diff options
Diffstat (limited to 'doc/man3')
119 files changed, 293 insertions, 238 deletions
diff --git a/doc/man3/ASN1_INTEGER_get_int64.pod b/doc/man3/ASN1_INTEGER_get_int64.pod index d0a6a3c810a16..9b73290742d4e 100644 --- a/doc/man3/ASN1_INTEGER_get_int64.pod +++ b/doc/man3/ASN1_INTEGER_get_int64.pod @@ -119,7 +119,7 @@ L<ERR_get_error(3)> ASN1_INTEGER_set_int64(), ASN1_INTEGER_get_int64(), ASN1_ENUMERATED_set_int64() and ASN1_ENUMERATED_get_int64() -were added to OpenSSL 1.1.0. +were added in OpenSSL 1.1.0. =head1 COPYRIGHT diff --git a/doc/man3/ASYNC_WAIT_CTX_new.pod b/doc/man3/ASYNC_WAIT_CTX_new.pod index 204280210e042..e4d809c08fd16 100644 --- a/doc/man3/ASYNC_WAIT_CTX_new.pod +++ b/doc/man3/ASYNC_WAIT_CTX_new.pod @@ -127,10 +127,10 @@ L<crypto(7)>, L<ASYNC_start_job(3)> =head1 HISTORY -ASYNC_WAIT_CTX_new, ASYNC_WAIT_CTX_free, ASYNC_WAIT_CTX_set_wait_fd, -ASYNC_WAIT_CTX_get_fd, ASYNC_WAIT_CTX_get_all_fds, -ASYNC_WAIT_CTX_get_changed_fds, ASYNC_WAIT_CTX_clear_fd were first added to -OpenSSL 1.1.0. +ASYNC_WAIT_CTX_new(), ASYNC_WAIT_CTX_free(), ASYNC_WAIT_CTX_set_wait_fd(), +ASYNC_WAIT_CTX_get_fd(), ASYNC_WAIT_CTX_get_all_fds(), +ASYNC_WAIT_CTX_get_changed_fds() and ASYNC_WAIT_CTX_clear_fd() +were added in OpenSSL 1.1.0. =head1 COPYRIGHT diff --git a/doc/man3/ASYNC_start_job.pod b/doc/man3/ASYNC_start_job.pod index 21b77a96b95ea..9bd1044b266a9 100644 --- a/doc/man3/ASYNC_start_job.pod +++ b/doc/man3/ASYNC_start_job.pod @@ -317,7 +317,7 @@ L<crypto(7)>, L<ERR_print_errors(3)> ASYNC_init_thread, ASYNC_cleanup_thread, ASYNC_start_job, ASYNC_pause_job, ASYNC_get_current_job, ASYNC_get_wait_ctx(), ASYNC_block_pause(), ASYNC_unblock_pause() and ASYNC_is_capable() were first -added to OpenSSL 1.1.0. +added in OpenSSL 1.1.0. =head1 COPYRIGHT diff --git a/doc/man3/BIO_new_CMS.pod b/doc/man3/BIO_new_CMS.pod index b06c224f7180b..f8d4c3bde6ee3 100644 --- a/doc/man3/BIO_new_CMS.pod +++ b/doc/man3/BIO_new_CMS.pod @@ -61,7 +61,7 @@ L<CMS_encrypt(3)> =head1 HISTORY -BIO_new_CMS() was added to OpenSSL 1.0.0 +The BIO_new_CMS() function was added in OpenSSL 1.0.0. =head1 COPYRIGHT diff --git a/doc/man3/BN_generate_prime.pod b/doc/man3/BN_generate_prime.pod index b505841832ec6..b6e9145106bec 100644 --- a/doc/man3/BN_generate_prime.pod +++ b/doc/man3/BN_generate_prime.pod @@ -197,8 +197,8 @@ L<RSA_generate_key(3)>, L<ERR_get_error(3)>, L<RAND_bytes(3)> =head1 HISTORY -BN_GENCB_new(), BN_GENCB_free(), -and BN_GENCB_get_arg() were added in OpenSSL 1.1.0 +The BN_GENCB_new(), BN_GENCB_free(), +and BN_GENCB_get_arg() functions were added in OpenSSL 1.1.0. =head1 COPYRIGHT diff --git a/doc/man3/BN_rand.pod b/doc/man3/BN_rand.pod index eb0a6b13862fe..90b50ffc311e3 100644 --- a/doc/man3/BN_rand.pod +++ b/doc/man3/BN_rand.pod @@ -73,7 +73,8 @@ a future release. =item * -BN_priv_rand() and BN_priv_rand_range() were added in OpenSSL 1.1.1. +The +BN_priv_rand() and BN_priv_rand_range() functions were added in OpenSSL 1.1.1. =back diff --git a/doc/man3/BN_security_bits.pod b/doc/man3/BN_security_bits.pod index 1aed85a71a9c2..f6e5857a4eed3 100644 --- a/doc/man3/BN_security_bits.pod +++ b/doc/man3/BN_security_bits.pod @@ -33,7 +33,7 @@ function. The symmetric algorithms are not covered neither. =head1 HISTORY -BN_security_bits() was added in OpenSSL 1.1.0. +The BN_security_bits() function was added in OpenSSL 1.1.0. =head1 SEE ALSO diff --git a/doc/man3/BUF_MEM_new.pod b/doc/man3/BUF_MEM_new.pod index 61922502a3f1f..0c68f3776f7c5 100644 --- a/doc/man3/BUF_MEM_new.pod +++ b/doc/man3/BUF_MEM_new.pod @@ -61,7 +61,7 @@ L<CRYPTO_secure_malloc(3)>. =head1 HISTORY -BUF_MEM_new_ex() was added in OpenSSL 1.1.0. +The BUF_MEM_new_ex() function was added in OpenSSL 1.1.0. =head1 COPYRIGHT diff --git a/doc/man3/CMS_get0_type.pod b/doc/man3/CMS_get0_type.pod index cad8d3f66280f..bc38a09bdcbcb 100644 --- a/doc/man3/CMS_get0_type.pod +++ b/doc/man3/CMS_get0_type.pod @@ -16,11 +16,12 @@ CMS_get0_type, CMS_set1_eContentType, CMS_get0_eContentType, CMS_get0_content - =head1 DESCRIPTION CMS_get0_type() returns the content type of a CMS_ContentInfo structure as -and ASN1_OBJECT pointer. An application can then decide how to process the +an ASN1_OBJECT pointer. An application can then decide how to process the CMS_ContentInfo structure based on this value. CMS_set1_eContentType() sets the embedded content type of a CMS_ContentInfo -structure. It should be called with CMS functions with the B<CMS_PARTIAL> +structure. It should be called with CMS functions (such as L<CMS_sign>, L<CMS_encrypt>) +with the B<CMS_PARTIAL> flag and B<before> the structure is finalised, otherwise the results are undefined. @@ -60,7 +61,7 @@ embedded content as it is normally set by higher level functions. =head1 RETURN VALUES -CMS_get0_type() and CMS_get0_eContentType() return and ASN1_OBJECT structure. +CMS_get0_type() and CMS_get0_eContentType() return an ASN1_OBJECT structure. CMS_set1_eContentType() returns 1 for success or 0 if an error occurred. The error can be obtained from ERR_get_error(3). @@ -71,7 +72,7 @@ L<ERR_get_error(3)> =head1 COPYRIGHT -Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2008-2019 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/CONF_modules_load_file.pod b/doc/man3/CONF_modules_load_file.pod index ecf294a2c60dc..485cf797b12e9 100644 --- a/doc/man3/CONF_modules_load_file.pod +++ b/doc/man3/CONF_modules_load_file.pod @@ -28,13 +28,21 @@ reads configuration information from B<cnf>. The following B<flags> are currently recognized: -B<CONF_MFLAGS_IGNORE_ERRORS> if set errors returned by individual +If B<CONF_MFLAGS_IGNORE_ERRORS> is set errors returned by individual configuration modules are ignored. If not set the first module error is considered fatal and no further modules are loaded. Normally any modules errors will add error information to the error queue. If B<CONF_MFLAGS_SILENT> is set no error information is added. +If B<CONF_MFLAGS_IGNORE_RETURN_CODES> is set the function unconditionally +returns success. +This is used by default in L<OPENSSL_init_crypto(3)> to ignore any errors in +the default system-wide configuration file, as having all OpenSSL applications +fail to start when there are potentially minor issues in the file is too risky. +Applications calling B<CONF_modules_load_file> explicitly should not generally +set this flag. + If B<CONF_MFLAGS_NO_DSO> is set configuration module loading from DSOs is disabled. @@ -126,7 +134,7 @@ L<config(5)>, L<OPENSSL_config(3)> =head1 COPYRIGHT -Copyright 2004-2017 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2004-2019 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/CRYPTO_get_ex_new_index.pod b/doc/man3/CRYPTO_get_ex_new_index.pod index 4d5a2b93a0823..b2d33ef90d9eb 100644 --- a/doc/man3/CRYPTO_get_ex_new_index.pod +++ b/doc/man3/CRYPTO_get_ex_new_index.pod @@ -100,7 +100,7 @@ to avoid likely double-free crashes. The function B<CRYPTO_free_ex_data> is used to free all exdata attached to a structure. The appropriate type-specific routine must be used. The B<class_index> identifies the structure type, the B<obj> is -be the pointer to the actual structure, and B<r> is a pointer to the +a pointer to the actual structure, and B<r> is a pointer to the structure's exdata field. =head2 Callback Functions @@ -157,7 +157,7 @@ dup_func() should return 0 for failure and 1 for success. =head1 COPYRIGHT -Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2015-2019 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/CTLOG_STORE_get0_log_by_id.pod b/doc/man3/CTLOG_STORE_get0_log_by_id.pod index 36063b62e8583..86696a5594626 100644 --- a/doc/man3/CTLOG_STORE_get0_log_by_id.pod +++ b/doc/man3/CTLOG_STORE_get0_log_by_id.pod @@ -35,7 +35,7 @@ L<CTLOG_STORE_new(3)> =head1 HISTORY -This function was added in OpenSSL 1.1.0. +The CTLOG_STORE_get0_log_by_id() function was added in OpenSSL 1.1.0. =head1 COPYRIGHT diff --git a/doc/man3/DH_size.pod b/doc/man3/DH_size.pod index 3b65d7ea6d6b2..3cbdbc67da1c8 100644 --- a/doc/man3/DH_size.pod +++ b/doc/man3/DH_size.pod @@ -43,7 +43,7 @@ L<BN_num_bits(3)> =head1 HISTORY -DH_bits() was added in OpenSSL 1.1.0. +The DH_bits() function was added in OpenSSL 