/libcrypto/man/man3/EVP_PKEY_print_private.3 b/secure/lib/libcrypto/man/man3/EVP_PKEY_print_private.3 index 6c7e2bbc8064d..e20cb1db6e08d 100644 --- a/secure/lib/libcrypto/man/man3/EVP_PKEY_print_private.3 +++ b/secure/lib/libcrypto/man/man3/EVP_PKEY_print_private.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EVP_PKEY_PRINT_PRIVATE 3" -.TH EVP_PKEY_PRINT_PRIVATE 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH EVP_PKEY_PRINT_PRIVATE 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/EVP_PKEY_set1_RSA.3 b/secure/lib/libcrypto/man/man3/EVP_PKEY_set1_RSA.3 index 530719519a85b..426643de92ea1 100644 --- a/secure/lib/libcrypto/man/man3/EVP_PKEY_set1_RSA.3 +++ b/secure/lib/libcrypto/man/man3/EVP_PKEY_set1_RSA.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EVP_PKEY_SET1_RSA 3" -.TH EVP_PKEY_SET1_RSA 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH EVP_PKEY_SET1_RSA 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/EVP_PKEY_sign.3 b/secure/lib/libcrypto/man/man3/EVP_PKEY_sign.3 index 5e226c6eccbb0..3bba1e6b3d073 100644 --- a/secure/lib/libcrypto/man/man3/EVP_PKEY_sign.3 +++ b/secure/lib/libcrypto/man/man3/EVP_PKEY_sign.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EVP_PKEY_SIGN 3" -.TH EVP_PKEY_SIGN 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH EVP_PKEY_SIGN 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/EVP_PKEY_size.3 b/secure/lib/libcrypto/man/man3/EVP_PKEY_size.3 index 887fa900f4ee8..a42fd607794a3 100644 --- a/secure/lib/libcrypto/man/man3/EVP_PKEY_size.3 +++ b/secure/lib/libcrypto/man/man3/EVP_PKEY_size.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EVP_PKEY_SIZE 3" -.TH EVP_PKEY_SIZE 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH EVP_PKEY_SIZE 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/EVP_PKEY_verify.3 b/secure/lib/libcrypto/man/man3/EVP_PKEY_verify.3 index f1f8f5a475360..f8d99a4d0ecff 100644 --- a/secure/lib/libcrypto/man/man3/EVP_PKEY_verify.3 +++ b/secure/lib/libcrypto/man/man3/EVP_PKEY_verify.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EVP_PKEY_VERIFY 3" -.TH EVP_PKEY_VERIFY 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH EVP_PKEY_VERIFY 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/EVP_PKEY_verify_recover.3 b/secure/lib/libcrypto/man/man3/EVP_PKEY_verify_recover.3 index 6439e3d84130b..864b8525293c5 100644 --- a/secure/lib/libcrypto/man/man3/EVP_PKEY_verify_recover.3 +++ b/secure/lib/libcrypto/man/man3/EVP_PKEY_verify_recover.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EVP_PKEY_VERIFY_RECOVER 3" -.TH EVP_PKEY_VERIFY_RECOVER 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH EVP_PKEY_VERIFY_RECOVER 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/EVP_SealInit.3 b/secure/lib/libcrypto/man/man3/EVP_SealInit.3 index 2c6f7f5194ca3..54fce8e6c7a22 100644 --- a/secure/lib/libcrypto/man/man3/EVP_SealInit.3 +++ b/secure/lib/libcrypto/man/man3/EVP_SealInit.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EVP_SEALINIT 3" -.TH EVP_SEALINIT 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH EVP_SEALINIT 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -154,7 +154,7 @@ EVP_SealInit, EVP_SealUpdate, EVP_SealFinal \- EVP envelope encryption .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -The \s-1EVP\s0 envelope routines are a high level interface to envelope +The \s-1EVP\s0 envelope routines are a high-level interface to envelope encryption. They generate a random key and \s-1IV\s0 (if required) then \&\*(L"envelope\*(R" it by using public key encryption. Data can then be encrypted using this key. @@ -215,7 +215,7 @@ with \fBtype\fR set to \s-1NULL.\s0 \&\s-1\fBRAND\s0\fR\|(7) .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/secure/lib/libcrypto/man/man3/EVP_SignInit.3 b/secure/lib/libcrypto/man/man3/EVP_SignInit.3 index 269356bfdfcb6..e64ac78c61948 100644 --- a/secure/lib/libcrypto/man/man3/EVP_SignInit.3 +++ b/secure/lib/libcrypto/man/man3/EVP_SignInit.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EVP_SIGNINIT 3" -.TH EVP_SIGNINIT 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH EVP_SIGNINIT 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -153,7 +153,7 @@ EVP_SignInit, EVP_SignInit_ex, EVP_SignUpdate, EVP_SignFinal \&\- EVP signing fu .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -The \s-1EVP\s0 signature routines are a high level interface to digital +The \s-1EVP\s0 signature routines are a high-level interface to digital signatures. .PP \&\fBEVP_SignInit_ex()\fR sets up signing context \fIctx\fR to use digest @@ -182,7 +182,7 @@ The error codes can be obtained by \fBERR_get_error\fR\|(3). .SH "NOTES" .IX Header "NOTES" The \fB\s-1EVP\s0\fR interface to digital signatures should almost always be used in -preference to the low level interfaces. This is because the code then becomes +preference to the low-level interfaces. This is because the code then becomes transparent to the algorithm used and much more flexible. .PP When signing with \s-1DSA\s0 private keys the random number generator must be seeded. diff --git a/secure/lib/libcrypto/man/man3/EVP_VerifyInit.3 b/secure/lib/libcrypto/man/man3/EVP_VerifyInit.3 index a58690fb75384..053358b8e8a09 100644 --- a/secure/lib/libcrypto/man/man3/EVP_VerifyInit.3 +++ b/secure/lib/libcrypto/man/man3/EVP_VerifyInit.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EVP_VERIFYINIT 3" -.TH EVP_VERIFYINIT 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH EVP_VERIFYINIT 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -154,7 +154,7 @@ EVP_VerifyInit_ex, EVP_VerifyInit, EVP_VerifyUpdate, EVP_VerifyFinal \&\- EVP si .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -The \s-1EVP\s0 signature verification routines are a high level interface to digital +The \s-1EVP\s0 signature verification routines are a high-level interface to digital signatures. .PP \&\fBEVP_VerifyInit_ex()\fR sets up verification context \fBctx\fR to use digest @@ -182,7 +182,7 @@ The error codes can be obtained by \fBERR_get_error\fR\|(3). .SH "NOTES" .IX Header "NOTES" The \fB\s-1EVP\s0\fR interface to digital signatures should almost always be used in -preference to the low level interfaces. This is because the code then becomes +preference to the low-level interfaces. This is because the code then becomes transparent to the algorithm used and much more flexible. .PP The call to \fBEVP_VerifyFinal()\fR internally finalizes a copy of the digest context. @@ -215,7 +215,7 @@ The previous two bugs are fixed in the newer EVP_DigestVerify*() function. \&\s-1\fBSHA1\s0\fR\|(3), \fBdgst\fR\|(1) .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/secure/lib/libcrypto/man/man3/EVP_aes.3 b/secure/lib/libcrypto/man/man3/EVP_aes.3 index 4384b31e4f850..d133bff5f810b 100644 --- a/secure/lib/libcrypto/man/man3/EVP_aes.3 +++ b/secure/lib/libcrypto/man/man3/EVP_aes.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EVP_AES 3" -.TH EVP_AES 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH EVP_AES 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/EVP_aria.3 b/secure/lib/libcrypto/man/man3/EVP_aria.3 index 3d35fb1137dc4..3a9a8f541ec70 100644 --- a/secure/lib/libcrypto/man/man3/EVP_aria.3 +++ b/secure/lib/libcrypto/man/man3/EVP_aria.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EVP_ARIA 3" -.TH EVP_ARIA 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH EVP_ARIA 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/EVP_bf_cbc.3 b/secure/lib/libcrypto/man/man3/EVP_bf_cbc.3 index 3b8ca6c6686e7..c27d374239186 100644 --- a/secure/lib/libcrypto/man/man3/EVP_bf_cbc.3 +++ b/secure/lib/libcrypto/man/man3/EVP_bf_cbc.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EVP_BF_CBC 3" -.TH EVP_BF_CBC 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH EVP_BF_CBC 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/EVP_blake2b512.3 b/secure/lib/libcrypto/man/man3/EVP_blake2b512.3 index 6844f4fe4289b..4712583b4de71 100644 --- a/secure/lib/libcrypto/man/man3/EVP_blake2b512.3 +++ b/secure/lib/libcrypto/man/man3/EVP_blake2b512.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EVP_BLAKE2B512 3" -.TH EVP_BLAKE2B512 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH EVP_BLAKE2B512 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/EVP_camellia.3 b/secure/lib/libcrypto/man/man3/EVP_camellia.3 index 35d8517c06dc9..935f4a1e63041 100644 --- a/secure/lib/libcrypto/man/man3/EVP_camellia.3 +++ b/secure/lib/libcrypto/man/man3/EVP_camellia.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EVP_CAMELLIA 3" -.TH EVP_CAMELLIA 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH EVP_CAMELLIA 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/EVP_cast5_cbc.3 b/secure/lib/libcrypto/man/man3/EVP_cast5_cbc.3 index 70a2f03998cac..f0c55e7fe3641 100644 --- a/secure/lib/libcrypto/man/man3/EVP_cast5_cbc.3 +++ b/secure/lib/libcrypto/man/man3/EVP_cast5_cbc.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EVP_CAST5_CBC 3" -.TH EVP_CAST5_CBC 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH EVP_CAST5_CBC 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/EVP_chacha20.3 b/secure/lib/libcrypto/man/man3/EVP_chacha20.3 index ac92d82bd3a07..923a1e2a064d9 100644 --- a/secure/lib/libcrypto/man/man3/EVP_chacha20.3 +++ b/secure/lib/libcrypto/man/man3/EVP_chacha20.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EVP_CHACHA20 3" -.TH EVP_CHACHA20 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH EVP_CHACHA20 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/EVP_des.3 b/secure/lib/libcrypto/man/man3/EVP_des.3 index bba0e2834dd0f..700962223c33f 100644 --- a/secure/lib/libcrypto/man/man3/EVP_des.3 +++ b/secure/lib/libcrypto/man/man3/EVP_des.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EVP_DES 3" -.TH EVP_DES 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH EVP_DES 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/EVP_desx_cbc.3 b/secure/lib/libcrypto/man/man3/EVP_desx_cbc.3 index 75e48d90f70e9..12737c506d9ee 100644 --- a/secure/lib/libcrypto/man/man3/EVP_desx_cbc.3 +++ b/secure/lib/libcrypto/man/man3/EVP_desx_cbc.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EVP_DESX_CBC 3" -.TH EVP_DESX_CBC 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH EVP_DESX_CBC 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/EVP_idea_cbc.3 b/secure/lib/libcrypto/man/man3/EVP_idea_cbc.3 index 6e35114084940..e192d2bcee2e8 100644 --- a/secure/lib/libcrypto/man/man3/EVP_idea_cbc.3 +++ b/secure/lib/libcrypto/man/man3/EVP_idea_cbc.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EVP_IDEA_CBC 3" -.TH EVP_IDEA_CBC 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH EVP_IDEA_CBC 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/EVP_md2.3 b/secure/lib/libcrypto/man/man3/EVP_md2.3 index 3651df6d09d49..4e80f007b1416 100644 --- a/secure/lib/libcrypto/man/man3/EVP_md2.3 +++ b/secure/lib/libcrypto/man/man3/EVP_md2.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EVP_MD2 3" -.TH EVP_MD2 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH EVP_MD2 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/EVP_md4.3 b/secure/lib/libcrypto/man/man3/EVP_md4.3 index 484bd69dd5cb5..127ab28f0bf25 100644 --- a/secure/lib/libcrypto/man/man3/EVP_md4.3 +++ b/secure/lib/libcrypto/man/man3/EVP_md4.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EVP_MD4 3" -.TH EVP_MD4 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH EVP_MD4 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/EVP_md5.3 b/secure/lib/libcrypto/man/man3/EVP_md5.3 index e21f27f943997..c0aa5ee8ec815 100644 --- a/secure/lib/libcrypto/man/man3/EVP_md5.3 +++ b/secure/lib/libcrypto/man/man3/EVP_md5.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EVP_MD5 3" -.TH EVP_MD5 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH EVP_MD5 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/EVP_mdc2.3 b/secure/lib/libcrypto/man/man3/EVP_mdc2.3 index e35705181938f..6a33e6219e8b6 100644 --- a/secure/lib/libcrypto/man/man3/EVP_mdc2.3 +++ b/secure/lib/libcrypto/man/man3/EVP_mdc2.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EVP_MDC2 3" -.TH EVP_MDC2 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH EVP_MDC2 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/EVP_rc2_cbc.3 b/secure/lib/libcrypto/man/man3/EVP_rc2_cbc.3 index d208082684cea..6f67536ad7f99 100644 --- a/secure/lib/libcrypto/man/man3/EVP_rc2_cbc.3 +++ b/secure/lib/libcrypto/man/man3/EVP_rc2_cbc.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EVP_RC2_CBC 3" -.TH EVP_RC2_CBC 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH EVP_RC2_CBC 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/EVP_rc4.3 b/secure/lib/libcrypto/man/man3/EVP_rc4.3 index 478c4c730b849..467b2d069e347 100644 --- a/secure/lib/libcrypto/man/man3/EVP_rc4.3 +++ b/secure/lib/libcrypto/man/man3/EVP_rc4.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EVP_RC4 3" -.TH EVP_RC4 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH EVP_RC4 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/EVP_rc5_32_12_16_cbc.3 b/secure/lib/libcrypto/man/man3/EVP_rc5_32_12_16_cbc.3 index fd08811a48aa5..44543bd6753c3 100644 --- a/secure/lib/libcrypto/man/man3/EVP_rc5_32_12_16_cbc.3 +++ b/secure/lib/libcrypto/man/man3/EVP_rc5_32_12_16_cbc.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EVP_RC5_32_12_16_CBC 3" -.TH EVP_RC5_32_12_16_CBC 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH EVP_RC5_32_12_16_CBC 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/EVP_ripemd160.3 b/secure/lib/libcrypto/man/man3/EVP_ripemd160.3 index 60e62bff1a8c1..a8c5e53353791 100644 --- a/secure/lib/libcrypto/man/man3/EVP_ripemd160.3 +++ b/secure/lib/libcrypto/man/man3/EVP_ripemd160.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EVP_RIPEMD160 3" -.TH EVP_RIPEMD160 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH EVP_RIPEMD160 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/EVP_seed_cbc.3 b/secure/lib/libcrypto/man/man3/EVP_seed_cbc.3 index 81743ee93dde6..a815c153f03d3 100644 --- a/secure/lib/libcrypto/man/man3/EVP_seed_cbc.3 +++ b/secure/lib/libcrypto/man/man3/EVP_seed_cbc.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EVP_SEED_CBC 3" -.TH EVP_SEED_CBC 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH EVP_SEED_CBC 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/EVP_sha1.3 b/secure/lib/libcrypto/man/man3/EVP_sha1.3 index 7b35557501f21..c524bbc20944e 100644 --- a/secure/lib/libcrypto/man/man3/EVP_sha1.3 +++ b/secure/lib/libcrypto/man/man3/EVP_sha1.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EVP_SHA1 3" -.TH EVP_SHA1 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH EVP_SHA1 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/EVP_sha224.3 b/secure/lib/libcrypto/man/man3/EVP_sha224.3 index c9cdd8fe255d8..4601a35c73c75 100644 --- a/secure/lib/libcrypto/man/man3/EVP_sha224.3 +++ b/secure/lib/libcrypto/man/man3/EVP_sha224.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EVP_SHA224 3" -.TH EVP_SHA224 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH EVP_SHA224 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/EVP_sha3_224.3 b/secure/lib/libcrypto/man/man3/EVP_sha3_224.3 index abd722ca1b490..f921228032c4d 100644 --- a/secure/lib/libcrypto/man/man3/EVP_sha3_224.3 +++ b/secure/lib/libcrypto/man/man3/EVP_sha3_224.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EVP_SHA3_224 3" -.TH EVP_SHA3_224 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH EVP_SHA3_224 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/EVP_sm3.3 b/secure/lib/libcrypto/man/man3/EVP_sm3.3 index 49045e0d9492a..af77489157855 100644 --- a/secure/lib/libcrypto/man/man3/EVP_sm3.3 +++ b/secure/lib/libcrypto/man/man3/EVP_sm3.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EVP_SM3 3" -.TH EVP_SM3 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH EVP_SM3 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/EVP_sm4_cbc.3 b/secure/lib/libcrypto/man/man3/EVP_sm4_cbc.3 index 56aa0ac9babc7..5391b61a82fc2 100644 --- a/secure/lib/libcrypto/man/man3/EVP_sm4_cbc.3 +++ b/secure/lib/libcrypto/man/man3/EVP_sm4_cbc.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EVP_SM4_CBC 3" -.TH EVP_SM4_CBC 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH EVP_SM4_CBC 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/EVP_whirlpool.3 b/secure/lib/libcrypto/man/man3/EVP_whirlpool.3 index b227755160f20..9c67489430a8e 100644 --- a/secure/lib/libcrypto/man/man3/EVP_whirlpool.3 +++ b/secure/lib/libcrypto/man/man3/EVP_whirlpool.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EVP_WHIRLPOOL 3" -.TH EVP_WHIRLPOOL 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH EVP_WHIRLPOOL 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/HMAC.3 b/secure/lib/libcrypto/man/man3/HMAC.3 index 60ab2e35d6f36..fab1644c7b701 100644 --- a/secure/lib/libcrypto/man/man3/HMAC.3 +++ b/secure/lib/libcrypto/man/man3/HMAC.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "HMAC 3" -.TH HMAC 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH HMAC 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -146,7 +146,7 @@ HMAC, HMAC_CTX_new, HMAC_CTX_reset, HMAC_CTX_free, HMAC_Init, HMAC_Init_ex, HMAC \& #include <openssl/hmac.h> \& \& unsigned char *HMAC(const EVP_MD *evp_md, const void *key, -\& int key_len, const unsigned char *d, int n, +\& int key_len, const unsigned char *d, size_t n, \& unsigned char *md, unsigned int *md_len); \& \& HMAC_CTX *HMAC_CTX_new(void); @@ -154,7 +154,7 @@ HMAC, HMAC_CTX_new, HMAC_CTX_reset, HMAC_CTX_free, HMAC_Init, HMAC_Init_ex, HMAC \& \& int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int key_len, \& const EVP_MD *md, ENGINE *impl); -\& int HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, int len); +\& int HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, size_t len); \& int HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len); \& \& void HMAC_CTX_free(HMAC_CTX *ctx); @@ -196,7 +196,7 @@ not support variable output length digests such as \fBEVP_shake128()\fR and .PP \&\fBHMAC_CTX_new()\fR creates a new \s-1HMAC_CTX\s0 in heap memory. .PP -\&\fBHMAC_CTX_reset()\fR zeroes an existing \fB\s-1HMAC_CTX\s0\fR and associated +\&\fBHMAC_CTX_reset()\fR zeros an existing \fB\s-1HMAC_CTX\s0\fR and associated resources, making it suitable for new computations as if it was newly created with \fBHMAC_CTX_new()\fR. .PP @@ -271,7 +271,7 @@ or zero on error. OpenSSL before version 1.0.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/secure/lib/libcrypto/man/man3/MD5.3 b/secure/lib/libcrypto/man/man3/MD5.3 index 3d196cd13ea77..2b99da5c24912 100644 --- a/secure/lib/libcrypto/man/man3/MD5.3 +++ b/secure/lib/libcrypto/man/man3/MD5.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "MD5 3" -.TH MD5 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH MD5 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/MDC2_Init.3 b/secure/lib/libcrypto/man/man3/MDC2_Init.3 index 355e3aa2261b6..25d618169f222 100644 --- a/secure/lib/libcrypto/man/man3/MDC2_Init.3 +++ b/secure/lib/libcrypto/man/man3/MDC2_Init.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "MDC2_INIT 3" -.TH MDC2_INIT 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH MDC2_INIT 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/Makefile b/secure/lib/libcrypto/man/man3/Makefile index f73ddfc872951..074cd15650842 100644 --- a/secure/lib/libcrypto/man/man3/Makefile +++ b/secure/lib/libcrypto/man/man3/Makefile @@ -1185,6 +1185,7 @@ MLINKS+= EC_KEY_get_enc_flags.3 EC_KEY_set_enc_flags.3 MLINKS+= EC_KEY_new.3 EC_KEY_check_key.3 MLINKS+= EC_KEY_new.3 EC_KEY_clear_flags.3 MLINKS+= EC_KEY_new.3 EC_KEY_copy.3 +MLINKS+= EC_KEY_new.3 EC_KEY_decoded_from_explicit_params.3 MLINKS+= EC_KEY_new.3 EC_KEY_dup.3 MLINKS+= EC_KEY_new.3 EC_KEY_free.3 MLINKS+= EC_KEY_new.3 EC_KEY_generate_key.3 @@ -2915,6 +2916,7 @@ MLINKS+= X509V3_get_d2i.3 X509_add1_ext_i2d.3 MLINKS+= X509V3_get_d2i.3 X509_get0_extensions.3 MLINKS+= X509V3_get_d2i.3 X509_get_ext_d2i.3 MLINKS+= X509_ALGOR_dup.3 X509_ALGOR_cmp.3 +MLINKS+= X509_ALGOR_dup.3 X509_ALGOR_copy.3 MLINKS+= X509_ALGOR_dup.3 X509_ALGOR_get0.3 MLINKS+= X509_ALGOR_dup.3 X509_ALGOR_set0.3 MLINKS+= X509_ALGOR_dup.3 X509_ALGOR_set_md.3 @@ -3391,6 +3393,8 @@ MLINKS+= X509_get0_signature.3 X509_CRL_get0_signature.3 MLINKS+= X509_get0_signature.3 X509_CRL_get_signature_nid.3 MLINKS+= X509_get0_signature.3 X509_REQ_get0_signature.3 MLINKS+= X509_get0_signature.3 X509_REQ_get_signature_nid.3 +MLINKS+= X509_get0_signature.3 X509_REQ_set0_signature.3 +MLINKS+= X509_get0_signature.3 X509_REQ_set1_signature_algo.3 MLINKS+= X509_get0_signature.3 X509_SIG_INFO_get.3 MLINKS+= X509_get0_signature.3 X509_SIG_INFO_set.3 MLINKS+= X509_get0_signature.3 X509_get0_tbs_sigalg.3 diff --git a/secure/lib/libcrypto/man/man3/OBJ_nid2obj.3 b/secure/lib/libcrypto/man/man3/OBJ_nid2obj.3 index c0cdf7dad2cfc..54c6dbaae5208 100644 --- a/secure/lib/libcrypto/man/man3/OBJ_nid2obj.3 +++ b/secure/lib/libcrypto/man/man3/OBJ_nid2obj.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "OBJ_NID2OBJ 3" -.TH OBJ_NID2OBJ 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH OBJ_NID2OBJ 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/OCSP_REQUEST_new.3 b/secure/lib/libcrypto/man/man3/OCSP_REQUEST_new.3 index 8c1b112ee09bb..6e0da6a3c0b16 100644 --- a/secure/lib/libcrypto/man/man3/OCSP_REQUEST_new.3 +++ b/secure/lib/libcrypto/man/man3/OCSP_REQUEST_new.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "OCSP_REQUEST_NEW 3" -.TH OCSP_REQUEST_NEW 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH OCSP_REQUEST_NEW 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/OCSP_cert_to_id.3 b/secure/lib/libcrypto/man/man3/OCSP_cert_to_id.3 index 098620da5ddb3..1c1f6d35caf7d 100644 --- a/secure/lib/libcrypto/man/man3/OCSP_cert_to_id.3 +++ b/secure/lib/libcrypto/man/man3/OCSP_cert_to_id.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "OCSP_CERT_TO_ID 3" -.TH OCSP_CERT_TO_ID 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH OCSP_CERT_TO_ID 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -186,7 +186,7 @@ corresponding parameter can be set to \fB\s-1NULL\s0\fR. \&\fBOCSP_cert_to_id()\fR and \fBOCSP_cert_id_new()\fR return either a pointer to a valid \&\fB\s-1OCSP_CERTID\s0\fR structure or \fB\s-1NULL\s0\fR if an error occurred. .PP -\&\fBOCSP_id_cmp()\fR and \fBOCSP_id_issuer_cmp()\fR returns zero for a match and non-zero +\&\fBOCSP_id_cmp()\fR and \fBOCSP_id_issuer_cmp()\fR returns zero for a match and nonzero otherwise. .PP \&\fBOCSP_CERTID_free()\fR does not return a value. @@ -210,7 +210,7 @@ NOT\s0\fR be freed up by an application: they will be freed when the correspondi \&\fBOCSP_sendreq_new\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2015\-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2015\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/secure/lib/libcrypto/man/man3/OCSP_request_add1_nonce.3 b/secure/lib/libcrypto/man/man3/OCSP_request_add1_nonce.3 index 1a3d90337d5ed..eb01075579e20 100644 --- a/secure/lib/libcrypto/man/man3/OCSP_request_add1_nonce.3 +++ b/secure/lib/libcrypto/man/man3/OCSP_request_add1_nonce.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "OCSP_REQUEST_ADD1_NONCE 3" -.TH OCSP_REQUEST_ADD1_NONCE 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH OCSP_REQUEST_ADD1_NONCE 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -192,7 +192,7 @@ performance reasons. As a result they do not support nonces. .PP The return values of \fBOCSP_check_nonce()\fR can be checked to cover each case. A positive return value effectively indicates success: nonces are both present -and match, both absent or present in the response only. A non-zero return +and match, both absent or present in the response only. A nonzero return additionally covers the case where the nonce is present in the request only: this will happen if the responder doesn't support nonces. A zero return value indicates present and mismatched nonces: this should be treated as an error diff --git a/secure/lib/libcrypto/man/man3/OCSP_resp_find_status.3 b/secure/lib/libcrypto/man/man3/OCSP_resp_find_status.3 index 9b50fab03faab..b8df8c5c0cbe5 100644 --- a/secure/lib/libcrypto/man/man3/OCSP_resp_find_status.3 +++ b/secure/lib/libcrypto/man/man3/OCSP_resp_find_status.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "OCSP_RESP_FIND_STATUS 3" -.TH OCSP_RESP_FIND_STATUS 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH OCSP_RESP_FIND_STATUS 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -238,7 +238,7 @@ no freeing of the results is necessary. .PP \&\fBOCSP_check_validity()\fR checks the validity of \fBthisupd\fR and \fBnextupd\fR values which will be typically obtained from \fBOCSP_resp_find_status()\fR or -\&\fBOCSP_single_get0_status()\fR. If \fBsec\fR is non-zero it indicates how many seconds +\&\fBOCSP_single_get0_status()\fR. If \fBsec\fR is nonzero it indicates how many seconds leeway should be allowed in the check. If \fBmaxsec\fR is positive it indicates the maximum age of \fBthisupd\fR in seconds. .PP @@ -291,7 +291,7 @@ can then take appropriate action based on the status of the certificate. .PP An \s-1OCSP\s0 response for a certificate contains \fBthisUpdate\fR and \fBnextUpdate\fR fields. Normally the current time should be between these two values. To -account for clock skew the \fBmaxsec\fR field can be set to non-zero in +account for clock skew the \fBmaxsec\fR field can be set to nonzero in \&\fBOCSP_check_validity()\fR. Some responders do not set the \fBnextUpdate\fR field, this would otherwise mean an ancient response would be considered valid: the \&\fBmaxsec\fR parameter to \fBOCSP_check_validity()\fR can be used to limit the permitted @@ -311,7 +311,7 @@ parameters can be set to \s-1NULL\s0 if their value is not required. \&\fBOCSP_sendreq_new\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2015\-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2015\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/secure/lib/libcrypto/man/man3/OCSP_response_status.3 b/secure/lib/libcrypto/man/man3/OCSP_response_status.3 index e950d7e2e4a6d..771158e92f39d 100644 --- a/secure/lib/libcrypto/man/man3/OCSP_response_status.3 +++ b/secure/lib/libcrypto/man/man3/OCSP_response_status.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "OCSP_RESPONSE_STATUS 3" -.TH OCSP_RESPONSE_STATUS 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH OCSP_RESPONSE_STATUS 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/OCSP_sendreq_new.3 b/secure/lib/libcrypto/man/man3/OCSP_sendreq_new.3 index 1d4c140653738..26e4a9235dcb6 100644 --- a/secure/lib/libcrypto/man/man3/OCSP_sendreq_new.3 +++ b/secure/lib/libcrypto/man/man3/OCSP_sendreq_new.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "OCSP_SENDREQ_NEW 3" -.TH OCSP_SENDREQ_NEW 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH OCSP_SENDREQ_NEW 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -169,7 +169,7 @@ response header maximum line length of \fBmaxline\fR. If \fBmaxline\fR is zero a default value of 4k is used. The \s-1OCSP\s0 request \fBreq\fR may be set to \fB\s-1NULL\s0\fR and provided later if required. .PP -\&\fBOCSP_sendreq_nbio()\fR performs non-blocking I/O on the \s-1OCSP\s0 request context +\&\fBOCSP_sendreq_nbio()\fR performs nonblocking I/O on the \s-1OCSP\s0 request context \&\fBrctx\fR. When the operation is complete it returns the response in \fB*presp\fR. .PP \&\fBOCSP_REQ_CTX_free()\fR frees up the \s-1OCSP\s0 context \fBrctx\fR. @@ -231,7 +231,7 @@ corresponding \s-1BIO\s0 can be examined to determine which operation (read or write) should be retried and appropriate action taken (for example a \fBselect()\fR call on the underlying socket). .PP -\&\fBOCSP_sendreq_bio()\fR does not support retries and so cannot handle non-blocking +\&\fBOCSP_sendreq_bio()\fR does not support retries and so cannot handle nonblocking I/O efficiently. It is retained for compatibility and its use in new applications is not recommended. .SH "SEE ALSO" diff --git a/secure/lib/libcrypto/man/man3/OPENSSL_Applink.3 b/secure/lib/libcrypto/man/man3/OPENSSL_Applink.3 index 1cd27c02c9ca7..2a61af70cb723 100644 --- a/secure/lib/libcrypto/man/man3/OPENSSL_Applink.3 +++ b/secure/lib/libcrypto/man/man3/OPENSSL_Applink.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "OPENSSL_APPLINK 3" -.TH OPENSSL_APPLINK 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH OPENSSL_APPLINK 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/OPENSSL_LH_COMPFUNC.3 b/secure/lib/libcrypto/man/man3/OPENSSL_LH_COMPFUNC.3 index b267757f62868..b545b092e5a05 100644 --- a/secure/lib/libcrypto/man/man3/OPENSSL_LH_COMPFUNC.3 +++ b/secure/lib/libcrypto/man/man3/OPENSSL_LH_COMPFUNC.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "OPENSSL_LH_COMPFUNC 3" -.TH OPENSSL_LH_COMPFUNC 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH OPENSSL_LH_COMPFUNC 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -180,7 +180,7 @@ an unsigned long hash value for its key field. The hash value is normally truncated to a power of 2, so make sure that your hash function returns well mixed low order bits. The \fBcompare\fR callback takes two arguments (pointers to two hash table entries), and returns -0 if their keys are equal, non-zero otherwise. +0 if their keys are equal, nonzero otherwise. .PP If your hash table will contain items of some particular type and the \fBhash\fR and @@ -332,7 +332,7 @@ all such parameters as constant. .PP As an example, a hash table may be maintained by code that, for reasons of encapsulation, has only \*(L"const\*(R" access to the data being -indexed in the hash table (ie. it is returned as \*(L"const\*(R" from +indexed in the hash table (i.e. it is returned as \*(L"const\*(R" from elsewhere in their code) \- in this case the \s-1LHASH\s0 prototypes are appropriate as-is. Conversely, if the caller is responsible for the life-time of the data in question, then they may well wish to make @@ -361,7 +361,7 @@ In OpenSSL 1.0.0, the lhash interface was revamped for better type checking. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/secure/lib/libcrypto/man/man3/OPENSSL_LH_stats.3 b/secure/lib/libcrypto/man/man3/OPENSSL_LH_stats.3 index 9da73e1974f8e..cb2048d8eadd8 100644 --- a/secure/lib/libcrypto/man/man3/OPENSSL_LH_stats.3 +++ b/secure/lib/libcrypto/man/man3/OPENSSL_LH_stats.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "OPENSSL_LH_STATS 3" -.TH OPENSSL_LH_STATS 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH OPENSSL_LH_STATS 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/OPENSSL_VERSION_NUMBER.3 b/secure/lib/libcrypto/man/man3/OPENSSL_VERSION_NUMBER.3 index f945c4adc3b89..96a7c4f163837 100644 --- a/secure/lib/libcrypto/man/man3/OPENSSL_VERSION_NUMBER.3 +++ b/secure/lib/libcrypto/man/man3/OPENSSL_VERSION_NUMBER.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "OPENSSL_VERSION_NUMBER 3" -.TH OPENSSL_VERSION_NUMBER 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH OPENSSL_VERSION_NUMBER 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/OPENSSL_config.3 b/secure/lib/libcrypto/man/man3/OPENSSL_config.3 index 314a0fdb885a8..dc1b6f0b3932a 100644 --- a/secure/lib/libcrypto/man/man3/OPENSSL_config.3 +++ b/secure/lib/libcrypto/man/man3/OPENSSL_config.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "OPENSSL_CONFIG 3" -.TH OPENSSL_CONFIG 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH OPENSSL_CONFIG 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -177,7 +177,7 @@ initialization (that is before starting any threads). .PP There are several reasons why calling the OpenSSL configuration routines is advisable. For example, to load dynamic ENGINEs from shared libraries (DSOs). -However very few applications currently support the control interface and so +However, very few applications currently support the control interface and so very few can load and use dynamic ENGINEs. Equally in future more sophisticated ENGINEs will require certain control operations to customize them. If an application calls \fBOPENSSL_config()\fR it doesn't need to know or care about @@ -202,7 +202,7 @@ The \fBOPENSSL_no_config()\fR and \fBOPENSSL_config()\fR functions were deprecated in OpenSSL 1.1.0 by \fBOPENSSL_init_crypto()\fR. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2004\-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2004\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/secure/lib/libcrypto/man/man3/OPENSSL_fork_prepare.3 b/secure/lib/libcrypto/man/man3/OPENSSL_fork_prepare.3 index 6d7d5c99bd89a..599fb46a65a7a 100644 --- a/secure/lib/libcrypto/man/man3/OPENSSL_fork_prepare.3 +++ b/secure/lib/libcrypto/man/man3/OPENSSL_fork_prepare.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "OPENSSL_FORK_PREPARE 3" -.TH OPENSSL_FORK_PREPARE 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH OPENSSL_FORK_PREPARE 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/OPENSSL_ia32cap.3 b/secure/lib/libcrypto/man/man3/OPENSSL_ia32cap.3 index 3cda3b6d32f43..a173b383e2530 100644 --- a/secure/lib/libcrypto/man/man3/OPENSSL_ia32cap.3 +++ b/secure/lib/libcrypto/man/man3/OPENSSL_ia32cap.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "OPENSSL_IA32CAP 3" -.TH OPENSSL_IA32CAP 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH OPENSSL_IA32CAP 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -231,8 +231,8 @@ The capability vector is further extended with \s-1EBX\s0 value returned by .IX Item "bit #64+18 denoting availability of RDSEED instruction;" .IP "bit #64+19 denoting availability of \s-1ADCX\s0 and \s-1ADOX\s0 instructions;" 4 .IX Item "bit #64+19 denoting availability of ADCX and ADOX instructions;" -.IP "bit #64+21 denoting availability of VPMADD52[\s-1LH\s0]UQ instructions, a.k.a. \s-1AVX512IFMA\s0 extension;" 4 -.IX Item "bit #64+21 denoting availability of VPMADD52[LH]UQ instructions, a.k.a. AVX512IFMA extension;" +.IP "bit #64+21 denoting availability of VPMADD52[\s-1LH\s0]UQ instructions, aka \s-1AVX512IFMA\s0 extension;" 4 +.IX Item "bit #64+21 denoting availability of VPMADD52[LH]UQ instructions, aka AVX512IFMA extension;" .IP "bit #64+29 denoting availability of \s-1SHA\s0 extension;" 4 .IX Item "bit #64+29 denoting availability of SHA extension;" .IP "bit #64+30 denoting availability of \s-1AVX512BW\s0 extension;" 4 @@ -287,7 +287,7 @@ version is used, as it is \s-1GNU\s0 assembler version that will be checked. Not available. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2004\-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2004\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/secure/lib/libcrypto/man/man3/OPENSSL_init_crypto.3 b/secure/lib/libcrypto/man/man3/OPENSSL_init_crypto.3 index 6d2e9db32f387..a071245ebf5bb 100644 --- a/secure/lib/libcrypto/man/man3/OPENSSL_init_crypto.3 +++ b/secure/lib/libcrypto/man/man3/OPENSSL_init_crypto.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "OPENSSL_INIT_CRYPTO 3" -.TH OPENSSL_INIT_CRYPTO 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH OPENSSL_INIT_CRYPTO 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -172,13 +172,13 @@ needs so no explicit initialisation is required. Similarly it will also automatically deinitialise as required. .PP However, there may be situations when explicit initialisation is desirable or -needed, for example when some non-default initialisation is required. The +needed, for example when some nondefault initialisation is required. The function \fBOPENSSL_init_crypto()\fR can be used for this purpose for libcrypto (see also \fBOPENSSL_init_ssl\fR\|(3) for the libssl equivalent). .PP Numerous internal OpenSSL functions call \fBOPENSSL_init_crypto()\fR. -Therefore, in order to perform non-default initialisation, +Therefore, in order to perform nondefault initialisation, \&\fBOPENSSL_init_crypto()\fR \s-1MUST\s0 be called by application code prior to any other OpenSSL function calls. .PP @@ -328,10 +328,10 @@ The filename, application name, and flags can be customized by providing a non-null \fB\s-1OPENSSL_INIT_SETTINGS\s0\fR object. The object can be allocated via \fB\fBOPENSSL_init_new()\fB\fR. The \fB\fBOPENSSL_INIT_set_config_filename()\fB\fR function can be used to specify a -non-default filename, which is copied and need not refer to persistent storage. +nondefault filename, which is copied and need not refer to persistent storage. Similarly, \fBOPENSSL_INIT_set_config_appname()\fR can be used to specify a -non-default application name. -Finally, OPENSSL_INIT_set_file_flags can be used to specify non-default flags. +nondefault application name. +Finally, OPENSSL_INIT_set_file_flags can be used to specify nondefault flags. If the \fB\s-1CONF_MFLAGS_IGNORE_RETURN_CODES\s0\fR flag is not included, any errors in the configuration file will cause an error return from \fBOPENSSL_init_crypto\fR or indirectly \fBOPENSSL_init_ssl\fR\|(3). @@ -371,7 +371,7 @@ The \fBOPENSSL_init_crypto()\fR, \fBOPENSSL_cleanup()\fR, \fBOPENSSL_atexit()\fR and \fBOPENSSL_INIT_free()\fR functions were added in OpenSSL 1.1.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2016\-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2016\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/secure/lib/libcrypto/man/man3/OPENSSL_init_ssl.3 b/secure/lib/libcrypto/man/man3/OPENSSL_init_ssl.3 index c44bcc459c776..472fea8e01fc7 100644 --- a/secure/lib/libcrypto/man/man3/OPENSSL_init_ssl.3 +++ b/secure/lib/libcrypto/man/man3/OPENSSL_init_ssl.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "OPENSSL_INIT_SSL 3" -.TH OPENSSL_INIT_SSL 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH OPENSSL_INIT_SSL 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -160,14 +160,14 @@ needs so no explicit initialisation is required. Similarly it will also automatically deinitialise as required. .PP However, there may be situations when explicit initialisation is desirable or -needed, for example when some non-default initialisation is required. The +needed, for example when some nondefault initialisation is required. The function \fBOPENSSL_init_ssl()\fR can be used for this purpose. Calling this function will explicitly initialise \s-1BOTH\s0 libcrypto and libssl. To explicitly initialise \s-1ONLY\s0 libcrypto see the \&\fBOPENSSL_init_crypto\fR\|(3) function. .PP Numerous internal OpenSSL functions call \fBOPENSSL_init_ssl()\fR. -Therefore, in order to perform non-default initialisation, +Therefore, in order to perform nondefault initialisation, \&\fBOPENSSL_init_ssl()\fR \s-1MUST\s0 be called by application code prior to any other OpenSSL function calls. .PP @@ -201,7 +201,7 @@ The function \fBOPENSSL_init_ssl()\fR returns 1 on success or 0 on error. The \fBOPENSSL_init_ssl()\fR function was added in OpenSSL 1.1.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2016\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/secure/lib/libcrypto/man/man3/OPENSSL_instrument_bus.3 b/secure/lib/libcrypto/man/man3/OPENSSL_instrument_bus.3 index 68af6bc783385..119c20b2dab74 100644 --- a/secure/lib/libcrypto/man/man3/OPENSSL_instrument_bus.3 +++ b/secure/lib/libcrypto/man/man3/OPENSSL_instrument_bus.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "OPENSSL_INSTRUMENT_BUS 3" -.TH OPENSSL_INSTRUMENT_BUS 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH OPENSSL_INSTRUMENT_BUS 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/OPENSSL_load_builtin_modules.3 b/secure/lib/libcrypto/man/man3/OPENSSL_load_builtin_modules.3 index fa2f0e854325d..de8a693529778 100644 --- a/secure/lib/libcrypto/man/man3/OPENSSL_load_builtin_modules.3 +++ b/secure/lib/libcrypto/man/man3/OPENSSL_load_builtin_modules.