1.1.0. =head1 COPYRIGHT diff --git a/doc/man3/DTLS_get_data_mtu.pod b/doc/man3/DTLS_get_data_mtu.pod index ab7147217ac1d..81b945f134a69 100644 --- a/doc/man3/DTLS_get_data_mtu.pod +++ b/doc/man3/DTLS_get_data_mtu.pod @@ -22,7 +22,7 @@ Returns the maximum data payload size on success, or 0 on failure. =head1 HISTORY -This function was added in OpenSSL 1.1.1 +The DTLS_get_data_mtu() function was added in OpenSSL 1.1.1. =head1 COPYRIGHT diff --git a/doc/man3/DTLS_set_timer_cb.pod b/doc/man3/DTLS_set_timer_cb.pod index 6e1347213e6fc..c5154dca35704 100644 --- a/doc/man3/DTLS_set_timer_cb.pod +++ b/doc/man3/DTLS_set_timer_cb.pod @@ -26,7 +26,7 @@ Returns void. =head1 HISTORY -This function was added in OpenSSL 1.1.1 +The DTLS_set_timer_cb() function was added in OpenSSL 1.1.1. =head1 COPYRIGHT diff --git a/doc/man3/DTLSv1_listen.pod b/doc/man3/DTLSv1_listen.pod index 858e39316105d..76be40b68f10c 100644 --- a/doc/man3/DTLSv1_listen.pod +++ b/doc/man3/DTLSv1_listen.pod @@ -117,10 +117,10 @@ L<ssl(7)>, L<bio(7)> =head1 HISTORY -SSL_stateless() was first added in OpenSSL 1.1.1. +The SSL_stateless() function was added in OpenSSL 1.1.1. -DTLSv1_listen() return codes were clarified in OpenSSL 1.1.0. The type of "peer" -also changed in OpenSSL 1.1.0. +The DTLSv1_listen() return codes were clarified in OpenSSL 1.1.0. +The type of "peer" also changed in OpenSSL 1.1.0. =head1 COPYRIGHT diff --git a/doc/man3/EC_GROUP_copy.pod b/doc/man3/EC_GROUP_copy.pod index ee20f9526adc6..7bf3500623758 100644 --- a/doc/man3/EC_GROUP_copy.pod +++ b/doc/man3/EC_GROUP_copy.pod @@ -89,7 +89,7 @@ named curve form is used and the parameters must have a corresponding named curve NID set. If asn1_flags is B<OPENSSL_EC_EXPLICIT_CURVE> the parameters are explicitly encoded. The functions EC_GROUP_get_asn1_flag and EC_GROUP_set_asn1_flag get and set the status of the asn1_flag for the curve. -Note: B<OPENSSL_EC_EXPLICIT_CURVE> was first added to OpenSSL 1.1.0, for +Note: B<OPENSSL_EC_EXPLICIT_CURVE> was added in OpenSSL 1.1.0, for previous versions of OpenSSL the value 0 must be used instead. Before OpenSSL 1.1.0 the default form was to use explicit parameters (meaning that applications would have to explicitly set the named curve form) in OpenSSL @@ -175,7 +175,7 @@ and EC_GROUP_get_degree return the order, cofactor, curve name (NID), ASN1 flag, specified curve respectively. If there is no curve name associated with a curve then EC_GROUP_get_curve_name will return 0. EC_GROUP_get0_order() returns an internal pointer to the group order. -EC_GROUP_get_order_bits() returns the number of bits in the group order. +EC_GROUP_order_bits() returns the number of bits in the group order. EC_GROUP_get0_cofactor() returns an internal pointer to the group cofactor. EC_GROUP_get0_seed returns a pointer to the seed that was used to generate the parameter b, or NULL if the seed is not diff --git a/doc/man3/EVP_DigestInit.pod b/doc/man3/EVP_DigestInit.pod index 5ecbcc5e89925..37bc10d38056f 100644 --- a/doc/man3/EVP_DigestInit.pod +++ b/doc/man3/EVP_DigestInit.pod @@ -369,15 +369,15 @@ L<EVP_whirlpool(3)> =head1 HISTORY -EVP_MD_CTX_create() and EVP_MD_CTX_destroy() were renamed to -EVP_MD_CTX_new() and EVP_MD_CTX_free() in OpenSSL 1.1.0. +The EVP_MD_CTX_create() and EVP_MD_CTX_destroy() functions were renamed to +EVP_MD_CTX_new() and EVP_MD_CTX_free() in OpenSSL 1.1.0, respectively. The link between digests and signing algorithms was fixed in OpenSSL 1.0 and later, so now EVP_sha1() can be used with RSA and DSA. -EVP_dss1() was removed in OpenSSL 1.1.0. +The EVP_dss1() function was removed in OpenSSL 1.1.0. -EVP_MD_CTX_set_pkey_ctx() was added in 1.1.1. +The EVP_MD_CTX_set_pkey_ctx() function was added in 1.1.1. =head1 COPYRIGHT diff --git a/doc/man3/EVP_DigestSignInit.pod b/doc/man3/EVP_DigestSignInit.pod index 773de87efac4d..7b74a23cbcf25 100644 --- a/doc/man3/EVP_DigestSignInit.pod +++ b/doc/man3/EVP_DigestSignInit.pod @@ -152,7 +152,7 @@ L<SHA1(3)>, L<dgst(1)> =head1 HISTORY EVP_DigestSignInit(), EVP_DigestSignUpdate() and EVP_DigestSignFinal() -were first added to OpenSSL 1.0.0. +were added in OpenSSL 1.0.0. =head1 COPYRIGHT diff --git a/doc/man3/EVP_DigestVerifyInit.pod b/doc/man3/EVP_DigestVerifyInit.pod index e93ac2ef08107..98a0987a3aaaf 100644 --- a/doc/man3/EVP_DigestVerifyInit.pod +++ b/doc/man3/EVP_DigestVerifyInit.pod @@ -98,7 +98,7 @@ L<SHA1(3)>, L<dgst(1)> =head1 HISTORY EVP_DigestVerifyInit(), EVP_DigestVerifyUpdate() and EVP_DigestVerifyFinal() -were first added to OpenSSL 1.0.0. +were added in OpenSSL 1.0.0. =head1 COPYRIGHT diff --git a/doc/man3/EVP_EncryptInit.pod b/doc/man3/EVP_EncryptInit.pod index 5fdbc33ac10fb..b43a3e5468ca4 100644 --- a/doc/man3/EVP_EncryptInit.pod +++ b/doc/man3/EVP_EncryptInit.pod @@ -632,7 +632,7 @@ L<EVP_sm4(3)> =head1 HISTORY -Support for OCB mode was added in OpenSSL 1.1.0 +Support for OCB mode was added in OpenSSL 1.1.0. B<EVP_CIPHER_CTX> was made opaque in OpenSSL 1.1.0. As a result, EVP_CIPHER_CTX_reset() appeared and EVP_CIPHER_CTX_cleanup() diff --git a/doc/man3/EVP_PKEY_CTX_ctrl.pod b/doc/man3/EVP_PKEY_CTX_ctrl.pod index 4982e9205305b..75fad0f70ce0d 100644 --- a/doc/man3/EVP_PKEY_CTX_ctrl.pod +++ b/doc/man3/EVP_PKEY_CTX_ctrl.pod @@ -359,7 +359,7 @@ B<param_enc> when generating EC parameters or an EC key. The encoding can be B<OPENSSL_EC_EXPLICIT_CURVE> for explicit parameters (the default in versions of OpenSSL before 1.1.0) or B<OPENSSL_EC_NAMED_CURVE> to use named curve form. For maximum compatibility the named curve form should be used. Note: the -B<OPENSSL_EC_NAMED_CURVE> value was only added to OpenSSL 1.1.0; previous +B<OPENSSL_EC_NAMED_CURVE> value was added in OpenSSL 1.1.0; previous versions should use 0 instead. =head2 ECDH parameters @@ -439,8 +439,9 @@ L<EVP_PKEY_keygen(3)> =head1 HISTORY +The EVP_PKEY_CTX_set1_id(), EVP_PKEY_CTX_get1_id() and EVP_PKEY_CTX_get1_id_len() -macros were added in 1.1.1, other functions were first added to OpenSSL 1.0.0. +macros were added in 1.1.1, other functions were added in OpenSSL 1.0.0. =head1 COPYRIGHT diff --git a/doc/man3/EVP_PKEY_CTX_new.pod b/doc/man3/EVP_PKEY_CTX_new.pod index eff94cd943641..f01fc97522979 100644 --- a/doc/man3/EVP_PKEY_CTX_new.pod +++ b/doc/man3/EVP_PKEY_CTX_new.pod @@ -48,7 +48,7 @@ L<EVP_PKEY_new(3)> =head1 HISTORY -These functions were first added to OpenSSL 1.0.0. +These functions were added in OpenSSL 1.0.0. =head1 COPYRIGHT diff --git a/doc/man3/EVP_PKEY_asn1_get_count.pod b/doc/man3/EVP_PKEY_asn1_get_count.pod index 9ad2daed4f5ba..cd99e4d757860 100644 --- a/doc/man3/EVP_PKEY_asn1_get_count.pod +++ b/doc/man3/EVP_PKEY_asn1_get_count.pod @@ -48,7 +48,7 @@ engine that implements it. EVP_PKEY_asn1_get0_info() returns the public key ID, base public key ID (both NIDs), any flags, the method description and PEM type string -associated with the public key ASN.1 method B<*ameth>. +associated with the public key ASN.1 method B<*ameth>. EVP_PKEY_asn1_count(), EVP_PKEY_asn1_get0(), EVP_PKEY_asn1_find() and EVP_PKEY_asn1_find_str() are not thread safe, but as long as all @@ -70,7 +70,7 @@ L<EVP_PKEY_asn1_new(3)>, L<EVP_PKEY_asn1_add0(3)> =head1 COPYRIGHT -Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/EVP_PKEY_decrypt.pod b/doc/man3/EVP_PKEY_decrypt.pod index 2a691a61773b2..2e3d266541a66 100644 --- a/doc/man3/EVP_PKEY_decrypt.pod +++ b/doc/man3/EVP_PKEY_decrypt.pod @@ -91,7 +91,7 @@ L<EVP_PKEY_derive(3)> =head1 HISTORY -These functions were first added to OpenSSL 1.0.0. +These functions were added in OpenSSL 1.0.0. =head1 COPYRIGHT diff --git a/doc/man3/EVP_PKEY_derive.pod b/doc/man3/EVP_PKEY_derive.pod index 8cd0b54740d43..a74065e31f3b9 100644 --- a/doc/man3/EVP_PKEY_derive.pod +++ b/doc/man3/EVP_PKEY_derive.pod @@ -89,7 +89,7 @@ L<EVP_PKEY_verify_recover(3)>, =head1 HISTORY -These functions were first added to OpenSSL 1.0.0. +These functions were added in OpenSSL 1.0.0. =head1 COPYRIGHT diff --git a/doc/man3/EVP_PKEY_encrypt.pod b/doc/man3/EVP_PKEY_encrypt.pod index 4e9a34e740f3a..371891046473f 100644 --- a/doc/man3/EVP_PKEY_encrypt.pod +++ b/doc/man3/EVP_PKEY_encrypt.pod @@ -96,7 +96,7 @@ L<EVP_PKEY_derive(3)> =head1 HISTORY -These functions were first added to OpenSSL 1.0.0. +These functions were added in OpenSSL 1.0.0. =head1 COPYRIGHT diff --git a/doc/man3/EVP_PKEY_get_default_digest_nid.pod b/doc/man3/EVP_PKEY_get_default_digest_nid.pod index da76677044c28..ed52e9696c9f4 100644 --- a/doc/man3/EVP_PKEY_get_default_digest_nid.pod +++ b/doc/man3/EVP_PKEY_get_default_digest_nid.pod @@ -37,7 +37,7 @@ L<EVP_PKEY_verify_recover(3)>, =head1 HISTORY -This function was first added to OpenSSL 1.0.0. +This function was added in OpenSSL 1.0.0. =head1 COPYRIGHT diff --git a/doc/man3/EVP_PKEY_keygen.pod b/doc/man3/EVP_PKEY_keygen.pod index 0b86eaaaa3dba..83cebe7ce2f40 100644 --- a/doc/man3/EVP_PKEY_keygen.pod +++ b/doc/man3/EVP_PKEY_keygen.pod @@ -189,7 +189,7 @@ L<EVP_PKEY_derive(3)> =head1 HISTORY -These functions were first added to OpenSSL 1.0.0. +These functions were added in OpenSSL 1.0.0. EVP_PKEY_check(), EVP_PKEY_public_check() and EVP_PKEY_param_check() were added in OpenSSL 1.1.1. diff --git a/doc/man3/EVP_PKEY_new.pod b/doc/man3/EVP_PKEY_new.pod index a3532a359632b..ebe20986dba14 100644 --- a/doc/man3/EVP_PKEY_new.pod +++ b/doc/man3/EVP_PKEY_new.pod @@ -114,12 +114,15 @@ L<EVP_PKEY_set1_EC_KEY> =head1 HISTORY -EVP_PKEY_new() and EVP_PKEY_free() exist in all versions of OpenSSL. +The +EVP_PKEY_new() and EVP_PKEY_free() functions exist in all versions of OpenSSL. -EVP_PKEY_up_ref() was first added to OpenSSL 1.1.0. +The EVP_PKEY_up_ref() function was added in OpenSSL 1.1.0. + +The EVP_PKEY_new_raw_private_key(), EVP_PKEY_new_raw_public_key(), EVP_PKEY_new_CMAC_key(), EVP_PKEY_new_raw_private_key() and -EVP_PKEY_get_raw_public_key() were first added to OpenSSL 1.1.1. +EVP_PKEY_get_raw_public_key() functions were added in OpenSSL 1.1.1. =head1 COPYRIGHT diff --git a/doc/man3/EVP_PKEY_print_private.pod b/doc/man3/EVP_PKEY_print_private.pod index 3ebd086a1c193..e0750c7eedbbc 100644 --- a/doc/man3/EVP_PKEY_print_private.pod +++ b/doc/man3/EVP_PKEY_print_private.pod @@ -47,7 +47,7 @@ L<EVP_PKEY_keygen(3)> =head1 HISTORY -These functions were first added to OpenSSL 1.0.0. +These functions were added in OpenSSL 1.0.0. =head1 COPYRIGHT diff --git a/doc/man3/EVP_PKEY_sign.pod b/doc/man3/EVP_PKEY_sign.pod index bdebf0b9241f8..1672831ff0158 100644 --- a/doc/man3/EVP_PKEY_sign.pod +++ b/doc/man3/EVP_PKEY_sign.pod @@ -101,7 +101,7 @@ L<EVP_PKEY_derive(3)> =head1 HISTORY -These functions were first added to OpenSSL 1.0.0. +These functions were added in OpenSSL 1.0.0. =head1 COPYRIGHT diff --git a/doc/man3/EVP_PKEY_verify.pod b/doc/man3/EVP_PKEY_verify.pod index 57d7f8cf86f8e..cdbb80b99df86 100644 --- a/doc/man3/EVP_PKEY_verify.pod +++ b/doc/man3/EVP_PKEY_verify.pod @@ -89,7 +89,7 @@ L<EVP_PKEY_derive(3)> =head1 HISTORY -These functions were first added to OpenSSL 1.0.0. +These functions were added in OpenSSL 1.0.0. =head1 COPYRIGHT diff --git a/doc/man3/EVP_PKEY_verify_recover.pod b/doc/man3/EVP_PKEY_verify_recover.pod index 85d76f84ac37f..251360656167e 100644 --- a/doc/man3/EVP_PKEY_verify_recover.pod +++ b/doc/man3/EVP_PKEY_verify_recover.pod @@ -100,7 +100,7 @@ L<EVP_PKEY_derive(3)> =head1 HISTORY -These functions were first added to OpenSSL 1.0.0. +These functions were added in OpenSSL 1.0.0. =head1 COPYRIGHT diff --git a/doc/man3/EVP_SignInit.pod b/doc/man3/EVP_SignInit.pod index 12e67f8cbf867..86fec82fb007d 100644 --- a/doc/man3/EVP_SignInit.pod +++ b/doc/man3/EVP_SignInit.pod @@ -17,7 +17,7 @@ functions void EVP_SignInit(EVP_MD_CTX *ctx, const EVP_MD *type); - int EVP_PKEY_size(EVP_PKEY *pkey); + int EVP_PKEY_size(const EVP_PKEY *pkey); int EVP_PKEY_security_bits(const EVP_PKEY *pkey); =head1 DESCRIPTION diff --git a/doc/man3/HMAC.pod b/doc/man3/HMAC.pod index c480a9c9ebefb..65386a7baa319 100644 --- a/doc/man3/HMAC.pod +++ b/doc/man3/HMAC.pod @@ -91,7 +91,7 @@ because reuse of an existing key with a different digest is not supported. HMAC_Init() initializes a B<HMAC_CTX> structure to use the hash function B<evp_md> and the key B<key> which is B<key_len> bytes -long. +long. HMAC_Update() can be called repeatedly with chunks of the message to be authenticated (B<len> bytes at B<data>). @@ -147,7 +147,7 @@ OpenSSL before version 1.0.0. =head1 COPYRIGHT -Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/OPENSSL_init_crypto.pod b/doc/man3/OPENSSL_init_crypto.pod index a259539f05527..c7823e32d6df8 100644 --- a/doc/man3/OPENSSL_init_crypto.pod +++ b/doc/man3/OPENSSL_init_crypto.pod @@ -2,10 +2,11 @@ =head1 NAME -OPENSSL_INIT_new, OPENSSL_INIT_set_config_appname, OPENSSL_INIT_free, -OPENSSL_init_crypto, OPENSSL_cleanup, -OPENSSL_atexit, OPENSSL_thread_stop - OpenSSL -initialisation and deinitialisation functions +OPENSSL_INIT_new, OPENSSL_INIT_set_config_filename, +OPENSSL_INIT_set_config_appname, OPENSSL_INIT_set_config_file_flags, +OPENSSL_INIT_free, OPENSSL_init_crypto, OPENSSL_cleanup, OPENSSL_atexit, +OPENSSL_thread_stop - OpenSSL initialisation +and deinitialisation functions =head1 SYNOPSIS @@ -17,6 +18,10 @@ initialisation and deinitialisation functions void OPENSSL_thread_stop(void); OPENSSL_INIT_SETTINGS *OPENSSL_INIT_new(void); + int OPENSSL_INIT_set_config_filename(OPENSSL_INIT_SETTINGS *init, + const char* filename); + int OPENSSL_INIT_set_config_file_flags(OPENSSL_INIT_SETTINGS *init, + unsigned long flags); int OPENSSL_INIT_set_config_appname(OPENSSL_INIT_SETTINGS *init, const char* name); void OPENSSL_INIT_free(OPENSSL_INIT_SETTINGS *init); @@ -33,7 +38,7 @@ As of version 1.1.0 OpenSSL will automatically allocate all resources that it needs so no explicit initialisation is required. Similarly it will also automatically deinitialise as required. -However, there way be situations when explicit initialisation is desirable or +However, there may be situations when explicit initialisation is desirable or needed, for example when some non-default initialisation is required. The function OPENSSL_init_crypto() can be used for this purpose for libcrypto (see also L<OPENSSL_init_ssl(3)> for the libssl @@ -96,7 +101,7 @@ B<OPENSSL_INIT_ADD_ALL_DIGESTS> will be ignored. With this option an OpenSSL configuration file will be automatically loaded and used by calling OPENSSL_config(). This is not a default option for libcrypto. -From OpenSSL 1.1.1 this is a default option for libssl (see +As of OpenSSL 1.1.1 this is a default option for libssl (see L<OPENSSL_init_ssl(3)> for further details about libssl initialisation). See the description of OPENSSL_INIT_new(), below. @@ -157,6 +162,13 @@ engines. This not a default option. With this option the library will register its fork handlers. See OPENSSL_fork_prepare(3) for details. +=item OPENSSL_INIT_NO_ATEXIT + +By default OpenSSL will attempt to clean itself up when the process exits via an +"atexit" handler. Using this option suppresses that behaviour. This means that +the application will have to clean up OpenSSL explicitly using +OPENSSL_cleanup(). + =back Multiple options may be combined together in a single call to @@ -196,12 +208,22 @@ the library when the thread exits. This should only be called directly if resources should be freed at an earlier time, or under the circumstances described in the NOTES section below. -The B<OPENSSL_INIT_LOAD_CONFIG> flag will load a default configuration -file. For optional configuration file settings, an B<OPENSSL_INIT_SETTINGS> -must be created and used. -The routines OPENSSL_init_new() and OPENSSL_INIT_set_config_appname() can -be used to allocate the object and set the application name, and then the -object can be released with OPENSSL_INIT_free() when done. +The B<OPENSSL_INIT_LOAD_CONFIG> flag will load a configuration file, as with +L<CONF_modules_load_file(3)> with NULL filename and application name and the +B<CONF_MFLAGS_IGNORE_MISSING_FILE>, B<CONF_MFLAGS_IGNORE_RETURN_CODES> and +B<CONF_MFLAGS_DEFAULT_SECTION> flags. +The filename, application name, and flags can be customized by providing a +non-null B<OPENSSL_INIT_SETTINGS> object. +The object can be allocated via B<OPENSSL_init_new()>. +The B<OPENSSL_INIT_set_config_filename()> function can be used to specify a +non-default filename, which is copied and need not refer to persistent