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "OPENSSL_LOAD_BUILTIN_MODULES 3" -.TH OPENSSL_LOAD_BUILTIN_MODULES 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH OPENSSL_LOAD_BUILTIN_MODULES 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/OPENSSL_malloc.3 b/secure/lib/libcrypto/man/man3/OPENSSL_malloc.3 index 1d2829d44f1ff..824046a0d8813 100644 --- a/secure/lib/libcrypto/man/man3/OPENSSL_malloc.3 +++ b/secure/lib/libcrypto/man/man3/OPENSSL_malloc.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "OPENSSL_MALLOC 3" -.TH OPENSSL_MALLOC 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH OPENSSL_MALLOC 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/OPENSSL_secure_malloc.3 b/secure/lib/libcrypto/man/man3/OPENSSL_secure_malloc.3 index cda024c06dd0e..862e2abfe10e5 100644 --- a/secure/lib/libcrypto/man/man3/OPENSSL_secure_malloc.3 +++ b/secure/lib/libcrypto/man/man3/OPENSSL_secure_malloc.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "OPENSSL_SECURE_MALLOC 3" -.TH OPENSSL_SECURE_MALLOC 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH OPENSSL_SECURE_MALLOC 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/OSSL_STORE_INFO.3 b/secure/lib/libcrypto/man/man3/OSSL_STORE_INFO.3 index cd2f01d38af73..ecaf98abed6b0 100644 --- a/secure/lib/libcrypto/man/man3/OSSL_STORE_INFO.3 +++ b/secure/lib/libcrypto/man/man3/OSSL_STORE_INFO.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "OSSL_STORE_INFO 3" -.TH OSSL_STORE_INFO 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH OSSL_STORE_INFO 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/OSSL_STORE_LOADER.3 b/secure/lib/libcrypto/man/man3/OSSL_STORE_LOADER.3 index 1fce905cdb587..91736622b22fd 100644 --- a/secure/lib/libcrypto/man/man3/OSSL_STORE_LOADER.3 +++ b/secure/lib/libcrypto/man/man3/OSSL_STORE_LOADER.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "OSSL_STORE_LOADER 3" -.TH OSSL_STORE_LOADER 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH OSSL_STORE_LOADER 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/OSSL_STORE_SEARCH.3 b/secure/lib/libcrypto/man/man3/OSSL_STORE_SEARCH.3 index d075f4a7f88db..d0f53173bed0d 100644 --- a/secure/lib/libcrypto/man/man3/OSSL_STORE_SEARCH.3 +++ b/secure/lib/libcrypto/man/man3/OSSL_STORE_SEARCH.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "OSSL_STORE_SEARCH 3" -.TH OSSL_STORE_SEARCH 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH OSSL_STORE_SEARCH 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/OSSL_STORE_expect.3 b/secure/lib/libcrypto/man/man3/OSSL_STORE_expect.3 index bad62eb0410b1..559e57f311587 100644 --- a/secure/lib/libcrypto/man/man3/OSSL_STORE_expect.3 +++ b/secure/lib/libcrypto/man/man3/OSSL_STORE_expect.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "OSSL_STORE_EXPECT 3" -.TH OSSL_STORE_EXPECT 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH OSSL_STORE_EXPECT 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/OSSL_STORE_open.3 b/secure/lib/libcrypto/man/man3/OSSL_STORE_open.3 index 3f5e885601ad9..1e5768981fd73 100644 --- a/secure/lib/libcrypto/man/man3/OSSL_STORE_open.3 +++ b/secure/lib/libcrypto/man/man3/OSSL_STORE_open.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "OSSL_STORE_OPEN 3" -.TH OSSL_STORE_OPEN 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH OSSL_STORE_OPEN 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -179,21 +179,22 @@ information for \fBOSSL_STORE_open()\fR, \fBOSSL_STORE_load()\fR, \fBOSSL_STORE_ \&\fBOSSL_STORE_close()\fR to work together. .SS "Functions" .IX Subsection "Functions" -\&\fBOSSL_STORE_open()\fR takes a uri or path \fBuri\fR, password \s-1UI\s0 method -\&\fBui_method\fR with associated data \fBui_data\fR, and post processing -callback \fBpost_process\fR with associated data \fBpost_process_data\fR, +\&\fBOSSL_STORE_open()\fR takes a uri or path \fIuri\fR, password \s-1UI\s0 method +\&\fIui_method\fR with associated data \fIui_data\fR, and post processing +callback \fIpost_process\fR with associated data \fIpost_process_data\fR, opens a channel to the data located at that \s-1URI\s0 and returns a \&\fB\s-1OSSL_STORE_CTX\s0\fR with all necessary internal information. -The given \fBui_method\fR and \fBui_data_data\fR will be reused by all -functions that use \fB\s-1OSSL_STORE_CTX\s0\fR when interaction is needed. -The given \fBpost_process\fR and \fBpost_process_data\fR will be reused by +The given \fIui_method\fR and \fIui_data\fR will be reused by all +functions that use \fB\s-1OSSL_STORE_CTX\s0\fR when interaction is needed, +for instance to provide a password. +The given \fIpost_process\fR and \fIpost_process_data\fR will be reused by \&\fBOSSL_STORE_load()\fR to manipulate or drop the value to be returned. -The \fBpost_process\fR function drops values by returning \fB\s-1NULL\s0\fR, which +The \fIpost_process\fR function drops values by returning \s-1NULL,\s0 which will cause \fBOSSL_STORE_load()\fR to start its process over with loading -the next object, until \fBpost_process\fR returns something other than -\&\fB\s-1NULL\s0\fR, or the end of data is reached as indicated by \fBOSSL_STORE_eof()\fR. +the next object, until \fIpost_process\fR returns something other than +\&\s-1NULL,\s0 or the end of data is reached as indicated by \fBOSSL_STORE_eof()\fR. .PP -\&\fBOSSL_STORE_ctrl()\fR takes a \fB\s-1OSSL_STORE_CTX\s0\fR, and command number \fBcmd\fR and +\&\fBOSSL_STORE_ctrl()\fR takes a \fB\s-1OSSL_STORE_CTX\s0\fR, and command number \fIcmd\fR and more arguments not specified here. The available loader specific command numbers and arguments they each take depends on the loader that's used and is documented together with @@ -222,6 +223,7 @@ Note that it may still be meaningful to try and load more objects, unless \&\fBOSSL_STORE_close()\fR takes a \fB\s-1OSSL_STORE_CTX\s0\fR, closes the channel that was opened by \fBOSSL_STORE_open()\fR and frees all other information that was stored in the \&\fB\s-1OSSL_STORE_CTX\s0\fR, as well as the \fB\s-1OSSL_STORE_CTX\s0\fR itself. +If \fIctx\fR is \s-1NULL\s0 it does nothing. .SH "SUPPORTED SCHEMES" .IX Header "SUPPORTED SCHEMES" The basic supported scheme is \fBfile:\fR. @@ -248,12 +250,12 @@ See \fBpassphrase\-encoding\fR\|(7) for further information. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBOSSL_STORE_open()\fR returns a pointer to a \fB\s-1OSSL_STORE_CTX\s0\fR on success, or -\&\fB\s-1NULL\s0\fR on failure. +\&\s-1NULL\s0 on failure. .PP \&\fBOSSL_STORE_load()\fR returns a pointer to a \fB\s-1OSSL_STORE_INFO\s0\fR on success, or -\&\fB\s-1NULL\s0\fR on error or when end of data is reached. +\&\s-1NULL\s0 on error or when end of data is reached. Use \fBOSSL_STORE_error()\fR and \fBOSSL_STORE_eof()\fR to determine the meaning of a -returned \fB\s-1NULL\s0\fR. +returned \s-1NULL.\s0 .PP \&\fBOSSL_STORE_eof()\fR returns 1 if the end of data has been reached, otherwise 0. @@ -271,9 +273,12 @@ otherwise 0. \&\s-1\fBOSSL_STORE_CTX\s0()\fR, \fBOSSL_STORE_post_process_info_fn()\fR, \fBOSSL_STORE_open()\fR, \&\fBOSSL_STORE_ctrl()\fR, \fBOSSL_STORE_load()\fR, \fBOSSL_STORE_eof()\fR and \fBOSSL_STORE_close()\fR were added in OpenSSL 1.1.1. +.PP +Handling of \s-1NULL\s0 \fIctx\fR argument for \fBOSSL_STORE_close()\fR +was introduced in OpenSSL 1.1.1h. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2016\-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2016\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/secure/lib/libcrypto/man/man3/OpenSSL_add_all_algorithms.3 b/secure/lib/libcrypto/man/man3/OpenSSL_add_all_algorithms.3 index 577b55a3c3256..1f3763db87346 100644 --- a/secure/lib/libcrypto/man/man3/OpenSSL_add_all_algorithms.3 +++ b/secure/lib/libcrypto/man/man3/OpenSSL_add_all_algorithms.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "OPENSSL_ADD_ALL_ALGORITHMS 3" -.TH OPENSSL_ADD_ALL_ALGORITHMS 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH OPENSSL_ADD_ALL_ALGORITHMS 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/PEM_bytes_read_bio.3 b/secure/lib/libcrypto/man/man3/PEM_bytes_read_bio.3 index 93629eeb3c20e..6fe80ae4e7b42 100644 --- a/secure/lib/libcrypto/man/man3/PEM_bytes_read_bio.3 +++ b/secure/lib/libcrypto/man/man3/PEM_bytes_read_bio.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "PEM_BYTES_READ_BIO 3" -.TH PEM_BYTES_READ_BIO 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH PEM_BYTES_READ_BIO 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/PEM_read.3 b/secure/lib/libcrypto/man/man3/PEM_read.3 index 9083fa67a5e5a..3cb75fd4c9c71 100644 --- a/secure/lib/libcrypto/man/man3/PEM_read.3 +++ b/secure/lib/libcrypto/man/man3/PEM_read.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "PEM_READ 3" -.TH PEM_READ 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH PEM_READ 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/PEM_read_CMS.3 b/secure/lib/libcrypto/man/man3/PEM_read_CMS.3 index ce4af57e3def8..fe8abe9f6e75b 100644 --- a/secure/lib/libcrypto/man/man3/PEM_read_CMS.3 +++ b/secure/lib/libcrypto/man/man3/PEM_read_CMS.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "PEM_READ_CMS 3" -.TH PEM_READ_CMS 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH PEM_READ_CMS 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/PEM_read_bio_PrivateKey.3 b/secure/lib/libcrypto/man/man3/PEM_read_bio_PrivateKey.3 index fa89a7859ba9d..db0171f047f65 100644 --- a/secure/lib/libcrypto/man/man3/PEM_read_bio_PrivateKey.3 +++ b/secure/lib/libcrypto/man/man3/PEM_read_bio_PrivateKey.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "PEM_READ_BIO_PRIVATEKEY 3" -.TH PEM_READ_BIO_PRIVATEKEY 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH PEM_READ_BIO_PRIVATEKEY 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -320,7 +320,7 @@ The \fBRSAPublicKey\fR functions process an \s-1RSA\s0 public key using an structure. .PP The \fB\s-1RSA_PUBKEY\s0\fR functions also process an \s-1RSA\s0 public key using -an \s-1RSA\s0 structure. However the public key is encoded using a +an \s-1RSA\s0 structure. However, the public key is encoded using a SubjectPublicKeyInfo structure and an error occurs if the public key is not \s-1RSA.\s0 .PP @@ -505,7 +505,7 @@ The pseudo code to derive the key would look similar to: .SH "BUGS" .IX Header "BUGS" The \s-1PEM\s0 read routines in some versions of OpenSSL will not correctly reuse -an existing structure. Therefore the following: +an existing structure. Therefore, the following: .PP .Vb 1 \& PEM_read_bio_X509(bp, &x, 0, NULL); @@ -614,7 +614,7 @@ in OpenSSL 1.1.0; applications should use the \s-1PKCS7\s0 standard instead as they will be formally deprecated in a future releases. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2001\-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2001\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/secure/lib/libcrypto/man/man3/PEM_read_bio_ex.3 b/secure/lib/libcrypto/man/man3/PEM_read_bio_ex.3 index 4e36e7ede0836..0cd56375cbccd 100644 --- a/secure/lib/libcrypto/man/man3/PEM_read_bio_ex.3 +++ b/secure/lib/libcrypto/man/man3/PEM_read_bio_ex.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "PEM_READ_BIO_EX 3" -.TH PEM_READ_BIO_EX 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH PEM_READ_BIO_EX 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/PEM_write_bio_CMS_stream.3 b/secure/lib/libcrypto/man/man3/PEM_write_bio_CMS_stream.3 index 9635771e336ab..dd01b61f61203 100644 --- a/secure/lib/libcrypto/man/man3/PEM_write_bio_CMS_stream.3 +++ b/secure/lib/libcrypto/man/man3/PEM_write_bio_CMS_stream.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "PEM_WRITE_BIO_CMS_STREAM 3" -.TH PEM_WRITE_BIO_CMS_STREAM 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH PEM_WRITE_BIO_CMS_STREAM 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/PEM_write_bio_PKCS7_stream.3 b/secure/lib/libcrypto/man/man3/PEM_write_bio_PKCS7_stream.3 index 93624a703a464..fa16c4bbb1d4e 100644 --- a/secure/lib/libcrypto/man/man3/PEM_write_bio_PKCS7_stream.3 +++ b/secure/lib/libcrypto/man/man3/PEM_write_bio_PKCS7_stream.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "PEM_WRITE_BIO_PKCS7_STREAM 3" -.TH PEM_WRITE_BIO_PKCS7_STREAM 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH PEM_WRITE_BIO_PKCS7_STREAM 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/PKCS12_create.3 b/secure/lib/libcrypto/man/man3/PKCS12_create.3 index 7fc2c789d6a05..2c98bc6306636 100644 --- a/secure/lib/libcrypto/man/man3/PKCS12_create.3 +++ b/secure/lib/libcrypto/man/man3/PKCS12_create.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "PKCS12_CREATE 3" -.TH PKCS12_CREATE 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH PKCS12_CREATE 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/PKCS12_newpass.3 b/secure/lib/libcrypto/man/man3/PKCS12_newpass.3 index 3bfd0c94ef5f3..446e3f4635048 100644 --- a/secure/lib/libcrypto/man/man3/PKCS12_newpass.3 +++ b/secure/lib/libcrypto/man/man3/PKCS12_newpass.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "PKCS12_NEWPASS 3" -.TH PKCS12_NEWPASS 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH PKCS12_NEWPASS 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/PKCS12_parse.3 b/secure/lib/libcrypto/man/man3/PKCS12_parse.3 index 8262ba5f1f0b6..31fba882f7b81 100644 --- a/secure/lib/libcrypto/man/man3/PKCS12_parse.3 +++ b/secure/lib/libcrypto/man/man3/PKCS12_parse.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "PKCS12_PARSE 3" -.TH PKCS12_PARSE 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH PKCS12_PARSE 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/PKCS5_PBKDF2_HMAC.3 b/secure/lib/libcrypto/man/man3/PKCS5_PBKDF2_HMAC.3 index e0f3c82a24e11..ccd745079788f 100644 --- a/secure/lib/libcrypto/man/man3/PKCS5_PBKDF2_HMAC.3 +++ b/secure/lib/libcrypto/man/man3/PKCS5_PBKDF2_HMAC.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "PKCS5_PBKDF2_HMAC 3" -.TH PKCS5_PBKDF2_HMAC 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH PKCS5_PBKDF2_HMAC 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/PKCS7_decrypt.3 b/secure/lib/libcrypto/man/man3/PKCS7_decrypt.3 index 595764c0424e2..2ad74a418e6cc 100644 --- a/secure/lib/libcrypto/man/man3/PKCS7_decrypt.3 +++ b/secure/lib/libcrypto/man/man3/PKCS7_decrypt.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "PKCS7_DECRYPT 3" -.TH PKCS7_DECRYPT 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH PKCS7_DECRYPT 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/PKCS7_encrypt.3 b/secure/lib/libcrypto/man/man3/PKCS7_encrypt.3 index bd16ae38b421e..27a9a6be037aa 100644 --- a/secure/lib/libcrypto/man/man3/PKCS7_encrypt.3 +++ b/secure/lib/libcrypto/man/man3/PKCS7_encrypt.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "PKCS7_ENCRYPT 3" -.TH PKCS7_ENCRYPT 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH PKCS7_ENCRYPT 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/PKCS7_sign.3 b/secure/lib/libcrypto/man/man3/PKCS7_sign.3 index 0b3831d57240a..21a933b3e6e9c 100644 --- a/secure/lib/libcrypto/man/man3/PKCS7_sign.3 +++ b/secure/lib/libcrypto/man/man3/PKCS7_sign.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "PKCS7_SIGN 3" -.TH PKCS7_SIGN 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH PKCS7_SIGN 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/PKCS7_sign_add_signer.3 b/secure/lib/libcrypto/man/man3/PKCS7_sign_add_signer.3 index a9d54f724c9cc..b930db0fc175f 100644 --- a/secure/lib/libcrypto/man/man3/PKCS7_sign_add_signer.3 +++ b/secure/lib/libcrypto/man/man3/PKCS7_sign_add_signer.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "PKCS7_SIGN_ADD_SIGNER 3" -.TH PKCS7_SIGN_ADD_SIGNER 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH PKCS7_SIGN_ADD_SIGNER 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/PKCS7_verify.3 b/secure/lib/libcrypto/man/man3/PKCS7_verify.3 index dcbeb3fc13011..b10e49f9ec261 100644 --- a/secure/lib/libcrypto/man/man3/PKCS7_verify.3 +++ b/secure/lib/libcrypto/man/man3/PKCS7_verify.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "PKCS7_VERIFY 3" -.TH PKCS7_VERIFY 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH PKCS7_VERIFY 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -226,7 +226,7 @@ useful if one merely wishes to write the content to \fBout\fR and its validity is not considered important. .PP Chain verification should arguably be performed using the signing time rather -than the current time. However since the signing time is supplied by the +than the current time. However, since the signing time is supplied by the signer it cannot be trusted without additional evidence (such as a trusted timestamp). .SH "RETURN VALUES" @@ -250,7 +250,7 @@ mentioned in \fBPKCS7_sign()\fR also applies to \fBPKCS7_verify()\fR. \&\fBERR_get_error\fR\|(3), \fBPKCS7_sign\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2002\-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2002\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/secure/lib/libcrypto/man/man3/RAND_DRBG_generate.3 b/secure/lib/libcrypto/man/man3/RAND_DRBG_generate.3 index 704d8085a4736..e43716415f5bb 100644 --- a/secure/lib/libcrypto/man/man3/RAND_DRBG_generate.3 +++ b/secure/lib/libcrypto/man/man3/RAND_DRBG_generate.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "RAND_DRBG_GENERATE 3" -.TH RAND_DRBG_GENERATE 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH RAND_DRBG_GENERATE 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/RAND_DRBG_get0_master.3 b/secure/lib/libcrypto/man/man3/RAND_DRBG_get0_master.3 index 2214d197425cb..837183eff8b21 100644 --- a/secure/lib/libcrypto/man/man3/RAND_DRBG_get0_master.3 +++ b/secure/lib/libcrypto/man/man3/RAND_DRBG_get0_master.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "RAND_DRBG_GET0_MASTER 3" -.TH RAND_DRBG_GET0_MASTER 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH RAND_DRBG_GET0_MASTER 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/RAND_DRBG_new.3 b/secure/lib/libcrypto/man/man3/RAND_DRBG_new.3 index 9e517e52ceb3a..634295f281650 100644 --- a/secure/lib/libcrypto/man/man3/RAND_DRBG_new.3 +++ b/secure/lib/libcrypto/man/man3/RAND_DRBG_new.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "RAND_DRBG_NEW 3" -.TH RAND_DRBG_NEW 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH RAND_DRBG_NEW 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -185,7 +185,7 @@ its type and to instantiate it. .PP The optional \fBflags\fR argument specifies a set of bit flags which can be joined using the | operator. Currently, the only flag is -\&\s-1RAND_DRBG_FLAG_CTR_NO_DF,\s0 which disables the use of a the derivation function +\&\s-1RAND_DRBG_FLAG_CTR_NO_DF,\s0 which disables the use of the derivation function ctr_df. For an explanation, see [\s-1NIST SP 800\-90A\s0 Rev. 1]. .PP If a \fBparent\fR instance is specified then this will be used instead of @@ -239,7 +239,7 @@ cryptographic routines that obtain random data directly or indirectly. The \s-1RAND_DRBG\s0 functions were added in OpenSSL 1.1.1. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2017\-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2017\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/secure/lib/libcrypto/man/man3/RAND_DRBG_reseed.3 b/secure/lib/libcrypto/man/man3/RAND_DRBG_reseed.3 index 344880e7f383d..74d8e84f506d3 100644 --- a/secure/lib/libcrypto/man/man3/RAND_DRBG_reseed.3 +++ b/secure/lib/libcrypto/man/man3/RAND_DRBG_reseed.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "RAND_DRBG_RESEED 3" -.TH RAND_DRBG_RESEED 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH RAND_DRBG_RESEED 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/RAND_DRBG_set_callbacks.3 b/secure/lib/libcrypto/man/man3/RAND_DRBG_set_callbacks.3 index bd710aa89947a..626822934b374 100644 --- a/secure/lib/libcrypto/man/man3/RAND_DRBG_set_callbacks.3 +++ b/secure/lib/libcrypto/man/man3/RAND_DRBG_set_callbacks.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "RAND_DRBG_SET_CALLBACKS 3" -.TH RAND_DRBG_SET_CALLBACKS 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH RAND_DRBG_SET_CALLBACKS 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -207,7 +207,7 @@ does not satisfy the conditions requested by [\s-1NIST SP 800\-90C\s0], then it must also indicate an error by returning a buffer length of 0. See \s-1NOTES\s0 section for more details. .PP -The \fBcleanup_entropy\fR() callback is called from the \fBdrbg\fR to to clear and +The \fBcleanup_entropy\fR() callback is called from the \fBdrbg\fR to clear and free the buffer allocated previously by \fBget_entropy()\fR. The values \fBout\fR and \fBoutlen\fR are the random buffer's address and length, as returned by the \fBget_entropy()\fR callback. @@ -260,7 +260,7 @@ section 8.6.7. The \s-1RAND_DRBG\s0 functions were added in OpenSSL 1.1.1. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2017\-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2017\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/secure/lib/libcrypto/man/man3/RAND_DRBG_set_ex_data.3 b/secure/lib/libcrypto/man/man3/RAND_DRBG_set_ex_data.3 index 31cab74005de5..b9623449287a0 100644 --- a/secure/lib/libcrypto/man/man3/RAND_DRBG_set_ex_data.3 +++ b/secure/lib/libcrypto/man/man3/RAND_DRBG_set_ex_data.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "RAND_DRBG_SET_EX_DATA 3" -.TH RAND_DRBG_SET_EX_DATA 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH RAND_DRBG_SET_EX_DATA 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/RAND_add.3 b/secure/lib/libcrypto/man/man3/RAND_add.3 index 579e95883a90f..c8de9ee68749a 100644 --- a/secure/lib/libcrypto/man/man3/RAND_add.3 +++ b/secure/lib/libcrypto/man/man3/RAND_add.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "RAND_ADD 3" -.TH RAND_ADD 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH RAND_ADD 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -199,7 +199,7 @@ usage by the random seed sources. Some seed sources maintain open file descriptors by default, which allows such sources to operate in a \&\fBchroot\fR\|(2) jail without the associated device nodes being available. When the \fBkeep\fR argument is zero, this call disables the retention of file -descriptors. Conversely, a non-zero argument enables the retention of +descriptors. Conversely, a nonzero argument enables the retention of file descriptors. This function is usually called during initialization and it takes effect immediately. .PP @@ -227,7 +227,7 @@ The other functions do not return values. not be used. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/secure/lib/libcrypto/man/man3/RAND_bytes.3 b/secure/lib/libcrypto/man/man3/RAND_bytes.3 index 61ab9c9002b47..9d7f19623a738 100644 --- a/secure/lib/libcrypto/man/man3/RAND_bytes.3 +++ b/secure/lib/libcrypto/man/man3/RAND_bytes.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "RAND_BYTES 3" -.TH RAND_BYTES 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH RAND_BYTES 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/RAND_cleanup.3 b/secure/lib/libcrypto/man/man3/RAND_cleanup.3 index 45545c1611663..07f5d614f0f96 100644 --- a/secure/lib/libcrypto/man/man3/RAND_cleanup.3 +++ b/secure/lib/libcrypto/man/man3/RAND_cleanup.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "RAND_CLEANUP 3" -.TH RAND_CLEANUP 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH RAND_CLEANUP 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/RAND_egd.3 b/secure/lib/libcrypto/man/man3/RAND_egd.3 index 8fa0fece7c75d..f4ee24bc445cb 100644 --- a/secure/lib/libcrypto/man/man3/RAND_egd.3 +++ b/secure/lib/libcrypto/man/man3/RAND_egd.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "RAND_EGD 3" -.TH RAND_EGD 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH RAND_EGD 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/RAND_load_file.3 b/secure/lib/libcrypto/man/man3/RAND_load_file.3 index b89e6f930fd48..a52c3c7a28499 100644 --- a/secure/lib/libcrypto/man/man3/RAND_load_file.3 +++ b/secure/lib/libcrypto/man/man3/RAND_load_file.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "RAND_LOAD_FILE 3" -.TH RAND_LOAD_FILE 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH RAND_LOAD_FILE 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -154,7 +154,7 @@ RAND_load_file, RAND_write_file, RAND_file_name \- PRNG seed file .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBRAND_load_file()\fR reads a number of bytes from file \fBfilename\fR and -adds them to the \s-1PRNG.\s0 If \fBmax_bytes\fR is non-negative, +adds them to the \s-1PRNG.\s0 If \fBmax_bytes\fR is nonnegative, up to \fBmax_bytes\fR are read; if \fBmax_bytes\fR is \-1, the complete file is read. Do not load the same file multiple times unless its contents have @@ -174,7 +174,7 @@ file. \fBbuf\fR points to a buffer of size \fBnum\fR in which to store the filename. .PP On all systems, if the environment variable \fB\s-1RANDFILE\s0\fR is set, its -value will be used as the seed file name. +value will be used as the seed filename. Otherwise, the file is called \f(CW\*(C`.rnd\*(C'\fR, found in platform dependent locations: .IP "On Windows (in order of preference)" 4 .IX Item "On Windows (in order of preference)" @@ -193,7 +193,7 @@ Otherwise, the file is called \f(CW\*(C`.rnd\*(C'\fR, found in platform dependen .Ve .PP If \f(CW$HOME\fR (on non-Windows and non-VMS system) is not set either, or -\&\fBnum\fR is too small for the path name, an error occurs. +\&\fBnum\fR is too small for the pathname, an error occurs. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBRAND_load_file()\fR returns the number of bytes read or \-1 on error. @@ -210,7 +210,7 @@ error. \&\s-1\fBRAND\s0\fR\|(7) .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/secure/lib/libcrypto/man/man3/RAND_set_rand_method.3 b/secure/lib/libcrypto/man/man3/RAND_set_rand_method.3 index 8e2bd9f0dfa65..8da447f982063 100644 --- a/secure/lib/libcrypto/man/man3/RAND_set_rand_method.3 +++ b/secure/lib/libcrypto/man/man3/RAND_set_rand_method.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "RAND_SET_RAND_METHOD 3" -.TH RAND_SET_RAND_METHOD 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH RAND_SET_RAND_METHOD 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/RC4_set_key.3 b/secure/lib/libcrypto/man/man3/RC4_set_key.3 index 426004047cdab..c7a475c848ec7 100644 --- a/secure/lib/libcrypto/man/man3/RC4_set_key.3 +++ b/secure/lib/libcrypto/man/man3/RC4_set_key.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "RC4_SET_KEY 3" -.TH RC4_SET_KEY 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH RC4_SET_KEY 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/RIPEMD160_Init.3 b/secure/lib/libcrypto/man/man3/RIPEMD160_Init.3 index e9b87eb533d94..040a9d6a80315 100644 --- a/secure/lib/libcrypto/man/man3/RIPEMD160_Init.3 +++ b/secure/lib/libcrypto/man/man3/RIPEMD160_Init.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "RIPEMD160_INIT 3" -.TH RIPEMD160_INIT 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH RIPEMD160_INIT 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/RSA_blinding_on.3 b/secure/lib/libcrypto/man/man3/RSA_blinding_on.3 index 7d437663f0d10..7eb03e183a623 100644 --- a/secure/lib/libcrypto/man/man3/RSA_blinding_on.3 +++ b/secure/lib/libcrypto/man/man3/RSA_blinding_on.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "RSA_BLINDING_ON 3" -.TH RSA_BLINDING_ON 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH RSA_BLINDING_ON 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -156,7 +156,7 @@ measure the time of \s-1RSA\s0 decryption or signature operations, blinding must be used to protect the \s-1RSA\s0 operation from that attack. .PP \&\fBRSA_blinding_on()\fR turns blinding on for key \fBrsa\fR and generates a -random blinding factor. \fBctx\fR is \fB\s-1NULL\s0\fR or a pre-allocated and +random blinding factor. \fBctx\fR is \fB\s-1NULL\s0\fR or a preallocated and initialized \fB\s-1BN_CTX\s0\fR. .PP \&\fBRSA_blinding_off()\fR turns blinding off and frees the memory used for @@ -168,7 +168,7 @@ the blinding factor. \&\fBRSA_blinding_off()\fR returns no value. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/secure/lib/libcrypto/man/man3/RSA_check_key.3 b/secure/lib/libcrypto/man/man3/RSA_check_key.3 index 6d53f3a47b742..aacfe7b7b380c 100644 --- a/secure/lib/libcrypto/man/man3/RSA_check_key.3 +++ b/secure/lib/libcrypto/man/man3/RSA_check_key.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "RSA_CHECK_KEY 3" -.TH RSA_CHECK_KEY 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH RSA_CHECK_KEY 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/RSA_generate_key.3 b/secure/lib/libcrypto/man/man3/RSA_generate_key.3 index fd8c5748d4108..6a713906d9b98 100644 --- a/secure/lib/libcrypto/man/man3/RSA_generate_key.3 +++ b/secure/lib/libcrypto/man/man3/RSA_generate_key.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "RSA_GENERATE_KEY 3" -.TH RSA_GENERATE_KEY 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH RSA_GENERATE_KEY 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/RSA_get0_key.3 b/secure/lib/libcrypto/man/man3/RSA_get0_key.3 index 1f614a018c2ce..a21dd3c9ad712 100644 --- a/secure/lib/libcrypto/man/man3/RSA_get0_key.3 +++ b/secure/lib/libcrypto/man/man3/RSA_get0_key.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "RSA_GET0_KEY 3" -.TH RSA_GET0_KEY 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH RSA_GET0_KEY 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/RSA_meth_new.3 b/secure/lib/libcrypto/man/man3/RSA_meth_new.3 index 147841599170f..a2fb2f0f0657e 100644 --- a/secure/lib/libcrypto/man/man3/RSA_meth_new.3 +++ b/secure/lib/libcrypto/man/man3/RSA_meth_new.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "RSA_METH_NEW 3" -.TH RSA_METH_NEW 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH RSA_METH_NEW 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/RSA_new.3 b/secure/lib/libcrypto/man/man3/RSA_new.3 index 800c49166d529..707604eab9c32 100644 --- a/secure/lib/libcrypto/man/man3/RSA_new.3 +++ b/secure/lib/libcrypto/man/man3/RSA_new.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "RSA_NEW 3" -.TH RSA_NEW 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH RSA_NEW 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/RSA_padding_add_PKCS1_type_1.3 b/secure/lib/libcrypto/man/man3/RSA_padding_add_PKCS1_type_1.3 index b43bb973e266c..2721add1f0e15 100644 --- a/secure/lib/libcrypto/man/man3/RSA_padding_add_PKCS1_type_1.3 +++ b/secure/lib/libcrypto/man/man3/RSA_padding_add_PKCS1_type_1.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "RSA_PADDING_ADD_PKCS1_TYPE_1 3" -.TH RSA_PADDING_ADD_PKCS1_TYPE_1 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH RSA_PADDING_ADD_PKCS1_TYPE_1 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/RSA_print.3 b/secure/lib/libcrypto/man/man3/RSA_print.3 index 19cdceb9b11b8..3be398348a44b 100644 --- a/secure/lib/libcrypto/man/man3/RSA_print.3 +++ b/secure/lib/libcrypto/man/man3/RSA_print.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "RSA_PRINT 3" -.TH RSA_PRINT 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH RSA_PRINT 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/RSA_private_encrypt.3 b/secure/lib/libcrypto/man/man3/RSA_private_encrypt.3 index dfcd529367fcb..99a00331a2dd3 100644 --- a/secure/lib/libcrypto/man/man3/RSA_private_encrypt.3 +++ b/secure/lib/libcrypto/man/man3/RSA_private_encrypt.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,13 +133,13 @@ .\" ======================================================================== .\" .IX Title "RSA_PRIVATE_ENCRYPT 3" -.TH RSA_PRIVATE_ENCRYPT 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH RSA_PRIVATE_ENCRYPT 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -RSA_private_encrypt, RSA_public_decrypt \- low level signature operations +RSA_private_encrypt, RSA_public_decrypt \- low\-level signature operations .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 @@ -153,7 +153,7 @@ RSA_private_encrypt, RSA_public_decrypt \- low level signature operations .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -These functions handle \s-1RSA\s0 signatures at a low level. +These functions handle \s-1RSA\s0 signatures at a low-level. .PP \&\fBRSA_private_encrypt()\fR signs the \fBflen\fR bytes at \fBfrom\fR (usually a message digest with an algorithm identifier) using the private key @@ -192,7 +192,7 @@ obtained by \fBERR_get_error\fR\|(3). \&\fBRSA_sign\fR\|(3), \fBRSA_verify\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/secure/lib/libcrypto/man/man3/RSA_public_encrypt.3 b/secure/lib/libcrypto/man/man3/RSA_public_encrypt.3 index 87292db6f6fd2..829e96df6aaf0 100644 --- a/secure/lib/libcrypto/man/man3/RSA_public_encrypt.3 +++ b/secure/lib/libcrypto/man/man3/RSA_public_encrypt.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "RSA_PUBLIC_ENCRYPT 3" -.TH RSA_PUBLIC_ENCRYPT 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH RSA_PUBLIC_ENCRYPT 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/RSA_set_method.3 b/secure/lib/libcrypto/man/man3/RSA_set_method.3 index dc7c4f1fc8094..0857a887e5656 100644 --- a/secure/lib/libcrypto/man/man3/RSA_set_method.3 +++ b/secure/lib/libcrypto/man/man3/RSA_set_method.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "RSA_SET_METHOD 3" -.TH RSA_SET_METHOD 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH RSA_SET_METHOD 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -186,7 +186,7 @@ recommended. \&\fBrsa\fR. This will replace the \s-1RSA_METHOD\s0 used by the \s-1RSA\s0 key and if the previous method was supplied by an \s-1ENGINE,\s0 the handle to that \s-1ENGINE\s0 will be released during the change. It is possible to have \s-1RSA\s0 keys that only -work with certain \s-1RSA_METHOD\s0 implementations (eg. from an \s-1ENGINE\s0 module +work with certain \s-1RSA_METHOD\s0 implementations (e.g. from an \s-1ENGINE\s0 module that supports embedded hardware-protected keys), and in such cases attempting to change the \s-1RSA_METHOD\s0 for the key can have unexpected results. @@ -307,7 +307,7 @@ The \fBRSA_null_method()\fR, which was a partial attempt to avoid patent issues, was replaced to always return \s-1NULL\s0 in OpenSSL 1.1.1. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/secure/lib/libcrypto/man/man3/RSA_sign.3 b/secure/lib/libcrypto/man/man3/RSA_sign.3 index 3f3daf9bbb353..c0bf31728f5a4 100644 --- a/secure/lib/libcrypto/man/man3/RSA_sign.3 +++ b/secure/lib/libcrypto/man/man3/RSA_sign.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "RSA_SIGN 3" -.TH RSA_SIGN 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH RSA_SIGN 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/RSA_sign_ASN1_OCTET_STRING.3 b/secure/lib/libcrypto/man/man3/RSA_sign_ASN1_OCTET_STRING.3 index 6a9eaddc1cbce..3c767dfcc44b7 100644 --- a/secure/lib/libcrypto/man/man3/RSA_sign_ASN1_OCTET_STRING.3 +++ b/secure/lib/libcrypto/man/man3/RSA_sign_ASN1_OCTET_STRING.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "RSA_SIGN_ASN1_OCTET_STRING 3" -.TH RSA_SIGN_ASN1_OCTET_STRING 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH RSA_SIGN_ASN1_OCTET_STRING 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/RSA_size.3 b/secure/lib/libcrypto/man/man3/RSA_size.3 index 5cf6f3ca1ef07..50642f980ec56 100644 --- a/secure/lib/libcrypto/man/man3/RSA_size.3 +++ b/secure/lib/libcrypto/man/man3/RSA_size.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "RSA_SIZE 3" -.TH RSA_SIZE 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH RSA_SIZE 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/SCT_new.3 b/secure/lib/libcrypto/man/man3/SCT_new.3 index 9a5e8b79e0c74..4aa0f0be86d72 100644 --- a/secure/lib/libcrypto/man/man3/SCT_new.3 +++ b/secure/lib/libcrypto/man/man3/SCT_new.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SCT_NEW 3" -.TH SCT_NEW 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH SCT_NEW 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/SCT_print.3 b/secure/lib/libcrypto/man/man3/SCT_print.3 index 57264cff50e02..ed76c38651625 100644 --- a/secure/lib/libcrypto/man/man3/SCT_print.3 +++ b/secure/lib/libcrypto/man/man3/SCT_print.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SCT_PRINT 3" -.TH SCT_PRINT 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH SCT_PRINT 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/SCT_validate.3 b/secure/lib/libcrypto/man/man3/SCT_validate.3 index c7e64f3ffab4b..9258401b33965 100644 --- a/secure/lib/libcrypto/man/man3/SCT_validate.3 +++ b/secure/lib/libcrypto/man/man3/SCT_validate.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SCT_VALIDATE 3" -.TH SCT_VALIDATE 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH SCT_VALIDATE 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/SHA256_Init.3 b/secure/lib/libcrypto/man/man3/SHA256_Init.3 index c256280537e1c..ac16f4c44da98 100644 --- a/secure/lib/libcrypto/man/man3/SHA256_Init.3 +++ b/secure/lib/libcrypto/man/man3/SHA256_Init.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SHA256_INIT 3" -.TH SHA256_INIT 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH SHA256_INIT 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -208,9 +208,6 @@ The buffer \fBmd\fR must have space for the output from the \s-1SHA\s0 variant b \&\s-1SHA512_DIGEST_LENGTH\s0). Also note that, as for the \s-1\fBSHA1\s0()\fR function above, the \&\s-1\fBSHA224\s0()\fR, \s-1\fBSHA256\s0()\fR, \s-1\fBSHA384\s0()\fR and \s-1\fBSHA512\s0()\fR functions are not thread safe if \&\fBmd\fR is \s-1NULL.\s0 -.PP -The predecessor of \s-1SHA\-1, SHA,\s0 is also implemented, but it should be -used only when backward compatibility is required. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\s-1\fBSHA1\s0()\fR, \s-1\fBSHA224\s0()\fR, \s-1\fBSHA256\s0()\fR, \s-1\fBSHA384\s0()\fR and \s-1\fBSHA512\s0()\fR return a pointer to the hash @@ -228,7 +225,7 @@ Standard), \&\fBEVP_DigestInit\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/secure/lib/libcrypto/man/man3/SMIME_read_CMS.3 b/secure/lib/libcrypto/man/man3/SMIME_read_CMS.3 index 6a057c3b15464..62ea11d6590c2 100644 --- a/secure/lib/libcrypto/man/man3/SMIME_read_CMS.3 +++ b/secure/lib/libcrypto/man/man3/SMIME_read_CMS.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SMIME_READ_CMS 3" -.TH SMIME_READ_CMS 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH SMIME_READ_CMS 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/SMIME_read_PKCS7.3 b/secure/lib/libcrypto/man/man3/SMIME_read_PKCS7.3 index fa37a037d1870..a987d5123a13b 100644 --- a/secure/lib/libcrypto/man/man3/SMIME_read_PKCS7.3 +++ b/secure/lib/libcrypto/man/man3/SMIME_read_PKCS7.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SMIME_READ_PKCS7 3" -.TH SMIME_READ_PKCS7 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH SMIME_READ_PKCS7 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/SMIME_write_CMS.3 b/secure/lib/libcrypto/man/man3/SMIME_write_CMS.3 index 2b43c9be9743e..fa374f42a1b19 100644 --- a/secure/lib/libcrypto/man/man3/SMIME_write_CMS.3 +++ b/secure/lib/libcrypto/man/man3/SMIME_write_CMS.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SMIME_WRITE_CMS 3" -.TH SMIME_WRITE_CMS 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH SMIME_WRITE_CMS 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/SMIME_write_PKCS7.3 b/secure/lib/libcrypto/man/man3/SMIME_write_PKCS7.3 index fcbb6e7f58f97..20d3bea7a3e5d 100644 --- a/secure/lib/libcrypto/man/man3/SMIME_write_PKCS7.3 +++ b/secure/lib/libcrypto/man/man3/SMIME_write_PKCS7.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SMIME_WRITE_PKCS7 3" -.TH SMIME_WRITE_PKCS7 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH SMIME_WRITE_PKCS7 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/SSL_CIPHER_get_name.3 b/secure/lib/libcrypto/man/man3/SSL_CIPHER_get_name.3 index 474a2e804b1ed..a4d57bea255c4 100644 --- a/secure/lib/libcrypto/man/man3/SSL_CIPHER_get_name.3 +++ b/secure/lib/libcrypto/man/man3/SSL_CIPHER_get_name.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CIPHER_GET_NAME 3" -.TH SSL_CIPHER_GET_NAME 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH SSL_CIPHER_GET_NAME 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/SSL_COMP_add_compression_method.3 b/secure/lib/libcrypto/man/man3/SSL_COMP_add_compression_method.3 index 0b05f7279ab68..1ba6ade2397f9 100644 --- a/secure/lib/libcrypto/man/man3/SSL_COMP_add_compression_method.3 +++ b/secure/lib/libcrypto/man/man3/SSL_COMP_add_compression_method.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_COMP_ADD_COMPRESSION_METHOD 3" -.TH SSL_COMP_ADD_COMPRESSION_METHOD 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH SSL_COMP_ADD_COMPRESSION_METHOD 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/SSL_CONF_CTX_new.3 b/secure/lib/libcrypto/man/man3/SSL_CONF_CTX_new.3 index 0f0ed21e9b9ef..9d768eb1fdb97 100644 --- a/secure/lib/libcrypto/man/man3/SSL_CONF_CTX_new.3 +++ b/secure/lib/libcrypto/man/man3/SSL_CONF_CTX_new.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CONF_CTX_NEW 3" -.TH SSL_CONF_CTX_NEW 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH SSL_CONF_CTX_NEW 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/SSL_CONF_CTX_set1_prefix.3 b/secure/lib/libcrypto/man/man3/SSL_CONF_CTX_set1_prefix.3 index a96d80208cc7d..df4372aa79999 100644 --- a/secure/lib/libcrypto/man/man3/SSL_CONF_CTX_set1_prefix.3 +++ b/secure/lib/libcrypto/man/man3/SSL_CONF_CTX_set1_prefix.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CONF_CTX_SET1_PREFIX 3" -.TH SSL_CONF_CTX_SET1_PREFIX 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH SSL_CONF_CTX_SET1_PREFIX 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/SSL_CONF_CTX_set_flags.3 b/secure/lib/libcrypto/man/man3/SSL_CONF_CTX_set_flags.3 index 95e28ab909595..702d38dcfde11 100644 --- a/secure/lib/libcrypto/man/man3/SSL_CONF_CTX_set_flags.3 +++ b/secure/lib/libcrypto/man/man3/SSL_CONF_CTX_set_flags.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CONF_CTX_SET_FLAGS 3" -.TH SSL_CONF_CTX_SET_FLAGS 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH SSL_CONF_CTX_SET_FLAGS 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/SSL_CONF_CTX_set_ssl_ctx.3 b/secure/lib/libcrypto/man/man3/SSL_CONF_CTX_set_ssl_ctx.3 index 2361e6686da0b..6d414c87bfc70 100644 --- a/secure/lib/libcrypto/man/man3/SSL_CONF_CTX_set_ssl_ctx.3 +++ b/secure/lib/libcrypto/man/man3/SSL_CONF_CTX_set_ssl_ctx.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CONF_CTX_SET_SSL_CTX 3" -.TH SSL_CONF_CTX_SET_SSL_CTX 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH SSL_CONF_CTX_SET_SSL_CTX 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/SSL_CONF_cmd.3 b/secure/lib/libcrypto/man/man3/SSL_CONF_cmd.3 index 8986aa32e29cc..76881e0fe81c2 100644 --- a/secure/lib/libcrypto/man/man3/SSL_CONF_cmd.3 +++ b/secure/lib/libcrypto/man/man3/SSL_CONF_cmd.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CONF_CMD 3" -.TH SSL_CONF_CMD 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH SSL_CONF_CMD 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -209,7 +209,7 @@ will also be used for the \fBkey_share\fR sent by a client in a TLSv1.3 .Sp The \fBvalue\fR argument is a colon separated list of groups. The group can be either the \fB\s-1NIST\s0\fR name (e.g. \fBP\-256\fR), some other commonly used name where -applicable (e.g. \fBX25519\fR) or an OpenSSL \s-1OID\s0 name (e.g \fBprime256v1\fR). Group +applicable (e.g. \fBX25519\fR) or an OpenSSL \s-1OID\s0 name (e.g. \fBprime256v1\fR). Group names are case sensitive. The list should be in order of preference with the most preferred group first. .IP "\fB\-curves\fR" 4 @@ -223,7 +223,7 @@ servers The \fBvalue\fR argument is a curve name or the special value \fBauto\fR which picks an appropriate curve based on client and server preferences. The curve can be either the \fB\s-1NIST\s0\fR name (e.g. \fBP\-256\fR) or an OpenSSL \s-1OID\s0 name -(e.g \fBprime256v1\fR). Curve names are case sensitive. +(e.g. \fBprime256v1\fR). Curve names are case sensitive. .IP "\fB\-cipher\fR" 4 .IX Item "-cipher" Sets the TLSv1.2 and below ciphersuite list to \fBvalue\fR. This list will be @@ -266,13 +266,16 @@ Disables all attempts at renegotiation in TLSv1.2 and earlier, same as setting .IP "\fB\-min_protocol\fR, \fB\-max_protocol\fR" 4 .IX Item "-min_protocol, -max_protocol" Sets the minimum and maximum supported protocol. -Currently supported protocol values are \fBSSLv3\fR, \fBTLSv1\fR, -\&\fBTLSv1.1\fR, \fBTLSv1.2\fR, \fBTLSv1.3\fR for \s-1TLS\s0 and \fBDTLSv1\fR, \fBDTLSv1.2\fR for \s-1DTLS,\s0 -and \fBNone\fR for no limit. -If either bound is not specified then only the other bound applies, -if specified. -To restrict the supported protocol versions use these commands rather -than the deprecated alternative commands below. +Currently supported protocol values are \fBSSLv3\fR, \fBTLSv1\fR, \fBTLSv1.1\fR, +\&\fBTLSv1.2\fR, \fBTLSv1.3\fR for \s-1TLS\s0; \fBDTLSv1\fR, \fBDTLSv1.2\fR for \s-1DTLS,\s0 and \fBNone\fR +for no limit. +If either the lower or upper bound is not specified then only the other bound +applies, if specified. +If your application supports both \s-1TLS\s0 and \s-1DTLS\s0 you can specify any of these +options twice, once with a bound for \s-1TLS\s0 and again with an appropriate bound +for \s-1DTLS.\s0 +To restrict the supported protocol versions use these commands rather than the +deprecated alternative commands below. .IP "\fB\-no_ssl3\fR, \fB\-no_tls1\fR, \fB\-no_tls1_1\fR, \fB\-no_tls1_2\fR, \fB\-no_tls1_3\fR" 4 .IX Item "-no_ssl3, -no_tls1, -no_tls1_1, -no_tls1_2, -no_tls1_3" Disables protocol support for SSLv3, TLSv1.0, TLSv1.1, TLSv1.2 or TLSv1.3 by @@ -445,7 +448,7 @@ will also be used for the \fBkey_share\fR sent by a client in a TLSv1.3 .Sp The \fBvalue\fR argument is a colon separated list of groups. The group can be either the \fB\s-1NIST\s0\fR name (e.g. \fBP\-256\fR), some other commonly used name where -applicable (e.g. \fBX25519\fR) or an OpenSSL \s-1OID\s0 name (e.g \fBprime256v1\fR). Group +applicable (e.g. \fBX25519\fR) or an OpenSSL \s-1OID\s0 name (e.g. \fBprime256v1\fR). Group names are case sensitive. The list should be in order of preference with the most preferred group first. .IP "\fBCurves\fR" 4 @@ -457,14 +460,22 @@ This sets the minimum supported \s-1SSL, TLS\s0 or \s-1DTLS\s0 version. .Sp Currently supported protocol values are \fBSSLv3\fR, \fBTLSv1\fR, \fBTLSv1.1\fR, \&\fBTLSv1.2\fR, \fBTLSv1.3\fR, \fBDTLSv1\fR and \fBDTLSv1.2\fR. -The value \fBNone\fR will disable the limit. +The \s-1SSL\s0 and \s-1TLS\s0 bounds apply only to TLS-based contexts, while the \s-1DTLS\s0 bounds +apply only to DTLS-based contexts. +The command can be repeated with one instance setting a \s-1TLS\s0 bound, and the +other setting a \s-1DTLS\s0 bound. +The value \fBNone\fR applies to both types of contexts and disables the limits. .IP "\fBMaxProtocol\fR" 4 .IX Item "MaxProtocol" This sets the maximum supported \s-1SSL, TLS\s0 or \s-1DTLS\s0 version. .Sp Currently supported protocol values are \fBSSLv3\fR, \fBTLSv1\fR, \fBTLSv1.1\fR, \&\fBTLSv1.2\fR, \fBTLSv1.3\fR, \fBDTLSv1\fR and \fBDTLSv1.2\fR. -The value \fBNone\fR will disable the limit. +The \s-1SSL\s0 and \s-1TLS\s0 bounds apply only to TLS-based contexts, while the \s-1DTLS\s0 bounds +apply only to DTLS-based contexts. +The command can be repeated with one instance setting a \s-1TLS\s0 bound, and the +other setting a \s-1DTLS\s0 bound. +The value \fBNone\fR applies to both types of contexts and disables the limits. .IP "\fBProtocol\fR" 4 .IX Item "Protocol" This can be used to enable or disable certain versions of the \s-1SSL, @@ -611,7 +622,7 @@ syntax errors. The value is a string without any specific structure. .IP "\fB\s-1SSL_CONF_TYPE_FILE\s0\fR" 4 .IX Item "SSL_CONF_TYPE_FILE" -The value is a file name. +The value is a filename. .IP "\fB\s-1SSL_CONF_TYPE_DIR\s0\fR" 4 .IX Item "SSL_CONF_TYPE_DIR" The value is a directory name. @@ -769,7 +780,7 @@ OpenSSL passing a command which didn't take an argument would return \&\fBAllowNoDHEKEX\fR and \fBPrioritizeChaCha\fR were added in OpenSSL 1.1.1. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2012\-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2012\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/secure/lib/libcrypto/man/man3/SSL_CONF_cmd_argv.3 b/secure/lib/libcrypto/man/man3/SSL_CONF_cmd_argv.3 index 92341b740f86e..ebdb817de037d 100644 --- a/secure/lib/libcrypto/man/man3/SSL_CONF_cmd_argv.3 +++ b/secure/lib/libcrypto/man/man3/SSL_CONF_cmd_argv.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CONF_CMD_ARGV 3" -.TH SSL_CONF_CMD_ARGV 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH SSL_CONF_CMD_ARGV 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/SSL_CTX_add1_chain_cert.3 b/secure/lib/libcrypto/man/man3/SSL_CTX_add1_chain_cert.3 index 7142acc453d15..607c1f1afdf63 100644 --- a/secure/lib/libcrypto/man/man3/SSL_CTX_add1_chain_cert.3 +++ b/secure/lib/libcrypto/man/man3/SSL_CTX_add1_chain_cert.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_ADD1_CHAIN_CERT 3" -.TH SSL_CTX_ADD1_CHAIN_CERT 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH SSL_CTX_ADD1_CHAIN_CERT 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/SSL_CTX_add_extra_chain_cert.3 b/secure/lib/libcrypto/man/man3/SSL_CTX_add_extra_chain_cert.3 index 7d7633bb048b0..549ab91075fab 100644 --- a/secure/lib/libcrypto/man/man3/SSL_CTX_add_extra_chain_cert.3 +++ b/secure/lib/libcrypto/man/man3/SSL_CTX_add_extra_chain_cert.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_ADD_EXTRA_CHAIN_CERT 3" -.TH SSL_CTX_ADD_EXTRA_CHAIN_CERT 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH SSL_CTX_ADD_EXTRA_CHAIN_CERT 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/SSL_CTX_add_session.3 b/secure/lib/libcrypto/man/man3/SSL_CTX_add_session.3 index d6d3f84b87a17..4b48269038c25 100644 --- a/secure/lib/libcrypto/man/man3/SSL_CTX_add_session.3 +++ b/secure/lib/libcrypto/man/man3/SSL_CTX_add_session.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_ADD_SESSION 3" -.TH SSL_CTX_ADD_SESSION 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH SSL_CTX_ADD_SESSION 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/SSL_CTX_config.3 b/secure/lib/libcrypto/man/man3/SSL_CTX_config.3 index a0af23a52a252..0d43ff0bd94ce 100644 --- a/secure/lib/libcrypto/man/man3/SSL_CTX_config.3 +++ b/secure/lib/libcrypto/man/man3/SSL_CTX_config.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_CONFIG 3" -.TH SSL_CTX_CONFIG 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH SSL_CTX_CONFIG 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/SSL_CTX_ctrl.3 b/secure/lib/libcrypto/man/man3/SSL_CTX_ctrl.3 index df855f6dade9c..0833cb3aa2d7d 100644 --- a/secure/lib/libcrypto/man/man3/SSL_CTX_ctrl.3 +++ b/secure/lib/libcrypto/man/man3/SSL_CTX_ctrl.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_CTRL 3" -.TH SSL_CTX_CTRL 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH SSL_CTX_CTRL 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/SSL_CTX_dane_enable.3 b/secure/lib/libcrypto/man/man3/SSL_CTX_dane_enable.3 index 96caf02476dcf..d5481471cac61 100644 --- a/secure/lib/libcrypto/man/man3/SSL_CTX_dane_enable.3 +++ b/secure/lib/libcrypto/man/man3/SSL_CTX_dane_enable.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_DANE_ENABLE 3" -.TH SSL_CTX_DANE_ENABLE 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH SSL_CTX_DANE_ENABLE 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -254,7 +254,7 @@ release long-term references respectively. matched the peer certificate chain. The return value indicates the match depth or failure to match just as with \&\fBSSL_get0_dane_authority()\fR. -When the return value is non-negative, the storage pointed to by the \fBusage\fR, +When the return value is nonnegative, the storage pointed to by the \fBusage\fR, \&\fBselector\fR, \fBmtype\fR and \fBdata\fR parameters is updated to the corresponding \&\s-1TLSA\s0 record fields. The \fBdata\fR field is in binary wire form, and is therefore not NUL-terminated, @@ -268,7 +268,7 @@ Applications that need long-term access to this field need to copy the content. optional \s-1DANE\s0 verification features. \&\fBSSL_CTX_dane_clear_flags()\fR and \fBSSL_dane_clear_flags()\fR can be used to disable the same features. -The \fBflags\fR argument is a bitmask of the features to enable or disable. +The \fBflags\fR argument is a bit mask of the features to enable or disable. The \fBflags\fR set for an \fB\s-1SSL_CTX\s0\fR context are copied to each \fB\s-1SSL\s0\fR handle associated with that context at the time the handle is created. Subsequent changes in the context's \fBflags\fR have no effect on the \fBflags\fR set @@ -304,7 +304,7 @@ certificate or a public key that fails to parse. .PP The functions \fBSSL_get0_dane_authority()\fR and \fBSSL_get0_dane_tlsa()\fR return a negative value when \s-1DANE\s0 authentication failed or was not enabled, a -non-negative value indicates the chain depth at which the \s-1TLSA\s0 record matched a +nonnegative value indicates the chain depth at which the \s-1TLSA\s0 record matched a chain certificate, or the depth of the top-most certificate, when the \s-1TLSA\s0 record is a full public key that is its signer. .PP @@ -500,7 +500,7 @@ or unsupported parameters) disable peer authentication by calling These functions were added in OpenSSL 1.1.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2016\-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2016\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/secure/lib/libcrypto/man/man3/SSL_CTX_flush_sessions.3 b/secure/lib/libcrypto/man/man3/SSL_CTX_flush_sessions.3 index 03aeed7788e2c..ef91ef4820a4f 100644 --- a/secure/lib/libcrypto/man/man3/SSL_CTX_flush_sessions.3 +++ b/secure/lib/libcrypto/man/man3/SSL_CTX_flush_sessions.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_FLUSH_SESSIONS 3" -.TH SSL_CTX_FLUSH_SESSIONS 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH SSL_CTX_FLUSH_SESSIONS 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/SSL_CTX_free.3 b/secure/lib/libcrypto/man/man3/SSL_CTX_free.3 index 6488852a0e03f..af763c0c73ede 100644 --- a/secure/lib/libcrypto/man/man3/SSL_CTX_free.3 +++ b/secure/lib/libcrypto/man/man3/SSL_CTX_free.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_FREE 3" -.TH SSL_CTX_FREE 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH SSL_CTX_FREE 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/SSL_CTX_get0_param.3 b/secure/lib/libcrypto/man/man3/SSL_CTX_get0_param.3 index a7e86feafdb92..726dfd7600863 100644 --- a/secure/lib/libcrypto/man/man3/SSL_CTX_get0_param.3 +++ b/secure/lib/libcrypto/man/man3/SSL_CTX_get0_param.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_GET0_PARAM 3" -.TH SSL_CTX_GET0_PARAM 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH SSL_CTX_GET0_PARAM 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/SSL_CTX_get_verify_mode.3 b/secure/lib/libcrypto/man/man3/SSL_CTX_get_verify_mode.3 index d17c3567f2d48..72daccee64c6a 100644 --- a/secure/lib/libcrypto/man/man3/SSL_CTX_get_verify_mode.3 +++ b/secure/lib/libcrypto/man/man3/SSL_CTX_get_verify_mode.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_GET_VERIFY_MODE 3" -.TH SSL_CTX_GET_VERIFY_MODE 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH SSL_CTX_GET_VERIFY_MODE 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/SSL_CTX_has_client_custom_ext.3 b/secure/lib/libcrypto/man/man3/SSL_CTX_has_client_custom_ext.3 index ad36fe63de557..33bef7ee608cd 100644 --- a/secure/lib/libcrypto/man/man3/SSL_CTX_has_client_custom_ext.3 +++ b/secure/lib/libcrypto/man/man3/SSL_CTX_has_client_custom_ext.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_HAS_CLIENT_CUSTOM_EXT 3" -.TH SSL_CTX_HAS_CLIENT_CUSTOM_EXT 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH SSL_CTX_HAS_CLIENT_CUSTOM_EXT 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/SSL_CTX_load_verify_locations.3 b/secure/lib/libcrypto/man/man3/SSL_CTX_load_verify_locations.3 index 8989ea283738b..ca61877de8cc6 100644 --- a/secure/lib/libcrypto/man/man3/SSL_CTX_load_verify_locations.3 +++ b/secure/lib/libcrypto/man/man3/SSL_CTX_load_verify_locations.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_LOAD_VERIFY_LOCATIONS 3" -.TH SSL_CTX_LOAD_VERIFY_LOCATIONS 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH SSL_CTX_LOAD_VERIFY_LOCATIONS 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/SSL_CTX_new.3 b/secure/lib/libcrypto/man/man3/SSL_CTX_new.3 index 223d66f297ce1..24dea3cd23717 100644 --- a/secure/lib/libcrypto/man/man3/SSL_CTX_new.3 +++ b/secure/lib/libcrypto/man/man3/SSL_CTX_new.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_NEW 3" -.TH SSL_CTX_NEW 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH SSL_CTX_NEW 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/SSL_CTX_sess_number.3 b/secure/lib/libcrypto/man/man3/SSL_CTX_sess_number.3 index 6721ca85fd5d7..5c7cbb58c407c 100644 --- a/secure/lib/libcrypto/man/man3/SSL_CTX_sess_number.3 +++ b/secure/lib/libcrypto/man/man3/SSL_CTX_sess_number.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_SESS_NUMBER 3" -.TH SSL_CTX_SESS_NUMBER 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH SSL_CTX_SESS_NUMBER 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/SSL_CTX_sess_set_cache_size.3 b/secure/lib/libcrypto/man/man3/SSL_CTX_sess_set_cache_size.3 index 2699f8a04d65b..cd2e50293e8fc 100644 --- a/secure/lib/libcrypto/man/man3/SSL_CTX_sess_set_cache_size.3 +++ b/secure/lib/libcrypto/man/man3/SSL_CTX_sess_set_cache_size.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_SESS_SET_CACHE_SIZE 3" -.TH SSL_CTX_SESS_SET_CACHE_SIZE 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH SSL_CTX_SESS_SET_CACHE_SIZE 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/SSL_CTX_sess_set_get_cb.3 b/secure/lib/libcrypto/man/man3/SSL_CTX_sess_set_get_cb.3 index 3fefc69ffa12a..59f3aa6d23dc6 100644 --- a/secure/lib/libcrypto/man/man3/SSL_CTX_sess_set_get_cb.3 +++ b/secure/lib/libcrypto/man/man3/SSL_CTX_sess_set_get_cb.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_SESS_SET_GET_CB 3" -.TH SSL_CTX_SESS_SET_GET_CB 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH SSL_CTX_SESS_SET_GET_CB 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/SSL_CTX_sessions.3 b/secure/lib/libcrypto/man/man3/SSL_CTX_sessions.3 index d93c1b8a6b304..44b3bc0e0d525 100644 --- a/secure/lib/libcrypto/man/man3/SSL_CTX_sessions.3 +++ b/secure/lib/libcrypto/man/man3/SSL_CTX_sessions.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_SESSIONS 3" -.TH SSL_CTX_SESSIONS 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH SSL_CTX_SESSIONS 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/SSL_CTX_set0_CA_list.3 b/secure/lib/libcrypto/man/man3/SSL_CTX_set0_CA_list.3 index 03c431aede1b3..53a8a098efd68 100644 --- a/secure/lib/libcrypto/man/man3/SSL_CTX_set0_CA_list.3 +++ b/secure/lib/libcrypto/man/man3/SSL_CTX_set0_CA_list.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_SET0_CA_LIST 3" -.TH SSL_CTX_SET0_CA_LIST 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH SSL_CTX_SET0_CA_LIST 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/SSL_CTX_set1_curves.3 b/secure/lib/libcrypto/man/man3/SSL_CTX_set1_curves.3 index 38336757ec29d..b2253c272a149 100644 --- a/secure/lib/libcrypto/man/man3/SSL_CTX_set1_curves.3 +++ b/secure/lib/libcrypto/man/man3/SSL_CTX_set1_curves.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_SET1_CURVES 3" -.TH SSL_CTX_SET1_CURVES 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH SSL_CTX_SET1_CURVES 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/SSL_CTX_set1_sigalgs.3 b/secure/lib/libcrypto/man/man3/SSL_CTX_set1_sigalgs.3 index 0aa8006aca23f..96f433db479ca 100644 --- a/secure/lib/libcrypto/man/man3/SSL_CTX_set1_sigalgs.3 +++ b/secure/lib/libcrypto/man/man3/SSL_CTX_set1_sigalgs.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_SET1_SIGALGS 3" -.TH SSL_CTX_SET1_SIGALGS 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH SSL_CTX_SET1_SIGALGS 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/SSL_CTX_set1_verify_cert_store.3 b/secure/lib/libcrypto/man/man3/SSL_CTX_set1_verify_cert_store.3 index 305e559c17e2c..ddb99230223e0 100644 --- a/secure/lib/libcrypto/man/man3/SSL_CTX_set1_verify_cert_store.3 +++ b/secure/lib/libcrypto/man/man3/SSL_CTX_set1_verify_cert_store.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_SET1_VERIFY_CERT_STORE 3" -.TH SSL_CTX_SET1_VERIFY_CERT_STORE 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH SSL_CTX_SET1_VERIFY_CERT_STORE 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/SSL_CTX_set_alpn_select_cb.3 b/secure/lib/libcrypto/man/man3/SSL_CTX_set_alpn_select_cb.3 index 9c5e632fb4314..d0c153a53a333 100644 --- a/secure/lib/libcrypto/man/man3/SSL_CTX_set_alpn_select_cb.3 +++ b/secure/lib/libcrypto/man/man3/SSL_CTX_set_alpn_select_cb.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_SET_ALPN_SELECT_CB 3" -.TH SSL_CTX_SET_ALPN_SELECT_CB 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH SSL_CTX_SET_ALPN_SELECT_CB 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -247,7 +247,7 @@ provided by the callback. .SH "NOTES" .IX Header "NOTES" The protocol-lists must be in wire-format, which is defined as a vector of -non-empty, 8\-bit length-prefixed, byte strings. The length-prefix byte is not +nonempty, 8\-bit length-prefixed, byte strings. The length-prefix byte is not included in the length. Each string is limited to 255 bytes. A byte-string length of 0 is invalid. A truncated byte-string is invalid. The length of the vector is not in the vector itself, but in a separate variable. @@ -306,7 +306,7 @@ will be included in the ServerHello. \&\fBSSL_CTX_set_tlsext_servername_arg\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2016\-2017 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2016\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/secure/lib/libcrypto/man/man3/SSL_CTX_set_cert_cb.3 b/secure/lib/libcrypto/man/man3/SSL_CTX_set_cert_cb.3 index cd23b446716f1..a815a0da176d6 100644 --- a/secure/lib/libcrypto/man/man3/SSL_CTX_set_cert_cb.3 +++ b/secure/lib/libcrypto/man/man3/SSL_CTX_set_cert_cb.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_SET_CERT_CB 3" -.TH SSL_CTX_SET_CERT_CB 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH SSL_CTX_SET_CERT_CB 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/SSL_CTX_set_cert_store.3 b/secure/lib/libcrypto/man/man3/SSL_CTX_set_cert_store.3 index 07d52a018c06e..c17d96b983944 100644 --- a/secure/lib/libcrypto/man/man3/SSL_CTX_set_cert_store.3 +++ b/secure/lib/libcrypto/man/man3/SSL_CTX_set_cert_store.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_SET_CERT_STORE 3" -.TH SSL_CTX_SET_CERT_STORE 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH SSL_CTX_SET_CERT_STORE 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/SSL_CTX_set_cert_verify_callback.3 b/secure/lib/libcrypto/man/man3/SSL_CTX_set_cert_verify_callback.3 index 77ebb4f003ea3..d897015696ecb 100644 --- a/secure/lib/libcrypto/man/man3/SSL_CTX_set_cert_verify_callback.3 +++ b/secure/lib/libcrypto/man/man3/SSL_CTX_set_cert_verify_callback.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_SET_CERT_VERIFY_CALLBACK 3" -.TH SSL_CTX_SET_CERT_VERIFY_CALLBACK 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH SSL_CTX_SET_CERT_VERIFY_CALLBACK 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/SSL_CTX_set_cipher_list.3 b/secure/lib/libcrypto/man/man3/SSL_CTX_set_cipher_list.3 index cfd1c4bf110a8..1d06de075f7c7 100644 --- a/secure/lib/libcrypto/man/man3/SSL_CTX_set_cipher_list.3 +++ b/secure/lib/libcrypto/man/man3/SSL_CTX_set_cipher_list.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_SET_CIPHER_LIST 3" -.TH SSL_CTX_SET_CIPHER_LIST 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH SSL_CTX_SET_CIPHER_LIST 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/SSL_CTX_set_client_cert_cb.3 b/secure/lib/libcrypto/man/man3/SSL_CTX_set_client_cert_cb.3 index f9320d6865b9f..360f71183af62 100644 --- a/secure/lib/libcrypto/man/man3/SSL_CTX_set_client_cert_cb.3 +++ b/secure/lib/libcrypto/man/man3/SSL_CTX_set_client_cert_cb.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_SET_CLIENT_CERT_CB 3" -.TH SSL_CTX_SET_CLIENT_CERT_CB 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH SSL_CTX_SET_CLIENT_CERT_CB 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/SSL_CTX_set_client_hello_cb.3 b/secure/lib/libcrypto/man/man3/SSL_CTX_set_client_hello_cb.3 index be52104cc7876..d9b4aa8eebc6e 100644 --- a/secure/lib/libcrypto/man/man3/SSL_CTX_set_client_hello_cb.3 +++ b/secure/lib/libcrypto/man/man3/SSL_CTX_set_client_hello_cb.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_SET_CLIENT_HELLO_CB 3" -.TH SSL_CTX_SET_CLIENT_HELLO_CB 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH SSL_CTX_SET_CLIENT_HELLO_CB 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/SSL_CTX_set_ct_validation_callback.3 b/secure/lib/libcrypto/man/man3/SSL_CTX_set_ct_validation_callback.3 index f208ebcf7df80..9a762c3650521 100644 --- a/secure/lib/libcrypto/man/man3/SSL_CTX_set_ct_validation_callback.3 +++ b/secure/lib/libcrypto/man/man3/SSL_CTX_set_ct_validation_callback.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_SET_CT_VALIDATION_CALLBACK 3" -.TH SSL_CTX_SET_CT_VALIDATION_CALLBACK 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH SSL_CTX_SET_CT_VALIDATION_CALLBACK 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/SSL_CTX_set_ctlog_list_file.3 b/secure/lib/libcrypto/man/man3/SSL_CTX_set_ctlog_list_file.3 index 0b031a01cb45a..78834b2e96a77 100644 --- a/secure/lib/libcrypto/man/man3/SSL_CTX_set_ctlog_list_file.3 +++ b/secure/lib/libcrypto/man/man3/SSL_CTX_set_ctlog_list_file.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_SET_CTLOG_LIST_FILE 3" -.TH SSL_CTX_SET_CTLOG_LIST_FILE 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH SSL_CTX_SET_CTLOG_LIST_FILE 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/SSL_CTX_set_default_passwd_cb.3 b/secure/lib/libcrypto/man/man3/SSL_CTX_set_default_passwd_cb.3 index cb2994a938160..77077eb29c4f5 100644 --- a/secure/lib/libcrypto/man/man3/SSL_CTX_set_default_passwd_cb.3 +++ b/secure/lib/libcrypto/man/man3/SSL_CTX_set_default_passwd_cb.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_SET_DEFAULT_PASSWD_CB 3" -.TH SSL_CTX_SET_DEFAULT_PASSWD_CB 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH SSL_CTX_SET_DEFAULT_PASSWD_CB 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/SSL_CTX_set_ex_data.3 b/secure/lib/libcrypto/man/man3/SSL_CTX_set_ex_data.3 index 645f67c91a8bb..bfc09bfbdb3eb 100644 --- a/secure/lib/libcrypto/man/man3/SSL_CTX_set_ex_data.3 +++ b/secure/lib/libcrypto/man/man3/SSL_CTX_set_ex_data.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_SET_EX_DATA 3" -.TH SSL_CTX_SET_EX_DATA 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH SSL_CTX_SET_EX_DATA 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/SSL_CTX_set_generate_session_id.3 b/secure/lib/libcrypto/man/man3/SSL_CTX_set_generate_session_id.3 index 258e05ef99e8c..7bf41516d802e 100644 --- a/secure/lib/libcrypto/man/man3/SSL_CTX_set_generate_session_id.3 +++ b/secure/lib/libcrypto/man/man3/SSL_CTX_set_generate_session_id.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_SET_GENERATE_SESSION_ID 3" -.TH SSL_CTX_SET_GENERATE_SESSION_ID 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH SSL_CTX_SET_GENERATE_SESSION_ID 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -241,8 +241,8 @@ server id given, and will fill the rest with pseudo random bytes: \& /* \& * Prefix the session_id with the required prefix. NB: If our \& * prefix is too long, clip it \- but there will be worse effects -\& * anyway, eg. the server could only possibly create 1 session -\& * ID (ie. the prefix!) so all future session negotiations will +\& * anyway, e.g. the server could only possibly create 1 session +\& * ID (i.e. the prefix!) so all future session negotiations will \& * fail due to conflicts. \& */ \& memcpy(id, session_id_prefix, strlen(session_id_prefix) < *id_len ? @@ -259,7 +259,7 @@ server id given, and will fill the rest with pseudo random bytes: \&\fBssl\fR\|(7), \fBSSL_get_version\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2001\-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2001\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/secure/lib/libcrypto/man/man3/SSL_CTX_set_info_callback.3 b/secure/lib/libcrypto/man/man3/SSL_CTX_set_info_callback.3 index f5879ac2b5066..4b525b88ee50b 100644 --- a/secure/lib/libcrypto/man/man3/SSL_CTX_set_info_callback.3 +++ b/secure/lib/libcrypto/man/man3/SSL_CTX_set_info_callback.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_SET_INFO_CALLBACK 3" -.TH SSL_CTX_SET_INFO_CALLBACK 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH SSL_CTX_SET_INFO_CALLBACK 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -182,7 +182,7 @@ the callback function was called. If \fBret\fR is 0, an error condition occurred If an alert is handled, \s-1SSL_CB_ALERT\s0 is set and \fBret\fR specifies the alert information. .PP -\&\fBwhere\fR is a bitmask made up of the following bits: +\&\fBwhere\fR is a bit mask made up of the following bits: .IP "\s-1SSL_CB_LOOP\s0" 4 .IX Item "SSL_CB_LOOP" Callback has been called to indicate state change or some other significant @@ -192,7 +192,7 @@ per state in some situations. .IX Item "SSL_CB_EXIT" Callback has been called to indicate exit of a handshake function. This will happen after the end of a handshake, but may happen at other times too such as -on error or when \s-1IO\s0 might otherwise block and non-blocking is being used. +on error or when \s-1IO\s0 might otherwise block and nonblocking is being used. .IP "\s-1SSL_CB_READ\s0" 4 .IX Item "SSL_CB_READ" Callback has been called during read operation. @@ -277,7 +277,7 @@ about alerts being handled and error messages to the \fBbio_err\fR \s-1BIO.\s0 \&\fBSSL_alert_type_string\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2001\-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2001\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/secure/lib/libcrypto/man/man3/SSL_CTX_set_keylog_callback.3 b/secure/lib/libcrypto/man/man3/SSL_CTX_set_keylog_callback.3 index 81214b6075ce5..f3a0cc9085846 100644 --- a/secure/lib/libcrypto/man/man3/SSL_CTX_set_keylog_callback.3 +++ b/secure/lib/libcrypto/man/man3/SSL_CTX_set_keylog_callback.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_SET_KEYLOG_CALLBACK 3" -.TH SSL_CTX_SET_KEYLOG_CALLBACK 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH SSL_CTX_SET_KEYLOG_CALLBACK 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/SSL_CTX_set_max_cert_list.3 b/secure/lib/libcrypto/man/man3/SSL_CTX_set_max_cert_list.3 index 9dfa6a3201ee9..963b6d6193875 100644 --- a/secure/lib/libcrypto/man/man3/SSL_CTX_set_max_cert_list.3 +++ b/secure/lib/libcrypto/man/man3/SSL_CTX_set_max_cert_list.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_SET_MAX_CERT_LIST 3" -.TH SSL_CTX_SET_MAX_CERT_LIST 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH SSL_CTX_SET_MAX_CERT_LIST 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -175,7 +175,7 @@ received from a faulty or malicious peer, a maximum size for the certificate chain is set. .PP The default value for the maximum certificate chain size is 100kB (30kB -on the 16bit \s-1DOS\s0 platform). This should be sufficient for usual certificate +on the 16\-bit \s-1DOS\s0 platform). This should be sufficient for usual certificate chains (OpenSSL's default maximum chain length is 10, see \&\fBSSL_CTX_set_verify\fR\|(3), and certificates without special extensions have a typical size of 1\-2kB). @@ -205,7 +205,7 @@ set value. \&\fBSSL_CTX_set_verify\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2001\-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2001\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/secure/lib/libcrypto/man/man3/SSL_CTX_set_min_proto_version.3 b/secure/lib/libcrypto/man/man3/SSL_CTX_set_min_proto_version.3 index 50f80cfdae109..4ab0b2c49f718 100644 --- a/secure/lib/libcrypto/man/man3/SSL_CTX_set_min_proto_version.3 +++ b/secure/lib/libcrypto/man/man3/SSL_CTX_set_min_proto_version.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_SET_MIN_PROTO_VERSION 3" -.TH SSL_CTX_SET_MIN_PROTO_VERSION 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH SSL_CTX_SET_MIN_PROTO_VERSION 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/SSL_CTX_set_mode.3 b/secure/lib/libcrypto/man/man3/SSL_CTX_set_mode.3 index 0214d4dbb2113..b79fba44537c5 100644 --- a/secure/lib/libcrypto/man/man3/SSL_CTX_set_mode.3 +++ b/secure/lib/libcrypto/man/man3/SSL_CTX_set_mode.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_SET_MODE 3" -.TH SSL_CTX_SET_MODE 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH SSL_CTX_SET_MODE 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -155,13 +155,13 @@ SSL_CTX_set_mode, SSL_CTX_clear_mode, SSL_set_mode, SSL_clear_mode, SSL_CTX_get_ .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fBSSL_CTX_set_mode()\fR adds the mode set via bitmask in \fBmode\fR to \fBctx\fR. +\&\fBSSL_CTX_set_mode()\fR adds the mode set via bit mask in \fBmode\fR to \fBctx\fR. Options already set before are not cleared. -\&\fBSSL_CTX_clear_mode()\fR removes the mode set via bitmask in \fBmode\fR from \fBctx\fR. +\&\fBSSL_CTX_clear_mode()\fR removes the mode set via bit mask in \fBmode\fR from \fBctx\fR. .PP -\&\fBSSL_set_mode()\fR adds the mode set via bitmask in \fBmode\fR to \fBssl\fR. +\&\fBSSL_set_mode()\fR adds the mode set via bit mask in \fBmode\fR to \fBssl\fR. Options already set before are not cleared. -\&\fBSSL_clear_mode()\fR removes the mode set via bitmask in \fBmode\fR from \fBssl\fR. +\&\fBSSL_clear_mode()\fR removes the mode set via bit mask in \fBmode\fR from \fBssl\fR. .PP \&\fBSSL_CTX_get_mode()\fR returns the mode set for \fBctx\fR. .PP @@ -182,8 +182,8 @@ the behaviour of \fBwrite()\fR. .IX Item "SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER" Make it possible to retry \fBSSL_write_ex()\fR or \fBSSL_write()\fR with changed buffer location (the buffer contents must stay the same). This is not the default to -avoid the misconception that non-blocking \fBSSL_write()\fR behaves like -non-blocking \fBwrite()\fR. +avoid the misconception that nonblocking \fBSSL_write()\fR behaves like +nonblocking \fBwrite()\fR. .IP "\s-1SSL_MODE_AUTO_RETRY\s0" 4 .IX Item "SSL_MODE_AUTO_RETRY" During normal operations, non-application data records might need to be sent or @@ -195,9 +195,9 @@ If such a non-application data record was processed, the flag \&\fB\s-1SSL_MODE_AUTO_RETRY\s0\fR causes it to try to process the next record instead of returning. .Sp -In a non-blocking environment applications must be prepared to handle +In a nonblocking environment applications must be prepared to handle incomplete read/write operations. -Setting \fB\s-1SSL_MODE_AUTO_RETRY\s0\fR for a non-blocking \fB\s-1BIO\s0\fR will process +Setting \fB\s-1SSL_MODE_AUTO_RETRY\s0\fR for a nonblocking \fB\s-1BIO\s0\fR will process non-application data records until either no more data is available or an application data record has been processed. .Sp @@ -245,10 +245,10 @@ All modes are off by default except for \s-1SSL_MODE_AUTO_RETRY\s0 which is on b default since 1.1.1. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fBSSL_CTX_set_mode()\fR and \fBSSL_set_mode()\fR return the new mode bitmask +\&\fBSSL_CTX_set_mode()\fR and \fBSSL_set_mode()\fR return the new mode bit mask after adding \fBmode\fR. .PP -\&\fBSSL_CTX_get_mode()\fR and \fBSSL_get_mode()\fR return the current bitmask. +\&\fBSSL_CTX_get_mode()\fR and \fBSSL_get_mode()\fR return the current bit mask. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBssl\fR\|(7), \fBSSL_read_ex\fR\|(3), \fBSSL_read\fR\|(3), \fBSSL_write_ex\fR\|(3) or @@ -258,7 +258,7 @@ after adding \fBmode\fR. \&\s-1SSL_MODE_ASYNC\s0 was added in OpenSSL 1.1.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2001\-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2001\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/secure/lib/libcrypto/man/man3/SSL_CTX_set_msg_callback.3 b/secure/lib/libcrypto/man/man3/SSL_CTX_set_msg_callback.3 index cb59def37d6ed..d0f075ed69c72 100644 --- a/secure/lib/libcrypto/man/man3/SSL_CTX_set_msg_callback.3 +++ b/secure/lib/libcrypto/man/man3/SSL_CTX_set_msg_callback.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_SET_MSG_CALLBACK 3" -.TH SSL_CTX_SET_MSG_CALLBACK 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH SSL_CTX_SET_MSG_CALLBACK 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/SSL_CTX_set_num_tickets.3 b/secure/lib/libcrypto/man/man3/SSL_CTX_set_num_tickets.3 index ed6ac8eb4b24b..21407e1e543a0 100644 --- a/secure/lib/libcrypto/man/man3/SSL_CTX_set_num_tickets.3 +++ b/secure/lib/libcrypto/man/man3/SSL_CTX_set_num_tickets.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_SET_NUM_TICKETS 3" -.TH SSL_CTX_SET_NUM_TICKETS 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH SSL_CTX_SET_NUM_TICKETS 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/SSL_CTX_set_options.3 b/secure/lib/libcrypto/man/man3/SSL_CTX_set_options.3 index a886ed22cf8de..549867671c2ae 100644 --- a/secure/lib/libcrypto/man/man3/SSL_CTX_set_options.3 +++ b/secure/lib/libcrypto/man/man3/SSL_CTX_set_options.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_SET_OPTIONS 3" -.TH SSL_CTX_SET_OPTIONS 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH SSL_CTX_SET_OPTIONS 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -158,16 +158,16 @@ SSL_CTX_set_options, SSL_set_options, SSL_CTX_clear_options, SSL_clear_options, .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fBSSL_CTX_set_options()\fR adds the options set via bitmask in \fBoptions\fR to \fBctx\fR. +\&\fBSSL_CTX_set_options()\fR adds the options set via bit mask in \fBoptions\fR to \fBctx\fR. Options already set before are not cleared! .PP -\&\fBSSL_set_options()\fR adds the options set via bitmask in \fBoptions\fR to \fBssl\fR. +\&\fBSSL_set_options()\fR adds the options set via bit mask in \fBoptions\fR to \fBssl\fR. Options already set before are not cleared! .PP -\&\fBSSL_CTX_clear_options()\fR clears the options set via bitmask in \fBoptions\fR +\&\fBSSL_CTX_clear_options()\fR clears the options set via bit mask in \fBoptions\fR to \fBctx\fR. .PP -\&\fBSSL_clear_options()\fR clears the options set via bitmask in \fBoptions\fR to \fBssl\fR. +\&\fBSSL_clear_options()\fR clears the options set via bit mask in \fBoptions\fR to \fBssl\fR. .PP \&\fBSSL_CTX_get_options()\fR returns the options set for \fBctx\fR. .PP @@ -179,7 +179,7 @@ Note, this is implemented via a macro. .SH "NOTES" .IX Header "NOTES" The behaviour of the \s-1SSL\s0 library can be changed by setting several options. -The options are coded as bitmasks and can be combined by a bitwise \fBor\fR +The options are coded as bit masks and can be combined by a bitwise \fBor\fR operation (|). .PP \&\fBSSL_CTX_set_options()\fR and \fBSSL_set_options()\fR affect the (external) @@ -276,7 +276,7 @@ the session. In this way the server can operate statelessly \- no session information needs to be cached locally. .Sp The TLSv1.3 protocol only supports tickets and does not directly support session -ids. However OpenSSL allows two modes of ticket operation in TLSv1.3: stateful +ids. However, OpenSSL allows two modes of ticket operation in TLSv1.3: stateful and stateless. Stateless tickets work the same way as in TLSv1.2 and below. Stateful tickets mimic the session id behaviour available in TLSv1.2 and below. The session information is cached on the server and the session id is wrapped up @@ -438,13 +438,13 @@ renegotiation between OpenSSL clients and unpatched servers \fBonly\fR, while and renegotiation between OpenSSL and unpatched clients or servers. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fBSSL_CTX_set_options()\fR and \fBSSL_set_options()\fR return the new options bitmask +\&\fBSSL_CTX_set_options()\fR and \fBSSL_set_options()\fR return the new options bit mask after adding \fBoptions\fR. .PP -\&\fBSSL_CTX_clear_options()\fR and \fBSSL_clear_options()\fR return the new options bitmask +\&\fBSSL_CTX_clear_options()\fR and \fBSSL_clear_options()\fR return the new options bit mask after clearing \fBoptions\fR. .PP -\&\fBSSL_CTX_get_options()\fR and \fBSSL_get_options()\fR return the current bitmask. +\&\fBSSL_CTX_get_options()\fR and \fBSSL_get_options()\fR return the current bit mask. .PP \&\fBSSL_get_secure_renegotiation_support()\fR returns 1 is the peer supports secure renegotiation and 0 if it does not. @@ -463,7 +463,7 @@ The \fB\s-1SSL_OP_PRIORITIZE_CHACHA\s0\fR and \fB\s-1SSL_OP_NO_RENEGOTIATION\s0\ were added in OpenSSL 1.1.1. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2001\-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2001\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/secure/lib/libcrypto/man/man3/SSL_CTX_set_psk_client_callback.3 b/secure/lib/libcrypto/man/man3/SSL_CTX_set_psk_client_callback.3 index 9dafefe116ea6..d9af408cad81f 100644 --- a/secure/lib/libcrypto/man/man3/SSL_CTX_set_psk_client_callback.3 +++ b/secure/lib/libcrypto/man/man3/SSL_CTX_set_psk_client_callback.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_SET_PSK_CLIENT_CALLBACK 3" -.TH SSL_CTX_SET_PSK_CLIENT_CALLBACK 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH SSL_CTX_SET_PSK_CLIENT_CALLBACK 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -246,7 +246,9 @@ and it will use that in preference. If no such callback is present then it will check to see if a callback has been set via \fBSSL_CTX_set_psk_client_callback()\fR or \&\fBSSL_set_psk_client_callback()\fR and use that. In this case the \fBhint\fR value will always be \s-1NULL\s0 and the handshake digest will default to \s-1SHA\-256\s0 for any returned -\&\s-1PSK.\s0 +\&\s-1PSK.\s0 TLSv1.3 early data exchanges are possible in \s-1PSK\s0 connections only with the +\&\fBSSL_psk_use_session_cb_func\fR callback, and are not possible with the +\&\fBSSL_psk_client_cb_func\fR callback. .SH "NOTES" .IX Header "NOTES" Note that parameter \fBhint\fR given to the callback may be \fB\s-1NULL\s0\fR. @@ -255,7 +257,7 @@ A connection established via a TLSv1.3 \s-1PSK\s0 will appear as if session resu has occurred so that \fBSSL_session_reused\fR\|(3) will return true. .PP There are no known security issues with sharing the same \s-1PSK\s0 between TLSv1.2 (or -below) and TLSv1.3. However the \s-1RFC\s0 has this note of caution: +below) and TLSv1.3. However, the \s-1RFC\s0 has this note of caution: .PP \&\*(L"While there is no known way in which the same \s-1PSK\s0 might produce related output in both versions, only limited analysis has been done. Implementations can @@ -284,7 +286,7 @@ failure. In the event of failure the connection setup fails. were added in OpenSSL 1.1.1. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2006\-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2006\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/secure/lib/libcrypto/man/man3/SSL_CTX_set_quiet_shutdown.3 b/secure/lib/libcrypto/man/man3/SSL_CTX_set_quiet_shutdown.3 index 3eb03e73d6e5f..d683f6e1f5924 100644 --- a/secure/lib/libcrypto/man/man3/SSL_CTX_set_quiet_shutdown.3 +++ b/secure/lib/libcrypto/man/man3/SSL_CTX_set_quiet_shutdown.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_SET_QUIET_SHUTDOWN 3" -.TH SSL_CTX_SET_QUIET_SHUTDOWN 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH SSL_CTX_SET_QUIET_SHUTDOWN 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/SSL_CTX_set_read_ahead.3 b/secure/lib/libcrypto/man/man3/SSL_CTX_set_read_ahead.3 index aa118d2b139c7..98948c2ac761c 100644 --- a/secure/lib/libcrypto/man/man3/SSL_CTX_set_read_ahead.3 +++ b/secure/lib/libcrypto/man/man3/SSL_CTX_set_read_ahead.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_SET_READ_AHEAD 3" -.TH SSL_CTX_SET_READ_AHEAD 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH SSL_CTX_SET_READ_AHEAD 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -155,7 +155,7 @@ SSL_CTX_set_read_ahead, SSL_CTX_get_read_ahead, SSL_set_read_ahead, SSL_get_read .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBSSL_CTX_set_read_ahead()\fR and \fBSSL_set_read_ahead()\fR set whether we should read as -many input bytes as possible (for non-blocking reads) or not. For example if +many input bytes as possible (for nonblocking reads) or not. For example if \&\fBx\fR bytes are currently required by OpenSSL, but \fBy\fR bytes are available from the underlying \s-1BIO\s0 (where \fBy\fR > \fBx\fR), then OpenSSL will read all \fBy\fR bytes into its buffer (providing that the buffer is large enough) if reading ahead is @@ -194,7 +194,7 @@ and non zero otherwise. \&\fBssl\fR\|(7), \fBSSL_pending\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2015\-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2015\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/secure/lib/libcrypto/man/man3/SSL_CTX_set_record_padding_callback.3 b/secure/lib/libcrypto/man/man3/SSL_CTX_set_record_padding_callback.3 index f5046a6c58f2c..7bca77190c547 100644 --- a/secure/lib/libcrypto/man/man3/SSL_CTX_set_record_padding_callback.3 +++ b/secure/lib/libcrypto/man/man3/SSL_CTX_set_record_padding_callback.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_SET_RECORD_PADDING_CALLBACK 3" -.TH SSL_CTX_SET_RECORD_PADDING_CALLBACK 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH SSL_CTX_SET_RECORD_PADDING_CALLBACK 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/SSL_CTX_set_security_level.3 b/secure/lib/libcrypto/man/man3/SSL_CTX_set_security_level.3 index ebd5d0fcfbfe5..d035f16a31313 100644 --- a/secure/lib/libcrypto/man/man3/SSL_CTX_set_security_level.3 +++ b/secure/lib/libcrypto/man/man3/SSL_CTX_set_security_level.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_SET_SECURITY_LEVEL 3" -.TH SSL_CTX_SET_SECURITY_LEVEL 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH SSL_CTX_SET_SECURITY_LEVEL 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -238,12 +238,6 @@ shorter than 15360 bits and \s-1ECC\s0 keys shorter than 512 bits are prohibited \&\fIDocumentation to be provided.\fR .SH "NOTES" .IX Header "NOTES" -\&\fB\s-1WARNING\s0\fR at this time setting the security level higher than 1 for -general internet use is likely to cause \fBconsiderable\fR interoperability -issues and is not recommended. This is because the \fB\s-1SHA1\s0\fR algorithm -is very widely used in certificates and will be rejected at levels -higher than 1 because it only offers 80 bits of security. -.PP The default security level can be configured when OpenSSL is compiled by setting \fB\-DOPENSSL_TLS_SECURITY_LEVEL=level\fR. If not set then 1 is used. .PP @@ -301,7 +295,7 @@ data pointer or \s-1NULL\s0 if the ex data is not set. These functions were added in OpenSSL 1.1.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2014\-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2014\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/secure/lib/libcrypto/man/man3/SSL_CTX_set_session_cache_mode.3 b/secure/lib/libcrypto/man/man3/SSL_CTX_set_session_cache_mode.3 index af31cfcec2c1d..80a5c8712edea 100644 --- a/secure/lib/libcrypto/man/man3/SSL_CTX_set_session_cache_mode.3 +++ b/secure/lib/libcrypto/man/man3/SSL_CTX_set_session_cache_mode.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_SET_SESSION_CACHE_MODE 3" -.TH SSL_CTX_SET_SESSION_CACHE_MODE 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH SSL_CTX_SET_SESSION_CACHE_MODE 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -223,7 +223,7 @@ session caching (callback) that is configured for the \s-1SSL_CTX.\s0 This flag prevent sessions being stored in the internal cache (though the application can add them manually using \fBSSL_CTX_add_session\fR\|(3)). Note: in any \s-1SSL/TLS\s0 servers where external caching is configured, any successful -session lookups in the external cache (ie. for session-resume requests) would +session lookups in the external cache (i.e. for session-resume requests) would normally be copied into the local cache before processing continues \- this flag prevents these additions to the internal cache as well. .IP "\s-1SSL_SESS_CACHE_NO_INTERNAL\s0" 4 @@ -250,7 +250,7 @@ The default mode is \s-1SSL_SESS_CACHE_SERVER.\s0 \&\fBSSL_CTX_flush_sessions\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2001\-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2001\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/secure/lib/libcrypto/man/man3/SSL_CTX_set_session_id_context.3 b/secure/lib/libcrypto/man/man3/SSL_CTX_set_session_id_context.3 index db2cc80d8ef0c..e6bae4deaec8b 100644 --- a/secure/lib/libcrypto/man/man3/SSL_CTX_set_session_id_context.3 +++ b/secure/lib/libcrypto/man/man3/SSL_CTX_set_session_id_context.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_SET_SESSION_ID_CONTEXT 3" -.TH SSL_CTX_SET_SESSION_ID_CONTEXT 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH SSL_CTX_SET_SESSION_ID_CONTEXT 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -162,7 +162,7 @@ SSL_CTX_set_session_id_context, SSL_set_session_id_context \- set context within Sessions are generated within a certain context. When exporting/importing sessions with \fBi2d_SSL_SESSION\fR/\fBd2i_SSL_SESSION\fR it would be possible, to re-import a session generated from another context (e.g. another -application), which might lead to malfunctions. Therefore each application +application), which might lead to malfunctions. Therefore, each application must set its own session id context \fBsid_ctx\fR which is used to distinguish the contexts and is stored in exported sessions. The \fBsid_ctx\fR can be any kind of binary data with a given length, it is therefore possible @@ -207,7 +207,7 @@ The operation succeeded. \&\fBssl\fR\|(7) .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2001\-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2001\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/secure/lib/libcrypto/man/man3/SSL_CTX_set_session_ticket_cb.3 b/secure/lib/libcrypto/man/man3/SSL_CTX_set_session_ticket_cb.3 index ab67405a458fc..53be77e7cd4eb 100644 --- a/secure/lib/libcrypto/man/man3/SSL_CTX_set_session_ticket_cb.3 +++ b/secure/lib/libcrypto/man/man3/SSL_CTX_set_session_ticket_cb.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_SET_SESSION_TICKET_CB 3" -.TH SSL_CTX_SET_SESSION_TICKET_CB 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH SSL_CTX_SET_SESSION_TICKET_CB 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -228,7 +228,7 @@ The return value can be any of these values: .IX Item "SSL_TICKET_RETURN_ABORT" The handshake should be aborted, either because of an error or because of some policy. Note that in TLSv1.3 a client may send more than one ticket in a single -handshake. Therefore just because one ticket is unacceptable it does not mean +handshake. Therefore, just because one ticket is unacceptable it does not mean that all of them are. For this reason this option should be used with caution. .IP "\s-1SSL_TICKET_RETURN_IGNORE\s0" 4 .IX Item "SSL_TICKET_RETURN_IGNORE" @@ -289,11 +289,11 @@ The \fBdec_cb\fR callback must return a value as described in \s-1NOTES\s0 above \&\fBSSL_get_session\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -The \fBSSL_CTX_set_session_ticket_cb()\fR, \fBSSSL_SESSION_set1_ticket_appdata()\fR +The \fBSSL_CTX_set_session_ticket_cb()\fR, \fBSSL_SESSION_set1_ticket_appdata()\fR and \fBSSL_SESSION_get_ticket_appdata()\fR functions were added in OpenSSL 1.1.1. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2017\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/secure/lib/libcrypto/man/man3/SSL_CTX_set_split_send_fragment.3 b/secure/lib/libcrypto/man/man3/SSL_CTX_set_split_send_fragment.3 index 31237cf3c0d9d..093b3d8f7d8e2 100644 --- a/secure/lib/libcrypto/man/man3/SSL_CTX_set_split_send_fragment.3 +++ b/secure/lib/libcrypto/man/man3/SSL_CTX_set_split_send_fragment.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_SET_SPLIT_SEND_FRAGMENT 3" -.TH SSL_CTX_SET_SPLIT_SEND_FRAGMENT 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH SSL_CTX_SET_SPLIT_SEND_FRAGMENT 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -172,7 +172,7 @@ capability is known as \*(L"pipelining\*(R" within OpenSSL. .PP In order to benefit from the pipelining capability. You need to have an engine that provides ciphers that support this. The OpenSSL \*(L"dasync\*(R" engine provides -\&\s-1AES128\-SHA\s0 based ciphers that have this capability. However these are for +\&\s-1AES128\-SHA\s0 based ciphers that have this capability. However, these are for development and test purposes only. .PP \&\fBSSL_CTX_set_max_send_fragment()\fR and \fBSSL_set_max_send_fragment()\fR set the @@ -295,7 +295,7 @@ The \fBSSL_CTX_set_tlsext_max_fragment_length()\fR, \fBSSL_set_tlsext_max_fragme and \fBSSL_SESSION_get_max_fragment_length()\fR functions were added in OpenSSL 1.1.1. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2016\-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2016\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/secure/lib/libcrypto/man/man3/SSL_CTX_set_ssl_version.3 b/secure/lib/libcrypto/man/man3/SSL_CTX_set_ssl_version.3 index a3412498c9516..7b26089ca97cf 100644 --- a/secure/lib/libcrypto/man/man3/SSL_CTX_set_ssl_version.3 +++ b/secure/lib/libcrypto/man/man3/SSL_CTX_set_ssl_version.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_SET_SSL_VERSION 3" -.TH SSL_CTX_SET_SSL_VERSION 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH SSL_CTX_SET_SSL_VERSION 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/SSL_CTX_set_stateless_cookie_generate_cb.3 b/secure/lib/libcrypto/man/man3/SSL_CTX_set_stateless_cookie_generate_cb.3 index b1df67ab5b7d9..7448a8c7a7c45 100644 --- a/secure/lib/libcrypto/man/man3/SSL_CTX_set_stateless_cookie_generate_cb.3 +++ b/secure/lib/libcrypto/man/man3/SSL_CTX_set_stateless_cookie_generate_cb.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_SET_STATELESS_COOKIE_GENERATE_CB 3" -.TH SSL_CTX_SET_STATELESS_COOKIE_GENERATE_CB 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH SSL_CTX_SET_STATELESS_COOKIE_GENERATE_CB 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/SSL_CTX_set_timeout.3 b/secure/lib/libcrypto/man/man3/SSL_CTX_set_timeout.3 index 4ea81bee231fe..0c4a06d175c01 100644 --- a/secure/lib/libcrypto/man/man3/SSL_CTX_set_timeout.3 +++ b/secure/lib/libcrypto/man/man3/SSL_CTX_set_timeout.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_SET_TIMEOUT 3" -.TH SSL_CTX_SET_TIMEOUT 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH SSL_CTX_SET_TIMEOUT 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/SSL_CTX_set_tlsext_servername_callback.3 b/secure/lib/libcrypto/man/man3/SSL_CTX_set_tlsext_servername_callback.3 index 5b6714de5dd2a..fe00a891f316e 100644 --- a/secure/lib/libcrypto/man/man3/SSL_CTX_set_tlsext_servername_callback.3 +++ b/secure/lib/libcrypto/man/man3/SSL_CTX_set_tlsext_servername_callback.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_SET_TLSEXT_SERVERNAME_CALLBACK 3" -.TH SSL_CTX_SET_TLSEXT_SERVERNAME_CALLBACK 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH SSL_CTX_SET_TLSEXT_SERVERNAME_CALLBACK 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -181,7 +181,7 @@ value is initialised to \s-1SSL_AD_UNRECOGNIZED_NAME.\s0 .IP "\s-1SSL_TLSEXT_ERR_ALERT_WARNING\s0" 4 .IX Item "SSL_TLSEXT_ERR_ALERT_WARNING" If this value is returned then the servername is not accepted by the server. -However the handshake will continue and send a warning alert instead. The value +However, the handshake will continue and send a warning alert instead. The value of the alert should be stored in the location pointed to by the \fBal\fR parameter as for \s-1SSL_TLSEXT_ERR_ALERT_FATAL\s0 above. Note that TLSv1.3 does not support warning alerts, so if TLSv1.3 has been negotiated then this return value is @@ -210,7 +210,7 @@ it will return that servername. Otherwise it returns \s-1NULL.\s0 .IP "On the client, during or after the handshake and a TLSv1.2 (or below) resumption occurred" 4 .IX Item "On the client, during or after the handshake and a TLSv1.2 (or below) resumption occurred" -If the session from the orignal handshake had a servername accepted by the +If the session from the original handshake had a servername accepted by the server then it will return that servername. .Sp Otherwise it returns the servername set via \fBSSL_set_tlsext_host_name()\fR or \s-1NULL\s0 @@ -266,12 +266,12 @@ corner cases. This has been fixed from OpenSSL 1.1.1e. .PP Prior to 1.1.1e, when the client requested a servername in an initial TLSv1.2 handshake, the server accepted it, and then the client successfully resumed but -set a different explict servername in the second handshake then when called by +set a different explicit servername in the second handshake then when called by the client it returned the servername from the second handshake. This has now been changed to return the servername requested in the original handshake. .PP Also prior to 1.1.1e, if the client sent a servername in the first handshake but -the server did not accept it, and then a second handshake occured where TLSv1.2 +the server did not accept it, and then a second handshake occurred where TLSv1.2 resumption was successful then when called by the server it returned the servername requested in the original handshake. This has now been changed to \&\s-1NULL.\s0 diff --git a/secure/lib/libcrypto/man/man3/SSL_CTX_set_tlsext_status_cb.3 b/secure/lib/libcrypto/man/man3/SSL_CTX_set_tlsext_status_cb.3 index 565048c4c7a2a..f99987b1670f7 100644 --- a/secure/lib/libcrypto/man/man3/SSL_CTX_set_tlsext_status_cb.3 +++ b/secure/lib/libcrypto/man/man3/SSL_CTX_set_tlsext_status_cb.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_SET_TLSEXT_STATUS_CB 3" -.TH SSL_CTX_SET_TLSEXT_STATUS_CB 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH SSL_CTX_SET_TLSEXT_STATUS_CB 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/SSL_CTX_set_tlsext_ticket_key_cb.3 b/secure/lib/libcrypto/man/man3/SSL_CTX_set_tlsext_ticket_key_cb.3 index 81161d929fc00..c2e8da979487b 100644 --- a/secure/lib/libcrypto/man/man3/SSL_CTX_set_tlsext_ticket_key_cb.3 +++ b/secure/lib/libcrypto/man/man3/SSL_CTX_set_tlsext_ticket_key_cb.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_SET_TLSEXT_TICKET_KEY_CB 3" -.TH SSL_CTX_SET_TLSEXT_TICKET_KEY_CB 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH SSL_CTX_SET_TLSEXT_TICKET_KEY_CB 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -262,6 +262,8 @@ Reference Implementation: \& unsigned char *iv, EVP_CIPHER_CTX *ctx, \& HMAC_CTX *hctx, int enc) \& { +\& your_type_t *key; /* something that you need to implement */ +\& \& if (enc) { /* create new session */ \& if (RAND_bytes(iv, EVP_MAX_IV_LENGTH) <= 0) \& return \-1; /* insufficient random */ @@ -280,21 +282,22 @@ Reference Implementation: \& } \& memcpy(key_name, key\->name, 16); \& -\& EVP_EncryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, key\->aes_key, iv); -\& HMAC_Init_ex(&hctx, key\->hmac_key, 16, EVP_sha256(), NULL); +\& EVP_EncryptInit_ex(&ctx, EVP_aes_256_cbc(), NULL, key\->aes_key, iv); +\& HMAC_Init_ex(&hctx, key\->hmac_key, 32, EVP_sha256(), NULL); \& \& return 1; \& \& } else { /* retrieve session */ -\& key = findkey(name); +\& time_t t = time(NULL); +\& key = findkey(key_name); /* something that you need to implement */ \& -\& if (key == NULL || key\->expire < now()) +\& if (key == NULL || key\->expire < t) \& return 0; \& -\& HMAC_Init_ex(&hctx, key\->hmac_key, 16, EVP_sha256(), NULL); -\& EVP_DecryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, key\->aes_key, iv); +\& HMAC_Init_ex(&hctx, key\->hmac_key, 32, EVP_sha256(), NULL); +\& EVP_DecryptInit_ex(&ctx, EVP_aes_256_cbc(), NULL, key\->aes_key, iv); \& -\& if (key\->expire < now() \- RENEW_TIME) { +\& if (key\->expire < t \- RENEW_TIME) { /* RENEW_TIME: implement */ \& /* \& * return 2 \- This session will get a new ticket even though the \& * current one is still valid. @@ -315,7 +318,7 @@ Reference Implementation: \&\fBSSL_CTX_set_session_id_context\fR\|(3), .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2014\-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2014\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/secure/lib/libcrypto/man/man3/SSL_CTX_set_tlsext_use_srtp.3 b/secure/lib/libcrypto/man/man3/SSL_CTX_set_tlsext_use_srtp.3 index faa7a0a3e864b..0f196a4efd954 100644 --- a/secure/lib/libcrypto/man/man3/SSL_CTX_set_tlsext_use_srtp.3 +++ b/secure/lib/libcrypto/man/man3/SSL_CTX_set_tlsext_use_srtp.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_SET_TLSEXT_USE_SRTP 3" -.TH SSL_CTX_SET_TLSEXT_USE_SRTP 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH SSL_CTX_SET_TLSEXT_USE_SRTP 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/SSL_CTX_set_tmp_dh_callback.3 b/secure/lib/libcrypto/man/man3/SSL_CTX_set_tmp_dh_callback.3 index a002c63b19bce..2321368852831 100644 --- a/secure/lib/libcrypto/man/man3/SSL_CTX_set_tmp_dh_callback.3 +++ b/secure/lib/libcrypto/man/man3/SSL_CTX_set_tmp_dh_callback.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_SET_TMP_DH_CALLBACK 3" -.TH SSL_CTX_SET_TMP_DH_CALLBACK 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH SSL_CTX_SET_TMP_DH_CALLBACK 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/SSL_CTX_set_verify.3 b/secure/lib/libcrypto/man/man3/SSL_CTX_set_verify.3 index 25541d1a7985a..30f5621b07d0d 100644 --- a/secure/lib/libcrypto/man/man3/SSL_CTX_set_verify.3 +++ b/secure/lib/libcrypto/man/man3/SSL_CTX_set_verify.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_SET_VERIFY 3" -.TH SSL_CTX_SET_VERIFY 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH SSL_CTX_SET_VERIFY 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/SSL_CTX_use_certificate.3 b/secure/lib/libcrypto/man/man3/SSL_CTX_use_certificate.3 index d26eba0a69e55..1e94228a00359 100644 --- a/secure/lib/libcrypto/man/man3/SSL_CTX_use_certificate.3 +++ b/secure/lib/libcrypto/man/man3/SSL_CTX_use_certificate.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_USE_CERTIFICATE 3" -.TH SSL_CTX_USE_CERTIFICATE 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH SSL_CTX_USE_CERTIFICATE 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/SSL_CTX_use_psk_identity_hint.3 b/secure/lib/libcrypto/man/man3/SSL_CTX_use_psk_identity_hint.3 index 5df4b44d53b4b..c0e45010e683e 100644 --- a/secure/lib/libcrypto/man/man3/SSL_CTX_use_psk_identity_hint.3 +++ b/secure/lib/libcrypto/man/man3/SSL_CTX_use_psk_identity_hint.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_USE_PSK_IDENTITY_HINT 3" -.TH SSL_CTX_USE_PSK_IDENTITY_HINT 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH SSL_CTX_USE_PSK_IDENTITY_HINT 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -212,7 +212,9 @@ via \fBSSL_CTX_set_psk_find_session_callback()\fR or \fBSSL_set_psk_find_session and it will use that in preference. If no such callback is present then it will check to see if a callback has been set via \fBSSL_CTX_set_psk_server_callback()\fR or \&\fBSSL_set_psk_server_callback()\fR and use that. In this case the handshake digest -will default to \s-1SHA\-256\s0 for any returned \s-1PSK.\s0 +will default to \s-1SHA\-256\s0 for any returned \s-1PSK.\s0 TLSv1.3 early data exchanges are +possible in \s-1PSK\s0 connections only with the \fBSSL_psk_find_session_cb_func\fR +callback, and are not possible with the \fBSSL_psk_server_cb_func\fR callback. .SH "NOTES" .IX Header "NOTES" A connection established via a TLSv1.3 \s-1PSK\s0 will appear as if session resumption @@ -245,7 +247,7 @@ failure. In the event of failure the connection setup fails. .SH "NOTES" .IX Header "NOTES" There are no known security issues with sharing the same \s-1PSK\s0 between TLSv1.2 (or -below) and TLSv1.3. However the \s-1RFC\s0 has this note of caution: +below) and TLSv1.3. However, the \s-1RFC\s0 has this note of caution: .PP \&\*(L"While there is no known way in which the same \s-1PSK\s0 might produce related output in both versions, only limited analysis has been done. Implementations can @@ -261,7 +263,7 @@ ensure safety from cross-protocol related output by not reusing PSKs between were added in OpenSSL 1.1.1. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2006\-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2006\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/secure/lib/libcrypto/man/man3/SSL_CTX_use_serverinfo.3 b/secure/lib/libcrypto/man/man3/SSL_CTX_use_serverinfo.3 index ce3f4ae7a7ab4..a03f94ef19be0 100644 --- a/secure/lib/libcrypto/man/man3/SSL_CTX_use_serverinfo.3 +++ b/secure/lib/libcrypto/man/man3/SSL_CTX_use_serverinfo.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_USE_SERVERINFO 3" -.TH SSL_CTX_USE_SERVERINFO 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH SSL_CTX_USE_SERVERINFO 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/SSL_SESSION_free.3 b/secure/lib/libcrypto/man/man3/SSL_SESSION_free.3 index d5399a1b3f9d1..fe0b8b3cdbb09 100644 --- a/secure/lib/libcrypto/man/man3/SSL_SESSION_free.3 +++ b/secure/lib/libcrypto/man/man3/SSL_SESSION_free.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_SESSION_FREE 3" -.TH SSL_SESSION_FREE 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH SSL_SESSION_FREE 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/SSL_SESSION_get0_cipher.3 b/secure/lib/libcrypto/man/man3/SSL_SESSION_get0_cipher.3 index 5a4d901b51161..e1f56c4ccfa10 100644 --- a/secure/lib/libcrypto/man/man3/SSL_SESSION_get0_cipher.3 +++ b/secure/lib/libcrypto/man/man3/SSL_SESSION_get0_cipher.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_SESSION_GET0_CIPHER 3" -.TH SSL_SESSION_GET0_CIPHER 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH SSL_SESSION_GET0_CIPHER 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/SSL_SESSION_get0_hostname.3 b/secure/lib/libcrypto/man/man3/SSL_SESSION_get0_hostname.3 index 61fbf4cb606db..dadffc7c3cc1f 100644 --- a/secure/lib/libcrypto/man/man3/SSL_SESSION_get0_hostname.3 +++ b/secure/lib/libcrypto/man/man3/SSL_SESSION_get0_hostname.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_SESSION_GET0_HOSTNAME 3" -.TH SSL_SESSION_GET0_HOSTNAME 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH SSL_SESSION_GET0_HOSTNAME 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/SSL_SESSION_get0_id_context.3 b/secure/lib/libcrypto/man/man3/SSL_SESSION_get0_id_context.3 index aae1e19629639..8d2f6db927c0f 100644 --- a/secure/lib/libcrypto/man/man3/SSL_SESSION_get0_id_context.3 +++ b/secure/lib/libcrypto/man/man3/SSL_SESSION_get0_id_context.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_SESSION_GET0_ID_CONTEXT 3" -.TH SSL_SESSION_GET0_ID_CONTEXT 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH SSL_SESSION_GET0_ID_CONTEXT 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/SSL_SESSION_get0_peer.3 b/secure/lib/libcrypto/man/man3/SSL_SESSION_get0_peer.3 index 493dd21ea2b05..b0992dfb7916f 100644 --- a/secure/lib/libcrypto/man/man3/SSL_SESSION_get0_peer.3 +++ b/secure/lib/libcrypto/man/man3/SSL_SESSION_get0_peer.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_SESSION_GET0_PEER 3" -.TH SSL_SESSION_GET0_PEER 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH SSL_SESSION_GET0_PEER 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/SSL_SESSION_get_compress_id.3 b/secure/lib/libcrypto/man/man3/SSL_SESSION_get_compress_id.3 index 5c02c299d7758..3a8d1fe23db00 100644 --- a/secure/lib/libcrypto/man/man3/SSL_SESSION_get_compress_id.3 +++ b/secure/lib/libcrypto/man/man3/SSL_SESSION_get_compress_id.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_SESSION_GET_COMPRESS_ID 3" -.TH SSL_SESSION_GET_COMPRESS_ID 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH SSL_SESSION_GET_COMPRESS_ID 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/SSL_SESSION_get_ex_data.3 b/secure/lib/libcrypto/man/man3/SSL_SESSION_get_ex_data.3 index ea8fcd4a464fa..c2a7c18462695 100644 --- a/secure/lib/libcrypto/man/man3/SSL_SESSION_get_ex_data.3 +++ b/secure/lib/libcrypto/man/man3/SSL_SESSION_get_ex_data.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_SESSION_GET_EX_DATA 3" -.TH SSL_SESSION_GET_EX_DATA 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH SSL_SESSION_GET_EX_DATA 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/SSL_SESSION_get_protocol_version.3 b/secure/lib/libcrypto/man/man3/SSL_SESSION_get_protocol_version.3 index b89a5d64dd5f1..e1038734cd60a 100644 --- a/secure/lib/libcrypto/man/man3/SSL_SESSION_get_protocol_version.3 +++ b/secure/lib/libcrypto/man/man3/SSL_SESSION_get_protocol_version.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_SESSION_GET_PROTOCOL_VERSION 3" -.TH SSL_SESSION_GET_PROTOCOL_VERSION 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH SSL_SESSION_GET_PROTOCOL_VERSION 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/SSL_SESSION_get_time.3 b/secure/lib/libcrypto/man/man3/SSL_SESSION_get_time.3 index 64389b6387698..28a443db9b529 100644 --- a/secure/lib/libcrypto/man/man3/SSL_SESSION_get_time.3 +++ b/secure/lib/libcrypto/man/man3/SSL_SESSION_get_time.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_SESSION_GET_TIME 3" -.TH SSL_SESSION_GET_TIME 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH SSL_SESSION_GET_TIME 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/SSL_SESSION_has_ticket.3 b/secure/lib/libcrypto/man/man3/SSL_SESSION_has_ticket.3 index f322b69c6473a..923514e74a4a8 100644 --- a/secure/lib/libcrypto/man/man3/SSL_SESSION_has_ticket.3 +++ b/secure/lib/libcrypto/man/man3/SSL_SESSION_has_ticket.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_SESSION_HAS_TICKET 3" -.TH SSL_SESSION_HAS_TICKET 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH SSL_SESSION_HAS_TICKET 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/SSL_SESSION_is_resumable.3 b/secure/lib/libcrypto/man/man3/SSL_SESSION_is_resumable.3 index 2613772c9f60e..bb8c77e31e51e 100644 --- a/secure/lib/libcrypto/man/man3/SSL_SESSION_is_resumable.3 +++ b/secure/lib/libcrypto/man/man3/SSL_SESSION_is_resumable.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_SESSION_IS_RESUMABLE 3" -.TH SSL_SESSION_IS_RESUMABLE 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH SSL_SESSION_IS_RESUMABLE 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/SSL_SESSION_print.3 b/secure/lib/libcrypto/man/man3/SSL_SESSION_print.3 index d0098f1da10d8..191a3cdb33237 100644 --- a/secure/lib/libcrypto/man/man3/SSL_SESSION_print.3 +++ b/secure/lib/libcrypto/man/man3/SSL_SESSION_print.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_SESSION_PRINT 3" -.TH SSL_SESSION_PRINT 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH SSL_SESSION_PRINT 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/SSL_SESSION_set1_id.3 b/secure/lib/libcrypto/man/man3/SSL_SESSION_set1_id.3 index 2ab2355bb51ee..7919fe99b9e90 100644 --- a/secure/lib/libcrypto/man/man3/SSL_SESSION_set1_id.3 +++ b/secure/lib/libcrypto/man/man3/SSL_SESSION_set1_id.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_SESSION_SET1_ID 3" -.TH SSL_SESSION_SET1_ID 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH SSL_SESSION_SET1_ID 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/SSL_accept.3 b/secure/lib/libcrypto/man/man3/SSL_accept.3 index dbcf96a538066..ea3014a636a98 100644 --- a/secure/lib/libcrypto/man/man3/SSL_accept.3 +++ b/secure/lib/libcrypto/man/man3/SSL_accept.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_ACCEPT 3" -.TH SSL_ACCEPT 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH SSL_ACCEPT 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -159,14 +159,14 @@ The behaviour of \fBSSL_accept()\fR depends on the underlying \s-1BIO.\s0 If the underlying \s-1BIO\s0 is \fBblocking\fR, \fBSSL_accept()\fR will only return once the handshake has been finished or an error occurred. .PP -If the underlying \s-1BIO\s0 is \fBnon-blocking\fR, \fBSSL_accept()\fR will also return +If the underlying \s-1BIO\s0 is \fBnonblocking\fR, \fBSSL_accept()\fR will also return when the underlying \s-1BIO\s0 could not satisfy the needs of \fBSSL_accept()\fR to continue the handshake, indicating the problem by the return value \-1. In this case a call to \fBSSL_get_error()\fR with the return value of \fBSSL_accept()\fR will yield \fB\s-1SSL_ERROR_WANT_READ\s0\fR or \&\fB\s-1SSL_ERROR_WANT_WRITE\s0\fR. The calling process then must repeat the call after taking appropriate action to satisfy the needs of \fBSSL_accept()\fR. -The action depends on the underlying \s-1BIO.\s0 When using a non-blocking socket, +The action depends on the underlying \s-1BIO.\s0 When using a nonblocking socket, nothing is to be done, but \fBselect()\fR can be used to check for the required condition. When using a buffering \s-1BIO,\s0 like a \s-1BIO\s0 pair, data must be written into or retrieved out of the \s-1BIO\s0 before being able to continue. @@ -186,7 +186,7 @@ established. The \s-1TLS/SSL\s0 handshake was not successful because a fatal error occurred either at the protocol level or a connection failure occurred. The shutdown was not clean. It can also occur if action is needed to continue the operation -for non-blocking BIOs. Call \fBSSL_get_error()\fR with the return value \fBret\fR +for nonblocking BIOs. Call \fBSSL_get_error()\fR with the return value \fBret\fR to find out the reason. .SH "SEE ALSO" .IX Header "SEE ALSO" diff --git a/secure/lib/libcrypto/man/man3/SSL_alert_type_string.3 b/secure/lib/libcrypto/man/man3/SSL_alert_type_string.3 index 11ea7b76ae169..5d27bded4f7f8 100644 --- a/secure/lib/libcrypto/man/man3/SSL_alert_type_string.3 +++ b/secure/lib/libcrypto/man/man3/SSL_alert_type_string.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_ALERT_TYPE_STRING 3" -.TH SSL_ALERT_TYPE_STRING 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH SSL_ALERT_TYPE_STRING 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/SSL_alloc_buffers.3 b/secure/lib/libcrypto/man/man3/SSL_alloc_buffers.3 index 4fd9151cbd81c..461effc4839a6 100644 --- a/secure/lib/libcrypto/man/man3/SSL_alloc_buffers.3 +++ b/secure/lib/libcrypto/man/man3/SSL_alloc_buffers.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_ALLOC_BUFFERS 3" -.TH SSL_ALLOC_BUFFERS 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH SSL_ALLOC_BUFFERS 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -159,7 +159,7 @@ control when buffers are freed and allocated. .PP After freeing the buffers, the buffers are automatically reallocated upon a new read or write. The \fBSSL_alloc_buffers()\fR does not need to be called, but -can be used to make sure the buffers are pre-allocated. This can be used to +can be used to make sure the buffers are preallocated. This can be used to avoid allocation during data processing or with \fBCRYPTO_set_mem_functions()\fR to control where and how buffers are allocated. .SH "RETURN VALUES" @@ -185,7 +185,7 @@ This value is also returned if the buffers had been allocated before calling CRYPTO_set_mem_functions .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2017\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/secure/lib/libcrypto/man/man3/SSL_check_chain.3 b/secure/lib/libcrypto/man/man3/SSL_check_chain.3 index 2fe2560184c5a..bb722d1f42df6 100644 --- a/secure/lib/libcrypto/man/man3/SSL_check_chain.3 +++ b/secure/lib/libcrypto/man/man3/SSL_check_chain.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CHECK_CHAIN 3" -.TH SSL_CHECK_CHAIN 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH SSL_CHECK_CHAIN 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/SSL_clear.3 b/secure/lib/libcrypto/man/man3/SSL_clear.3 index 12d264aa81518..0eddda3b2c410 100644 --- a/secure/lib/libcrypto/man/man3/SSL_clear.3 +++ b/secure/lib/libcrypto/man/man3/SSL_clear.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CLEAR 3" -.TH SSL_CLEAR 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH SSL_CLEAR 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/SSL_connect.3 b/secure/lib/libcrypto/man/man3/SSL_connect.3 index f2071a8e6d4e9..c234197142d3e 100644 --- a/secure/lib/libcrypto/man/man3/SSL_connect.3 +++ b/secure/lib/libcrypto/man/man3/SSL_connect.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CONNECT 3" -.TH SSL_CONNECT 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH SSL_CONNECT 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -159,14 +159,14 @@ The behaviour of \fBSSL_connect()\fR depends on the underlying \s-1BIO.\s0 If the underlying \s-1BIO\s0 is \fBblocking\fR, \fBSSL_connect()\fR will only return once the handshake has been finished or an error occurred. .PP -If the underlying \s-1BIO\s0 is \fBnon-blocking\fR, \fBSSL_connect()\fR will also return +If the underlying \s-1BIO\s0 is \fBnonblocking\fR, \fBSSL_connect()\fR will also return when the underlying \s-1BIO\s0 could not satisfy the needs of \fBSSL_connect()\fR to continue the handshake, indicating the problem by the return value \-1. In this case a call to \fBSSL_get_error()\fR with the return value of \fBSSL_connect()\fR will yield \fB\s-1SSL_ERROR_WANT_READ\s0\fR or \&\fB\s-1SSL_ERROR_WANT_WRITE\s0\fR. The calling process then must repeat the call after taking appropriate action to satisfy the needs of \fBSSL_connect()\fR. -The action depends on the underlying \s-1BIO.\s0 When using a non-blocking socket, +The action depends on the underlying \s-1BIO.\s0 When using a nonblocking socket, nothing is to be done, but \fBselect()\fR can be used to check for the required condition. When using a buffering \s-1BIO,\s0 like a \s-1BIO\s0 pair, data must be written into or retrieved out of the \s-1BIO\s0 before being able to continue. @@ -201,7 +201,7 @@ established. The \s-1TLS/SSL\s0 handshake was not successful, because a fatal error occurred either at the protocol level or a connection failure occurred. The shutdown was not clean. It can also occur if action is needed to continue the operation -for non-blocking BIOs. Call \fBSSL_get_error()\fR with the return value \fBret\fR +for nonblocking BIOs. Call \fBSSL_get_error()\fR with the return value \fBret\fR to find out the reason. .SH "SEE ALSO" .IX Header "SEE ALSO" diff --git a/secure/lib/libcrypto/man/man3/SSL_do_handshake.3 b/secure/lib/libcrypto/man/man3/SSL_do_handshake.3 index 8625ac78e86d5..3ee9d2dc2d596 100644 --- a/secure/lib/libcrypto/man/man3/SSL_do_handshake.3 +++ b/secure/lib/libcrypto/man/man3/SSL_do_handshake.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_DO_HANDSHAKE 3" -.TH SSL_DO_HANDSHAKE 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH SSL_DO_HANDSHAKE 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -161,13 +161,13 @@ The behaviour of \fBSSL_do_handshake()\fR depends on the underlying \s-1BIO.\s0 If the underlying \s-1BIO\s0 is \fBblocking\fR, \fBSSL_do_handshake()\fR will only return once the handshake has been finished or an error occurred. .PP -If the underlying \s-1BIO\s0 is \fBnon-blocking\fR, \fBSSL_do_handshake()\fR will also return +If the underlying \s-1BIO\s0 is \fBnonblocking\fR, \fBSSL_do_handshake()\fR will also return when the underlying \s-1BIO\s0 could not satisfy the needs of \fBSSL_do_handshake()\fR to continue the handshake. In this case a call to \fBSSL_get_error()\fR with the return value of \fBSSL_do_handshake()\fR will yield \fB\s-1SSL_ERROR_WANT_READ\s0\fR or \&\fB\s-1SSL_ERROR_WANT_WRITE\s0\fR. The calling process then must repeat the call after taking appropriate action to satisfy the needs of \fBSSL_do_handshake()\fR. -The action depends on the underlying \s-1BIO.\s0 When using a non-blocking socket, +The action depends on the underlying \s-1BIO.