storage. +Similarly, OPENSSL_INIT_set_config_appname() can be used to specify a +non-default application name. +Finally, OPENSSL_INIT_set_file_flags can be used to specify non-default flags. +If the B<CONF_MFLAGS_IGNORE_RETURN_CODES> flag is not included, any errors in +the configuration file will cause an error return from B<OPENSSL_init_crypto> +or indirectly L<OPENSSL_init_ssl(3)>. +The object can be released with OPENSSL_INIT_free() when done. =head1 NOTES @@ -242,7 +264,7 @@ and OPENSSL_INIT_free() functions were added in OpenSSL 1.1.0. =head1 COPYRIGHT -Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/OPENSSL_malloc.pod b/doc/man3/OPENSSL_malloc.pod index 049a12556ae7a..2d678c951f0ae 100644 --- a/doc/man3/OPENSSL_malloc.pod +++ b/doc/man3/OPENSSL_malloc.pod @@ -90,10 +90,8 @@ generally macro's that add the standard C B<__FILE__> and B<__LINE__> parameters and call a lower-level B<CRYPTO_xxx> API. Some functions do not add those parameters, but exist for consistency. -OPENSSL_malloc_init() sets the lower-level memory allocation functions -to their default implementation. -It is generally not necessary to call this, except perhaps in certain -shared-library situations. +OPENSSL_malloc_init() does nothing and does not need to be called. It is +included for compatibility with older versions of OpenSSL. OPENSSL_malloc(), OPENSSL_realloc(), and OPENSSL_free() are like the C malloc(), realloc(), and free() functions. @@ -247,7 +245,7 @@ only, say, the malloc() implementation is outright dangerous.> =head1 COPYRIGHT -Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/OPENSSL_secure_malloc.pod b/doc/man3/OPENSSL_secure_malloc.pod index 5a01c8246933f..6c395383513b7 100644 --- a/doc/man3/OPENSSL_secure_malloc.pod +++ b/doc/man3/OPENSSL_secure_malloc.pod @@ -120,7 +120,7 @@ L<BN_new(3)> =head1 HISTORY -OPENSSL_secure_clear_free() was added in OpenSSL 1.1.0g. +The OPENSSL_secure_clear_free() function was added in OpenSSL 1.1.0g. =head1 COPYRIGHT diff --git a/doc/man3/OSSL_STORE_INFO.pod b/doc/man3/OSSL_STORE_INFO.pod index 20d41ac534e7b..4c68986c56b2b 100644 --- a/doc/man3/OSSL_STORE_INFO.pod +++ b/doc/man3/OSSL_STORE_INFO.pod @@ -190,7 +190,7 @@ OSSL_STORE_INFO_get0_CERT(), OSSL_STORE_INFO_get0_CRL(), OSSL_STORE_INFO_type_string(), OSSL_STORE_INFO_free(), OSSL_STORE_INFO_new_NAME(), OSSL_STORE_INFO_new_PARAMS(), OSSL_STORE_INFO_new_PKEY(), OSSL_STORE_INFO_new_CERT() and OSSL_STORE_INFO_new_CRL() -were added to OpenSSL 1.1.1. +were added in OpenSSL 1.1.1. =head1 COPYRIGHT diff --git a/doc/man3/OSSL_STORE_LOADER.pod b/doc/man3/OSSL_STORE_LOADER.pod index 87c135a1275ba..1503754114522 100644 --- a/doc/man3/OSSL_STORE_LOADER.pod +++ b/doc/man3/OSSL_STORE_LOADER.pod @@ -250,7 +250,7 @@ OSSL_STORE_LOADER_set_eof(), OSSL_STORE_LOADER_set_close(), OSSL_STORE_LOADER_free(), OSSL_STORE_register_loader(), OSSL_STORE_unregister_loader(), OSSL_STORE_open_fn(), OSSL_STORE_ctrl_fn(), OSSL_STORE_load_fn(), OSSL_STORE_eof_fn() and OSSL_STORE_close_fn() -were added to OpenSSL 1.1.1. +were added in OpenSSL 1.1.1. =head1 COPYRIGHT diff --git a/doc/man3/OSSL_STORE_SEARCH.pod b/doc/man3/OSSL_STORE_SEARCH.pod index 6d36a190ae5ae..0c2dd2bc24c5e 100644 --- a/doc/man3/OSSL_STORE_SEARCH.pod +++ b/doc/man3/OSSL_STORE_SEARCH.pod @@ -179,7 +179,7 @@ OSSL_STORE_SEARCH_get0_name(), OSSL_STORE_SEARCH_get0_serial(), OSSL_STORE_SEARCH_get0_bytes(), and OSSL_STORE_SEARCH_get0_string() -were added to OpenSSL 1.1.1. +were added in OpenSSL 1.1.1. =head1 COPYRIGHT diff --git a/doc/man3/OSSL_STORE_expect.pod b/doc/man3/OSSL_STORE_expect.pod index e3f06b55be716..154472a76b514 100644 --- a/doc/man3/OSSL_STORE_expect.pod +++ b/doc/man3/OSSL_STORE_expect.pod @@ -65,7 +65,7 @@ L<OSSL_STORE_load(3)> =head1 HISTORY OSSL_STORE_expect(), OSSL_STORE_supports_search() and OSSL_STORE_find() -were added to OpenSSL 1.1.1. +were added in OpenSSL 1.1.1. =head1 COPYRIGHT diff --git a/doc/man3/OSSL_STORE_open.pod b/doc/man3/OSSL_STORE_open.pod index b1467f4100a71..1e8ebf7ce1ce9 100644 --- a/doc/man3/OSSL_STORE_open.pod +++ b/doc/man3/OSSL_STORE_open.pod @@ -147,7 +147,7 @@ L<passphrase-encoding(7)> OSSL_STORE_CTX(), OSSL_STORE_post_process_info_fn(), OSSL_STORE_open(), OSSL_STORE_ctrl(), OSSL_STORE_load(), OSSL_STORE_eof() and OSSL_STORE_close() -were added to OpenSSL 1.1.1. +were added in OpenSSL 1.1.1. =head1 COPYRIGHT diff --git a/doc/man3/PEM_read_bio_ex.pod b/doc/man3/PEM_read_bio_ex.pod index e171bff2453a6..a16b0ede5a9c3 100644 --- a/doc/man3/PEM_read_bio_ex.pod +++ b/doc/man3/PEM_read_bio_ex.pod @@ -56,7 +56,7 @@ L<PEM(3)> =head1 HISTORY -PEM_read_bio_ex() was added in OpenSSL 1.1.1. +The PEM_read_bio_ex() function was added in OpenSSL 1.1.1. =head1 COPYRIGHT diff --git a/doc/man3/PEM_write_bio_CMS_stream.pod b/doc/man3/PEM_write_bio_CMS_stream.pod index c73fafd44bdcf..bc3ee167e0c46 100644 --- a/doc/man3/PEM_write_bio_CMS_stream.pod +++ b/doc/man3/PEM_write_bio_CMS_stream.pod @@ -36,7 +36,7 @@ L<i2d_CMS_bio_stream(3)> =head1 HISTORY -PEM_write_bio_CMS_stream() was added to OpenSSL 1.0.0 +The PEM_write_bio_CMS_stream() function was added in OpenSSL 1.0.0. =head1 COPYRIGHT diff --git a/doc/man3/PEM_write_bio_PKCS7_stream.pod b/doc/man3/PEM_write_bio_PKCS7_stream.pod index 77f97aaa2bbc8..32b7ef2ef7546 100644 --- a/doc/man3/PEM_write_bio_PKCS7_stream.pod +++ b/doc/man3/PEM_write_bio_PKCS7_stream.pod @@ -35,7 +35,7 @@ L<i2d_PKCS7_bio_stream(3)> =head1 HISTORY -PEM_write_bio_PKCS7_stream() was added to OpenSSL 1.0.0 +The PEM_write_bio_PKCS7_stream() function was added in OpenSSL 1.0.0. =head1 COPYRIGHT diff --git a/doc/man3/PKCS12_parse.pod b/doc/man3/PKCS12_parse.pod index 747a36f5ed048..208644c019bf0 100644 --- a/doc/man3/PKCS12_parse.pod +++ b/doc/man3/PKCS12_parse.pod @@ -8,7 +8,8 @@ PKCS12_parse - parse a PKCS#12 structure #include <openssl/pkcs12.h> -int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca); + int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert, + STACK_OF(X509) **ca); =head1 DESCRIPTION diff --git a/doc/man3/PKCS7_sign.pod b/doc/man3/PKCS7_sign.pod index c1df5f19a0702..6fd54777d1f16 100644 --- a/doc/man3/PKCS7_sign.pod +++ b/doc/man3/PKCS7_sign.pod @@ -108,9 +108,9 @@ L<ERR_get_error(3)>, L<PKCS7_verify(3)> =head1 HISTORY The B<PKCS7_PARTIAL> flag, and the ability for B<certs>, B<signcert>, -and B<pkey> parameters to be B<NULL> to be was added in OpenSSL 1.0.0 +and B<pkey> parameters to be B<NULL> were added in OpenSSL 1.0.0. -The B<PKCS7_STREAM> flag was added in OpenSSL 1.0.0 +The B<PKCS7_STREAM> flag was added in OpenSSL 1.0.0. =head1 COPYRIGHT diff --git a/doc/man3/PKCS7_sign_add_signer.pod b/doc/man3/PKCS7_sign_add_signer.pod index 2bc6c40bd2ea6..d4a27a2f61946 100644 --- a/doc/man3/PKCS7_sign_add_signer.pod +++ b/doc/man3/PKCS7_sign_add_signer.pod @@ -83,7 +83,7 @@ L<PKCS7_final(3)>, =head1 HISTORY -PPKCS7_sign_add_signer() was added to OpenSSL 1.0.0 +The PPKCS7_sign_add_signer() function was added in OpenSSL 1.0.0. =head1 COPYRIGHT diff --git a/doc/man3/RAND_bytes.pod b/doc/man3/RAND_bytes.pod index fca1ad6961deb..f257e050065f7 100644 --- a/doc/man3/RAND_bytes.pod +++ b/doc/man3/RAND_bytes.pod @@ -53,7 +53,7 @@ RAND_pseudo_bytes() was deprecated in OpenSSL 1.1.0; use RAND_bytes() instead. =item * -RAND_priv_bytes() was added in OpenSSL 1.1.1. +The RAND_priv_bytes() function was added in OpenSSL 1.1.1. =back diff --git a/doc/man3/RIPEMD160_Init.pod b/doc/man3/RIPEMD160_Init.pod index 77ac4fbc122f0..d3cdf930d88eb 100644 --- a/doc/man3/RIPEMD160_Init.pod +++ b/doc/man3/RIPEMD160_Init.pod @@ -13,7 +13,7 @@ RIPEMD-160 hash function unsigned char *md); int RIPEMD160_Init(RIPEMD160_CTX *c); - int RIPEMD160_Update(RIPEMD_CTX *c, const void *data, unsigned long len); + int RIPEMD160_Update(RIPEMD160_CTX *c, const void *data, unsigned long len); int RIPEMD160_Final(unsigned char *md, RIPEMD160_CTX *c); =head1 DESCRIPTION @@ -61,7 +61,7 @@ L<EVP_DigestInit(3)> =head1 COPYRIGHT -Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/RSA_get0_key.pod b/doc/man3/RSA_get0_key.pod index cb7d0f66db10b..358c2de256f93 100644 --- a/doc/man3/RSA_get0_key.pod +++ b/doc/man3/RSA_get0_key.pod @@ -157,6 +157,7 @@ L<RSA_new(3)>, L<RSA_size(3)> =head1 HISTORY +The