\s0 When using a nonblocking socket, nothing is to be done, but \fBselect()\fR can be used to check for the required condition. When using a buffering \s-1BIO,\s0 like a \s-1BIO\s0 pair, data must be written into or retrieved out of the \s-1BIO\s0 before being able to continue. @@ -187,7 +187,7 @@ established. The \s-1TLS/SSL\s0 handshake was not successful because a fatal error occurred either at the protocol level or a connection failure occurred. The shutdown was not clean. It can also occur if action is needed to continue the operation -for non-blocking BIOs. Call \fBSSL_get_error()\fR with the return value \fBret\fR +for nonblocking BIOs. Call \fBSSL_get_error()\fR with the return value \fBret\fR to find out the reason. .SH "SEE ALSO" .IX Header "SEE ALSO" diff --git a/secure/lib/libcrypto/man/man3/SSL_export_keying_material.3 b/secure/lib/libcrypto/man/man3/SSL_export_keying_material.3 index c183013ee9980..33a7a65d5d85e 100644 --- a/secure/lib/libcrypto/man/man3/SSL_export_keying_material.3 +++ b/secure/lib/libcrypto/man/man3/SSL_export_keying_material.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_EXPORT_KEYING_MATERIAL 3" -.TH SSL_EXPORT_KEYING_MATERIAL 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH SSL_EXPORT_KEYING_MATERIAL 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/SSL_extension_supported.3 b/secure/lib/libcrypto/man/man3/SSL_extension_supported.3 index f1ff1af4bfd21..137fc711eaf9a 100644 --- a/secure/lib/libcrypto/man/man3/SSL_extension_supported.3 +++ b/secure/lib/libcrypto/man/man3/SSL_extension_supported.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_EXTENSION_SUPPORTED 3" -.TH SSL_EXTENSION_SUPPORTED 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH SSL_EXTENSION_SUPPORTED 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/SSL_free.3 b/secure/lib/libcrypto/man/man3/SSL_free.3 index f5fd2759431b8..fbf55cea8435f 100644 --- a/secure/lib/libcrypto/man/man3/SSL_free.3 +++ b/secure/lib/libcrypto/man/man3/SSL_free.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_FREE 3" -.TH SSL_FREE 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH SSL_FREE 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/SSL_get0_peer_scts.3 b/secure/lib/libcrypto/man/man3/SSL_get0_peer_scts.3 index 47c4a12b6f488..0a2f23364ad0b 100644 --- a/secure/lib/libcrypto/man/man3/SSL_get0_peer_scts.3 +++ b/secure/lib/libcrypto/man/man3/SSL_get0_peer_scts.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_GET0_PEER_SCTS 3" -.TH SSL_GET0_PEER_SCTS 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH SSL_GET0_PEER_SCTS 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/SSL_get_SSL_CTX.3 b/secure/lib/libcrypto/man/man3/SSL_get_SSL_CTX.3 index a29a890c5d63e..a0b572533e7fa 100644 --- a/secure/lib/libcrypto/man/man3/SSL_get_SSL_CTX.3 +++ b/secure/lib/libcrypto/man/man3/SSL_get_SSL_CTX.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_GET_SSL_CTX 3" -.TH SSL_GET_SSL_CTX 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH SSL_GET_SSL_CTX 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/SSL_get_all_async_fds.3 b/secure/lib/libcrypto/man/man3/SSL_get_all_async_fds.3 index 969753f4f3293..fa01ebe30db2d 100644 --- a/secure/lib/libcrypto/man/man3/SSL_get_all_async_fds.3 +++ b/secure/lib/libcrypto/man/man3/SSL_get_all_async_fds.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_GET_ALL_ASYNC_FDS 3" -.TH SSL_GET_ALL_ASYNC_FDS 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH SSL_GET_ALL_ASYNC_FDS 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -164,7 +164,7 @@ appearing as \*(L"read ready\*(R" on the file descriptor (no actual data should from the file descriptor). This function should only be called if the \s-1SSL\s0 object is currently waiting for asynchronous work to complete (i.e. \&\s-1SSL_ERROR_WANT_ASYNC\s0 has been received \- see \fBSSL_get_error\fR\|(3)). Typically the -list will only contain one file descriptor. However if multiple asynchronous +list will only contain one file descriptor. However, if multiple asynchronous capable engines are in use then more than one is possible. The number of file descriptors returned is stored in \fB*numfds\fR and the file descriptors themselves are in \fB*fds\fR. The \fBfds\fR parameter may be \s-1NULL\s0 in which case no file @@ -193,7 +193,7 @@ for an async operation to complete and 0 otherwise. On Windows platforms the openssl/async.h header is dependent on some of the types customarily made available by including windows.h. The application developer is likely to require control over when the latter -is included, commonly as one of the first included headers. Therefore +is included, commonly as one of the first included headers. Therefore, it is defined as an application developer's responsibility to include windows.h prior to async.h. .SH "SEE ALSO" @@ -205,7 +205,7 @@ The \fBSSL_waiting_for_async()\fR, \fBSSL_get_all_async_fds()\fR and \fBSSL_get_changed_async_fds()\fR functions were added in OpenSSL 1.1.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2016\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/secure/lib/libcrypto/man/man3/SSL_get_ciphers.3 b/secure/lib/libcrypto/man/man3/SSL_get_ciphers.3 index d1eb2dbb7faa9..55e86e0c9b97e 100644 --- a/secure/lib/libcrypto/man/man3/SSL_get_ciphers.3 +++ b/secure/lib/libcrypto/man/man3/SSL_get_ciphers.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_GET_CIPHERS 3" -.TH SSL_GET_CIPHERS 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH SSL_GET_CIPHERS 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/SSL_get_client_random.3 b/secure/lib/libcrypto/man/man3/SSL_get_client_random.3 index 1a8d2a419b14d..28fb3ef4adcf0 100644 --- a/secure/lib/libcrypto/man/man3/SSL_get_client_random.3 +++ b/secure/lib/libcrypto/man/man3/SSL_get_client_random.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_GET_CLIENT_RANDOM 3" -.TH SSL_GET_CLIENT_RANDOM 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH SSL_GET_CLIENT_RANDOM 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/SSL_get_current_cipher.3 b/secure/lib/libcrypto/man/man3/SSL_get_current_cipher.3 index eada069f30acb..ea8753ca416bc 100644 --- a/secure/lib/libcrypto/man/man3/SSL_get_current_cipher.3 +++ b/secure/lib/libcrypto/man/man3/SSL_get_current_cipher.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_GET_CURRENT_CIPHER 3" -.TH SSL_GET_CURRENT_CIPHER 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH SSL_GET_CURRENT_CIPHER 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/SSL_get_default_timeout.3 b/secure/lib/libcrypto/man/man3/SSL_get_default_timeout.3 index 42b437f55c21a..844117d9789cd 100644 --- a/secure/lib/libcrypto/man/man3/SSL_get_default_timeout.3 +++ b/secure/lib/libcrypto/man/man3/SSL_get_default_timeout.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_GET_DEFAULT_TIMEOUT 3" -.TH SSL_GET_DEFAULT_TIMEOUT 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH SSL_GET_DEFAULT_TIMEOUT 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/SSL_get_error.3 b/secure/lib/libcrypto/man/man3/SSL_get_error.3 index 697ea3775f7de..3dae37d29649e 100644 --- a/secure/lib/libcrypto/man/man3/SSL_get_error.3 +++ b/secure/lib/libcrypto/man/man3/SSL_get_error.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_GET_ERROR 3" -.TH SSL_GET_ERROR 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH SSL_GET_ERROR 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -180,7 +180,7 @@ indicate that the underlying transport has been closed. The operation did not complete and can be retried later. .Sp \&\fB\s-1SSL_ERROR_WANT_READ\s0\fR is returned when the last operation was a read -operation from a non-blocking \fB\s-1BIO\s0\fR. +operation from a nonblocking \fB\s-1BIO\s0\fR. It means that not enough data was available at this time to complete the operation. If at a later time the underlying \fB\s-1BIO\s0\fR has data available for reading the same @@ -192,8 +192,8 @@ for a blocking \fB\s-1BIO\s0\fR. See \fBSSL_read\fR\|(3) for more information. .Sp \&\fB\s-1SSL_ERROR_WANT_WRITE\s0\fR is returned when the last operation was a write -to a non-blocking \fB\s-1BIO\s0\fR and it was unable to sent all data to the \fB\s-1BIO\s0\fR. -When the \fB\s-1BIO\s0\fR is writeable again, the same function can be called again. +to a nonblocking \fB\s-1BIO\s0\fR and it was unable to sent all data to the \fB\s-1BIO\s0\fR. +When the \fB\s-1BIO\s0\fR is writable again, the same function can be called again. .Sp Note that the retry may again lead to an \fB\s-1SSL_ERROR_WANT_READ\s0\fR or \&\fB\s-1SSL_ERROR_WANT_WRITE\s0\fR condition. @@ -203,7 +203,7 @@ protocol level. .Sp It is safe to call \fBSSL_read()\fR or \fBSSL_read_ex()\fR when more data is available even when the call that set this error was an \fBSSL_write()\fR or \fBSSL_write_ex()\fR. -However if the call was an \fBSSL_write()\fR or \fBSSL_write_ex()\fR, it should be called +However, if the call was an \fBSSL_write()\fR or \fBSSL_write_ex()\fR, it should be called again to continue sending the application data. .Sp For socket \fB\s-1BIO\s0\fRs (e.g. when \fBSSL_set_fd()\fR was used), \fBselect()\fR or diff --git a/secure/lib/libcrypto/man/man3/SSL_get_extms_support.3 b/secure/lib/libcrypto/man/man3/SSL_get_extms_support.3 index 5a8ebe5a592e7..3d61a3cdcfc7e 100644 --- a/secure/lib/libcrypto/man/man3/SSL_get_extms_support.3 +++ b/secure/lib/libcrypto/man/man3/SSL_get_extms_support.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_GET_EXTMS_SUPPORT 3" -.TH SSL_GET_EXTMS_SUPPORT 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH SSL_GET_EXTMS_SUPPORT 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/SSL_get_fd.3 b/secure/lib/libcrypto/man/man3/SSL_get_fd.3 index 37c23845c14b6..8b224c74b1c0f 100644 --- a/secure/lib/libcrypto/man/man3/SSL_get_fd.3 +++ b/secure/lib/libcrypto/man/man3/SSL_get_fd.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_GET_FD 3" -.TH SSL_GET_FD 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH SSL_GET_FD 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/SSL_get_peer_cert_chain.3 b/secure/lib/libcrypto/man/man3/SSL_get_peer_cert_chain.3 index 8eafb0470cbff..2550888deabf5 100644 --- a/secure/lib/libcrypto/man/man3/SSL_get_peer_cert_chain.3 +++ b/secure/lib/libcrypto/man/man3/SSL_get_peer_cert_chain.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_GET_PEER_CERT_CHAIN 3" -.TH SSL_GET_PEER_CERT_CHAIN 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH SSL_GET_PEER_CERT_CHAIN 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/SSL_get_peer_certificate.3 b/secure/lib/libcrypto/man/man3/SSL_get_peer_certificate.3 index 966cc70157f6c..7351bacb2813c 100644 --- a/secure/lib/libcrypto/man/man3/SSL_get_peer_certificate.3 +++ b/secure/lib/libcrypto/man/man3/SSL_get_peer_certificate.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_GET_PEER_CERTIFICATE 3" -.TH SSL_GET_PEER_CERTIFICATE 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH SSL_GET_PEER_CERTIFICATE 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/SSL_get_peer_signature_nid.3 b/secure/lib/libcrypto/man/man3/SSL_get_peer_signature_nid.3 index fba18275c5606..e806584634dd8 100644 --- a/secure/lib/libcrypto/man/man3/SSL_get_peer_signature_nid.3 +++ b/secure/lib/libcrypto/man/man3/SSL_get_peer_signature_nid.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_GET_PEER_SIGNATURE_NID 3" -.TH SSL_GET_PEER_SIGNATURE_NID 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH SSL_GET_PEER_SIGNATURE_NID 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/SSL_get_peer_tmp_key.3 b/secure/lib/libcrypto/man/man3/SSL_get_peer_tmp_key.3 index fffcc86667fe0..3e0234872ed08 100644 --- a/secure/lib/libcrypto/man/man3/SSL_get_peer_tmp_key.3 +++ b/secure/lib/libcrypto/man/man3/SSL_get_peer_tmp_key.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_GET_PEER_TMP_KEY 3" -.TH SSL_GET_PEER_TMP_KEY 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH SSL_GET_PEER_TMP_KEY 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/SSL_get_psk_identity.3 b/secure/lib/libcrypto/man/man3/SSL_get_psk_identity.3 index 22b256a4d4c0b..df8a10ad38298 100644 --- a/secure/lib/libcrypto/man/man3/SSL_get_psk_identity.3 +++ b/secure/lib/libcrypto/man/man3/SSL_get_psk_identity.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_GET_PSK_IDENTITY 3" -.TH SSL_GET_PSK_IDENTITY 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH SSL_GET_PSK_IDENTITY 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/SSL_get_rbio.3 b/secure/lib/libcrypto/man/man3/SSL_get_rbio.3 index ac124070830c7..3dc1d306cbeee 100644 --- a/secure/lib/libcrypto/man/man3/SSL_get_rbio.3 +++ b/secure/lib/libcrypto/man/man3/SSL_get_rbio.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_GET_RBIO 3" -.TH SSL_GET_RBIO 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH SSL_GET_RBIO 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/SSL_get_session.3 b/secure/lib/libcrypto/man/man3/SSL_get_session.3 index b461224671f62..55337e6ab3931 100644 --- a/secure/lib/libcrypto/man/man3/SSL_get_session.3 +++ b/secure/lib/libcrypto/man/man3/SSL_get_session.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_GET_SESSION 3" -.TH SSL_GET_SESSION 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH SSL_GET_SESSION 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/SSL_get_shared_sigalgs.3 b/secure/lib/libcrypto/man/man3/SSL_get_shared_sigalgs.3 index 319f866671317..5818e4b9aef69 100644 --- a/secure/lib/libcrypto/man/man3/SSL_get_shared_sigalgs.3 +++ b/secure/lib/libcrypto/man/man3/SSL_get_shared_sigalgs.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_GET_SHARED_SIGALGS 3" -.TH SSL_GET_SHARED_SIGALGS 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH SSL_GET_SHARED_SIGALGS 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/SSL_get_verify_result.3 b/secure/lib/libcrypto/man/man3/SSL_get_verify_result.3 index 2b2fa6fd7c997..3fdbaa4e3af50 100644 --- a/secure/lib/libcrypto/man/man3/SSL_get_verify_result.3 +++ b/secure/lib/libcrypto/man/man3/SSL_get_verify_result.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_GET_VERIFY_RESULT 3" -.TH SSL_GET_VERIFY_RESULT 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH SSL_GET_VERIFY_RESULT 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/SSL_get_version.3 b/secure/lib/libcrypto/man/man3/SSL_get_version.3 index d0f74fa5db1ac..b9ddf78a9d516 100644 --- a/secure/lib/libcrypto/man/man3/SSL_get_version.3 +++ b/secure/lib/libcrypto/man/man3/SSL_get_version.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_GET_VERSION 3" -.TH SSL_GET_VERSION 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH SSL_GET_VERSION 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/SSL_in_init.3 b/secure/lib/libcrypto/man/man3/SSL_in_init.3 index f381c8b7dfd8c..c44a808397969 100644 --- a/secure/lib/libcrypto/man/man3/SSL_in_init.3 +++ b/secure/lib/libcrypto/man/man3/SSL_in_init.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_IN_INIT 3" -.TH SSL_IN_INIT 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH SSL_IN_INIT 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/SSL_key_update.3 b/secure/lib/libcrypto/man/man3/SSL_key_update.3 index ae9d4574aeb29..a1e540995c93b 100644 --- a/secure/lib/libcrypto/man/man3/SSL_key_update.3 +++ b/secure/lib/libcrypto/man/man3/SSL_key_update.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_KEY_UPDATE 3" -.TH SSL_KEY_UPDATE 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH SSL_KEY_UPDATE 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/SSL_library_init.3 b/secure/lib/libcrypto/man/man3/SSL_library_init.3 index 3fb65de6ad4cc..b35722c07ddde 100644 --- a/secure/lib/libcrypto/man/man3/SSL_library_init.3 +++ b/secure/lib/libcrypto/man/man3/SSL_library_init.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_LIBRARY_INIT 3" -.TH SSL_LIBRARY_INIT 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH SSL_LIBRARY_INIT 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/SSL_load_client_CA_file.3 b/secure/lib/libcrypto/man/man3/SSL_load_client_CA_file.3 index 08abed3e33132..4c30c770ba146 100644 --- a/secure/lib/libcrypto/man/man3/SSL_load_client_CA_file.3 +++ b/secure/lib/libcrypto/man/man3/SSL_load_client_CA_file.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_LOAD_CLIENT_CA_FILE 3" -.TH SSL_LOAD_CLIENT_CA_FILE 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH SSL_LOAD_CLIENT_CA_FILE 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/SSL_new.3 b/secure/lib/libcrypto/man/man3/SSL_new.3 index 375e0f30605bc..1790a36bbcc9f 100644 --- a/secure/lib/libcrypto/man/man3/SSL_new.3 +++ b/secure/lib/libcrypto/man/man3/SSL_new.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_NEW 3" -.TH SSL_NEW 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH SSL_NEW 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -163,10 +163,67 @@ structure are freed. \&\fBSSL_up_ref()\fR increments the reference count for an existing \fB\s-1SSL\s0\fR structure. .PP -\&\fBSSL_dup()\fR duplicates an existing \fB\s-1SSL\s0\fR structure into a new allocated one. All -settings are inherited from the original \fB\s-1SSL\s0\fR structure. Dynamic data (i.e. -existing connection details) are not copied, the new \fB\s-1SSL\s0\fR is set into an -initial accept (server) or connect (client) state. +The function \fBSSL_dup()\fR creates and returns a new \fB\s-1SSL\s0\fR structure from the same +\&\fB\s-1SSL_CTX\s0\fR that was used to create \fIs\fR. It additionally duplicates a subset of +the settings in \fIs\fR into the new \fB\s-1SSL\s0\fR object. +.PP +For \fBSSL_dup()\fR to work, the connection \s-1MUST\s0 be in its initial state and +\&\s-1MUST NOT\s0 have yet started the \s-1SSL\s0 handshake. For connections that are not in +their initial state \fBSSL_dup()\fR just increments an internal +reference count and returns the \fIsame\fR handle. It may be possible to +use \fBSSL_clear\fR\|(3) to recycle an \s-1SSL\s0 handle that is not in its initial +state for re-use, but this is best avoided. Instead, save and restore +the session, if desired, and construct a fresh handle for each connection. +.PP +The subset of settings in \fIs\fR that are duplicated are: +.IP "any session data if configured (including the session_id_context)" 4 +.IX Item "any session data if configured (including the session_id_context)" +.PD 0 +.IP "any tmp_dh settings set via \fBSSL_set_tmp_dh\fR\|(3), \fBSSL_set_tmp_dh_callback\fR\|(3), or \fBSSL_set_dh_auto\fR\|(3)" 4 +.IX Item "any tmp_dh settings set via SSL_set_tmp_dh, SSL_set_tmp_dh_callback, or SSL_set_dh_auto" +.IP "any configured certificates, private keys or certificate chains" 4 +.IX Item "any configured certificates, private keys or certificate chains" +.IP "any configured signature algorithms, or client signature algorithms" 4 +.IX Item "any configured signature algorithms, or client signature algorithms" +.IP "any \s-1DANE\s0 settings" 4 +.IX Item "any DANE settings" +.IP "any Options set via \fBSSL_set_options\fR\|(3)" 4 +.IX Item "any Options set via SSL_set_options" +.IP "any Mode set via \fBSSL_set_mode\fR\|(3)" 4 +.IX Item "any Mode set via SSL_set_mode" +.IP "any minimum or maximum protocol settings set via \fBSSL_set_min_proto_version\fR\|(3) or \fBSSL_set_max_proto_version\fR\|(3) (Note: Only from OpenSSL 1.1.1h and above)" 4 +.IX Item "any minimum or maximum protocol settings set via SSL_set_min_proto_version or SSL_set_max_proto_version (Note: Only from OpenSSL 1.1.1h and above)" +.IP "any Verify mode, callback or depth set via \fBSSL_set_verify\fR\|(3) or \fBSSL_set_verify_depth\fR\|(3) or any configured X509 verification parameters" 4 +.IX Item "any Verify mode, callback or depth set via SSL_set_verify or SSL_set_verify_depth or any configured X509 verification parameters" +.IP "any msg callback or info callback set via \fBSSL_set_msg_callback\fR\|(3) or \fBSSL_set_info_callback\fR\|(3)" 4 +.IX Item "any msg callback or info callback set via SSL_set_msg_callback or SSL_set_info_callback" +.IP "any default password callback set via \fBSSL_set_default_passwd_cb\fR\|(3)" 4 +.IX Item "any default password callback set via SSL_set_default_passwd_cb" +.IP "any session id generation callback set via \fBSSL_set_generate_session_id\fR\|(3)" 4 +.IX Item "any session id generation callback set via SSL_set_generate_session_id" +.IP "any configured Cipher List" 4 +.IX Item "any configured Cipher List" +.IP "initial accept (server) or connect (client) state" 4 +.IX Item "initial accept (server) or connect (client) state" +.IP "the max cert list value set via \fBSSL_set_max_cert_list\fR\|(3)" 4 +.IX Item "the max cert list value set via SSL_set_max_cert_list" +.IP "the read_ahead value set via \fBSSL_set_read_ahead\fR\|(3)" 4 +.IX Item "the read_ahead value set via SSL_set_read_ahead" +.IP "application specific data set via \fBSSL_set_ex_data\fR\|(3)" 4 +.IX Item "application specific data set via SSL_set_ex_data" +.IP "any \s-1CA\s0 list or client \s-1CA\s0 list set via \fBSSL_set0_CA_list\fR\|(3), \fBSSL_set0_client_CA_list()\fR or similar functions" 4 +.IX Item "any CA list or client CA list set via SSL_set0_CA_list, SSL_set0_client_CA_list() or similar functions" +.IP "any security level settings or callbacks" 4 +.IX Item "any security level settings or callbacks" +.IP "any configured serverinfo data" 4 +.IX Item "any configured serverinfo data" +.IP "any configured \s-1PSK\s0 identity hint" 4 +.IX Item "any configured PSK identity hint" +.IP "any configured custom extensions" 4 +.IX Item "any configured custom extensions" +.IP "any client certificate types configured via SSL_set1_client_certificate_types" 4 +.IX Item "any client certificate types configured via SSL_set1_client_certificate_types" +.PD .SH "RETURN VALUES" .IX Header "RETURN VALUES" The following return values can occur: @@ -187,7 +244,7 @@ The return value points to an allocated \s-1SSL\s0 structure. \&\fBssl\fR\|(7) .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/secure/lib/libcrypto/man/man3/SSL_pending.3 b/secure/lib/libcrypto/man/man3/SSL_pending.3 index 6f0dfc5d5e7c5..505e5205f0764 100644 --- a/secure/lib/libcrypto/man/man3/SSL_pending.3 +++ b/secure/lib/libcrypto/man/man3/SSL_pending.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_PENDING 3" -.TH SSL_PENDING 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH SSL_PENDING 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -163,7 +163,7 @@ record) may have been read containing more \s-1TLS/SSL\s0 records. This also app \&\s-1DTLS\s0 and pipelining (see \fBSSL_CTX_set_split_send_fragment\fR\|(3)). These additional bytes will be buffered by OpenSSL but will remain unprocessed until they are needed. As these bytes are still in an unprocessed state \fBSSL_pending()\fR -will ignore them. Therefore it is possible for no more bytes to be readable from +will ignore them. Therefore, it is possible for no more bytes to be readable from the underlying \s-1BIO\s0 (because OpenSSL has already read them) and for \fBSSL_pending()\fR to return 0, even though readable application data bytes are available (because the data is in unprocessed buffered records). @@ -191,7 +191,7 @@ returns 1 if there is buffered record data in the \s-1SSL\s0 object and 0 otherw The \fBSSL_has_pending()\fR function was added in OpenSSL 1.1.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/secure/lib/libcrypto/man/man3/SSL_read.3 b/secure/lib/libcrypto/man/man3/SSL_read.3 index 0215da6132240..2c3dd41e00d92 100644 --- a/secure/lib/libcrypto/man/man3/SSL_read.3 +++ b/secure/lib/libcrypto/man/man3/SSL_read.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_READ 3" -.TH SSL_READ 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH SSL_READ 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -180,7 +180,7 @@ invocation of a read function. The read functions work based on the \s-1SSL/TLS\s0 records. The data are received in records (with a maximum record size of 16kB). Only when a record has been completely received, can it be processed (decryption and check of integrity). -Therefore data that was not retrieved at the last read call can still be +Therefore, data that was not retrieved at the last read call can still be buffered inside the \s-1SSL\s0 layer and will be retrieved on the next read call. If \fBnum\fR is higher than the number of bytes buffered then the read functions will return with the bytes buffered. If no more bytes are in the @@ -207,7 +207,7 @@ not set. Note that if \fB\s-1SSL_MODE_AUTO_RETRY\s0\fR is set and only non-application data is available the call will hang. .PP -If the underlying \s-1BIO\s0 is \fBnon-blocking\fR, a read function will also return when +If the underlying \s-1BIO\s0 is \fBnonblocking\fR, a read function will also return when the underlying \s-1BIO\s0 could not satisfy the needs of the function to continue the operation. In this case a call to \fBSSL_get_error\fR\|(3) with the @@ -218,7 +218,7 @@ a read function can also cause write operations. The calling process then must repeat the call after taking appropriate action to satisfy the needs of the read function. The action depends on the underlying \s-1BIO.\s0 -When using a non-blocking socket, nothing is to be done, but \fBselect()\fR can be +When using a nonblocking socket, nothing is to be done, but \fBselect()\fR can be used to check for the required condition. When using a buffering \s-1BIO,\s0 like a \s-1BIO\s0 pair, data must be written into or retrieved out of the \s-1BIO\s0 before being able to continue. @@ -267,7 +267,7 @@ You should instead call \fBSSL_get_error()\fR to find out if it's retryable. The \fBSSL_read_ex()\fR and \fBSSL_peek_ex()\fR functions were added in OpenSSL 1.1.1. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/secure/lib/libcrypto/man/man3/SSL_read_early_data.3 b/secure/lib/libcrypto/man/man3/SSL_read_early_data.3 index f49ddc3d2251c..582a9de29ed51 100644 --- a/secure/lib/libcrypto/man/man3/SSL_read_early_data.3 +++ b/secure/lib/libcrypto/man/man3/SSL_read_early_data.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_READ_EARLY_DATA 3" -.TH SSL_READ_EARLY_DATA 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH SSL_READ_EARLY_DATA 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -179,10 +179,11 @@ SSL_set_max_early_data, SSL_CTX_set_max_early_data, SSL_get_max_early_data, SSL_ These functions are used to send and receive early data where TLSv1.3 has been negotiated. Early data can be sent by the client immediately after its initial ClientHello without having to wait for the server to complete the handshake. -Early data can only be sent if a session has previously been established with -the server, and the server is known to support it. Additionally these functions -can be used to send data from the server to the client when the client has not -yet completed the authentication stage of the handshake. +Early data can be sent if a session has previously been established with the +server or when establishing a new session using an out-of-band \s-1PSK,\s0 and only +when the server is known to support it. Additionally these functions can be used +to send data from the server to the client when the client has not yet completed +the authentication stage of the handshake. .PP Early data has weaker security properties than other data sent over an \s-1SSL/TLS\s0 connection. In particular the data does not have forward secrecy. There are also @@ -316,7 +317,7 @@ early data settings for the \s-1SSL_CTX\s0 and \s-1SSL\s0 objects respectively. server application will either use both of \fBSSL_read_early_data()\fR and \&\fBSSL_CTX_set_max_early_data()\fR (or \fBSSL_set_max_early_data()\fR), or neither of them, since there is no practical benefit from using only one of them. If the maximum -early data setting for a server is non-zero then replay protection is +early data setting for a server is nonzero then replay protection is automatically enabled (see \*(L"\s-1REPLAY PROTECTION\*(R"\s0 below). .PP If the server rejects the early data sent by a client then it will skip over @@ -334,7 +335,7 @@ max_early_data for the session and the recv_max_early_data setting for the server. If a client sends more data than this then the connection will abort. .PP The configured value for max_early_data on a server may change over time as -required. However clients may have tickets containing the previously configured +required. However, clients may have tickets containing the previously configured max_early_data value. The recv_max_early_data should always be equal to or higher than any recently configured max_early_data value in order to avoid aborted connections. The recv_max_early_data should never be set to less than @@ -397,7 +398,7 @@ retry with a lower maximum protocol version. When early data is in use the \s-1TLS\s0 protocol provides no security guarantees that the same early data was not replayed across multiple connections. As a mitigation for this issue OpenSSL automatically enables replay protection if the -server is configured with a non-zero max early data value. With replay +server is configured with a nonzero max early data value. With replay protection enabled sessions are forced to be single use only. If a client attempts to reuse a session ticket more than once, then the second and subsequent attempts will fall back to a full handshake (and any early data that @@ -428,7 +429,7 @@ cache. Applications should be designed with this in mind in order to minimise the possibility of replay attacks. .PP The OpenSSL replay protection does not apply to external Pre Shared Keys (PSKs) -(e.g. see \fBSSL_CTX_set_psk_find_session_callback\fR\|(3)). Therefore extreme caution +(e.g. see \fBSSL_CTX_set_psk_find_session_callback\fR\|(3)). Therefore, extreme caution should be applied when combining external PSKs with early data. .PP Some applications may mitigate the replay risks in other ways. For those @@ -472,7 +473,7 @@ the server, or \s-1SSL_EARLY_DATA_NOT_SENT\s0 if no early data was sent. All of the functions described above were added in OpenSSL 1.1.1. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2017\-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2017\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/secure/lib/libcrypto/man/man3/SSL_rstate_string.3 b/secure/lib/libcrypto/man/man3/SSL_rstate_string.3 index 5a2a11267b70f..d2a87404943d5 100644 --- a/secure/lib/libcrypto/man/man3/SSL_rstate_string.3 +++ b/secure/lib/libcrypto/man/man3/SSL_rstate_string.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_RSTATE_STRING 3" -.TH SSL_RSTATE_STRING 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH SSL_RSTATE_STRING 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/SSL_session_reused.3 b/secure/lib/libcrypto/man/man3/SSL_session_reused.3 index 8193efe58180c..df703e730de0c 100644 --- a/secure/lib/libcrypto/man/man3/SSL_session_reused.3 +++ b/secure/lib/libcrypto/man/man3/SSL_session_reused.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_SESSION_REUSED 3" -.TH SSL_SESSION_REUSED 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH SSL_SESSION_REUSED 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/SSL_set1_host.3 b/secure/lib/libcrypto/man/man3/SSL_set1_host.3 index 52828340a641a..c9e72c5ea0d4c 100644 --- a/secure/lib/libcrypto/man/man3/SSL_set1_host.3 +++ b/secure/lib/libcrypto/man/man3/SSL_set1_host.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_SET1_HOST 3" -.TH SSL_SET1_HOST 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH SSL_SET1_HOST 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -155,9 +155,9 @@ SSL_set1_host, SSL_add1_host, SSL_set_hostflags, SSL_get0_peername \- SSL server These functions configure server hostname checks in the \s-1SSL\s0 client. .PP \&\fBSSL_set1_host()\fR sets the expected \s-1DNS\s0 hostname to \fBname\fR clearing -any previously specified host name or names. If \fBname\fR is \s-1NULL,\s0 +any previously specified hostname or names. If \fBname\fR is \s-1NULL,\s0 or the empty string the list of hostnames is cleared, and name -checks are not performed on the peer certificate. When a non-empty +checks are not performed on the peer certificate. When a nonempty \&\fBname\fR is specified, certificate verification automatically checks the peer hostname via \fBX509_check_host\fR\|(3) with \fBflags\fR as specified via \fBSSL_set_hostflags()\fR. Clients that enable \s-1DANE TLSA\s0 authentication @@ -241,7 +241,7 @@ the lifetime of the \s-1SSL\s0 connection. These functions were added in OpenSSL 1.1.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2016\-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2016\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/secure/lib/libcrypto/man/man3/SSL_set_bio.3 b/secure/lib/libcrypto/man/man3/SSL_set_bio.3 index 8c375bc0e9066..53711554a521e 100644 --- a/secure/lib/libcrypto/man/man3/SSL_set_bio.3 +++ b/secure/lib/libcrypto/man/man3/SSL_set_bio.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_SET_BIO 3" -.TH SSL_SET_BIO 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH SSL_SET_BIO 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -153,7 +153,7 @@ SSL_set_bio, SSL_set0_rbio, SSL_set0_wbio \- connect the SSL object with a BIO .IX Header "DESCRIPTION" \&\fBSSL_set0_rbio()\fR connects the \s-1BIO\s0 \fBrbio\fR for the read operations of the \fBssl\fR object. The \s-1SSL\s0 engine inherits the behaviour of \fBrbio\fR. If the \s-1BIO\s0 is -non-blocking then the \fBssl\fR object will also have non-blocking behaviour. This +nonblocking then the \fBssl\fR object will also have nonblocking behaviour. This function transfers ownership of \fBrbio\fR to \fBssl\fR. It will be automatically freed using \fBBIO_free_all\fR\|(3) when the \fBssl\fR is freed. On calling this function, any existing \fBrbio\fR that was previously set will also be freed via a @@ -163,7 +163,7 @@ the same value as previously). \&\fBSSL_set0_wbio()\fR works in the same as \fBSSL_set0_rbio()\fR except that it connects the \s-1BIO\s0 \fBwbio\fR for the write operations of the \fBssl\fR object. Note that if the rbio and wbio are the same then \fBSSL_set0_rbio()\fR and \fBSSL_set0_wbio()\fR each take -ownership of one reference. Therefore it may be necessary to increment the +ownership of one reference. Therefore, it may be necessary to increment the number of references available using \fBBIO_up_ref\fR\|(3) before calling the set0 functions. .PP @@ -219,7 +219,7 @@ use \fBSSL_set0_rbio()\fR and \fBSSL_set0_wbio()\fR instead. \&\fBSSL_set0_rbio()\fR and \fBSSL_set0_wbio()\fR were added in OpenSSL 1.1.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/secure/lib/libcrypto/man/man3/SSL_set_connect_state.3 b/secure/lib/libcrypto/man/man3/SSL_set_connect_state.3 index 38e959bfc3dfc..a63bba9d2f74f 100644 --- a/secure/lib/libcrypto/man/man3/SSL_set_connect_state.3 +++ b/secure/lib/libcrypto/man/man3/SSL_set_connect_state.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_SET_CONNECT_STATE 3" -.TH SSL_SET_CONNECT_STATE 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH SSL_SET_CONNECT_STATE 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/SSL_set_fd.3 b/secure/lib/libcrypto/man/man3/SSL_set_fd.3 index 47fdb22482d4d..8ca4e536bf158 100644 --- a/secure/lib/libcrypto/man/man3/SSL_set_fd.3 +++ b/secure/lib/libcrypto/man/man3/SSL_set_fd.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_SET_FD 3" -.TH SSL_SET_FD 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH SSL_SET_FD 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -157,8 +157,8 @@ socket file descriptor of a network connection. .PP When performing the operation, a \fBsocket \s-1BIO\s0\fR is automatically created to interface between the \fBssl\fR and \fBfd\fR. The \s-1BIO\s0 and hence the \s-1SSL\s0 engine -inherit the behaviour of \fBfd\fR. If \fBfd\fR is non-blocking, the \fBssl\fR will -also have non-blocking behaviour. +inherit the behaviour of \fBfd\fR. If \fBfd\fR is nonblocking, the \fBssl\fR will +also have nonblocking behaviour. .PP If there was already a \s-1BIO\s0 connected to \fBssl\fR, \fBBIO_free()\fR will be called (for both the reading and writing side, if different). @@ -180,7 +180,7 @@ The operation succeeded. \&\fBSSL_shutdown\fR\|(3), \fBssl\fR\|(7) , \fBbio\fR\|(7) .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/secure/lib/libcrypto/man/man3/SSL_set_session.3 b/secure/lib/libcrypto/man/man3/SSL_set_session.3 index 59e05db9ecfbe..d64529121179a 100644 --- a/secure/lib/libcrypto/man/man3/SSL_set_session.3 +++ b/secure/lib/libcrypto/man/man3/SSL_set_session.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_SET_SESSION 3" -.TH SSL_SET_SESSION 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH SSL_SET_SESSION 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/SSL_set_shutdown.3 b/secure/lib/libcrypto/man/man3/SSL_set_shutdown.3 index e5009cda649e1..25e97659e0b59 100644 --- a/secure/lib/libcrypto/man/man3/SSL_set_shutdown.3 +++ b/secure/lib/libcrypto/man/man3/SSL_set_shutdown.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_SET_SHUTDOWN 3" -.TH SSL_SET_SHUTDOWN 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH SSL_SET_SHUTDOWN 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -156,7 +156,7 @@ SSL_set_shutdown, SSL_get_shutdown \- manipulate shutdown state of an SSL connec \&\fBSSL_get_shutdown()\fR returns the shutdown mode of \fBssl\fR. .SH "NOTES" .IX Header "NOTES" -The shutdown state of an ssl connection is a bitmask of: +The shutdown state of an ssl connection is a bit mask of: .IP "0" 4 No shutdown setting, yet. .IP "\s-1SSL_SENT_SHUTDOWN\s0" 4 @@ -196,7 +196,7 @@ for setting \s-1SSL_SENT_SHUTDOWN\s0 the application must however still call \&\fBSSL_clear\fR\|(3), \fBSSL_free\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2001\-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2001\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/secure/lib/libcrypto/man/man3/SSL_set_verify_result.3 b/secure/lib/libcrypto/man/man3/SSL_set_verify_result.3 index cc6509d3823c4..01a430c8d3723 100644 --- a/secure/lib/libcrypto/man/man3/SSL_set_verify_result.3 +++ b/secure/lib/libcrypto/man/man3/SSL_set_verify_result.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_SET_VERIFY_RESULT 3" -.TH SSL_SET_VERIFY_RESULT 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH SSL_SET_VERIFY_RESULT 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/SSL_shutdown.3 b/secure/lib/libcrypto/man/man3/SSL_shutdown.3 index 5b6965f783337..baf29c646d30f 100644 --- a/secure/lib/libcrypto/man/man3/SSL_shutdown.3 +++ b/secure/lib/libcrypto/man/man3/SSL_shutdown.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_SHUTDOWN 3" -.TH SSL_SHUTDOWN 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH SSL_SHUTDOWN 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -228,13 +228,13 @@ The behaviour of \fBSSL_shutdown()\fR additionally depends on the underlying \s- If the underlying \s-1BIO\s0 is \fBblocking\fR, \fBSSL_shutdown()\fR will only return once the handshake step has been finished or an error occurred. .PP -If the underlying \s-1BIO\s0 is \fBnon-blocking\fR, \fBSSL_shutdown()\fR will also return +If the underlying \s-1BIO\s0 is \fBnonblocking\fR, \fBSSL_shutdown()\fR will also return when the underlying \s-1BIO\s0 could not satisfy the needs of \fBSSL_shutdown()\fR to continue the handshake. In this case a call to \fBSSL_get_error()\fR with the return value of \fBSSL_shutdown()\fR will yield \fB\s-1SSL_ERROR_WANT_READ\s0\fR or \&\fB\s-1SSL_ERROR_WANT_WRITE\s0\fR. The calling process then must repeat the call after taking appropriate action to satisfy the needs of \fBSSL_shutdown()\fR. -The action depends on the underlying \s-1BIO.\s0 When using a non-blocking socket, +The action depends on the underlying \s-1BIO.\s0 When using a nonblocking socket, nothing is to be done, but \fBselect()\fR can be used to check for the required condition. When using a buffering \s-1BIO,\s0 like a \s-1BIO\s0 pair, data must be written into or retrieved out of the \s-1BIO\s0 before being able to continue. @@ -249,6 +249,16 @@ state but not actually send the close_notify alert messages, see \fBSSL_CTX_set_quiet_shutdown\fR\|(3). When \*(L"quiet shutdown\*(R" is enabled, \fBSSL_shutdown()\fR will always succeed and return 1. +Note that this is not standard compliant behaviour. +It should only be done when the peer has a way to make sure all +data has been received and doesn't wait for the close_notify alert +message, otherwise an unexpected \s-1EOF\s0 will be reported. +.PP +There are implementations that do not send the required close_notify alert. +If there is a need to communicate with such an implementation, and it's clear +that all data has been received, do not wait for the peer's close_notify alert. +Waiting for the close_notify alert when the peer just closes the connection will +result in an error being generated. .SH "RETURN VALUES" .IX Header "RETURN VALUES" The following return values can occur: @@ -256,8 +266,10 @@ The following return values can occur: The shutdown is not yet finished: the close_notify was sent but the peer did not send it back yet. Call \fBSSL_read()\fR to do a bidirectional shutdown. -The output of \fBSSL_get_error\fR\|(3) may be misleading, as an -erroneous \s-1SSL_ERROR_SYSCALL\s0 may be flagged even though no error occurred. +.Sp +Unlike most other function, returning 0 does not indicate an error. +\&\fBSSL_get_error\fR\|(3) should not get called, it may misleadingly +indicate an error even though no error occurred. .IP "1" 4 .IX Item "1" The shutdown was successfully completed. The close_notify alert was sent @@ -266,7 +278,7 @@ and the peer's close_notify alert was received. .IX Item "<0" The shutdown was not successful. Call \fBSSL_get_error\fR\|(3) with the return value \fBret\fR to find out the reason. -It can occur if an action is needed to continue the operation for non-blocking +It can occur if an action is needed to continue the operation for nonblocking BIOs. .Sp It can also occur when not all data was read using \fBSSL_read()\fR. @@ -279,7 +291,7 @@ It can also occur when not all data was read using \fBSSL_read()\fR. \&\fBssl\fR\|(7), \fBbio\fR\|(7) .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/secure/lib/libcrypto/man/man3/SSL_state_string.3 b/secure/lib/libcrypto/man/man3/SSL_state_string.3 index 4b6f0b2216310..1241bb460d5df 100644 --- a/secure/lib/libcrypto/man/man3/SSL_state_string.3 +++ b/secure/lib/libcrypto/man/man3/SSL_state_string.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_STATE_STRING 3" -.TH SSL_STATE_STRING 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH SSL_STATE_STRING 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -162,11 +162,11 @@ maintained. Querying the state information is not very informative before or when a connection has been established. It however can be of significant interest during the handshake. .PP -When using non-blocking sockets, the function call performing the handshake +When using nonblocking sockets, the function call performing the handshake may return with \s-1SSL_ERROR_WANT_READ\s0 or \s-1SSL_ERROR_WANT_WRITE\s0 condition, so that SSL_state_string[_long]() may be called. .PP -For both blocking or non-blocking sockets, the details state information +For both blocking or nonblocking sockets, the details state information can be used within the info_callback function set with the \&\fBSSL_set_info_callback()\fR call. .SH "RETURN VALUES" @@ -177,7 +177,7 @@ Detailed description of possible states to be included later. \&\fBssl\fR\|(7), \fBSSL_CTX_set_info_callback\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2001\-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2001\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/secure/lib/libcrypto/man/man3/SSL_want.3 b/secure/lib/libcrypto/man/man3/SSL_want.3 index 5880bec76b4b3..ce0c1ee4173ef 100644 --- a/secure/lib/libcrypto/man/man3/SSL_want.3 +++ b/secure/lib/libcrypto/man/man3/SSL_want.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_WANT 3" -.TH SSL_WANT 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH SSL_WANT 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -167,7 +167,7 @@ return values are similar to that of \fBSSL_get_error\fR\|(3). Unlike \fBSSL_get_error\fR\|(3), which also evaluates the error queue, the results are obtained by examining an internal state flag only. The information must therefore only be used for normal operation under -non-blocking I/O. Error conditions are not handled and must be treated +nonblocking I/O. Error conditions are not handled and must be treated using \fBSSL_get_error\fR\|(3). .PP The result returned by \fBSSL_want()\fR should always be consistent with @@ -225,7 +225,7 @@ The \fBSSL_want_client_hello_cb()\fR function and the \s-1SSL_CLIENT_HELLO_CB\s0 were added in OpenSSL 1.1.1. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2001\-2017 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2001\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/secure/lib/libcrypto/man/man3/SSL_write.3 b/secure/lib/libcrypto/man/man3/SSL_write.3 index 1e99702f14aa7..bb9b1340458da 100644 --- a/secure/lib/libcrypto/man/man3/SSL_write.3 +++ b/secure/lib/libcrypto/man/man3/SSL_write.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_WRITE 3" -.TH SSL_WRITE 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH SSL_WRITE 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -172,7 +172,7 @@ before the first call to a write function. If the underlying \s-1BIO\s0 is \fBblocking\fR, the write functions will only return, once the write operation has been finished or an error occurred. .PP -If the underlying \s-1BIO\s0 is \fBnon-blocking\fR the write functions will also return +If the underlying \s-1BIO\s0 is \fBnonblocking\fR the write functions will also return when the underlying \s-1BIO\s0 could not satisfy the needs of the function to continue the operation. In this case a call to \fBSSL_get_error\fR\|(3) with the return value of the write function will yield \fB\s-1SSL_ERROR_WANT_READ\s0\fR @@ -180,7 +180,7 @@ or \fB\s-1SSL_ERROR_WANT_WRITE\s0\fR. As at any time a re-negotiation is possibl call to a write function can also cause read operations! The calling process then must repeat the call after taking appropriate action to satisfy the needs of the write function. The action depends on the underlying \s-1BIO.\s0 When using a -non-blocking socket, nothing is to be done, but \fBselect()\fR can be used to check +nonblocking socket, nothing is to be done, but \fBselect()\fR can be used to check for the required condition. When using a buffering \s-1BIO,\s0 like a \s-1BIO\s0 pair, data must be written into or retrieved out of the \s-1BIO\s0 before being able to continue. .PP @@ -243,7 +243,7 @@ You should instead call \fBSSL_get_error()\fR to find out if it's retryable. The \fBSSL_write_ex()\fR function was added in OpenSSL 1.1.1. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/secure/lib/libcrypto/man/man3/UI_STRING.3 b/secure/lib/libcrypto/man/man3/UI_STRING.3 index cfdc96328eb40..a7afd4cc350c3 100644 --- a/secure/lib/libcrypto/man/man3/UI_STRING.3 +++ b/secure/lib/libcrypto/man/man3/UI_STRING.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "UI_STRING 3" -.TH UI_STRING 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH UI_STRING 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/UI_UTIL_read_pw.3 b/secure/lib/libcrypto/man/man3/UI_UTIL_read_pw.3 index ce73c2456fa51..969047fecdec4 100644 --- a/secure/lib/libcrypto/man/man3/UI_UTIL_read_pw.3 +++ b/secure/lib/libcrypto/man/man3/UI_UTIL_read_pw.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "UI_UTIL_READ_PW 3" -.TH UI_UTIL_READ_PW 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH UI_UTIL_READ_PW 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -157,7 +157,7 @@ UI_UTIL_read_pw_string, UI_UTIL_read_pw, UI_UTIL_wrap_read_pem_callback \- user prompt, and stores it in \fBbuf\fR. The maximum allowed size is given with \fBlength\fR, including the terminating \s-1NUL\s0 byte. -If \fBverify\fR is non-zero, the password will be verified as well. +If \fBverify\fR is nonzero, the password will be verified as well. .PP \&\fBUI_UTIL_read_pw()\fR does the same as \fBUI_UTIL_read_pw_string()\fR, the difference is that you can give it an external buffer \fBbuff\fR for the @@ -194,7 +194,7 @@ if an error occurred. \&\fBUI_get_default_method\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2001\-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2001\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/secure/lib/libcrypto/man/man3/UI_create_method.3 b/secure/lib/libcrypto/man/man3/UI_create_method.3 index db598cc0dc053..28610663814bd 100644 --- a/secure/lib/libcrypto/man/man3/UI_create_method.3 +++ b/secure/lib/libcrypto/man/man3/UI_create_method.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "UI_CREATE_METHOD 3" -.TH UI_CREATE_METHOD 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH UI_CREATE_METHOD 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -179,7 +179,7 @@ UI_METHOD, UI_create_method, UI_destroy_method, UI_method_set_opener, UI_method_ .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -A method contains a few functions that implement the low level of the +A method contains a few functions that implement the low-level of the User Interface. These functions are: .IP "an opener" 4 @@ -311,7 +311,7 @@ The \fBUI_method_set_data_duplicator()\fR, \fBUI_method_get_data_duplicator()\fR and \fBUI_method_get_data_destructor()\fR functions were added in OpenSSL 1.1.1. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2001\-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2001\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/secure/lib/libcrypto/man/man3/UI_new.3 b/secure/lib/libcrypto/man/man3/UI_new.3 index 7d9b411540fb1..9a40ecd71493b 100644 --- a/secure/lib/libcrypto/man/man3/UI_new.3 +++ b/secure/lib/libcrypto/man/man3/UI_new.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "UI_NEW 3" -.TH UI_NEW 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH UI_NEW 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -281,7 +281,7 @@ of all strings. a prompt from two pieces of information: an description and a name. The default constructor (if there is none provided by the method used) creates a string "Enter \fIdescription\fR for \fIname\fR:\*(L". With the -description \*(R"pass phrase\*(L" and the file name \*(R"foo.key\*(L", that becomes +description \*(R"pass phrase\*(L" and the filename \*(R"foo.key\*(L", that becomes \&\*(R"Enter pass phrase for foo.key:". Other methods may create whatever string and may include encodings that will be processed by the other method functions. @@ -368,7 +368,7 @@ respectively. The \fBUI_dup_user_data()\fR function was added in OpenSSL 1.1.1. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2001\-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2001\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/secure/lib/libcrypto/man/man3/X509V3_get_d2i.3 b/secure/lib/libcrypto/man/man3/X509V3_get_d2i.3 index 3ead0a1886a5f..74fb477aafef6 100644 --- a/secure/lib/libcrypto/man/man3/X509V3_get_d2i.3 +++ b/secure/lib/libcrypto/man/man3/X509V3_get_d2i.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "X509V3_GET_D2I 3" -.TH X509V3_GET_D2I 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH X509V3_GET_D2I 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -210,7 +210,7 @@ of a certificate a \s-1CRL\s0 or a \s-1CRL\s0 entry respectively. .SH "NOTES" .IX Header "NOTES" In almost all cases an extension can occur at most once and multiple -occurrences is an error. Therefore the \fBidx\fR parameter is usually \fB\s-1NULL\s0\fR. +occurrences is an error. Therefore, the \fBidx\fR parameter is usually \fB\s-1NULL\s0\fR. .PP The \fBflags\fR parameter may be one of the following values. .PP @@ -367,7 +367,7 @@ failure. \&\fBX509_verify_cert\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2015\-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2015\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/secure/lib/libcrypto/man/man3/X509_ALGOR_dup.3 b/secure/lib/libcrypto/man/man3/X509_ALGOR_dup.3 index 67a95d98cf94d..44d5905c314b5 100644 --- a/secure/lib/libcrypto/man/man3/X509_ALGOR_dup.3 +++ b/secure/lib/libcrypto/man/man3/X509_ALGOR_dup.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,13 +133,13 @@ .\" ======================================================================== .\" .IX Title "X509_ALGOR_DUP 3" -.TH X509_ALGOR_DUP 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH X509_ALGOR_DUP 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -X509_ALGOR_dup, X509_ALGOR_set0, X509_ALGOR_get0, X509_ALGOR_set_md, X509_ALGOR_cmp \- AlgorithmIdentifier functions +X509_ALGOR_dup, X509_ALGOR_set0, X509_ALGOR_get0, X509_ALGOR_set_md, X509_ALGOR_cmp, X509_ALGOR_copy \- AlgorithmIdentifier functions .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 @@ -151,6 +151,7 @@ X509_ALGOR_dup, X509_ALGOR_set0, X509_ALGOR_get0, X509_ALGOR_set_md, X509_ALGOR_ \& const void **ppval, const X509_ALGOR *alg); \& void X509_ALGOR_set_md(X509_ALGOR *alg, const EVP_MD *md); \& int X509_ALGOR_cmp(const X509_ALGOR *a, const X509_ALGOR *b); +\& int X509_ALGOR_copy(X509_ALGOR *dest, const X509_ALGOR *src); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" @@ -171,21 +172,27 @@ and \fB*ppval\fR from the \fBAlgorithmIdentifier\fR \fBalg\fR. values for the message digest \fBmd\fR. .PP \&\fBX509_ALGOR_cmp()\fR compares \fBa\fR and \fBb\fR and returns 0 if they have identical -encodings and non-zero otherwise. +encodings and nonzero otherwise. +.PP +\&\fBX509_ALGOR_copy()\fR copies the source values into the dest structs; making +a duplicate of each (and free any thing pointed to from within *dest). .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBX509_ALGOR_dup()\fR returns a valid \fBX509_ALGOR\fR structure or \s-1NULL\s0 if an error occurred. .PP -\&\fBX509_ALGOR_set0()\fR returns 1 on success or 0 on error. +\&\fBX509_ALGOR_set0()\fR and \fBX509_ALGOR_copy()\fR return 1 on success or 0 on error. .PP \&\fBX509_ALGOR_get0()\fR and \fBX509_ALGOR_set_md()\fR return no values. .PP \&\fBX509_ALGOR_cmp()\fR returns 0 if the two parameters have identical encodings and -non-zero otherwise. +nonzero otherwise. +.SH "HISTORY" +.IX Header "HISTORY" +The \fBX509_ALGOR_copy()\fR was added in 1.1.1e. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2002\-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2002\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/secure/lib/libcrypto/man/man3/X509_CRL_get0_by_serial.3 b/secure/lib/libcrypto/man/man3/X509_CRL_get0_by_serial.3 index e0e7c0c486231..95d790e5d9042 100644 --- a/secure/lib/libcrypto/man/man3/X509_CRL_get0_by_serial.3 +++ b/secure/lib/libcrypto/man/man3/X509_CRL_get0_by_serial.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "X509_CRL_GET0_BY_SERIAL 3" -.TH X509_CRL_GET0_BY_SERIAL 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH X509_CRL_GET0_BY_SERIAL 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/X509_EXTENSION_set_object.3 b/secure/lib/libcrypto/man/man3/X509_EXTENSION_set_object.3 index 98e4536ad6741..546b6e4347f54 100644 --- a/secure/lib/libcrypto/man/man3/X509_EXTENSION_set_object.3 +++ b/secure/lib/libcrypto/man/man3/X509_EXTENSION_set_object.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "X509_EXTENSION_SET_OBJECT 3" -.TH X509_EXTENSION_SET_OBJECT 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH X509_EXTENSION_SET_OBJECT 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/X509_LOOKUP.3 b/secure/lib/libcrypto/man/man3/X509_LOOKUP.3 index 26a20517161a4..a600782a9df61 100644 --- a/secure/lib/libcrypto/man/man3/X509_LOOKUP.3 +++ b/secure/lib/libcrypto/man/man3/X509_LOOKUP.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "X509_LOOKUP 3" -.TH X509_LOOKUP 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH X509_LOOKUP 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/X509_LOOKUP_hash_dir.3 b/secure/lib/libcrypto/man/man3/X509_LOOKUP_hash_dir.3 index 626c7f40b738f..f499926282e73 100644 --- a/secure/lib/libcrypto/man/man3/X509_LOOKUP_hash_dir.3 +++ b/secure/lib/libcrypto/man/man3/X509_LOOKUP_hash_dir.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "X509_LOOKUP_HASH_DIR 3" -.TH X509_LOOKUP_HASH_DIR 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH X509_LOOKUP_HASH_DIR 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -210,7 +210,7 @@ upon each lookup, so that newer CRLs are as soon as they appear in the directory. .PP The directory should contain one certificate or \s-1CRL\s0 per file in \s-1PEM\s0 format, -with a file name of the form \fIhash\fR.\fIN\fR for a certificate, or +with a filename of the form \fIhash\fR.\fIN\fR for a certificate, or \&\fIhash\fR.\fBr\fR\fIN\fR for a \s-1CRL.\s0 The \fIhash\fR is the value returned by the \fBX509_NAME_hash\fR\|(3) function applied to the subject name for certificates or issuer name for CRLs. @@ -256,7 +256,7 @@ the number of loaded objects or 0 on error. \&\fBX509_LOOKUP_meth_new\fR\|(3), .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2015\-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2015\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/secure/lib/libcrypto/man/man3/X509_LOOKUP_meth_new.3 b/secure/lib/libcrypto/man/man3/X509_LOOKUP_meth_new.3 index 6bc3bd684f60f..d789bc06dae0d 100644 --- a/secure/lib/libcrypto/man/man3/X509_LOOKUP_meth_new.3 +++ b/secure/lib/libcrypto/man/man3/X509_LOOKUP_meth_new.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "X509_LOOKUP_METH_NEW 3" -.TH X509_LOOKUP_METH_NEW 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH X509_LOOKUP_METH_NEW 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -271,7 +271,7 @@ Implementations must add objects they find to the \fBX509_STORE\fR object using \fBX509_STORE_add_cert()\fR or \fBX509_STORE_add_crl()\fR. This increments its reference count. However, the \fBX509_STORE_CTX_get_by_subject()\fR function also increases the reference count which leads to one too -many references being held. Therefore applications should +many references being held. Therefore, applications should additionally call \fBX509_free()\fR or \fBX509_CRL_free()\fR to decrement the reference count again. .PP diff --git a/secure/lib/libcrypto/man/man3/X509_NAME_ENTRY_get_object.3 b/secure/lib/libcrypto/man/man3/X509_NAME_ENTRY_get_object.3 index 2f4ee1b54cc87..ca77946ab3aa4 100644 --- a/secure/lib/libcrypto/man/man3/X509_NAME_ENTRY_get_object.3 +++ b/secure/lib/libcrypto/man/man3/X509_NAME_ENTRY_get_object.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "X509_NAME_ENTRY_GET_OBJECT 3" -.TH X509_NAME_ENTRY_GET_OBJECT 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH X509_NAME_ENTRY_GET_OBJECT 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/X509_NAME_add_entry_by_txt.3 b/secure/lib/libcrypto/man/man3/X509_NAME_add_entry_by_txt.3 index cdaca1b58c44e..3dc1b1c160d7f 100644 --- a/secure/lib/libcrypto/man/man3/X509_NAME_add_entry_by_txt.3 +++ b/secure/lib/libcrypto/man/man3/X509_NAME_add_entry_by_txt.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "X509_NAME_ADD_ENTRY_BY_TXT 3" -.TH X509_NAME_ADD_ENTRY_BY_TXT 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH X509_NAME_ADD_ENTRY_BY_TXT 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/X509_NAME_get0_der.3 b/secure/lib/libcrypto/man/man3/X509_NAME_get0_der.3 index 9d8f4d559b1f6..53adada76a078 100644 --- a/secure/lib/libcrypto/man/man3/X509_NAME_get0_der.3 +++ b/secure/lib/libcrypto/man/man3/X509_NAME_get0_der.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "X509_NAME_GET0_DER 3" -.TH X509_NAME_GET0_DER 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH X509_NAME_GET0_DER 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/X509_NAME_get_index_by_NID.3 b/secure/lib/libcrypto/man/man3/X509_NAME_get_index_by_NID.3 index ccaf30633d38d..b7ad38f5812d4 100644 --- a/secure/lib/libcrypto/man/man3/X509_NAME_get_index_by_NID.3 +++ b/secure/lib/libcrypto/man/man3/X509_NAME_get_index_by_NID.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "X509_NAME_GET_INDEX_BY_NID 3" -.TH X509_NAME_GET_INDEX_BY_NID 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH X509_NAME_GET_INDEX_BY_NID 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/X509_NAME_print_ex.3 b/secure/lib/libcrypto/man/man3/X509_NAME_print_ex.3 index 70a0c02f0c82f..cfdd1bde16fca 100644 --- a/secure/lib/libcrypto/man/man3/X509_NAME_print_ex.3 +++ b/secure/lib/libcrypto/man/man3/X509_NAME_print_ex.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "X509_NAME_PRINT_EX 3" -.TH X509_NAME_PRINT_EX 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH X509_NAME_PRINT_EX 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/X509_PUBKEY_new.3 b/secure/lib/libcrypto/man/man3/X509_PUBKEY_new.3 index 06ad457535b2b..f9b4167ded41a 100644 --- a/secure/lib/libcrypto/man/man3/X509_PUBKEY_new.3 +++ b/secure/lib/libcrypto/man/man3/X509_PUBKEY_new.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "X509_PUBKEY_NEW 3" -.TH X509_PUBKEY_NEW 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH X509_PUBKEY_NEW 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/X509_SIG_get0.3 b/secure/lib/libcrypto/man/man3/X509_SIG_get0.3 index d72c78b42116e..83e7a881b178e 100644 --- a/secure/lib/libcrypto/man/man3/X509_SIG_get0.3 +++ b/secure/lib/libcrypto/man/man3/X509_SIG_get0.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "X509_SIG_GET0 3" -.TH X509_SIG_GET0 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH X509_SIG_GET0 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/X509_STORE_CTX_get_error.3 b/secure/lib/libcrypto/man/man3/X509_STORE_CTX_get_error.3 index c0401168d2e11..d18f6bdf21b21 100644 --- a/secure/lib/libcrypto/man/man3/X509_STORE_CTX_get_error.3 +++ b/secure/lib/libcrypto/man/man3/X509_STORE_CTX_get_error.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "X509_STORE_CTX_GET_ERROR 3" -.TH X509_STORE_CTX_GET_ERROR 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH X509_STORE_CTX_GET_ERROR 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -170,7 +170,7 @@ it might be used in a verification callback to set an error based on additional checks. .PP \&\fBX509_STORE_CTX_get_error_depth()\fR returns the \fBdepth\fR of the error. This is a -non-negative integer representing where in the certificate chain the error +nonnegative integer representing where in the certificate chain the error occurred. If it is zero it occurred in the end entity certificate, one if it is the certificate which signed the end entity certificate and so on. .PP @@ -212,7 +212,7 @@ verification error \fBn\fR. .IX Header "RETURN VALUES" \&\fBX509_STORE_CTX_get_error()\fR returns \fBX509_V_OK\fR or an error code. .PP -\&\fBX509_STORE_CTX_get_error_depth()\fR returns a non-negative error depth. +\&\fBX509_STORE_CTX_get_error_depth()\fR returns a nonnegative error depth. .PP \&\fBX509_STORE_CTX_get_current_cert()\fR returns the certificate which caused the error or \fB\s-1NULL\s0\fR if no certificate is relevant to the error. @@ -408,7 +408,7 @@ thread safe but will never happen unless an invalid code is passed. \&\fBX509_free\fR\|(3). .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2009\-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2009\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/secure/lib/libcrypto/man/man3/X509_STORE_CTX_new.3 b/secure/lib/libcrypto/man/man3/X509_STORE_CTX_new.3 index 03a7bc0556a89..7eee47d87911d 100644 --- a/secure/lib/libcrypto/man/man3/X509_STORE_CTX_new.3 +++ b/secure/lib/libcrypto/man/man3/X509_STORE_CTX_new.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "X509_STORE_CTX_NEW 3" -.TH X509_STORE_CTX_NEW 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH X509_STORE_CTX_NEW 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -179,7 +179,7 @@ by \fBX509_verify_cert()\fR. \&\fBX509_STORE_CTX_new()\fR returns a newly initialised \fBX509_STORE_CTX\fR structure. .PP \&\fBX509_STORE_CTX_cleanup()\fR internally cleans up an \fBX509_STORE_CTX\fR structure. -The context can then be reused with an new call to \fBX509_STORE_CTX_init()\fR. +The context can then be reused with a new call to \fBX509_STORE_CTX_init()\fR. .PP \&\fBX509_STORE_CTX_free()\fR completely frees up \fBctx\fR. After this call \fBctx\fR is no longer valid. @@ -207,7 +207,7 @@ instead of using an \fBX509_STORE\fR. by \fBctx\fR to be \fBchain\fR. Ownership of the chain is transferred to \fBctx\fR and should not be free'd by the caller. -\&\fBX509_STORE_CTX_get0_chain()\fR returns a the internal pointer used by the +\&\fBX509_STORE_CTX_get0_chain()\fR returns the internal pointer used by the \&\fBctx\fR that contains the validated chain. .PP \&\fBX509_STORE_CTX_set0_crls()\fR sets a set of CRLs to use to aid certificate @@ -259,7 +259,7 @@ be freed up until after the associated \fBX509_STORE_CTX\fR is freed. Copies should be made or reference counts increased instead. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fBX509_STORE_CTX_new()\fR returns an newly allocates context or \fB\s-1NULL\s0\fR is an +\&\fBX509_STORE_CTX_new()\fR returns a newly allocated context or \fB\s-1NULL\s0\fR if an error occurred. .PP \&\fBX509_STORE_CTX_init()\fR returns 1 for success or 0 if an error occurred. @@ -287,7 +287,7 @@ The \fBX509_STORE_CTX_set0_crls()\fR function was added in OpenSSL 1.0.0. The \fBX509_STORE_CTX_get_num_untrusted()\fR function was added in OpenSSL 1.1.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2009\-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2009\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/secure/lib/libcrypto/man/man3/X509_STORE_CTX_set_verify_cb.3 b/secure/lib/libcrypto/man/man3/X509_STORE_CTX_set_verify_cb.3 index a910b9779841f..581acf37871e5 100644 --- a/secure/lib/libcrypto/man/man3/X509_STORE_CTX_set_verify_cb.3 +++ b/secure/lib/libcrypto/man/man3/X509_STORE_CTX_set_verify_cb.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "X509_STORE_CTX_SET_VERIFY_CB 3" -.TH X509_STORE_CTX_SET_VERIFY_CB 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH X509_STORE_CTX_SET_VERIFY_CB 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -172,7 +172,7 @@ The verification callback can be used to customise the operation of certificate verification, either by overriding error conditions or logging errors for debugging purposes. .PP -However a verification callback is \fBnot\fR essential and the default operation +However, a verification callback is \fBnot\fR essential and the default operation is often sufficient. .PP The \fBok\fR parameter to the callback indicates the value the callback should @@ -326,7 +326,7 @@ The and \fBX509_STORE_CTX_get_cleanup()\fR functions were added in OpenSSL 1.1.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2009\-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2009\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/secure/lib/libcrypto/man/man3/X509_STORE_add_cert.3 b/secure/lib/libcrypto/man/man3/X509_STORE_add_cert.3 index 7d668251835b2..b48a5e0c745ae 100644 --- a/secure/lib/libcrypto/man/man3/X509_STORE_add_cert.3 +++ b/secure/lib/libcrypto/man/man3/X509_STORE_add_cert.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "X509_STORE_ADD_CERT 3" -.TH X509_STORE_ADD_CERT 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH X509_STORE_ADD_CERT 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/X509_STORE_get0_param.3 b/secure/lib/libcrypto/man/man3/X509_STORE_get0_param.3 index 9fcc648048dbb..8c0610496dca1 100644 --- a/secure/lib/libcrypto/man/man3/X509_STORE_get0_param.3 +++ b/secure/lib/libcrypto/man/man3/X509_STORE_get0_param.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "X509_STORE_GET0_PARAM 3" -.TH X509_STORE_GET0_PARAM 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH X509_STORE_GET0_PARAM 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/X509_STORE_new.3 b/secure/lib/libcrypto/man/man3/X509_STORE_new.3 index 99749cc3e4fcc..843a49abb7eb0 100644 --- a/secure/lib/libcrypto/man/man3/X509_STORE_new.3 +++ b/secure/lib/libcrypto/man/man3/X509_STORE_new.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "X509_STORE_NEW 3" -.TH X509_STORE_NEW 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH X509_STORE_NEW 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/X509_STORE_set_verify_cb_func.3 b/secure/lib/libcrypto/man/man3/X509_STORE_set_verify_cb_func.3 index 5c924c0b0c461..12269e0f42539 100644 --- a/secure/lib/libcrypto/man/man3/X509_STORE_set_verify_cb_func.3 +++ b/secure/lib/libcrypto/man/man3/X509_STORE_set_verify_cb_func.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "X509_STORE_SET_VERIFY_CB_FUNC 3" -.TH X509_STORE_SET_VERIFY_CB_FUNC 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH X509_STORE_SET_VERIFY_CB_FUNC 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -243,7 +243,9 @@ This function must return 0 on failure and 1 on success. function will be used instead.\fR .PP \&\fBX509_STORE_set_check_issued()\fR sets the function to check that a given -certificate \fBx\fR is issued with the issuer certificate \fBissuer\fR. +certificate \fBx\fR is issued by the issuer certificate \fBissuer\fR and +the issuer is not yet in the chain contained in <ctx>, where the exceptional +case that \fBx\fR is self-issued and ctx\->chain has just one element is allowed. This function must return 0 on failure (among others if \fBx\fR hasn't been issued with \fBissuer\fR) and 1 on success. \&\fIIf no function to get the issuer is provided, the internal default @@ -356,7 +358,7 @@ The functions were added in OpenSSL 1.1.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2009\-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2009\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/secure/lib/libcrypto/man/man3/X509_VERIFY_PARAM_set_flags.3 b/secure/lib/libcrypto/man/man3/X509_VERIFY_PARAM_set_flags.3 index f31cdc125fcdd..f61478c827629 100644 --- a/secure/lib/libcrypto/man/man3/X509_VERIFY_PARAM_set_flags.3 +++ b/secure/lib/libcrypto/man/man3/X509_VERIFY_PARAM_set_flags.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "X509_VERIFY_PARAM_SET_FLAGS 3" -.TH X509_VERIFY_PARAM_SET_FLAGS 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH X509_VERIFY_PARAM_SET_FLAGS 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -252,7 +252,7 @@ interoperable, though it will, for example, reject \s-1MD5\s0 signatures or \s-1 shorter than 1024 bits. .PP \&\fBX509_VERIFY_PARAM_set1_host()\fR sets the expected \s-1DNS\s0 hostname to -\&\fBname\fR clearing any previously specified host name or names. If +\&\fBname\fR clearing any previously specified hostname or names. If \&\fBname\fR is \s-1NULL,\s0 or empty the list of hostnames is cleared, and name checks are not performed on the peer certificate. If \fBname\fR is NUL-terminated, \fBnamelen\fR may be zero, otherwise \fBnamelen\fR @@ -385,12 +385,15 @@ they are enabled. If \fBX509_V_FLAG_USE_DELTAS\fR is set delta CRLs (if present) are used to determine certificate status. If not set deltas are ignored. .PP -\&\fBX509_V_FLAG_CHECK_SS_SIGNATURE\fR enables checking of the root \s-1CA\s0 self signed -certificate signature. By default this check is disabled because it doesn't +\&\fBX509_V_FLAG_CHECK_SS_SIGNATURE\fR requests checking the signature of +the last certificate in a chain if the certificate is supposedly self-signed. +This is prohibited and will result in an error if it is a non-conforming \s-1CA\s0 +certificate with key usage restrictions not including the keyCertSign bit. +By default this check is disabled because it doesn't add any additional security but in some cases applications might want to -check the signature anyway. A side effect of not checking the root \s-1CA\s0 -signature is that disabled or unsupported message digests on the root \s-1CA\s0 -are not treated as fatal errors. +check the signature anyway. A side effect of not checking the self-signature +of such a certificate is that disabled or unsupported message digests used for +the signature are not treated as fatal errors. .PP When \fBX509_V_FLAG_TRUSTED_FIRST\fR is set, construction of the certificate chain in \fBX509_verify_cert\fR\|(3) will search the trust store for issuer certificates @@ -492,7 +495,7 @@ and has no effect. The \fBX509_VERIFY_PARAM_get_hostflags()\fR function was added in OpenSSL 1.1.0i. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2009\-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2009\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/secure/lib/libcrypto/man/man3/X509_check_ca.3 b/secure/lib/libcrypto/man/man3/X509_check_ca.3 index 5d7c380ece28b..c6240e959dab7 100644 --- a/secure/lib/libcrypto/man/man3/X509_check_ca.3 +++ b/secure/lib/libcrypto/man/man3/X509_check_ca.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "X509_CHECK_CA 3" -.TH X509_CHECK_CA 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH X509_CHECK_CA 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -160,7 +160,7 @@ Function return 0, if it is not \s-1CA\s0 certificate, 1 if it is proper X509v3 \&\fBbasicConstraints\fR, and 5 if it has outdated Netscape Certificate Type extension telling that it is \s-1CA\s0 certificate. .PP -Actually, any non-zero value means that this certificate could have been +Actually, any nonzero value means that this certificate could have been used to sign other certificates. .SH "SEE ALSO" .IX Header "SEE ALSO" @@ -169,7 +169,7 @@ used to sign other certificates. \&\fBX509_check_purpose\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2015\-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2015\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/secure/lib/libcrypto/man/man3/X509_check_host.3 b/secure/lib/libcrypto/man/man3/X509_check_host.3 index dc00078e4282c..57abc55456753 100644 --- a/secure/lib/libcrypto/man/man3/X509_check_host.3 +++ b/secure/lib/libcrypto/man/man3/X509_check_host.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "X509_CHECK_HOST 3" -.TH X509_CHECK_HOST 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH X509_CHECK_HOST 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -156,13 +156,13 @@ X509_check_host, X509_check_email, X509_check_ip, X509_check_ip_asc \- X.509 cer .SH "DESCRIPTION" .IX Header "DESCRIPTION" The certificate matching functions are used to check whether a -certificate matches a given host name, email address, or \s-1IP\s0 address. +certificate matches a given hostname, email address, or \s-1IP\s0 address. The validity of the certificate and its trust level has to be checked by other means. .PP \&\fBX509_check_host()\fR checks if the certificate Subject Alternative -Name (\s-1SAN\s0) or Subject CommonName (\s-1CN\s0) matches the specified host -name, which must be encoded in the preferred name syntax described +Name (\s-1SAN\s0) or Subject CommonName (\s-1CN\s0) matches the specified hostname, +which must be encoded in the preferred name syntax described in section 3.5 of \s-1RFC 1034.\s0 By default, wildcards are supported and they match only in the left-most label; but they may match part of that label with an explicit prefix or suffix. For example, @@ -174,7 +174,7 @@ Per section 6.4.2 of \s-1RFC 6125,\s0 \fBname\fR values representing internation domain names must be given in A\-label form. The \fBnamelen\fR argument must be the number of characters in the name string or zero in which case the length is calculated with strlen(\fBname\fR). When \fBname\fR starts -with a dot (e.g \*(L".example.com\*(R"), it will be matched by a certificate +with a dot (e.g. \*(L".example.com\*(R"), it will be matched by a certificate valid for any sub-domain of \fBname\fR, (see also \&\fBX509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS\fR below). .PP @@ -280,7 +280,7 @@ and the internal checks will be suppressed as appropriate when These functions were added in OpenSSL 1.0.2. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2012\-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2012\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/secure/lib/libcrypto/man/man3/X509_check_issued.3 b/secure/lib/libcrypto/man/man3/X509_check_issued.3 index 5f3ae316b28fd..6e3c521502c1b 100644 --- a/secure/lib/libcrypto/man/man3/X509_check_issued.3 +++ b/secure/lib/libcrypto/man/man3/X509_check_issued.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,13 +133,13 @@ .\" ======================================================================== .\" .IX Title "X509_CHECK_ISSUED 3" -.TH X509_CHECK_ISSUED 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH X509_CHECK_ISSUED 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -X509_check_issued \- checks if certificate is issued by another certificate +X509_check_issued \- checks if certificate is apparently issued by another certificate .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 @@ -149,13 +149,14 @@ X509_check_issued \- checks if certificate is issued by another certificate .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -This function checks if certificate \fIsubject\fR was issued using \s-1CA\s0 -certificate \fIissuer\fR. This function takes into account not only -matching of issuer field of \fIsubject\fR with subject field of \fIissuer\fR, -but also compares \fBauthorityKeyIdentifier\fR extension of \fIsubject\fR with -\&\fBsubjectKeyIdentifier\fR of \fIissuer\fR if \fBauthorityKeyIdentifier\fR -present in the \fIsubject\fR certificate and checks \fBkeyUsage\fR field of -\&\fIissuer\fR. +\&\fBX509_check_issued()\fR checks if certificate \fIsubject\fR was apparently issued +using (\s-1CA\s0) certificate \fIissuer\fR. This function takes into account not only +matching of the issuer field of \fIsubject\fR with the subject field of \fIissuer\fR, +but also compares all sub-fields of the \fBauthorityKeyIdentifier\fR extension of +\&\fIsubject\fR, as far as present, with the respective \fBsubjectKeyIdentifier\fR, +serial number, and issuer fields of \fIissuer\fR, as far as present. It also checks +if the \fBkeyUsage\fR field (if present) of \fIissuer\fR allows certificate signing. +It does not check the certificate signature. .SH "RETURN VALUES" .IX Header "RETURN VALUES" Function return \fBX509_V_OK\fR if certificate \fIsubject\fR is issued by @@ -167,7 +168,7 @@ Function return \fBX509_V_OK\fR if certificate \fIsubject\fR is issued by \&\fBverify\fR\|(1) .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2015\-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2015\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/secure/lib/libcrypto/man/man3/X509_check_private_key.3 b/secure/lib/libcrypto/man/man3/X509_check_private_key.3 index 1127a6750d797..e16b19ad29b10 100644 --- a/secure/lib/libcrypto/man/man3/X509_check_private_key.3 +++ b/secure/lib/libcrypto/man/man3/X509_check_private_key.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "X509_CHECK_PRIVATE_KEY 3" -.TH X509_CHECK_PRIVATE_KEY 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH X509_CHECK_PRIVATE_KEY 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/X509_check_purpose.3 b/secure/lib/libcrypto/man/man3/X509_check_purpose.3 index 84a1d95a21026..d7ef3f98920b0 100644 --- a/secure/lib/libcrypto/man/man3/X509_check_purpose.3 +++ b/secure/lib/libcrypto/man/man3/X509_check_purpose.