RSA_get_multi_prime_extra_count(), RSA_get0_multi_prime_factors(), RSA_get0_multi_prime_crt_params(), RSA_set0_multi_prime_params(), and RSA_get_version() functions were added in OpenSSL 1.1.1. diff --git a/doc/man3/RSA_padding_add_PKCS1_type_1.pod b/doc/man3/RSA_padding_add_PKCS1_type_1.pod index 93911cac97d6f..9ea2634c03468 100644 --- a/doc/man3/RSA_padding_add_PKCS1_type_1.pod +++ b/doc/man3/RSA_padding_add_PKCS1_type_1.pod @@ -110,7 +110,12 @@ L<ERR_get_error(3)>. The RSA_padding_check_PKCS1_type_2() padding check leaks timing information which can potentially be used to mount a Bleichenbacher padding oracle attack. This is an inherent weakness in the PKCS #1 -v1.5 padding design. Prefer PKCS1_OAEP padding. +v1.5 padding design. Prefer PKCS1_OAEP padding. Otherwise it can +be recommended to pass zero-padded B<f>, so that B<fl> equals to +B<rsa_len>, and if fixed by protocol, B<tlen> being set to the +expected length. In such case leakage would be minimal, it would +take attacker's ability to observe memory access pattern with byte +granilarity as it occurs, post-factum timing analysis won't do. =head1 SEE ALSO diff --git a/doc/man3/RSA_size.pod b/doc/man3/RSA_size.pod index 022620078a7c9..99498650866f3 100644 --- a/doc/man3/RSA_size.pod +++ b/doc/man3/RSA_size.pod @@ -41,7 +41,7 @@ L<BN_num_bits(3)> =head1 HISTORY -RSA_bits() was added in OpenSSL 1.1.0. +The RSA_bits() function was added in OpenSSL 1.1.0. =head1 COPYRIGHT diff --git a/doc/man3/SSL_CIPHER_get_name.pod b/doc/man3/SSL_CIPHER_get_name.pod index af59b58946cc6..4c12c5ed20d05 100644 --- a/doc/man3/SSL_CIPHER_get_name.pod +++ b/doc/man3/SSL_CIPHER_get_name.pod @@ -179,19 +179,19 @@ protocol-specific ID. =head1 HISTORY -SSL_CIPHER_get_version() was updated to always return the correct protocol -string in OpenSSL 1.1.0. +The SSL_CIPHER_get_version() function was updated to always return the +correct protocol string in OpenSSL 1.1.0. -SSL_CIPHER_description() was changed to return B<NULL> on error, +The SSL_CIPHER_description() function was changed to return B<NULL> on error, rather than a fixed string, in OpenSSL 1.1.0. -SSL_CIPHER_get_handshake_digest() was added in OpenSSL 1.1.1. +The SSL_CIPHER_get_handshake_digest() function was added in OpenSSL 1.1.1. -SSL_CIPHER_standard_name() was globally available in OpenSSL 1.1.1. Before -OpenSSL 1.1.1, tracing (B<enable-ssl-trace> argument to Configure) was +The SSL_CIPHER_standard_name() function was globally available in OpenSSL 1.1.1. + Before OpenSSL 1.1.1, tracing (B<enable-ssl-trace> argument to Configure) was required to enable this function. -OPENSSL_cipher_name() was added in OpenSSL 1.1.1. +The OPENSSL_cipher_name() function was added in OpenSSL 1.1.1. =head1 SEE ALSO diff --git a/doc/man3/SSL_COMP_add_compression_method.pod b/doc/man3/SSL_COMP_add_compression_method.pod index 1dc8eb149947d..76c036e5ce44a 100644 --- a/doc/man3/SSL_COMP_add_compression_method.pod +++ b/doc/man3/SSL_COMP_add_compression_method.pod @@ -91,9 +91,8 @@ L<ssl(7)> =head1 HISTORY -SSL_COMP_free_compression_methods() was deprecated in OpenSSL 1.1.0; -do not use it. -SSL_COMP_get0_name() and SSL_comp_get_id() were added in OpenSSL 1.1.0d. +The SSL_COMP_free_compression_methods() function was deprecated in OpenSSL 1.1.0. +The SSL_COMP_get0_name() and SSL_comp_get_id() functions were added in OpenSSL 1.1.0d. =head1 COPYRIGHT diff --git a/doc/man3/SSL_CONF_CTX_new.pod b/doc/man3/SSL_CONF_CTX_new.pod index 79f0bbc7dd5fb..df5492f79ba8c 100644 --- a/doc/man3/SSL_CONF_CTX_new.pod +++ b/doc/man3/SSL_CONF_CTX_new.pod @@ -36,7 +36,7 @@ L<SSL_CONF_cmd_argv(3)> =head1 HISTORY -These functions were first added to OpenSSL 1.0.2 +These functions were added in OpenSSL 1.0.2. =head1 COPYRIGHT diff --git a/doc/man3/SSL_CONF_CTX_set1_prefix.pod b/doc/man3/SSL_CONF_CTX_set1_prefix.pod index d986470254704..b2eff5bf519f5 100644 --- a/doc/man3/SSL_CONF_CTX_set1_prefix.pod +++ b/doc/man3/SSL_CONF_CTX_set1_prefix.pod @@ -44,7 +44,7 @@ L<SSL_CONF_cmd_argv(3)> =head1 HISTORY -These functions were first added to OpenSSL 1.0.2 +These functions were added in OpenSSL 1.0.2. =head1 COPYRIGHT diff --git a/doc/man3/SSL_CONF_CTX_set_flags.pod b/doc/man3/SSL_CONF_CTX_set_flags.pod index 766d984626a99..d6f6ff5897583 100644 --- a/doc/man3/SSL_CONF_CTX_set_flags.pod +++ b/doc/man3/SSL_CONF_CTX_set_flags.pod @@ -70,7 +70,7 @@ L<SSL_CONF_cmd_argv(3)> =head1 HISTORY -These functions were first added to OpenSSL 1.0.2 +These functions were added in OpenSSL 1.0.2. =head1 COPYRIGHT diff --git a/doc/man3/SSL_CONF_CTX_set_ssl_ctx.pod b/doc/man3/SSL_CONF_CTX_set_ssl_ctx.pod index 7e4120f7ce577..3b001d1686f46 100644 --- a/doc/man3/SSL_CONF_CTX_set_ssl_ctx.pod +++ b/doc/man3/SSL_CONF_CTX_set_ssl_ctx.pod @@ -42,7 +42,7 @@ L<SSL_CONF_cmd_argv(3)> =head1 HISTORY -These functions were first added to OpenSSL 1.0.2 +These functions were added in OpenSSL 1.0.2. =head1 COPYRIGHT diff --git a/doc/man3/SSL_CONF_cmd.pod b/doc/man3/SSL_CONF_cmd.pod index b399bcf4990ca..a74e7284f9dea 100644 --- a/doc/man3/SSL_CONF_cmd.pod +++ b/doc/man3/SSL_CONF_cmd.pod @@ -308,11 +308,6 @@ Attempts to pad TLSv1.3 records so that they are a multiple of B<value> in length on send. A B<value> of 0 or 1 turns off padding. Otherwise, the B<value> must be >1 or <=16384. -=item B<NoRenegotiation> - -Disables all attempts at renegotiation in TLSv1.2 and earlier, same as setting -B<SSL_OP_NO_RENEGOTIATION>. - =item B<SignatureAlgorithms> This sets the supported signature algorithms for TLSv1.2 and TLSv1.3. @@ -456,6 +451,9 @@ Only used by servers. B<NoResumptionOnRenegotiation>: set B<SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION> flag. Only used by servers. +B<NoRenegotiation>: disables all attempts at renegotiation in TLSv1.2 and +earlier, same as setting B<SSL_OP_NO_RENEGOTIATION>. + B<UnsafeLegacyRenegotiation>: permits the use of unsafe legacy renegotiation. Equivalent to B<SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION>. @@ -670,12 +668,12 @@ L<SSL_CTX_set_options(3)> =head1 HISTORY -SSL_CONF_cmd() was first added to OpenSSL 1.0.2 +The SSL_CONF_cmd() function was added in OpenSSL 1.0.2. -B<SSL_OP_NO_SSL2> doesn't have effect since 1.1.0, but the macro is retained -for backwards compatibility. +The B<SSL_OP_NO_SSL2> option doesn't have effect since 1.1.0, but the macro +is retained for backwards compatibility. -B<SSL_CONF_TYPE_NONE> was first added to OpenSSL 1.1.0. In earlier versions of +The B<SSL_CONF_TYPE_NONE> was added in OpenSSL 1.1.0. In earlier versions of OpenSSL passing a command which didn't take an argument would return B<SSL_CONF_TYPE_UNKNOWN>. @@ -685,7 +683,7 @@ B<AllowNoDHEKEX> and B<PrioritizeChaCha> were added in OpenSSL 1.1.1. =head1 COPYRIGHT -Copyright 2012-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2012-2019 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/SSL_CONF_cmd_argv.pod b/doc/man3/SSL_CONF_cmd_argv.pod index 567fa5a5084f9..130814803d868 100644 --- a/doc/man3/SSL_CONF_cmd_argv.pod +++ b/doc/man3/SSL_CONF_cmd_argv.pod @@ -37,7 +37,7 @@ L<SSL_CONF_cmd(3)> =head1 HISTORY -These functions were first added to OpenSSL 1.0.2 +These functions were added in OpenSSL 1.0.2. =head1 COPYRIGHT diff --git a/doc/man3/SSL_CTX_add1_chain_cert.pod b/doc/man3/SSL_CTX_add1_chain_cert.pod index 24730024f857c..8fe8a7d5e18e9 100644 --- a/doc/man3/SSL_CTX_add1_chain_cert.pod +++ b/doc/man3/SSL_CTX_add1_chain_cert.pod @@ -144,7 +144,7 @@ L<SSL_CTX_add_extra_chain_cert(3)> =head1 HISTORY -These functions were first added to OpenSSL 1.0.2. +These functions were added in OpenSSL 1.0.2. =head1 COPYRIGHT diff --git a/doc/man3/SSL_CTX_config.pod b/doc/man3/SSL_CTX_config.pod index 5b2aed76c2837..90d86746cec19 100644 --- a/doc/man3/SSL_CTX_config.pod +++ b/doc/man3/SSL_CTX_config.pod @@ -77,7 +77,7 @@ L<CONF_modules_load_file(3)> =head1 HISTORY -SSL_CTX_config() and SSL_config() were first added to OpenSSL 1.1.0 +The SSL_CTX_config() and SSL_config() functions were added in OpenSSL 1.1.0. =head1 COPYRIGHT diff --git a/doc/man3/SSL_CTX_dane_enable.pod b/doc/man3/SSL_CTX_dane_enable.pod index d767bb296e83b..d1b3c1aad7d3f 100644 --- a/doc/man3/SSL_CTX_dane_enable.pod +++ b/doc/man3/SSL_CTX_dane_enable.pod @@ -368,7 +368,7 @@ L<EVP_PKEY_free(3)> =head1 HISTORY -These functions were first added to OpenSSL 1.1.0. +These functions were added in OpenSSL 1.1.0. =head1 COPYRIGHT diff --git a/doc/man3/SSL_CTX_get0_param.pod b/doc/man3/SSL_CTX_get0_param.pod index 6b93737458806..8b99dc330ad95 100644 --- a/doc/man3/SSL_CTX_get0_param.pod +++ b/doc/man3/SSL_CTX_get0_param.pod @@ -50,7 +50,7 @@ L<X509_VERIFY_PARAM_set_flags(3)> =head1 HISTORY -These functions were first added to OpenSSL 1.0.2. +These functions were added in OpenSSL 1.0.2. =head1 COPYRIGHT diff --git a/doc/man3/SSL_CTX_set0_CA_list.pod b/doc/man3/SSL_CTX_set0_CA_list.pod index d7ed89775b2e4..b483f83b71825 100644 --- a/doc/man3/SSL_CTX_set0_CA_list.pod +++ b/doc/man3/SSL_CTX_set0_CA_list.pod @@ -101,7 +101,7 @@ set CA names using the "client CA list" functions and then get them using the used on the server side then the "client CA list" functions take precedence. Typically, on the server side, the "client CA list " functions should be used in preference. As noted above in most cases it is not necessary to set CA names on -the client side. +the client side. SSL_CTX_set0_CA_list() sets the list of CAs to be sent to the peer to B<name_list>. Ownership of B<name_list> is transferred to B<ctx> and @@ -178,7 +178,7 @@ L<SSL_CTX_load_verify_locations(3)> =head1 COPYRIGHT -Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/SSL_CTX_set1_curves.pod b/doc/man3/SSL_CTX_set1_curves.pod index 7dca0e0161d90..6c3d4fc9e9125 100644 --- a/doc/man3/SSL_CTX_set1_curves.pod +++ b/doc/man3/SSL_CTX_set1_curves.pod @@ -97,8 +97,8 @@ L<SSL_CTX_add_extra_chain_cert(3)> =head1 HISTORY -The curve functions were first added to OpenSSL 1.0.2. The equivalent group -functions were first added to OpenSSL 1.1.1. +The curve functions were added in OpenSSL 1.0.2. The equivalent group +functions were added in OpenSSL 1.1.1. =head1 COPYRIGHT diff --git a/doc/man3/SSL_CTX_set1_verify_cert_store.pod b/doc/man3/SSL_CTX_set1_verify_cert_store.pod index bfe8b70af9022..b42f2a499f138 100644 --- a/doc/man3/SSL_CTX_set1_verify_cert_store.pod +++ b/doc/man3/SSL_CTX_set1_verify_cert_store.pod @@ -86,7 +86,7 @@ L<SSL_build_cert_chain(3)> =head1 HISTORY -These functions were first added to OpenSSL 1.0.2. +These functions were added in OpenSSL 1.0.2. =head1 COPYRIGHT diff --git a/doc/man3/SSL_CTX_set_ctlog_list_file.pod b/doc/man3/SSL_CTX_set_ctlog_list_file.pod index 275831ab15505..5fb0feb45183e 100644 --- a/doc/man3/SSL_CTX_set_ctlog_list_file.pod +++ b/doc/man3/SSL_CTX_set_ctlog_list_file.pod @@ -24,7 +24,7 @@ See L<CTLOG_STORE_new(3)> for the file format. =head1 NOTES These functions will not clear the existing CT log list - it will be appended -to. To replace the existing list, use L<SSL_CTX_set0_ctlog_store> first. +to. To replace the existing list, use L<SSL_CTX_set0_ctlog_store> first. If an error occurs whilst parsing a particular log entry in the file, that log entry will be skipped. @@ -43,7 +43,7 @@ L<CTLOG_STORE_new(3)> =head1 COPYRIGHT -Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/SSL_CTX_set_default_passwd_cb.pod b/doc/man3/SSL_CTX_set_default_passwd_cb.pod index c7bdc9b92a046..999a70c8c3669 100644 --- a/doc/man3/SSL_CTX_set_default_passwd_cb.pod +++ b/doc/man3/SSL_CTX_set_default_passwd_cb.pod @@ -94,7 +94,7 @@ truncated. SSL_CTX_get_default_passwd_cb(), SSL_CTX_get_default_passwd_cb_userdata(), SSL_set_default_passwd_cb() and SSL_set_default_passwd_cb_userdata() were -first added to OpenSSL 1.1.0 +added in OpenSSL 1.1.0. =head1 SEE ALSO diff --git a/doc/man3/SSL_CTX_set_info_callback.pod b/doc/man3/SSL_CTX_set_info_callback.pod index f01ca66fce7c1..01b03f9a59ae3 100644 --- a/doc/man3/SSL_CTX_set_info_callback.pod +++ b/doc/man3/SSL_CTX_set_info_callback.pod @@ -92,17 +92,13 @@ Callback has been called due to an alert being sent or received. =item SSL_CB_HANDSHAKE_START -Callback has been called because a new handshake is started. In TLSv1.3 this is -also used for the start of post-handshake message exchanges such as for the -exchange of session tickets, or for key updates. It also occurs when resuming a -handshake following a pause to handle early data. +Callback has been called because a new handshake is started. It also occurs when +resuming a handshake following a pause to handle early data. -=item SSL_CB_HANDSHAKE_DONE 0x20 +=item SSL_CB_HANDSHAKE_DONE -Callback has been called because a handshake is finished. In TLSv1.3 this is -also used at the end of an exchange of post-handshake messages such as for -session tickets or key updates. It also occurs if the handshake is paused to -allow the exchange of early data. +Callback has been called because a handshake is finished. It also occurs if the +handshake is paused to allow the exchange of early data. =back @@ -160,7 +156,7 @@ L<SSL_alert_type_string(3)> =head1 COPYRIGHT -Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2001-2019 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/SSL_CTX_set_mode.pod b/doc/man3/SSL_CTX_set_mode.pod index 8f8edcf05420c..387d1ec1ef048 100644 --- a/doc/man3/SSL_CTX_set_mode.pod +++ b/doc/man3/SSL_CTX_set_mode.pod @@ -105,6 +105,15 @@ Enable asynchronous processing. TLS I/O operations may indicate a retry with SSL_ERROR_WANT_ASYNC with this mode set if an asynchronous capable engine is used to perform cryptographic operations. See L<SSL_get_error(3)>. +=item SSL_MODE_DTLS_SCTP_LABEL_LENGTH_BUG + +Older versions of OpenSSL had a bug in the computation of the label length +used for computing the endpoint-pair shared secret. The bug was that the +terminating zero was included in the length of the label. Setting this option +enables this behaviour to allow interoperability with such broken +implementations. Please note that setting this option breaks interoperability +with correct implementations. This option only applies to DTLS over SCTP. + =back All modes are off by default except for SSL_MODE_AUTO_RETRY which is on by @@ -124,11 +133,11 @@ L<SSL_write(3)>, L<SSL_get_error(3)> =head1 HISTORY -SSL_MODE_ASYNC was first added to OpenSSL 1.1.0. +SSL_MODE_ASYNC was added in OpenSSL 1.1.0. =head1 COPYRIGHT -Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2001-2019 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/SSL_CTX_set_msg_callback.pod b/doc/man3/SSL_CTX_set_msg_callback.pod index bbc78b64b9c55..8cf77cc553a13 100644 --- a/doc/man3/SSL_CTX_set_msg_callback.pod +++ b/doc/man3/SSL_CTX_set_msg_callback.pod @@ -128,8 +128,7 @@ L<ssl(7)>, L<SSL_new(3)> =head1 HISTORY -The pseudo content type B<SSL3_RT_INNER_CONTENT_TYPE> was added in OpenSSL -1.1.1. +The pseudo content type B<SSL3_RT_INNER_CONTENT_TYPE> was added in OpenSSL 1.1.1. =head1 COPYRIGHT diff --git a/doc/man3/SSL_CTX_set_num_tickets.pod b/doc/man3/SSL_CTX_set_num_tickets.pod index b6b0e3ebee74e..ad13ed15f4065 100644 --- a/doc/man3/SSL_CTX_set_num_tickets.pod +++ b/doc/man3/SSL_CTX_set_num_tickets.pod @@ -20,10 +20,10 @@ SSL_CTX_get_num_tickets =head1 DESCRIPTION SSL_CTX_set_num_tickets() and SSL_set_num_tickets() can be called for a server -application and set the number of session tickets that will be sent to the -client after a full handshake. Set the desired value (which could be 0) in the -B<num_tickets> argument. Typically these functions should be called before the -start of the handshake. +application and set the number of TLSv1.3 session tickets that will be sent to +the client after a full handshake. Set the desired value (which could be 0) in +the B<num_tickets> argument. Typically these functions should be called before +the start of the handshake. The default number of tickets is 2; the default number of tickets sent following a resumption handshake is 1 but this cannot be changed using these functions. diff --git a/doc/man3/SSL_CTX_set_options.pod b/doc/man3/SSL_CTX_set_options.pod index ae5ca1bd5d23c..2d840b62cb24a 100644 --- a/doc/man3/SSL_CTX_set_options.pod +++ b/doc/man3/SSL_CTX_set_options.pod @@ -361,10 +361,10 @@ L<dhparam(1)> =head1 HISTORY The attempt to always try to use secure renegotiation was added in -Openssl 0.9.8m. +OpenSSL 0.9.8m. -B<SSL_OP_PRIORITIZE_CHACHA> and