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "X509_CHECK_PURPOSE 3" -.TH X509_CHECK_PURPOSE 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH X509_CHECK_PURPOSE 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -170,8 +170,8 @@ Below are the potential \s-1ID\s0's that can be checked: .SH "RETURN VALUES" .IX Header "RETURN VALUES" For non-CA checks -.IP "\-1 an error condition has occured" 4 -.IX Item "-1 an error condition has occured" +.IP "\-1 an error condition has occurred" 4 +.IX Item "-1 an error condition has occurred" .PD 0 .IP " 1 if the certificate was created to perform the purpose represented by \fIid\fR" 4 .IX Item " 1 if the certificate was created to perform the purpose represented by id" @@ -180,8 +180,8 @@ For non-CA checks .PD .PP For \s-1CA\s0 checks the below integers could be returned with the following meanings: -.IP "\-1 an error condition has occured" 4 -.IX Item "-1 an error condition has occured" +.IP "\-1 an error condition has occurred" 4 +.IX Item "-1 an error condition has occurred" .PD 0 .IP " 0 not a \s-1CA\s0 or does not have the purpose represented by \fIid\fR" 4 .IX Item " 0 not a CA or does not have the purpose represented by id" diff --git a/secure/lib/libcrypto/man/man3/X509_cmp.3 b/secure/lib/libcrypto/man/man3/X509_cmp.3 index 9c977358f5581..82567f15f0a43 100644 --- a/secure/lib/libcrypto/man/man3/X509_cmp.3 +++ b/secure/lib/libcrypto/man/man3/X509_cmp.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "X509_CMP 3" -.TH X509_CMP 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH X509_CMP 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/X509_cmp_time.3 b/secure/lib/libcrypto/man/man3/X509_cmp_time.3 index aca733af3917a..ed24996de3de5 100644 --- a/secure/lib/libcrypto/man/man3/X509_cmp_time.3 +++ b/secure/lib/libcrypto/man/man3/X509_cmp_time.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "X509_CMP_TIME 3" -.TH X509_CMP_TIME 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH X509_CMP_TIME 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/X509_digest.3 b/secure/lib/libcrypto/man/man3/X509_digest.3 index 095f4f2f15333..ecc3457c4229a 100644 --- a/secure/lib/libcrypto/man/man3/X509_digest.3 +++ b/secure/lib/libcrypto/man/man3/X509_digest.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "X509_DIGEST 3" -.TH X509_DIGEST 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH X509_DIGEST 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/X509_dup.3 b/secure/lib/libcrypto/man/man3/X509_dup.3 index 9085accb11be2..47846fed0053f 100644 --- a/secure/lib/libcrypto/man/man3/X509_dup.3 +++ b/secure/lib/libcrypto/man/man3/X509_dup.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "X509_DUP 3" -.TH X509_DUP 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH X509_DUP 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/X509_get0_notBefore.3 b/secure/lib/libcrypto/man/man3/X509_get0_notBefore.3 index 32c55e7ddb9c1..207af1f0de65b 100644 --- a/secure/lib/libcrypto/man/man3/X509_get0_notBefore.3 +++ b/secure/lib/libcrypto/man/man3/X509_get0_notBefore.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "X509_GET0_NOTBEFORE 3" -.TH X509_GET0_NOTBEFORE 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH X509_GET0_NOTBEFORE 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/X509_get0_signature.3 b/secure/lib/libcrypto/man/man3/X509_get0_signature.3 index 4591d7816dba1..0fad564a13c4f 100644 --- a/secure/lib/libcrypto/man/man3/X509_get0_signature.3 +++ b/secure/lib/libcrypto/man/man3/X509_get0_signature.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,13 +133,13 @@ .\" ======================================================================== .\" .IX Title "X509_GET0_SIGNATURE 3" -.TH X509_GET0_SIGNATURE 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH X509_GET0_SIGNATURE 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -X509_get0_signature, X509_get_signature_nid, X509_get0_tbs_sigalg, X509_REQ_get0_signature, X509_REQ_get_signature_nid, X509_CRL_get0_signature, X509_CRL_get_signature_nid, X509_get_signature_info, X509_SIG_INFO_get, X509_SIG_INFO_set \- signature information +X509_get0_signature, X509_REQ_set0_signature, X509_REQ_set1_signature_algo, X509_get_signature_nid, X509_get0_tbs_sigalg, X509_REQ_get0_signature, X509_REQ_get_signature_nid, X509_CRL_get0_signature, X509_CRL_get_signature_nid, X509_get_signature_info, X509_SIG_INFO_get, X509_SIG_INFO_set \- signature information .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 @@ -148,6 +148,8 @@ X509_get0_signature, X509_get_signature_nid, X509_get0_tbs_sigalg, X509_REQ_get0 \& void X509_get0_signature(const ASN1_BIT_STRING **psig, \& const X509_ALGOR **palg, \& const X509 *x); +\& void X509_REQ_set0_signature(X509_REQ *req, ASN1_BIT_STRING *psig); +\& int X509_REQ_set1_signature_algo(X509_REQ *req, X509_ALGOR *palg); \& int X509_get_signature_nid(const X509 *x); \& const X509_ALGOR *X509_get0_tbs_sigalg(const X509 *x); \& @@ -175,6 +177,9 @@ X509_get0_signature, X509_get_signature_nid, X509_get0_tbs_sigalg, X509_REQ_get0 to the signature algorithm of \fBx\fR. The values returned are internal pointers which \fB\s-1MUST NOT\s0\fR be freed up after the call. .PP +\&\fBX509_set0_signature()\fR and \fBX509_REQ_set1_signature_algo()\fR are the +equivalent setters for the two values of \fBX509_get0_signature()\fR. +.PP \&\fBX509_get0_tbs_sigalg()\fR returns the signature algorithm in the signed portion of \fBx\fR. .PP @@ -219,6 +224,10 @@ key is less secure: for example a certificate signed using \s-1SHA\-512\s0 and a \&\fBX509_get_signature_info()\fR returns 1 if the signature information returned is valid or 0 if the information is not available (e.g. unknown algorithms or malformed parameters). +.PP +\&\fBX509_REQ_set1_signature_algo()\fR returns 0 on success; or 1 on an +error (e.g. null \s-1ALGO\s0 pointer). X509_REQ_set0_signature does +not return an error value. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBd2i_X509\fR\|(3), @@ -247,9 +256,12 @@ The \&\fBX509_REQ_get0_signature()\fR, \fBX509_REQ_get_signature_nid()\fR, \&\fBX509_CRL_get0_signature()\fR and \fBX509_CRL_get_signature_nid()\fR were added in OpenSSL 1.1.0. +.PP +The \fBX509_REQ_set0_signature()\fR and \fBX509_REQ_set1_signature_algo()\fR +were added in OpenSSL 1.1.1e. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2015\-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2015\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/secure/lib/libcrypto/man/man3/X509_get0_uids.3 b/secure/lib/libcrypto/man/man3/X509_get0_uids.3 index 92bc808a5d88f..ab62941d1d161 100644 --- a/secure/lib/libcrypto/man/man3/X509_get0_uids.3 +++ b/secure/lib/libcrypto/man/man3/X509_get0_uids.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "X509_GET0_UIDS 3" -.TH X509_GET0_UIDS 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH X509_GET0_UIDS 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/X509_get_extension_flags.3 b/secure/lib/libcrypto/man/man3/X509_get_extension_flags.3 index 2dc25bc134229..62b9b0c48ca1d 100644 --- a/secure/lib/libcrypto/man/man3/X509_get_extension_flags.3 +++ b/secure/lib/libcrypto/man/man3/X509_get_extension_flags.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "X509_GET_EXTENSION_FLAGS 3" -.TH X509_GET_EXTENSION_FLAGS 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH X509_GET_EXTENSION_FLAGS 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/X509_get_pubkey.3 b/secure/lib/libcrypto/man/man3/X509_get_pubkey.3 index e41c603099e38..ae0c57a64f345 100644 --- a/secure/lib/libcrypto/man/man3/X509_get_pubkey.3 +++ b/secure/lib/libcrypto/man/man3/X509_get_pubkey.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "X509_GET_PUBKEY 3" -.TH X509_GET_PUBKEY 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH X509_GET_PUBKEY 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/X509_get_serialNumber.3 b/secure/lib/libcrypto/man/man3/X509_get_serialNumber.3 index 1d05d0046fede..58b819c872c10 100644 --- a/secure/lib/libcrypto/man/man3/X509_get_serialNumber.3 +++ b/secure/lib/libcrypto/man/man3/X509_get_serialNumber.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "X509_GET_SERIALNUMBER 3" -.TH X509_GET_SERIALNUMBER 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH X509_GET_SERIALNUMBER 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/X509_get_subject_name.3 b/secure/lib/libcrypto/man/man3/X509_get_subject_name.3 index 1979231801add..16b6ec7f31862 100644 --- a/secure/lib/libcrypto/man/man3/X509_get_subject_name.3 +++ b/secure/lib/libcrypto/man/man3/X509_get_subject_name.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "X509_GET_SUBJECT_NAME 3" -.TH X509_GET_SUBJECT_NAME 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH X509_GET_SUBJECT_NAME 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/X509_get_version.3 b/secure/lib/libcrypto/man/man3/X509_get_version.3 index 5f46128691ef6..26eec835844d6 100644 --- a/secure/lib/libcrypto/man/man3/X509_get_version.3 +++ b/secure/lib/libcrypto/man/man3/X509_get_version.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "X509_GET_VERSION 3" -.TH X509_GET_VERSION 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH X509_GET_VERSION 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/X509_new.3 b/secure/lib/libcrypto/man/man3/X509_new.3 index ecb00c23cf912..ff6edc070ac9a 100644 --- a/secure/lib/libcrypto/man/man3/X509_new.3 +++ b/secure/lib/libcrypto/man/man3/X509_new.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "X509_NEW 3" -.TH X509_NEW 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH X509_NEW 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/X509_sign.3 b/secure/lib/libcrypto/man/man3/X509_sign.3 index ba6d9bc6a93bf..669d599ccbf35 100644 --- a/secure/lib/libcrypto/man/man3/X509_sign.3 +++ b/secure/lib/libcrypto/man/man3/X509_sign.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "X509_SIGN 3" -.TH X509_SIGN 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH X509_SIGN 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/X509_verify_cert.3 b/secure/lib/libcrypto/man/man3/X509_verify_cert.3 index a7841b595b948..58262b536ae55 100644 --- a/secure/lib/libcrypto/man/man3/X509_verify_cert.3 +++ b/secure/lib/libcrypto/man/man3/X509_verify_cert.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "X509_VERIFY_CERT 3" -.TH X509_VERIFY_CERT 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH X509_VERIFY_CERT 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/X509v3_get_ext_by_NID.3 b/secure/lib/libcrypto/man/man3/X509v3_get_ext_by_NID.3 index 4b03e13398a9c..0fb321d098a1a 100644 --- a/secure/lib/libcrypto/man/man3/X509v3_get_ext_by_NID.3 +++ b/secure/lib/libcrypto/man/man3/X509v3_get_ext_by_NID.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "X509V3_GET_EXT_BY_NID 3" -.TH X509V3_GET_EXT_BY_NID 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH X509V3_GET_EXT_BY_NID 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -199,7 +199,7 @@ the extension is found its index is returned otherwise \fB\-1\fR is returned. .PP \&\fBX509v3_get_ext_by_critical()\fR is similar to \fBX509v3_get_ext_by_NID()\fR except it looks for an extension of criticality \fBcrit\fR. A zero value for \fBcrit\fR -looks for a non-critical extension a non-zero value looks for a critical +looks for a non-critical extension a nonzero value looks for a critical extension. .PP \&\fBX509v3_delete_ext()\fR deletes the extension with index \fBloc\fR from \fBx\fR. The @@ -256,7 +256,7 @@ error occurs. \&\fBX509V3_get_d2i\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2015\-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2015\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/secure/lib/libcrypto/man/man3/d2i_DHparams.3 b/secure/lib/libcrypto/man/man3/d2i_DHparams.3 index 95f9a3f120988..daf64f5543f4b 100644 --- a/secure/lib/libcrypto/man/man3/d2i_DHparams.3 +++ b/secure/lib/libcrypto/man/man3/d2i_DHparams.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "D2I_DHPARAMS 3" -.TH D2I_DHPARAMS 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH D2I_DHPARAMS 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -145,7 +145,7 @@ d2i_DHparams, i2d_DHparams \- PKCS#3 DH parameter functions .Vb 1 \& #include <openssl/dh.h> \& -\& DH *d2i_DHparams(DH **a, unsigned char **pp, long length); +\& DH *d2i_DHparams(DH **a, const unsigned char **pp, long length); \& int i2d_DHparams(DH *a, unsigned char **pp); .Ve .SH "DESCRIPTION" @@ -166,7 +166,7 @@ is less than or equal to 0 on error. \&\fBd2i_X509\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/secure/lib/libcrypto/man/man3/d2i_PKCS8PrivateKey_bio.3 b/secure/lib/libcrypto/man/man3/d2i_PKCS8PrivateKey_bio.3 index bd80ce831db69..ccc15b201b5ef 100644 --- a/secure/lib/libcrypto/man/man3/d2i_PKCS8PrivateKey_bio.3 +++ b/secure/lib/libcrypto/man/man3/d2i_PKCS8PrivateKey_bio.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "D2I_PKCS8PRIVATEKEY_BIO 3" -.TH D2I_PKCS8PRIVATEKEY_BIO 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH D2I_PKCS8PRIVATEKEY_BIO 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/d2i_PrivateKey.3 b/secure/lib/libcrypto/man/man3/d2i_PrivateKey.3 index c55a0b85a2f75..e321cafd6d3df 100644 --- a/secure/lib/libcrypto/man/man3/d2i_PrivateKey.3 +++ b/secure/lib/libcrypto/man/man3/d2i_PrivateKey.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "D2I_PRIVATEKEY 3" -.TH D2I_PRIVATEKEY 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH D2I_PRIVATEKEY 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/d2i_SSL_SESSION.3 b/secure/lib/libcrypto/man/man3/d2i_SSL_SESSION.3 index 1782cbb78ed3b..6df30ebcad92a 100644 --- a/secure/lib/libcrypto/man/man3/d2i_SSL_SESSION.3 +++ b/secure/lib/libcrypto/man/man3/d2i_SSL_SESSION.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "D2I_SSL_SESSION 3" -.TH D2I_SSL_SESSION 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH D2I_SSL_SESSION 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/d2i_X509.3 b/secure/lib/libcrypto/man/man3/d2i_X509.3 index 2dd051404e399..0dc8b5790345f 100644 --- a/secure/lib/libcrypto/man/man3/d2i_X509.3 +++ b/secure/lib/libcrypto/man/man3/d2i_X509.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "D2I_X509 3" -.TH D2I_X509 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH D2I_X509 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -143,7 +143,7 @@ d2i_ACCESS_DESCRIPTION, d2i_ADMISSIONS, d2i_ADMISSION_SYNTAX, d2i_ASIdOrRange, d .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 3 -\& TYPE *d2i_TYPE(TYPE **a, unsigned char **ppin, long length); +\& TYPE *d2i_TYPE(TYPE **a, const unsigned char **ppin, long length); \& TYPE *d2i_TYPE_bio(BIO *bp, TYPE **a); \& TYPE *d2i_TYPE_fp(FILE *fp, TYPE **a); \& @@ -213,8 +213,8 @@ The actual \s-1TYPE\s0 structure passed to \fBi2d_TYPE()\fR must be a valid populated \fB\s-1TYPE\s0\fR structure \*(-- it \fBcannot\fR simply be fed with an empty structure such as that returned by \fBTYPE_new()\fR. .PP -The encoded data is in binary form and may contain embedded zeroes. -Therefore any \s-1FILE\s0 pointers or BIOs should be opened in binary mode. +The encoded data is in binary form and may contain embedded zeros. +Therefore, any \s-1FILE\s0 pointers or BIOs should be opened in binary mode. Functions such as \fBstrlen()\fR will \fBnot\fR return the correct length of the encoded structure. .PP @@ -290,9 +290,10 @@ Allocate and encode the \s-1DER\s0 encoding of an X509 structure: .PP Attempt to decode a buffer: .PP -.Vb 3 +.Vb 4 \& X509 *x; -\& unsigned char *buf, *p; +\& unsigned char *buf; +\& const unsigned char *p; \& int len; \& \& /* Set up buf and len to point to the input buffer. */ @@ -304,9 +305,10 @@ Attempt to decode a buffer: .PP Alternative technique: .PP -.Vb 3 +.Vb 4 \& X509 *x; -\& unsigned char *buf, *p; +\& unsigned char *buf; +\& const unsigned char *p; \& int len; \& \& /* Set up buf and len to point to the input buffer. */ diff --git a/secure/lib/libcrypto/man/man3/i2d_CMS_bio_stream.3 b/secure/lib/libcrypto/man/man3/i2d_CMS_bio_stream.3 index 1c32f58ffb2c4..fc16176c97869 100644 --- a/secure/lib/libcrypto/man/man3/i2d_CMS_bio_stream.3 +++ b/secure/lib/libcrypto/man/man3/i2d_CMS_bio_stream.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "I2D_CMS_BIO_STREAM 3" -.TH I2D_CMS_BIO_STREAM 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH I2D_CMS_BIO_STREAM 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/i2d_PKCS7_bio_stream.3 b/secure/lib/libcrypto/man/man3/i2d_PKCS7_bio_stream.3 index 937ee54a7a4e4..271f1c49d5062 100644 --- a/secure/lib/libcrypto/man/man3/i2d_PKCS7_bio_stream.3 +++ b/secure/lib/libcrypto/man/man3/i2d_PKCS7_bio_stream.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "I2D_PKCS7_BIO_STREAM 3" -.TH I2D_PKCS7_BIO_STREAM 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH I2D_PKCS7_BIO_STREAM 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/i2d_re_X509_tbs.3 b/secure/lib/libcrypto/man/man3/i2d_re_X509_tbs.3 index ac8a9ebdc29cd..3939e9874bb19 100644 --- a/secure/lib/libcrypto/man/man3/i2d_re_X509_tbs.3 +++ b/secure/lib/libcrypto/man/man3/i2d_re_X509_tbs.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "I2D_RE_X509_TBS 3" -.TH I2D_RE_X509_TBS 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH I2D_RE_X509_TBS 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man3/o2i_SCT_LIST.3 b/secure/lib/libcrypto/man/man3/o2i_SCT_LIST.3 index c9b0ec8b08c1c..80a93417f8989 100644 --- a/secure/lib/libcrypto/man/man3/o2i_SCT_LIST.3 +++ b/secure/lib/libcrypto/man/man3/o2i_SCT_LIST.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "O2I_SCT_LIST 3" -.TH O2I_SCT_LIST 3 "2020-04-21" "1.1.1g" "OpenSSL" +.TH O2I_SCT_LIST 3 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man5/x509v3_config.5 b/secure/lib/libcrypto/man/man5/x509v3_config.5 index e6394f3d92344..d4543cf98848f 100644 --- a/secure/lib/libcrypto/man/man5/x509v3_config.5 +++ b/secure/lib/libcrypto/man/man5/x509v3_config.5 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "X509V3_CONFIG 5" -.TH X509V3_CONFIG 5 "2020-04-21" "1.1.1g" "OpenSSL" +.TH X509V3_CONFIG 5 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -202,8 +202,8 @@ The following sections describe each supported extension in detail. .IX Subsection "Basic Constraints." This is a multi valued extension which indicates whether a certificate is a \s-1CA\s0 certificate. The first (mandatory) name is \fB\s-1CA\s0\fR followed by \fB\s-1TRUE\s0\fR or -\&\fB\s-1FALSE\s0\fR. If \fB\s-1CA\s0\fR is \fB\s-1TRUE\s0\fR then an optional \fBpathlen\fR name followed by an -non-negative value can be included. +\&\fB\s-1FALSE\s0\fR. If \fB\s-1CA\s0\fR is \fB\s-1TRUE\s0\fR then an optional \fBpathlen\fR name followed by a +nonnegative value can be included. .PP For example: .PP @@ -696,7 +696,7 @@ will only recognize the last value. This can be worked around by using the form: \&\fBASN1_generate_nconf\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2004\-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2004\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/secure/lib/libcrypto/man/man7/Ed25519.7 b/secure/lib/libcrypto/man/man7/Ed25519.7 index 8fdce88fedbd4..1c3837bee5ee1 100644 --- a/secure/lib/libcrypto/man/man7/Ed25519.7 +++ b/secure/lib/libcrypto/man/man7/Ed25519.7 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "ED25519 7" -.TH ED25519 7 "2020-04-21" "1.1.1g" "OpenSSL" +.TH ED25519 7 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man7/RAND.7 b/secure/lib/libcrypto/man/man7/RAND.7 index cd05497d3a1b3..e5f664da4cf5f 100644 --- a/secure/lib/libcrypto/man/man7/RAND.7 +++ b/secure/lib/libcrypto/man/man7/RAND.7 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "RAND 7" -.TH RAND 7 "2020-04-21" "1.1.1g" "OpenSSL" +.TH RAND 7 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man7/RAND_DRBG.7 b/secure/lib/libcrypto/man/man7/RAND_DRBG.7 index e6658ad692063..dd0da731b3da9 100644 --- a/secure/lib/libcrypto/man/man7/RAND_DRBG.7 +++ b/secure/lib/libcrypto/man/man7/RAND_DRBG.7 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "RAND_DRBG 7" -.TH RAND_DRBG 7 "2020-04-21" "1.1.1g" "OpenSSL" +.TH RAND_DRBG 7 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man7/RSA-PSS.7 b/secure/lib/libcrypto/man/man7/RSA-PSS.7 index f755cad43acc2..69bff05d060a1 100644 --- a/secure/lib/libcrypto/man/man7/RSA-PSS.7 +++ b/secure/lib/libcrypto/man/man7/RSA-PSS.7 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "RSA-PSS 7" -.TH RSA-PSS 7 "2020-04-21" "1.1.1g" "OpenSSL" +.TH RSA-PSS 7 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man7/SM2.7 b/secure/lib/libcrypto/man/man7/SM2.7 index 22f4681cc51e6..14d62dcc05226 100644 --- a/secure/lib/libcrypto/man/man7/SM2.7 +++ b/secure/lib/libcrypto/man/man7/SM2.7 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SM2 7" -.TH SM2 7 "2020-04-21" "1.1.1g" "OpenSSL" +.TH SM2 7 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -172,7 +172,7 @@ Then an \s-1ID\s0 should be set by calling: .Ve .PP When calling the \fBEVP_DigestSignInit()\fR or \fBEVP_DigestVerifyInit()\fR functions, a -pre-allocated \fB\s-1EVP_PKEY_CTX\s0\fR should be assigned to the \fB\s-1EVP_MD_CTX\s0\fR. This is +preallocated \fB\s-1EVP_PKEY_CTX\s0\fR should be assigned to the \fB\s-1EVP_MD_CTX\s0\fR. This is done by calling: .PP .Vb 1 @@ -209,7 +209,7 @@ a message with the \s-1SM2\s0 signature algorithm and the \s-1SM3\s0 hash algori \&\fBEVP_MD_CTX_set_pkey_ctx\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2018\-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2018\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/secure/lib/libcrypto/man/man7/X25519.7 b/secure/lib/libcrypto/man/man7/X25519.7 index fd6a2cafcbf29..cfd5f7543e418 100644 --- a/secure/lib/libcrypto/man/man7/X25519.7 +++ b/secure/lib/libcrypto/man/man7/X25519.7 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "X25519 7" -.TH X25519 7 "2020-04-21" "1.1.1g" "OpenSSL" +.TH X25519 7 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man7/bio.7 b/secure/lib/libcrypto/man/man7/bio.7 index 2cb434d8c6e21..d8e414aab8464 100644 --- a/secure/lib/libcrypto/man/man7/bio.7 +++ b/secure/lib/libcrypto/man/man7/bio.7 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BIO 7" -.TH BIO 7 "2020-04-21" "1.1.1g" "OpenSSL" +.TH BIO 7 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man7/ct.7 b/secure/lib/libcrypto/man/man7/ct.7 index 59e4fae500e3e..d5a73e2137f1c 100644 --- a/secure/lib/libcrypto/man/man7/ct.7 +++ b/secure/lib/libcrypto/man/man7/ct.7 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "CT 7" -.TH CT 7 "2020-04-21" "1.1.1g" "OpenSSL" +.TH CT 7 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man7/des_modes.7 b/secure/lib/libcrypto/man/man7/des_modes.7 index d64934688e0ce..6d4a125cfc6ac 100644 --- a/secure/lib/libcrypto/man/man7/des_modes.7 +++ b/secure/lib/libcrypto/man/man7/des_modes.7 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "DES_MODES 7" -.TH DES_MODES 7 "2020-04-21" "1.1.1g" "OpenSSL" +.TH DES_MODES 7 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man7/evp.7 b/secure/lib/libcrypto/man/man7/evp.7 index 14bc5b5be552f..6f00f5dd4e2fc 100644 --- a/secure/lib/libcrypto/man/man7/evp.7 +++ b/secure/lib/libcrypto/man/man7/evp.7 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EVP 7" -.TH EVP 7 "2020-04-21" "1.1.1g" "OpenSSL" +.TH EVP 7 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -162,7 +162,7 @@ functions. Symmetric encryption is available with the \fBEVP_Encrypt\fR\fI\s-1XXX\s0\fR functions. The \fBEVP_Digest\fR\fI\s-1XXX\s0\fR functions provide message digests. .PP -The \fB\s-1EVP_PKEY\s0\fR\fI\s-1XXX\s0\fR functions provide a high level interface to +The \fB\s-1EVP_PKEY\s0\fR\fI\s-1XXX\s0\fR functions provide a high-level interface to asymmetric algorithms. To create a new \s-1EVP_PKEY\s0 see \&\fBEVP_PKEY_new\fR\|(3). EVP_PKEYs can be associated with a private key of a particular algorithm by using the functions @@ -175,8 +175,8 @@ The \s-1EVP_PKEY\s0 functions support the full range of asymmetric algorithm ope .IP "For key agreement see \fBEVP_PKEY_derive\fR\|(3)" 4 .IX Item "For key agreement see EVP_PKEY_derive" .PD 0 -.IP "For signing and verifying see \fBEVP_PKEY_sign\fR\|(3), \fBEVP_PKEY_verify\fR\|(3) and \fBEVP_PKEY_verify_recover\fR\|(3). However, note that these functions do not perform a digest of the data to be signed. Therefore normally you would use the \fBEVP_DigestSignInit\fR\|(3) functions for this purpose." 4 -.IX Item "For signing and verifying see EVP_PKEY_sign, EVP_PKEY_verify and EVP_PKEY_verify_recover. However, note that these functions do not perform a digest of the data to be signed. Therefore normally you would use the EVP_DigestSignInit functions for this purpose." +.IP "For signing and verifying see \fBEVP_PKEY_sign\fR\|(3), \fBEVP_PKEY_verify\fR\|(3) and \fBEVP_PKEY_verify_recover\fR\|(3). However, note that these functions do not perform a digest of the data to be signed. Therefore, normally you would use the \fBEVP_DigestSignInit\fR\|(3) functions for this purpose." 4 +.IX Item "For signing and verifying see EVP_PKEY_sign, EVP_PKEY_verify and EVP_PKEY_verify_recover. However, note that these functions do not perform a digest of the data to be signed. Therefore, normally you would use the EVP_DigestSignInit functions for this purpose." .ie n .IP "For encryption and decryption see \fBEVP_PKEY_encrypt\fR\|(3) and \fBEVP_PKEY_decrypt\fR\|(3) respectively. However, note that these functions perform encryption and decryption only. As public key encryption is an expensive operation, normally you would wrap an encrypted message in a ""digital envelope"" using the \fBEVP_SealInit\fR\|(3) and \fBEVP_OpenInit\fR\|(3) functions." 4 .el .IP "For encryption and decryption see \fBEVP_PKEY_encrypt\fR\|(3) and \fBEVP_PKEY_decrypt\fR\|(3) respectively. However, note that these functions perform encryption and decryption only. As public key encryption is an expensive operation, normally you would wrap an encrypted message in a ``digital envelope'' using the \fBEVP_SealInit\fR\|(3) and \fBEVP_OpenInit\fR\|(3) functions." 4 .IX Item "For encryption and decryption see EVP_PKEY_encrypt and EVP_PKEY_decrypt respectively. However, note that these functions perform encryption and decryption only. As public key encryption is an expensive operation, normally you would wrap an encrypted message in a digital envelope using the EVP_SealInit and EVP_OpenInit functions." @@ -198,12 +198,12 @@ as defaults, then the various \s-1EVP\s0 functions will automatically use those implementations automatically in preference to built in software implementations. For more information, consult the \fBengine\fR\|(3) man page. .PP -Although low level algorithm specific functions exist for many algorithms +Although low-level algorithm specific functions exist for many algorithms their use is discouraged. They cannot be used with an \s-1ENGINE\s0 and \s-1ENGINE\s0 -versions of new algorithms cannot be accessed using the low level functions. +versions of new algorithms cannot be accessed using the low-level functions. Also makes code harder to adapt to new algorithms and some options are not -cleanly supported at the low level and some operations are more efficient -using the high level interface. +cleanly supported at the low-level and some operations are more efficient +using the high-level interface. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBEVP_DigestInit\fR\|(3), @@ -228,7 +228,7 @@ using the high level interface. \&\fBENGINE_by_id\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/secure/lib/libcrypto/man/man7/ossl_store-file.7 b/secure/lib/libcrypto/man/man7/ossl_store-file.7 index ec67ecd393137..9990fcdffc75a 100644 --- a/secure/lib/libcrypto/man/man7/ossl_store-file.7 +++ b/secure/lib/libcrypto/man/man7/ossl_store-file.7 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "OSSL_STORE-FILE 7" -.TH OSSL_STORE-FILE 7 "2020-04-21" "1.1.1g" "OpenSSL" +.TH OSSL_STORE-FILE 7 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man7/ossl_store.7 b/secure/lib/libcrypto/man/man7/ossl_store.7 index 4ff50bd9c0db8..aacb5605a272a 100644 --- a/secure/lib/libcrypto/man/man7/ossl_store.7 +++ b/secure/lib/libcrypto/man/man7/ossl_store.7 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "OSSL_STORE 7" -.TH OSSL_STORE 7 "2020-04-21" "1.1.1g" "OpenSSL" +.TH OSSL_STORE 7 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -148,7 +148,7 @@ ossl_store \- Store retrieval functions .SS "General" .IX Subsection "General" A \s-1STORE\s0 is a layer of functionality to retrieve a number of supported -objects from a repository of any kind, addressable as a file name or +objects from a repository of any kind, addressable as a filename or as a \s-1URI.\s0 .PP The functionality supports the pattern \*(L"open a channel to the @@ -207,7 +207,7 @@ other encoding is undefined. \&\s-1\fBOSSL_STORE_SEARCH\s0\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2016\-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2016\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/secure/lib/libcrypto/man/man7/passphrase-encoding.7 b/secure/lib/libcrypto/man/man7/passphrase-encoding.7 index 3e534df62a726..5dc9c23251a3d 100644 --- a/secure/lib/libcrypto/man/man7/passphrase-encoding.7 +++ b/secure/lib/libcrypto/man/man7/passphrase-encoding.7 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "PASSPHRASE-ENCODING 7" -.TH PASSPHRASE-ENCODING 7 "2020-04-21" "1.1.1g" "OpenSSL" +.TH PASSPHRASE-ENCODING 7 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man7/proxy-certificates.7 b/secure/lib/libcrypto/man/man7/proxy-certificates.7 index 1df859b24e68c..b1be36bc7df14 100644 --- a/secure/lib/libcrypto/man/man7/proxy-certificates.7 +++ b/secure/lib/libcrypto/man/man7/proxy-certificates.7 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "PROXY-CERTIFICATES 7" -.TH PROXY-CERTIFICATES 7 "2020-04-21" "1.1.1g" "OpenSSL" +.TH PROXY-CERTIFICATES 7 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man7/scrypt.7 b/secure/lib/libcrypto/man/man7/scrypt.7 index 2335e3bb4b5fe..ed76b5d8e66d6 100644 --- a/secure/lib/libcrypto/man/man7/scrypt.7 +++ b/secure/lib/libcrypto/man/man7/scrypt.7 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SCRYPT 7" -.TH SCRYPT 7 "2020-04-21" "1.1.1g" "OpenSSL" +.TH SCRYPT 7 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man7/ssl.7 b/secure/lib/libcrypto/man/man7/ssl.7 index fd45bd2ffeca0..e4e4c95901c4d 100644 --- a/secure/lib/libcrypto/man/man7/ssl.7 +++ b/secure/lib/libcrypto/man/man7/ssl.7 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL 7" -.TH SSL 7 "2020-04-21" "1.1.1g" "OpenSSL" +.TH SSL 7 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/man7/x509.7 b/secure/lib/libcrypto/man/man7/x509.7 index 7a3af7a6e7834..3f7fe087d62f6 100644 --- a/secure/lib/libcrypto/man/man7/x509.7 +++ b/secure/lib/libcrypto/man/man7/x509.7 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "X509 7" -.TH X509 7 "2020-04-21" "1.1.1g" "OpenSSL" +.TH X509 7 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/CA.pl.1 b/secure/usr.bin/openssl/man/CA.pl.1 index a8a3bcb9f0495..593426c7a4bf3 100644 --- a/secure/usr.bin/openssl/man/CA.pl.1 +++ b/secure/usr.bin/openssl/man/CA.pl.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "CA.PL 1" -.TH CA.PL 1 "2020-04-21" "1.1.1g" "OpenSSL" +.TH CA.PL 1 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -216,7 +216,7 @@ to be in the file \*(L"newreq.pem\*(R". The new certificate is written to the fi to standard output. Leverages \fBopenssl ca\fR command. .IP "\fB\-signCA\fR" 4 .IX Item "-signCA" -This option is the same as the \fB\-signreq\fR option except it uses the +This option is the same as the \fB\-sign\fR option except it uses the configuration file section \fBv3_ca\fR and so makes the signed request a valid \s-1CA\s0 certificate. This is useful when creating intermediate \s-1CA\s0 from a root \s-1CA.\s0 Extra params are passed on to \fBopenssl ca\fR command. @@ -263,7 +263,7 @@ the request and finally create a PKCS#12 file containing it. .Vb 4 \& CA.pl \-newca \& CA.pl \-newreq -\& CA.pl \-signreq +\& CA.pl \-sign \& CA.pl \-pkcs12 "My Test Certificate" .Ve .SH "DSA CERTIFICATES" @@ -290,7 +290,7 @@ Create the \s-1CA\s0 directories and files: \& CA.pl \-newca .Ve .PP -enter cacert.pem when prompted for the \s-1CA\s0 file name. +enter cacert.pem when prompted for the \s-1CA\s0 filename. .PP Create a \s-1DSA\s0 certificate request and private key (a different set of parameters can optionally be created first): @@ -302,7 +302,7 @@ can optionally be created first): Sign the request: .PP .Vb 1 -\& CA.pl \-signreq +\& CA.pl \-sign .Ve .SH "NOTES" .IX Header "NOTES" @@ -333,7 +333,7 @@ behaviour of the certificate commands call the \fBopenssl\fR command directly. \&\fBconfig\fR\|(5) .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/secure/usr.bin/openssl/man/asn1parse.1 b/secure/usr.bin/openssl/man/asn1parse.1 index 1751378902c9e..9cef918d0f931 100644 --- a/secure/usr.bin/openssl/man/asn1parse.1 +++ b/secure/usr.bin/openssl/man/asn1parse.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "ASN1PARSE 1" -.TH ASN1PARSE 1 "2020-04-21" "1.1.1g" "OpenSSL" +.TH ASN1PARSE 1 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/ca.1 b/secure/usr.bin/openssl/man/ca.1 index a091185352065..e27c804e5b48f 100644 --- a/secure/usr.bin/openssl/man/ca.1 +++ b/secure/usr.bin/openssl/man/ca.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "CA 1" -.TH CA 1 "2020-04-21" "1.1.1g" "OpenSSL" +.TH CA 1 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -325,7 +325,7 @@ DNs match the order of the request. This is not needed for Xenroll. .IP "\fB\-noemailDN\fR" 4 .IX Item "-noemailDN" The \s-1DN\s0 of a certificate can contain the \s-1EMAIL\s0 field if present in the -request \s-1DN,\s0 however it is good policy just having the e\-mail set into +request \s-1DN,\s0 however, it is good policy just having the e\-mail set into the altName extension of the certificate. When this option is set the \&\s-1EMAIL\s0 field is removed from the certificate' subject and set only in the, eventually present, extensions. The \fBemail_in_dn\fR keyword can be @@ -815,7 +815,7 @@ are in year 2050 or later. \&\fBconfig\fR\|(5), \fBx509v3_config\fR\|(5) .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/secure/usr.bin/openssl/man/ciphers.1 b/secure/usr.bin/openssl/man/ciphers.1 index 6536c6a49adda..93b5f937fa8b2 100644 --- a/secure/usr.bin/openssl/man/ciphers.1 +++ b/secure/usr.bin/openssl/man/ciphers.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "CIPHERS 1" -.TH CIPHERS 1 "2020-04-21" "1.1.1g" "OpenSSL" +.TH CIPHERS 1 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/cms.1 b/secure/usr.bin/openssl/man/cms.1 index 7573702fe0a27..f1645493d6378 100644 --- a/secure/usr.bin/openssl/man/cms.1 +++ b/secure/usr.bin/openssl/man/cms.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "CMS 1" -.TH CMS 1 "2020-04-21" "1.1.1g" "OpenSSL" +.TH CMS 1 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/crl.1 b/secure/usr.bin/openssl/man/crl.1 index 3acfc30f6b359..b907051061b53 100644 --- a/secure/usr.bin/openssl/man/crl.1 +++ b/secure/usr.bin/openssl/man/crl.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "CRL 1" -.TH CRL 1 "2020-04-21" "1.1.1g" "OpenSSL" +.TH CRL 1 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/crl2pkcs7.1 b/secure/usr.bin/openssl/man/crl2pkcs7.1 index 96bed8d414e60..c01e08cbb3805 100644 --- a/secure/usr.bin/openssl/man/crl2pkcs7.1 +++ b/secure/usr.bin/openssl/man/crl2pkcs7.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "CRL2PKCS7 1" -.TH CRL2PKCS7 1 "2020-04-21" "1.1.1g" "OpenSSL" +.TH CRL2PKCS7 1 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/dgst.1 b/secure/usr.bin/openssl/man/dgst.1 index 0a8faacc04c20..e2c37fe5b1a97 100644 --- a/secure/usr.bin/openssl/man/dgst.1 +++ b/secure/usr.bin/openssl/man/dgst.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "DGST 1" -.TH DGST 1 "2020-04-21" "1.1.1g" "OpenSSL" +.TH DGST 1 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -216,8 +216,7 @@ Filename to output to, or standard output by default. .IP "\fB\-sign filename\fR" 4 .IX Item "-sign filename" Digitally sign the digest using the private key in \*(L"filename\*(R". Note this option -does not support Ed25519 or Ed448 private keys. Use the \fBpkeyutl\fR command -instead for this. +does not support Ed25519 or Ed448 private keys. .IP "\fB\-keyform arg\fR" 4 .IX Item "-keyform arg" Specifies the key format to sign digest with. The \s-1DER, PEM, P12,\s0 @@ -339,7 +338,7 @@ The default digest was changed from \s-1MD5\s0 to \s-1SHA256\s0 in OpenSSL 1.1.0 The FIPS-related options were removed in OpenSSL 1.1.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/secure/usr.bin/openssl/man/dhparam.1 b/secure/usr.bin/openssl/man/dhparam.1 index 928d1bb5b3f25..1836cd485a83c 100644 --- a/secure/usr.bin/openssl/man/dhparam.1 +++ b/secure/usr.bin/openssl/man/dhparam.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "DHPARAM 1" -.TH DHPARAM 1 "2020-04-21" "1.1.1g" "OpenSSL" +.TH DHPARAM 1 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/dsa.1 b/secure/usr.bin/openssl/man/dsa.1 index 43ea1180f47fe..b7a1b4fce47db 100644 --- a/secure/usr.bin/openssl/man/dsa.1 +++ b/secure/usr.bin/openssl/man/dsa.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "DSA 1" -.TH DSA 1 "2020-04-21" "1.1.1g" "OpenSSL" +.TH DSA 1 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/dsaparam.1 b/secure/usr.bin/openssl/man/dsaparam.1 index a258797a3aff9..8d2e1995d80b0 100644 --- a/secure/usr.bin/openssl/man/dsaparam.1 +++ b/secure/usr.bin/openssl/man/dsaparam.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "DSAPARAM 1" -.TH DSAPARAM 1 "2020-04-21" "1.1.1g" "OpenSSL" +.TH DSAPARAM 1 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/ec.1 b/secure/usr.bin/openssl/man/ec.1 index 447a9d8df718c..652cf55e44614 100644 --- a/secure/usr.bin/openssl/man/ec.1 +++ b/secure/usr.bin/openssl/man/ec.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EC 1" -.TH EC 1 "2020-04-21" "1.1.1g" "OpenSSL" +.TH EC 1 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/ecparam.1 b/secure/usr.bin/openssl/man/ecparam.1 index 813b58f4e10cf..02c6e40ebacab 100644 --- a/secure/usr.bin/openssl/man/ecparam.1 +++ b/secure/usr.bin/openssl/man/ecparam.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "ECPARAM 1" -.TH ECPARAM 1 "2020-04-21" "1.1.1g" "OpenSSL" +.TH ECPARAM 1 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/enc.1 b/secure/usr.bin/openssl/man/enc.1 index 59f4db9f79a8f..be545c1882ac6 100644 --- a/secure/usr.bin/openssl/man/enc.1 +++ b/secure/usr.bin/openssl/man/enc.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "ENC 1" -.TH ENC 1 "2020-04-21" "1.1.1g" "OpenSSL" +.TH ENC 1 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -339,7 +339,7 @@ a strong block cipher, such as \s-1AES,\s0 in \s-1CBC\s0 mode. .PP All the block ciphers normally use PKCS#5 padding, also known as standard block padding. This allows a rudimentary integrity or password check to -be performed. However since the chance of random data passing the test +be performed. However, since the chance of random data passing the test is better than 1 in 256 it isn't a very good test. .PP If padding is disabled then the input data must be a multiple of the cipher @@ -535,7 +535,7 @@ The default digest was changed from \s-1MD5\s0 to \s-1SHA256\s0 in OpenSSL 1.1.0 The \fB\-list\fR option was added in OpenSSL 1.1.1e. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/secure/usr.bin/openssl/man/engine.1 b/secure/usr.bin/openssl/man/engine.1 index 023d86d137928..3268bb11f0290 100644 --- a/secure/usr.bin/openssl/man/engine.1 +++ b/secure/usr.bin/openssl/man/engine.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "ENGINE 1" -.TH ENGINE 1 "2020-04-21" "1.1.1g" "OpenSSL" +.TH ENGINE 1 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/errstr.1 b/secure/usr.bin/openssl/man/errstr.1 index ecbe0f7e5215c..52b6b428cd08d 100644 --- a/secure/usr.bin/openssl/man/errstr.1 +++ b/secure/usr.bin/openssl/man/errstr.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "ERRSTR 1" -.TH ERRSTR 1 "2020-04-21" "1.1.1g" "OpenSSL" +.TH ERRSTR 1 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/gendsa.1 b/secure/usr.bin/openssl/man/gendsa.1 index 4f8aef9e2b2e0..15658ea495641 100644 --- a/secure/usr.bin/openssl/man/gendsa.1 +++ b/secure/usr.bin/openssl/man/gendsa.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "GENDSA 1" -.TH GENDSA 1 "2020-04-21" "1.1.1g" "OpenSSL" +.TH GENDSA 1 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/genpkey.1 b/secure/usr.bin/openssl/man/genpkey.1 index 306a9e3b2608a..456c7c4ed1e9e 100644 --- a/secure/usr.bin/openssl/man/genpkey.1 +++ b/secure/usr.bin/openssl/man/genpkey.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "GENPKEY 1" -.TH GENPKEY 1 "2020-04-21" "1.1.1g" "OpenSSL" +.TH GENPKEY 1 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/genrsa.1 b/secure/usr.bin/openssl/man/genrsa.1 index db33f4ee342c3..0c1492e4ee30a 100644 --- a/secure/usr.bin/openssl/man/genrsa.1 +++ b/secure/usr.bin/openssl/man/genrsa.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "GENRSA 1" -.TH GENRSA 1 "2020-04-21" "1.1.1g" "OpenSSL" +.TH GENRSA 1 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/list.1 b/secure/usr.bin/openssl/man/list.1 index 5f6448048c1e3..f5fedebae5447 100644 --- a/secure/usr.bin/openssl/man/list.1 +++ b/secure/usr.bin/openssl/man/list.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "LIST 1" -.TH LIST 1 "2020-04-21" "1.1.1g" "OpenSSL" +.TH LIST 1 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/nseq.1 b/secure/usr.bin/openssl/man/nseq.1 index 5abbcc273eed0..813ea870ff396 100644 --- a/secure/usr.bin/openssl/man/nseq.1 +++ b/secure/usr.bin/openssl/man/nseq.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "NSEQ 1" -.TH NSEQ 1 "2020-04-21" "1.1.1g" "OpenSSL" +.TH NSEQ 1 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/ocsp.1 b/secure/usr.bin/openssl/man/ocsp.1 index 869d56db85d90..d6b548fb61d17 100644 --- a/secure/usr.bin/openssl/man/ocsp.1 +++ b/secure/usr.bin/openssl/man/ocsp.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "OCSP 1" -.TH OCSP 1 "2020-04-21" "1.1.1g" "OpenSSL" +.TH OCSP 1 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -294,7 +294,7 @@ Specify the responder \s-1URL.\s0 Both \s-1HTTP\s0 and \s-1HTTPS\s0 (\s-1SSL/TLS .IP "\fB\-host hostname:port\fR, \fB\-path pathname\fR" 4 .IX Item "-host hostname:port, -path pathname" If the \fBhost\fR option is present then the \s-1OCSP\s0 request is sent to the host -\&\fBhostname\fR on port \fBport\fR. \fBpath\fR specifies the \s-1HTTP\s0 path name to use +\&\fBhostname\fR on port \fBport\fR. \fBpath\fR specifies the \s-1HTTP\s0 pathname to use or \*(L"/\*(R" by default. This is equivalent to specifying \fB\-url\fR with scheme http:// and the given hostname, port, and pathname. .IP "\fB\-header name=value\fR" 4 @@ -576,7 +576,7 @@ to a second file. The \-no_alt_chains option was added in OpenSSL 1.1.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2001\-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2001\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/secure/usr.bin/openssl/man/openssl.1 b/secure/usr.bin/openssl/man/openssl.1 index 7095664444298..3fb70a284b694 100644 --- a/secure/usr.bin/openssl/man/openssl.1 +++ b/secure/usr.bin/openssl/man/openssl.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "OPENSSL 1" -.TH OPENSSL 1 "2020-04-21" "1.1.1g" "OpenSSL" +.TH OPENSSL 1 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/passwd.1 b/secure/usr.bin/openssl/man/passwd.1 index 21b394a7ccfb3..473e6e7b3490b 100644 --- a/secure/usr.bin/openssl/man/passwd.1 +++ b/secure/usr.bin/openssl/man/passwd.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "PASSWD 1" -.TH PASSWD 1 "2020-04-21" "1.1.1g" "OpenSSL" +.TH PASSWD 1 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/pkcs12.1 b/secure/usr.bin/openssl/man/pkcs12.1 index 1e48ec620db41..5603267406597 100644 --- a/secure/usr.bin/openssl/man/pkcs12.1 +++ b/secure/usr.bin/openssl/man/pkcs12.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "PKCS12 1" -.TH PKCS12 1 "2020-04-21" "1.1.1g" "OpenSSL" +.TH PKCS12 1 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -338,7 +338,7 @@ This option is only interpreted by \s-1MSIE\s0 and similar \s-1MS\s0 software. N encryption purposes but arbitrary length keys for signing. The \fB\-keysig\fR option marks the key for signing only. Signing only keys can be used for S/MIME signing, authenticode (ActiveX control signing) and \s-1SSL\s0 client -authentication, however due to a bug only \s-1MSIE 5.0\s0 and later support +authentication, however, due to a bug only \s-1MSIE 5.0\s0 and later support the use of signing only keys for \s-1SSL\s0 client authentication. .IP "\fB\-macalg digest\fR" 4 .IX Item "-macalg digest" @@ -471,7 +471,7 @@ Include some extra certificates: \&\fBpkcs8\fR\|(1) .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/secure/usr.bin/openssl/man/pkcs7.1 b/secure/usr.bin/openssl/man/pkcs7.1 index aff6d5ad1b989..0b00ef0c4900f 100644 --- a/secure/usr.bin/openssl/man/pkcs7.1 +++ b/secure/usr.bin/openssl/man/pkcs7.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "PKCS7 1" -.TH PKCS7 1 "2020-04-21" "1.1.1g" "OpenSSL" +.TH PKCS7 1 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/pkcs8.1 b/secure/usr.bin/openssl/man/pkcs8.1 index 094606cc8538f..54b7f7adfa03a 100644 --- a/secure/usr.bin/openssl/man/pkcs8.1 +++ b/secure/usr.bin/openssl/man/pkcs8.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "PKCS8 1" -.TH PKCS8 1 "2020-04-21" "1.1.1g" "OpenSSL" +.TH PKCS8 1 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -406,7 +406,7 @@ one million iterations of the password: Test vectors from this PKCS#5 v2.0 implementation were posted to the pkcs-tng mailing list using triple \s-1DES, DES\s0 and \s-1RC2\s0 with high iteration counts, several people confirmed that they could decrypt the private -keys produced and Therefore it can be assumed that the PKCS#5 v2.0 +keys produced and therefore, it can be assumed that the PKCS#5 v2.0 implementation is reasonably accurate at least as far as these algorithms are concerned. .PP @@ -426,7 +426,7 @@ in use and other details such as the iteration count. The \fB\-iter\fR option was added in OpenSSL 1.1.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/secure/usr.bin/openssl/man/pkey.1 b/secure/usr.bin/openssl/man/pkey.1 index 6f8dd501a0edf..b84dfe671b819 100644 --- a/secure/usr.bin/openssl/man/pkey.1 +++ b/secure/usr.bin/openssl/man/pkey.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "PKEY 1" -.TH PKEY 1 "2020-04-21" "1.1.1g" "OpenSSL" +.TH PKEY 1 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/pkeyparam.1 b/secure/usr.bin/openssl/man/pkeyparam.1 index 8be1d7881ef5f..45581e7182718 100644 --- a/secure/usr.bin/openssl/man/pkeyparam.1 +++ b/secure/usr.bin/openssl/man/pkeyparam.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "PKEYPARAM 1" -.TH PKEYPARAM 1 "2020-04-21" "1.1.1g" "OpenSSL" +.TH PKEYPARAM 1 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/pkeyutl.1 b/secure/usr.bin/openssl/man/pkeyutl.1 index e3634ff71f00f..e052841661c5d 100644 --- a/secure/usr.bin/openssl/man/pkeyutl.1 +++ b/secure/usr.bin/openssl/man/pkeyutl.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "PKEYUTL 1" -.TH PKEYUTL 1 "2020-04-21" "1.1.1g" "OpenSSL" +.TH PKEYUTL 1 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -172,7 +172,7 @@ openssl\-pkeyutl, pkeyutl \- public key algorithm utility [\fB\-engine_impl\fR] .SH "DESCRIPTION" .IX Header "DESCRIPTION" -The \fBpkeyutl\fR command can be used to perform low level public key operations +The \fBpkeyutl\fR command can be used to perform low-level public key operations using any supported algorithm. .SH "OPTIONS" .IX Header "OPTIONS" @@ -420,7 +420,7 @@ seed consisting of the single byte 0xFF: \&\fBEVP_PKEY_CTX_set_hkdf_md\fR\|(3), \fBEVP_PKEY_CTX_set_tls1_prf_md\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2006\-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2006\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/secure/usr.bin/openssl/man/prime.1 b/secure/usr.bin/openssl/man/prime.1 index 5f31f0d7fcbfa..2950c72640023 100644 --- a/secure/usr.bin/openssl/man/prime.1 +++ b/secure/usr.bin/openssl/man/prime.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "PRIME 1" -.TH PRIME 1 "2020-04-21" "1.1.1g" "OpenSSL" +.TH PRIME 1 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/rand.1 b/secure/usr.bin/openssl/man/rand.1 index d30b3f8dd12b5..327d080819e4d 100644 --- a/secure/usr.bin/openssl/man/rand.1 +++ b/secure/usr.bin/openssl/man/rand.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "RAND 1" -.TH RAND 1 "2020-04-21" "1.1.1g" "OpenSSL" +.TH RAND 1 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/req.1 b/secure/usr.bin/openssl/man/req.1 index 85d0ae85b1671..0db8402204fa8 100644 --- a/secure/usr.bin/openssl/man/req.1 +++ b/secure/usr.bin/openssl/man/req.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "REQ 1" -.TH REQ 1 "2020-04-21" "1.1.1g" "OpenSSL" +.TH REQ 1 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/rsa.1 b/secure/usr.bin/openssl/man/rsa.1 index 1806a329dac8a..9e73ff5505fbb 100644 --- a/secure/usr.bin/openssl/man/rsa.1 +++ b/secure/usr.bin/openssl/man/rsa.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "RSA 1" -.TH RSA 1 "2020-04-21" "1.1.1g" "OpenSSL" +.TH RSA 1 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/rsautl.1 b/secure/usr.bin/openssl/man/rsautl.1 index dde1a3f599ee3..934745f1f1c53 100644 --- a/secure/usr.bin/openssl/man/rsautl.1 +++ b/secure/usr.bin/openssl/man/rsautl.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "RSAUTL 1" -.TH RSAUTL 1 "2020-04-21" "1.1.1g" "OpenSSL" +.TH RSAUTL 1 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/s_client.1 b/secure/usr.bin/openssl/man/s_client.1 index 85c44063096ca..a4e5f7cb33f99 100644 --- a/secure/usr.bin/openssl/man/s_client.1 +++ b/secure/usr.bin/openssl/man/s_client.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "S_CLIENT 1" -.TH S_CLIENT 1 "2020-04-21" "1.1.1g" "OpenSSL" +.TH S_CLIENT 1 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -512,10 +512,10 @@ with \fBenable-ssl-trace\fR for this option to work. File to send output of \fB\-msg\fR or \fB\-trace\fR to, default standard output. .IP "\fB\-nbio_test\fR" 4 .IX Item "-nbio_test" -Tests non-blocking I/O +Tests nonblocking I/O .IP "\fB\-nbio\fR" 4 .IX Item "-nbio" -Turns on non-blocking I/O +Turns on nonblocking I/O .IP "\fB\-crlf\fR" 4 .IX Item "-crlf" This option translated a line feed from the terminal into \s-1CR+LF\s0 as required @@ -812,14 +812,14 @@ is that a web client complains it has no certificates or gives an empty list to choose from. This is normally because the server is not sending the clients certificate authority in its \*(L"acceptable \s-1CA\s0 list\*(R" when it requests a certificate. By using \fBs_client\fR the \s-1CA\s0 list can be viewed -and checked. However some servers only request client authentication +and checked. However, some servers only request client authentication after a specific \s-1URL\s0 is requested. To obtain the list in this case it is necessary to use the \fB\-prexit\fR option and send an \s-1HTTP\s0 request for an appropriate page. .PP If a certificate is specified on the command line using the \fB\-cert\fR option it will not be used unless the server specifically requests -a client certificate. Therefor merely including a client certificate +a client certificate. Therefore, merely including a client certificate on the command line is no guarantee that the certificate works. .PP If there are problems verifying a server certificate then the diff --git a/secure/usr.bin/openssl/man/s_server.1 b/secure/usr.bin/openssl/man/s_server.1 index 14c32207f8b12..85ffc65e1937e 100644 --- a/secure/usr.bin/openssl/man/s_server.1 +++ b/secure/usr.bin/openssl/man/s_server.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "S_SERVER 1" -.TH S_SERVER 1 "2020-04-21" "1.1.1g" "OpenSSL" +.TH S_SERVER 1 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -519,9 +519,9 @@ used in conjunction with \fB\-early_data\fR. .IP "\fB\-id_prefix val\fR" 4 .IX Item "-id_prefix val" Generate \s-1SSL/TLS\s0 session IDs prefixed by \fBval\fR. This is mostly useful -for testing any \s-1SSL/TLS\s0 code (eg. proxies) that wish to deal with multiple +for testing any \s-1SSL/TLS\s0 code (e.g. proxies) that wish to deal with multiple servers, when each of which might be generating a unique range of session -IDs (eg. with a certain prefix). +IDs (e.g. with a certain prefix). .IP "\fB\-rand file...\fR" 4 .IX Item "-rand file..." A file or files containing random data used to seed the random number @@ -860,7 +860,7 @@ The \&\-allow\-no\-dhe\-kex and \-prioritize_chacha options were added in OpenSSL 1.1.1. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/secure/usr.bin/openssl/man/s_time.1 b/secure/usr.bin/openssl/man/s_time.1 index 9c86080635535..731eac1bc467f 100644 --- a/secure/usr.bin/openssl/man/s_time.1 +++ b/secure/usr.bin/openssl/man/s_time.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "S_TIME 1" -.TH S_TIME 1 "2020-04-21" "1.1.1g" "OpenSSL" +.TH S_TIME 1 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -290,14 +290,14 @@ is that a web client complains it has no certificates or gives an empty list to choose from. This is normally because the server is not sending the clients certificate authority in its \*(L"acceptable \s-1CA\s0 list\*(R" when it requests a certificate. By using \fBs_client\fR\|(1) the \s-1CA\s0 list can be -viewed and checked. However some servers only request client authentication +viewed and checked. However, some servers only request client authentication after a specific \s-1URL\s0 is requested. To obtain the list in this case it is necessary to use the \fB\-prexit\fR option of \fBs_client\fR\|(1) and send an \s-1HTTP\s0 request for an appropriate page. .PP If a certificate is specified on the command line using the \fB\-cert\fR option it will not be used unless the server specifically requests -a client certificate. Therefor merely including a client certificate +a client certificate. Therefore, merely including a client certificate on the command line is no guarantee that the certificate works. .SH "BUGS" .IX Header "BUGS" diff --git a/secure/usr.bin/openssl/man/sess_id.1 b/secure/usr.bin/openssl/man/sess_id.1 index 2e0352de2217b..ad4f3dc264a79 100644 --- a/secure/usr.bin/openssl/man/sess_id.1 +++ b/secure/usr.bin/openssl/man/sess_id.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SESS_ID 1" -.TH SESS_ID 1 "2020-04-21" "1.1.1g" "OpenSSL" +.TH SESS_ID 1 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -253,7 +253,7 @@ The \s-1PEM\s0 encoded session format uses the header and footer lines: .PP Since the \s-1SSL\s0 session output contains the master key it is possible to read the contents of an encrypted session using this -information. Therefore appropriate security precautions should be taken if +information. Therefore, appropriate security precautions should be taken if the information is being output by a \*(L"real\*(R" application. This is however strongly discouraged and should only be used for debugging purposes. .SH "BUGS" diff --git a/secure/usr.bin/openssl/man/smime.1 b/secure/usr.bin/openssl/man/smime.1 index f8e2b93b5c4bb..68fb2dbf36b69 100644 --- a/secure/usr.bin/openssl/man/smime.1 +++ b/secure/usr.bin/openssl/man/smime.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SMIME 1" -.TH SMIME 1 "2020-04-21" "1.1.1g" "OpenSSL" +.TH SMIME 1 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/speed.1 b/secure/usr.bin/openssl/man/speed.1 index c55a1e9c18af4..a2a25fa44d928 100644 --- a/secure/usr.bin/openssl/man/speed.1 +++ b/secure/usr.bin/openssl/man/speed.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SPEED 1" -.TH SPEED 1 "2020-04-21" "1.1.1g" "OpenSSL" +.TH SPEED 1 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/spkac.1 b/secure/usr.bin/openssl/man/spkac.1 index 2d3186e38a43a..e8c4af4600508 100644 --- a/secure/usr.bin/openssl/man/spkac.1 +++ b/secure/usr.bin/openssl/man/spkac.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SPKAC 1" -.TH SPKAC 1 "2020-04-21" "1.1.1g" "OpenSSL" +.TH SPKAC 1 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/srp.1 b/secure/usr.bin/openssl/man/srp.1 index a73da053d40c1..6d618276fa358 100644 --- a/secure/usr.bin/openssl/man/srp.1 +++ b/secure/usr.bin/openssl/man/srp.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SRP 1" -.TH SRP 1 "2020-04-21" "1.1.1g" "OpenSSL" +.TH SRP 1 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/storeutl.1 b/secure/usr.bin/openssl/man/storeutl.1 index 1a72953d4c0b9..80096577df672 100644 --- a/secure/usr.bin/openssl/man/storeutl.1 +++ b/secure/usr.bin/openssl/man/storeutl.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "STOREUTL 1" -.TH STOREUTL 1 "2020-04-21" "1.1.1g" "OpenSSL" +.TH STOREUTL 1 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/ts.1 b/secure/usr.bin/openssl/man/ts.1 index 73cc9e5605cd1..463ca106586ce 100644 --- a/secure/usr.bin/openssl/man/ts.1 +++ b/secure/usr.bin/openssl/man/ts.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "TS 1" -.TH TS 1 "2020-04-21" "1.1.1g" "OpenSSL" +.TH TS 1 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -229,19 +229,19 @@ The \s-1TSA\s0 client computes a one-way hash value for a data file and sends the hash to the \s-1TSA.\s0 .IP "2." 4 The \s-1TSA\s0 attaches the current date and time to the received hash value, -signs them and sends the time stamp token back to the client. By +signs them and sends the timestamp token back to the client. By creating this token the \s-1TSA\s0 certifies the existence of the original data file at the time of response generation. .IP "3." 4 -The \s-1TSA\s0 client receives the time stamp token and verifies the +The \s-1TSA\s0 client receives the timestamp token and verifies the signature on it. It also checks if the token contains the same hash value that it had sent to the \s-1TSA.\s0 .PP -There is one \s-1DER\s0 encoded protocol data unit defined for transporting a time -stamp request to the \s-1TSA\s0 and one for sending the time stamp response +There is one \s-1DER\s0 encoded protocol data unit defined for transporting +a timestamp request to the \s-1TSA\s0 and one for sending the timestamp response back to the client. The \fBts\fR command has three main functions: -creating a time stamp request based on a data file, -creating a time stamp response based on a request, verifying if a +creating a timestamp request based on a data file, +creating a timestamp response based on a request, verifying if a response corresponds to a particular request or a data file. .PP There is no support for sending the requests/responses automatically @@ -251,7 +251,7 @@ requests either by ftp or e\-mail. .IX Header "OPTIONS" .SS "Time Stamp Request generation" .IX Subsection "Time Stamp Request generation" -The \fB\-query\fR switch can be used for creating and printing a time stamp +The \fB\-query\fR switch can be used for creating and printing a timestamp request with the following options: .IP "\fB\-rand file...\fR" 4 .IX Item "-rand file..." @@ -271,7 +271,7 @@ Optional; for a description of the default value, see \*(L"\s-1COMMAND SUMMARY\*(R"\s0 in \fBopenssl\fR\|(1). .IP "\fB\-data\fR file_to_hash" 4 .IX Item "-data file_to_hash" -The data file for which the time stamp request needs to be +The data file for which the timestamp request needs to be created. stdin is the default if neither the \fB\-data\fR nor the \fB\-digest\fR parameter is specified. (Optional) .IP "\fB\-digest\fR digest_bytes" 4 @@ -289,7 +289,7 @@ The default is \s-1SHA\-1.\s0 (Optional) .IP "\fB\-tspolicy\fR object_id" 4 .IX Item "-tspolicy object_id" The policy that the client expects the \s-1TSA\s0 to use for creating the -time stamp token. Either the dotted \s-1OID\s0 notation or \s-1OID\s0 names defined +timestamp token. Either the dotted \s-1OID\s0 notation or \s-1OID\s0 names defined in the config file can be used. If no policy is requested the \s-1TSA\s0 will use its own default policy. (Optional) .IP "\fB\-no_nonce\fR" 4 @@ -304,7 +304,7 @@ The \s-1TSA\s0 is expected to include its signing certificate in the response. (Optional) .IP "\fB\-in\fR request.tsq" 4 .IX Item "-in request.tsq" -This option specifies a previously created time stamp request in \s-1DER\s0 +This option specifies a previously created timestamp request in \s-1DER\s0 format that will be printed into the output file. Useful when you need to examine the content of a request in human-readable format. (Optional) @@ -318,13 +318,13 @@ If this option is specified the output is human-readable text format instead of \s-1DER.\s0 (Optional) .SS "Time Stamp Response generation" .IX Subsection "Time Stamp Response generation" -A time stamp response (TimeStampResp) consists of a response status -and the time stamp token itself (ContentInfo), if the token generation was -successful. The \fB\-reply\fR command is for creating a time stamp -response or time stamp token based on a request and printing the +A timestamp response (TimeStampResp) consists of a response status +and the timestamp token itself (ContentInfo), if the token generation was +successful. The \fB\-reply\fR command is for creating a timestamp +response or timestamp token based on a request and printing the response/token in human-readable format. If \fB\-token_out\fR is not -specified the output is always a time stamp response (TimeStampResp), -otherwise it is a time stamp token (ContentInfo). +specified the output is always a timestamp response (TimeStampResp), +otherwise it is a timestamp token (ContentInfo). .IP "\fB\-config\fR configfile" 4 .IX Item "-config configfile" The configuration file to use. @@ -338,7 +338,7 @@ response generation. If not specified the default \s-1TSA\s0 section is used, see \fB\s-1CONFIGURATION FILE OPTIONS\s0\fR for details. (Optional) .IP "\fB\-queryfile\fR request.tsq" 4 .IX Item "-queryfile request.tsq" -The name of the file containing a \s-1DER\s0 encoded time stamp request. (Optional) +The name of the file containing a \s-1DER\s0 encoded timestamp request. (Optional) .IP "\fB\-passin\fR password_src" 4 .IX Item "-passin password_src" Specifies the password source for the private key of the \s-1TSA.\s0 See @@ -376,18 +376,18 @@ either in dotted notation or with its name. Overrides the \&\fBdefault_policy\fR config file option. (Optional) .IP "\fB\-in\fR response.tsr" 4 .IX Item "-in response.tsr" -Specifies a previously created time stamp response or time stamp token +Specifies a previously created timestamp response or timestamp token (if \fB\-token_in\fR is also specified) in \s-1DER\s0 format that will be written to the output file. This option does not require a request, it is useful e.g. when you need to examine the content of a response or -token or you want to extract the time stamp token from a response. If -the input is a token and the output is a time stamp response a default +token or you want to extract the timestamp token from a response. If +the input is a token and the output is a timestamp response a default \&'granted' status info is added to the token. (Optional) .IP "\fB\-token_in\fR" 4 .IX Item "-token_in" This flag can be used together with the \fB\-in\fR option and indicates -that the input is a \s-1DER\s0 encoded time stamp token (ContentInfo) instead -of a time stamp response (TimeStampResp). (Optional) +that the input is a \s-1DER\s0 encoded timestamp token (ContentInfo) instead +of a timestamp response (TimeStampResp). (Optional) .IP "\fB\-out\fR response.tsr" 4 .IX Item "-out response.tsr" The response is written to this file. The format and content of the @@ -395,7 +395,7 @@ file depends on other options (see \fB\-text\fR, \fB\-token_out\fR). The default stdout. (Optional) .IP "\fB\-token_out\fR" 4 .IX Item "-token_out" -The output is a time stamp token (ContentInfo) instead of time stamp +The output is a timestamp token (ContentInfo) instead of timestamp response (TimeStampResp). (Optional) .IP "\fB\-text\fR" 4 .IX Item "-text" @@ -409,8 +409,8 @@ thus initialising it if needed. The engine will then be set as the default for all available algorithms. Default is builtin. (Optional) .SS "Time Stamp Response verification" .IX Subsection "Time Stamp Response verification" -The \fB\-verify\fR command is for verifying if a time stamp response or time -stamp token is valid and matches a particular time stamp request or +The \fB\-verify\fR command is for verifying if a timestamp response or +timestamp token is valid and matches a particular timestamp request or data file. The \fB\-verify\fR command does not use the configuration file. .IP "\fB\-data\fR file_to_hash" 4 .IX Item "-data file_to_hash" @@ -426,16 +426,16 @@ specified in the token. The \fB\-data\fR and \fB\-queryfile\fR options must not specified with this one. (Optional) .IP "\fB\-queryfile\fR request.tsq" 4 .IX Item "-queryfile request.tsq" -The original time stamp request in \s-1DER\s0 format. The \fB\-data\fR and \fB\-digest\fR +The original timestamp request in \s-1DER\s0 format. The \fB\-data\fR and \fB\-digest\fR options must not be specified with this one. (Optional) .IP "\fB\-in\fR response.tsr" 4 .IX Item "-in response.tsr" -The time stamp response that needs to be verified in \s-1DER\s0 format. (Mandatory) +The timestamp response that needs to be verified in \s-1DER\s0 format. (Mandatory) .IP "\fB\-token_in\fR" 4 .IX Item "-token_in" This flag can be used together with the \fB\-in\fR option and indicates -that the input is a \s-1DER\s0 encoded time stamp token (ContentInfo) instead -of a time stamp response (TimeStampResp). (Optional) +that the input is a \s-1DER\s0 encoded timestamp token (ContentInfo) instead +of a timestamp response (TimeStampResp). (Optional) .IP "\fB\-CApath\fR trusted_cert_path" 4 .IX Item "-CApath trusted_cert_path" The name of the directory containing the trusted \s-1CA\s0 certificates of the @@ -494,7 +494,7 @@ See \fBca\fR\|(1) for description. (Optional) .IP "\fBserial\fR" 4 .IX Item "serial" The name of the file containing the hexadecimal serial number of the -last time stamp response created. This number is incremented by 1 for +last timestamp response created. This number is incremented by 1 for each response. If the file does not exist at the time of response generation a new file is created with serial number 1. (Mandatory) .IP "\fBcrypto_device\fR" 4 @@ -541,7 +541,7 @@ the components is missing zero is assumed for that field. (Optional) .IP "\fBclock_precision_digits\fR" 4 .IX Item "clock_precision_digits" Specifies the maximum number of digits, which represent the fraction of -seconds, that need to be included in the time field. The trailing zeroes +seconds, that need to be included in the time field. The trailing zeros must be removed from the time, so there might actually be fewer digits, or no fraction of seconds at all. Supported only on \s-1UNIX\s0 platforms. The maximum value is 6, default is 0. @@ -576,7 +576,7 @@ configuration file, e.g. the example configuration file openssl/apps/openssl.cnf will do. .SS "Time Stamp Request" .IX Subsection "Time Stamp Request" -To create a time stamp request for design1.txt with \s-1SHA\-1\s0 +To create a timestamp request for design1.txt with \s-1SHA\-1\s0 without nonce and policy and no certificate is required in the response: .PP .Vb 2 @@ -584,7 +584,7 @@ without nonce and policy and no certificate is required in the response: \& \-out design1.tsq .Ve .PP -To create a similar time stamp request with specifying the message imprint +To create a similar timestamp request with specifying the message imprint explicitly: .PP .Vb 2 @@ -598,7 +598,7 @@ To print the content of the previous request in human readable format: \& openssl ts \-query \-in design1.tsq \-text .Ve .PP -To create a time stamp request which includes the \s-1MD\-5\s0 digest +To create a timestamp request which includes the \s-1MD\-5\s0 digest of design2.txt, requests the signer certificate and nonce, specifies a policy id (assuming the tsa_policy1 name is defined in the \&\s-1OID\s0 section of the config file): @@ -623,7 +623,7 @@ below assume that cacert.pem contains the certificate of the \s-1CA,\s0 tsacert.pem is the signing certificate issued by cacert.pem and tsakey.pem is the private key of the \s-1TSA.\s0 .PP -To create a time stamp response for a request: +To create a timestamp response for a request: .PP .Vb 2 \& openssl ts \-reply \-queryfile design1.tsq \-inkey tsakey.pem \e @@ -636,31 +636,31 @@ If you want to use the settings in the config file you could just write: \& openssl ts \-reply \-queryfile design1.tsq \-out design1.tsr .Ve .PP -To print a time stamp reply to stdout in human readable format: +To print a timestamp reply to stdout in human readable format: .PP .Vb 1 \& openssl ts \-reply \-in design1.tsr \-text .Ve .PP -To create a time stamp token instead of time stamp response: +To create a timestamp token instead of timestamp response: .PP .Vb 1 \& openssl ts \-reply \-queryfile design1.tsq \-out design1_token.der \-token_out .Ve .PP -To print a time stamp token to stdout in human readable format: +To print a timestamp token to stdout in human readable format: .PP .Vb 1 \& openssl ts \-reply \-in design1_token.der \-token_in \-text \-token_out .Ve .PP -To extract the time stamp token from a response: +To extract the timestamp token from a response: .PP .Vb 1 \& openssl ts \-reply \-in design1.tsr \-out design1_token.der \-token_out .Ve .PP -To add 'granted' status info to a time stamp token thereby creating a +To add 'granted' status info to a timestamp token thereby creating a valid response: .PP .Vb 1 @@ -668,25 +668,25 @@ valid response: .Ve .SS "Time Stamp Verification" .IX Subsection "Time Stamp Verification" -To verify a time stamp reply against a request: +To verify a timestamp reply against a request: .PP .Vb 2 \& openssl ts \-verify \-queryfile design1.tsq \-in design1.tsr \e \& \-CAfile cacert.pem \-untrusted tsacert.pem .Ve .PP -To verify a time stamp reply that includes the certificate chain: +To verify a timestamp reply that includes the certificate chain: .PP .Vb 2 \& openssl ts \-verify \-queryfile design2.tsq \-in design2.tsr \e \& \-CAfile cacert.pem .Ve .PP -To verify a time stamp token against the original data file: +To verify a timestamp token against the original data file: openssl ts \-verify \-data design2.txt \-in design2.tsr \e \-CAfile cacert.pem .PP -To verify a time stamp token against a message imprint: +To verify a timestamp token against a message imprint: openssl ts \-verify \-digest b7e5d3f93198b38379852f2c04e78d73abdd0f4b \e \-in design2.tsr \-CAfile cacert.pem .PP @@ -694,7 +694,7 @@ You could also look at the 'test' directory for more examples. .SH "BUGS" .IX Header "BUGS" .IP "\(bu" 2 -No support for time stamps over \s-1SMTP,\s0 though it is quite easy +No support for timestamps over \s-1SMTP,\s0 though it is quite easy to implement an automatic e\-mail based \s-1TSA\s0 with \fBprocmail\fR\|(1) and \fBperl\fR\|(1). \s-1HTTP\s0 server support is provided in the form of a separate apache module. \s-1HTTP\s0 client support is provided by @@ -702,7 +702,7 @@ a separate apache module. \s-1HTTP\s0 client support is provided by .IP "\(bu" 2 The file containing the last serial number of the \s-1TSA\s0 is not locked when being read or written. This is a problem if more than one -instance of \fBopenssl\fR\|(1) is trying to create a time stamp +instance of \fBopenssl\fR\|(1) is trying to create a timestamp response at the same time. This is not an issue when using the apache server module, it does proper locking. .IP "\(bu" 2 @@ -719,7 +719,7 @@ test/testtsa). \&\fBconfig\fR\|(5) .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2006\-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2006\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/secure/usr.bin/openssl/man/tsget.1 b/secure/usr.bin/openssl/man/tsget.1 index 6db147115f07f..a54be045411c2 100644 --- a/secure/usr.bin/openssl/man/tsget.1 +++ b/secure/usr.bin/openssl/man/tsget.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "TSGET 1" -.TH TSGET 1 "2020-04-21" "1.1.1g" "OpenSSL" +.TH TSGET 1 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -158,15 +158,15 @@ openssl\-tsget, tsget \- Time Stamping HTTP/HTTPS client [request]... .SH "DESCRIPTION" .IX Header "DESCRIPTION" -The \fBtsget\fR command can be used for sending a time stamp request, as -specified in \fB\s-1RFC 3161\s0\fR, to a time stamp server over \s-1HTTP\s0 or \s-1HTTPS\s0 and storing -the time stamp response in a file. This tool cannot be used for creating the +The \fBtsget\fR command can be used for sending a timestamp request, as +specified in \fB\s-1RFC 3161\s0\fR, to a timestamp server over \s-1HTTP\s0 or \s-1HTTPS\s0 and storing +the timestamp response in a file. This tool cannot be used for creating the requests and verifying responses, you can use the OpenSSL \fB\fBts\fB\|(1)\fR command to do that. \fBtsget\fR can send several requests to the server without closing the \s-1TCP\s0 connection if more than one requests are specified on the command line. .PP -The tool sends the following \s-1HTTP\s0 request for each time stamp request: +The tool sends the following \s-1HTTP\s0 request for each timestamp request: .PP .Vb 7 \& POST url HTTP/1.1 @@ -186,7 +186,7 @@ written to a file without any interpretation. .IX Header "OPTIONS" .IP "\fB\-h\fR server_url" 4 .IX Item "-h server_url" -The \s-1URL\s0 of the \s-1HTTP/HTTPS\s0 server listening for time stamp requests. +The \s-1URL\s0 of the \s-1HTTP/HTTPS\s0 server listening for timestamp requests. .IP "\fB\-e\fR extension" 4 .IX Item "-e extension" If the \fB\-o\fR option is not given this argument specifies the extension of the @@ -195,8 +195,8 @@ the input files. Default extension is '.tsr'. (Optional) .IP "\fB\-o\fR output" 4 .IX Item "-o output" This option can be specified only when just one request is sent to the -server. The time stamp response will be written to the given output file. '\-' -means standard output. In case of multiple time stamp requests or the absence +server. The timestamp response will be written to the given output file. '\-' +means standard output. In case of multiple timestamp requests or the absence of this argument the names of the output files will be derived from the names of the input files and the default or specified extension argument. (Optional) .IP "\fB\-v\fR" 4 @@ -245,7 +245,7 @@ MS-Windows, \fB,\fR for \s-1VMS\s0 and \fB:\fR for all other platforms. (Optiona The name of an \s-1EGD\s0 socket to get random data from. (Optional) .IP "[request]..." 4 .IX Item "[request]..." -List of files containing \fB\s-1RFC 3161\s0\fR DER-encoded time stamp requests. If no +List of files containing \fB\s-1RFC 3161\s0\fR DER-encoded timestamp requests. If no requests are specified only one request will be sent to the server and it will be read from the standard input. (Optional) .SH "ENVIRONMENT VARIABLES" @@ -256,18 +256,18 @@ arguments. .SH "EXAMPLES" .IX Header "EXAMPLES" The examples below presume that \fBfile1.tsq\fR and \fBfile2.tsq\fR contain valid -time stamp requests, tsa.opentsa.org listens at port 8080 for \s-1HTTP\s0 requests +timestamp requests, tsa.opentsa.org listens at port 8080 for \s-1HTTP\s0 requests and at port 8443 for \s-1HTTPS\s0 requests, the \s-1TSA\s0 service is available at the /tsa absolute path. .PP -Get a time stamp response for file1.tsq over \s-1HTTP,\s0 output is written to +Get a timestamp response for file1.tsq over \s-1HTTP,\s0 output is written to file1.tsr: .PP .Vb 1 \& tsget \-h http://tsa.opentsa.org:8080/tsa file1.tsq .Ve .PP -Get a time stamp response for file1.tsq and file2.tsq over \s-1HTTP\s0 showing +Get a timestamp response for file1.tsq and file2.tsq over \s-1HTTP\s0 showing progress, output is written to file1.reply and file2.reply respectively: .PP .Vb 2 @@ -275,7 +275,7 @@ progress, output is written to file1.reply and file2.reply respectively: \& file1.tsq file2.tsq .Ve .PP -Create a time stamp request, write it to file3.tsq, send it to the server and +Create a timestamp request, write it to file3.tsq, send it to the server and write the response to file3.tsr: .PP .Vb 3 @@ -284,7 +284,7 @@ write the response to file3.tsr: \& \-o file3.tsr .Ve .PP -Get a time stamp response for file1.tsq over \s-1HTTPS\s0 without client +Get a timestamp response for file1.tsq over \s-1HTTPS\s0 without client authentication: .PP .Vb 2 @@ -292,7 +292,7 @@ authentication: \& \-C cacerts.pem file1.tsq .Ve .PP -Get a time stamp response for file1.tsq over \s-1HTTPS\s0 with certificate-based +Get a timestamp response for file1.tsq over \s-1HTTPS\s0 with certificate-based client authentication (it will ask for the passphrase if client_key.pem is protected): .PP @@ -317,7 +317,7 @@ example: \&\fB\s-1RFC 3161\s0\fR .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2006\-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2006\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/secure/usr.bin/openssl/man/verify.1 b/secure/usr.bin/openssl/man/verify.1 index c51a709d2315a..9293261ca9061 100644 --- a/secure/usr.bin/openssl/man/verify.1 +++ b/secure/usr.bin/openssl/man/verify.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "VERIFY 1" -.TH VERIFY 1 "2020-04-21" "1.1.1g" "OpenSSL" +.TH VERIFY 1 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -222,8 +222,11 @@ current system time. \fBtimestamp\fR is the number of seconds since 01.01.1970 (\s-1UNIX\s0 time). .IP "\fB\-check_ss_sig\fR" 4 .IX Item "-check_ss_sig" -Verify the signature on the self-signed root \s-1CA.\s0 This is disabled by default -because it doesn't add any security. +Verify the signature of +the last certificate in a chain if the certificate is supposedly self-signed. +This is prohibited and will result in an error if it is a non-conforming \s-1CA\s0 +certificate with key usage restrictions not including the keyCertSign bit. +This verification is disabled by default because it doesn't add any security. .IP "\fB\-CRLfile file\fR" 4 .IX Item "-CRLfile file" The \fBfile\fR should contain one or more CRLs in \s-1PEM\s0 format. @@ -420,7 +423,7 @@ in \s-1PEM\s0 format. .SH "VERIFY OPERATION" .IX Header "VERIFY OPERATION" The \fBverify\fR program uses the same functions as the internal \s-1SSL\s0 and S/MIME -verification, therefore this description applies to these verify operations +verification, therefore, this description applies to these verify operations too. .PP There is one crucial difference between the verify operations performed @@ -772,7 +775,7 @@ The \fB\-issuer_checks\fR option is deprecated as of OpenSSL 1.1.0 and is silently ignored. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/secure/usr.bin/openssl/man/version.1 b/secure/usr.bin/openssl/man/version.1 index 346fcf393d584..89bc84c873b41 100644 --- a/secure/usr.bin/openssl/man/version.1 +++ b/secure/usr.bin/openssl/man/version.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "VERSION 1" -.TH VERSION 1 "2020-04-21" "1.1.1g" "OpenSSL" +.TH VERSION 1 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/x509.1 b/secure/usr.bin/openssl/man/x509.1 index 6f6be727718c0..ac61455f8aa2d 100644 --- a/secure/usr.bin/openssl/man/x509.1 +++ b/secure/usr.bin/openssl/man/x509.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "X509 1" -.TH X509 1 "2020-04-21" "1.1.1g" "OpenSSL" +.TH X509 1 "2020-09-22" "1.1.1h" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -350,7 +350,7 @@ Prints out the start and expiry dates of a certificate. .IP "\fB\-checkend arg\fR" 4 .IX Item "-checkend arg" Checks if the certificate expires within the next \fBarg\fR seconds and exits -non-zero if yes it will expire or zero if not. +nonzero if yes it will expire or zero if not. .IP "\fB\-fingerprint\fR" 4 .IX Item "-fingerprint" Calculates and outputs the digest of the \s-1DER\s0 encoded version of the entire |