B<SSL_OP_NO_RENEGOTIATION> were added in -OpenSSL 1.1.1. +The B<SSL_OP_PRIORITIZE_CHACHA> and B<SSL_OP_NO_RENEGOTIATION> options +were added in OpenSSL 1.1.1. =head1 COPYRIGHT diff --git a/doc/man3/SSL_CTX_set_record_padding_callback.pod b/doc/man3/SSL_CTX_set_record_padding_callback.pod index d0b2e30f25719..13e56f0c57f6a 100644 --- a/doc/man3/SSL_CTX_set_record_padding_callback.pod +++ b/doc/man3/SSL_CTX_set_record_padding_callback.pod @@ -19,10 +19,10 @@ SSL_set_block_padding - install callback to specify TLS 1.3 record padding void SSL_set_record_padding_callback(SSL *ssl, size_t (*cb)(SSL *s, int type, size_t len, void *arg)); void SSL_CTX_set_record_padding_callback_arg(SSL_CTX *ctx, void *arg); - void *SSL_CTX_get_record_padding_callback_arg(SSL_CTX *ctx); + void *SSL_CTX_get_record_padding_callback_arg(const SSL_CTX *ctx); void SSL_set_record_padding_callback_arg(SSL *ssl, void *arg); - void *SSL_get_record_padding_callback_arg(SSL *ssl); + void *SSL_get_record_padding_callback_arg(const SSL *ssl); int SSL_CTX_set_block_padding(SSL_CTX *ctx, size_t block_size); int SSL_set_block_padding(SSL *ssl, size_t block_size); @@ -86,7 +86,7 @@ The record padding API was added for TLS 1.3 support in OpenSSL 1.1.1. =head1 COPYRIGHT -Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/SSL_CTX_set_security_level.pod b/doc/man3/SSL_CTX_set_security_level.pod index 8baaaffec5c8d..0cb6c1f52a223 100644 --- a/doc/man3/SSL_CTX_set_security_level.pod +++ b/doc/man3/SSL_CTX_set_security_level.pod @@ -176,7 +176,7 @@ data pointer or NULL if the ex data is not set. =head1 HISTORY -These functions were first added to OpenSSL 1.1.0 +These functions were added in OpenSSL 1.1.0. =head1 COPYRIGHT diff --git a/doc/man3/SSL_CTX_set_session_ticket_cb.pod b/doc/man3/SSL_CTX_set_session_ticket_cb.pod index 8f98c6f1c99e0..f3dfb62c231c6 100644 --- a/doc/man3/SSL_CTX_set_session_ticket_cb.pod +++ b/doc/man3/SSL_CTX_set_session_ticket_cb.pod @@ -177,8 +177,8 @@ L<SSL_get_session(3)> =head1 HISTORY -SSL_CTX_set_session_ticket_cb(), SSSL_SESSION_set1_ticket_appdata() and -SSL_SESSION_get_ticket_appdata() were added to OpenSSL 1.1.1. +The SSL_CTX_set_session_ticket_cb(), SSSL_SESSION_set1_ticket_appdata() +and SSL_SESSION_get_ticket_appdata() functions were added in OpenSSL 1.1.1. =head1 COPYRIGHT diff --git a/doc/man3/SSL_CTX_set_split_send_fragment.pod b/doc/man3/SSL_CTX_set_split_send_fragment.pod index ef5e7cda35a2f..877b4aecd9497 100644 --- a/doc/man3/SSL_CTX_set_split_send_fragment.pod +++ b/doc/man3/SSL_CTX_set_split_send_fragment.pod @@ -169,8 +169,8 @@ SSL_CTX_set_split_send_fragment(), SSL_set_split_send_fragment(), SSL_CTX_set_default_read_buffer_len() and SSL_set_default_read_buffer_len() functions were added in OpenSSL 1.1.0. -SSL_CTX_set_tlsext_max_fragment_length(), SSL_set_tlsext_max_fragment_length() -and SSL_SESSION_get_max_fragment_length() were added in OpenSSL 1.1.1. +The SSL_CTX_set_tlsext_max_fragment_length(), SSL_set_tlsext_max_fragment_length() +and SSL_SESSION_get_max_fragment_length() functions were added in OpenSSL 1.1.1. =head1 SEE ALSO diff --git a/doc/man3/SSL_CTX_set_ssl_version.pod b/doc/man3/SSL_CTX_set_ssl_version.pod index 901c057f453a7..6c132756f2cae 100644 --- a/doc/man3/SSL_CTX_set_ssl_version.pod +++ b/doc/man3/SSL_CTX_set_ssl_version.pod @@ -11,7 +11,7 @@ SSL_CTX_set_ssl_version, SSL_set_ssl_method, SSL_get_ssl_method int SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *method); int SSL_set_ssl_method(SSL *s, const SSL_METHOD *method); - const SSL_METHOD *SSL_get_ssl_method(SSL *ssl); + const SSL_METHOD *SSL_get_ssl_method(const SSL *ssl); =head1 DESCRIPTION @@ -60,7 +60,7 @@ L<SSL_set_connect_state(3)> =head1 COPYRIGHT -Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/SSL_CTX_set_tlsext_status_cb.pod b/doc/man3/SSL_CTX_set_tlsext_status_cb.pod index d6c04eced8ce9..cb40a9dbcbcbf 100644 --- a/doc/man3/SSL_CTX_set_tlsext_status_cb.pod +++ b/doc/man3/SSL_CTX_set_tlsext_status_cb.pod @@ -108,8 +108,8 @@ side if the client requested OCSP stapling. Otherwise -1 is returned. =head1 HISTORY -SSL_get_tlsext_status_type(), SSL_CTX_get_tlsext_status_type() and -SSL_CTX_set_tlsext_status_type() were added in OpenSSL 1.1.0. +The SSL_get_tlsext_status_type(), SSL_CTX_get_tlsext_status_type() +and SSL_CTX_set_tlsext_status_type() functions were added in OpenSSL 1.1.0. =head1 COPYRIGHT diff --git a/doc/man3/SSL_CTX_set_tlsext_ticket_key_cb.pod b/doc/man3/SSL_CTX_set_tlsext_ticket_key_cb.pod index 9b448db664e17..7a4bb3427027e 100644 --- a/doc/man3/SSL_CTX_set_tlsext_ticket_key_cb.pod +++ b/doc/man3/SSL_CTX_set_tlsext_ticket_key_cb.pod @@ -38,7 +38,7 @@ ticket information or it starts a full TLS handshake to create a new session ticket. Before the callback function is started I<ctx> and I<hctx> have been -initialised with EVP_CIPHER_CTX_init and HMAC_CTX_init respectively. +initialised with L<EVP_CIPHER_CTX_reset(3)> and L<HMAC_CTX_reset(3)> respectively. For new sessions tickets, when the client doesn't present a session ticket, or an attempted retrieval of the ticket failed, or a renew option was indicated, diff --git a/doc/man3/SSL_SESSION_free.pod b/doc/man3/SSL_SESSION_free.pod index 87a1cab1b4629..9a3bf3ec988eb 100644 --- a/doc/man3/SSL_SESSION_free.pod +++ b/doc/man3/SSL_SESSION_free.pod @@ -73,7 +73,7 @@ L<d2i_SSL_SESSION(3)> =head1 HISTORY -SSL_SESSION_dup() was added in OpenSSL 1.1.1. +The SSL_SESSION_dup() function was added in OpenSSL 1.1.1. =head1 COPYRIGHT diff --git a/doc/man3/SSL_SESSION_get0_cipher.pod b/doc/man3/SSL_SESSION_get0_cipher.pod index 60f66a2d2b9d2..5ef754c4a8417 100644 --- a/doc/man3/SSL_SESSION_get0_cipher.pod +++ b/doc/man3/SSL_SESSION_get0_cipher.pod @@ -43,8 +43,8 @@ L<SSL_CTX_set_psk_use_session_callback(3)> =head1 HISTORY -SSL_SESSION_get0_cipher() was first added to OpenSSL 1.1.0. -SSL_SESSION_set_cipher() was first added to OpenSSL 1.1.1. +The SSL_SESSION_get0_cipher() function was added in OpenSSL 1.1.0. +The SSL_SESSION_set_cipher() function was added in OpenSSL 1.1.1. =head1 COPYRIGHT diff --git a/doc/man3/SSL_SESSION_get0_hostname.pod b/doc/man3/SSL_SESSION_get0_hostname.pod index c35c89279520a..989c997882cac 100644 --- a/doc/man3/SSL_SESSION_get0_hostname.pod +++ b/doc/man3/SSL_SESSION_get0_hostname.pod @@ -59,8 +59,8 @@ L<SSL_SESSION_free(3)> =head1 HISTORY -SSL_SESSION_set1_hostname(), SSL_SESSION_get0_alpn_selected() and -SSL_SESSION_set1_alpn_selected() were added in OpenSSL 1.1.1. +The SSL_SESSION_set1_hostname(), SSL_SESSION_get0_alpn_selected() and +SSL_SESSION_set1_alpn_selected() functions were added in OpenSSL 1.1.1. =head1 COPYRIGHT diff --git a/doc/man3/SSL_SESSION_get0_id_context.pod b/doc/man3/SSL_SESSION_get0_id_context.pod index 69619a72b4346..99b21bd126e98 100644 --- a/doc/man3/SSL_SESSION_get0_id_context.pod +++ b/doc/man3/SSL_SESSION_get0_id_context.pod @@ -42,7 +42,7 @@ L<SSL_set_session_id_context(3)> =head1 HISTORY -SSL_SESSION_get0_id_context() was first added to OpenSSL 1.1.0 +The SSL_SESSION_get0_id_context() function was added in OpenSSL 1.1.0. =head1 COPYRIGHT diff --git a/doc/man3/SSL_SESSION_get_protocol_version.pod b/doc/man3/SSL_SESSION_get_protocol_version.pod index 84c9ac173b5c3..961ed3e923c7c 100644 --- a/doc/man3/SSL_SESSION_get_protocol_version.pod +++ b/doc/man3/SSL_SESSION_get_protocol_version.pod @@ -41,8 +41,8 @@ L<SSL_CTX_set_psk_use_session_callback(3)> =head1 HISTORY -SSL_SESSION_get_protocol_version() was first added to OpenSSL 1.1.0. -SSL_SESSION_set_protocol_version() was first added to OpenSSL 1.1.1. +The SSL_SESSION_get_protocol_version() function was added in OpenSSL 1.1.0. +The SSL_SESSION_set_protocol_version() function was added in OpenSSL 1.1.1. =head1 COPYRIGHT diff --git a/doc/man3/SSL_SESSION_has_ticket.pod b/doc/man3/SSL_SESSION_has_ticket.pod index 7197382369de4..6fb41b75cb608 100644 --- a/doc/man3/SSL_SESSION_has_ticket.pod +++ b/doc/man3/SSL_SESSION_has_ticket.pod @@ -44,8 +44,8 @@ L<SSL_SESSION_free(3)> =head1 HISTORY -SSL_SESSION_has_ticket, SSL_SESSION_get_ticket_lifetime_hint and -SSL_SESSION_get0_ticket were added in OpenSSL 1.1.0. +The SSL_SESSION_has_ticket(), SSL_SESSION_get_ticket_lifetime_hint() +and SSL_SESSION_get0_ticket() functions were added in OpenSSL 1.1.0. =head1 COPYRIGHT diff --git a/doc/man3/SSL_SESSION_is_resumable.pod b/doc/man3/SSL_SESSION_is_resumable.pod index 729479a99b481..8e47eee09ac7e 100644 --- a/doc/man3/SSL_SESSION_is_resumable.pod +++ b/doc/man3/SSL_SESSION_is_resumable.pod @@ -30,7 +30,7 @@ L<SSL_CTX_sess_set_new_cb(3)> =head1 HISTORY -SSL_SESSION_is_resumable() was first added to OpenSSL 1.1.1 +The SSL_SESSION_is_resumable() function was added in OpenSSL 1.1.1. =head1 COPYRIGHT diff --git a/doc/man3/SSL_SESSION_set1_id.pod b/doc/man3/SSL_SESSION_set1_id.pod index f0b131d6a1f6f..deafdf1ea5795 100644 --- a/doc/man3/SSL_SESSION_set1_id.pod +++ b/doc/man3/SSL_SESSION_set1_id.pod @@ -36,7 +36,7 @@ L<ssl(7)> =head1 HISTORY -SSL_SESSION_set1_id() was first added to OpenSSL 1.1.0 +The SSL_SESSION_set1_id() function was added in OpenSSL 1.1.0. =head1 COPYRIGHT diff --git a/doc/man3/SSL_export_keying_material.pod b/doc/man3/SSL_export_keying_material.pod index abebf911fc327..c6b9229cbf163 100644 --- a/doc/man3/SSL_export_keying_material.pod +++ b/doc/man3/SSL_export_keying_material.pod @@ -59,7 +59,8 @@ B<label> and should be B<llen> bytes long. Typically this will be a value from the IANA Exporter Label Registry (L<https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#exporter-labels>). Alternatively labels beginning with "EXPERIMENTAL" are permitted by the standard -to be used without registration. +to be used without registration. TLSv1.3 imposes a maximum label length of +249 bytes. Note that this function is only defined for TLSv1.0 and above, and DTLSv1.0 and above. Attempting to use it in SSLv3 will result in an error. @@ -72,7 +73,7 @@ SSL_export_keying_material_early() returns 0 on failure or 1 on success. =head1 HISTORY -SSL_export_keying_material_early() was first added in OpenSSL 1.1.1. +The SSL_export_keying_material_early() function was added in OpenSSL 1.1.1. =head1 COPYRIGHT diff --git a/doc/man3/SSL_extension_supported.pod b/doc/man3/SSL_extension_supported.pod index 51ff6beeb5138..df23ac6551ba0 100644 --- a/doc/man3/SSL_extension_supported.pod +++ b/doc/man3/SSL_extension_supported.pod @@ -277,7 +277,7 @@ internally by OpenSSL and 0 otherwise. =head1 HISTORY -The function SSL_CTX_add_custom_ext() was added in OpenSSL 1.1.1. +The SSL_CTX_add_custom_ext() function was added in OpenSSL 1.1.1. =head1 COPYRIGHT diff --git a/doc/man3/SSL_get_all_async_fds.pod b/doc/man3/SSL_get_all_async_fds.pod index fd4515db55616..5b17f091e3533 100644 --- a/doc/man3/SSL_get_all_async_fds.pod +++ b/doc/man3/SSL_get_all_async_fds.pod @@ -73,8 +73,8 @@ L<SSL_get_error(3)>, L<SSL_CTX_set_mode(3)> =head1 HISTORY -SSL_waiting_for_async(), SSL_get_all_async_fds() and SSL_get_changed_async_fds() -were first added to OpenSSL 1.1.0. +The SSL_waiting_for_async(), SSL_get_all_async_fds() +and SSL_get_changed_async_fds() functions were added in OpenSSL 1.1.0. =head1 COPYRIGHT diff --git a/doc/man3/SSL_get_error.pod b/doc/man3/SSL_get_error.pod index b3ab505687315..5a7a4b7058efe 100644 --- a/doc/man3/SSL_get_error.pod +++ b/doc/man3/SSL_get_error.pod @@ -138,17 +138,20 @@ Details depend on the application. =item SSL_ERROR_SYSCALL -Some non-recoverable I/O error occurred. -The OpenSSL error queue may contain more information on the error. -For socket I/O on Unix systems, consult B<errno> for details. +Some non-recoverable, fatal I/O error occurred. The OpenSSL error queue may +contain more information on the error. For socket I/O on Unix systems, consult +B<errno> for details. If this error occurs then no further I/O operations should +be performed on the connection and SSL_shutdown() must not be called. This value can also be returned for other errors, check the error queue for details. =item SSL_ERROR_SSL -A failure in the SSL library occurred, usually a protocol error. The -OpenSSL error queue contains more information on the error. +A non-recoverable, fatal error in the SSL library occurred, usually a protocol +error. The OpenSSL error queue contains more information on the error. If this +error occurs then no further I/O operations should be performed on the +connection and SSL_shutdown() must not be called. =back @@ -158,8 +161,8 @@ L<ssl(7)> =head1 HISTORY -SSL_ERROR_WANT_ASYNC was added in OpenSSL 1.1.0. -SSL_ERROR_WANT_CLIENT_HELLO_CB was added in OpenSSL 1.1.1. +The SSL_ERROR_WANT_ASYNC error code was added in OpenSSL 1.1.0. +The SSL_ERROR_WANT_CLIENT_HELLO_CB error code was added in OpenSSL 1.1.1. =head1 COPYRIGHT diff --git a/doc/man3/SSL_get_version.pod b/doc/man3/SSL_get_version.pod index b0aaba3a59d73..5507ff3f3de9c 100644 --- a/doc/man3/SSL_get_version.pod +++ b/doc/man3/SSL_get_version.pod @@ -97,7 +97,7 @@ L<ssl(7)> =head1 HISTORY -SSL_is_dtls() was added in OpenSSL 1.1.0. +The SSL_is_dtls() function was added in OpenSSL 1.1.0. =head1 COPYRIGHT diff --git a/doc/man3/SSL_key_update.pod b/doc/man3/SSL_key_update.pod index 7772b70bc69e3..068ace5978367 100644 --- a/doc/man3/SSL_key_update.pod +++ b/doc/man3/SSL_key_update.pod @@ -14,11 +14,11 @@ SSL_renegotiate_pending #include <openssl/ssl.h> int SSL_key_update(SSL *s, int updatetype); - int SSL_get_key_update_type(SSL *s); + int SSL_get_key_update_type(const SSL *s); int SSL_renegotiate(SSL *s); int SSL_renegotiate_abbreviated(SSL *s); - int SSL_renegotiate_pending(SSL *s); + int SSL_renegotiate_pending(const SSL *s); =head1 DESCRIPTION @@ -100,7 +100,7 @@ OpenSSL 1.1.1. =head1 COPYRIGHT -Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/SSL_read.pod b/doc/man3/SSL_read.pod index e671b8eb794a1..1410a0228c309 100644 --- a/doc/man3/SSL_read.pod +++ b/doc/man3/SSL_read.pod @@ -128,7 +128,7 @@ You should instead call SSL_get_error() to find out if it's retryable. =head1 HISTORY -SSL_read_ex() and SSL_peek_ex() were added in OpenSSL 1.1.1. +The SSL_read_ex() and SSL_peek_ex() functions were added in OpenSSL 1.1.1. =head1 SEE ALSO diff --git a/doc/man3/SSL_read_early_data.pod b/doc/man3/SSL_read_early_data.pod index 9769aa72e4a05..c51fe1359dc3c 100644 --- a/doc/man3/SSL_read_early_data.pod +++ b/doc/man3/SSL_read_early_data.pod @@ -93,7 +93,7 @@ the server. A client uses the function SSL_write_early_data() to send early data. This function is similar to the L<SSL_write_ex(3)> function, but with the following differences. See L<SSL_write_ex(3)> for information on how to write bytes to -the underlying connection, and how to handle any errors that may arise. This +the underlying connection, and how to handle any errors that may arise. This page describes the differences between SSL_write_early_data() and L<SSL_write_ex(3)>. @@ -364,7 +364,7 @@ All of the functions described above were added in OpenSSL 1.1.1. =head1 COPYRIGHT -Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/SSL_set1_host.pod b/doc/man3/SSL_set1_host.pod index 3ca3c6b0136bc..a2c9f133eed3b 100644 --- a/doc/man3/SSL_set1_host.pod +++ b/doc/man3/SSL_set1_host.pod @@ -104,7 +104,7 @@ L<SSL_dane_enable(3)>. =head1 HISTORY -These functions were first added to OpenSSL 1.1.0. +These functions were added in OpenSSL 1.1.0. =head1 COPYRIGHT diff --git a/doc/man3/SSL_shutdown.pod b/doc/man3/SSL_shutdown.pod index 0a3d6d370d8b0..551fff6308b6e 100644 --- a/doc/man3/SSL_shutdown.pod +++ b/doc/man3/SSL_shutdown.pod @@ -22,6 +22,10 @@ Whether the operation succeeds or not, the SSL_SENT_SHUTDOWN flag is set and a currently open session is considered closed and good and will be kept in the session cache for further reuse. +Note that SSL_shutdown() must not be called if a previous fatal error has +occurred on a connection i.e. if SSL_get_error() has returned SSL_ERROR_SYSCALL +or SSL_ERROR_SSL. + The shutdown procedure consists of two steps: sending of the close_notify shutdown alert, and reception of the peer's close_notify shutdown alert. The order of those two steps depends on the application. diff --git a/doc/man3/SSL_want.pod b/doc/man3/SSL_want.pod index ef4b2183e08d3..6840ccbfb626f 100644 --- a/doc/man3/SSL_want.pod +++ b/doc/man3/SSL_want.pod @@ -101,7 +101,8 @@ L<ssl(7)>, L<SSL_get_error(3)> =head1 HISTORY -SSL_want_client_hello_cb() and SSL_CLIENT_HELLO_CB were added in OpenSSL 1.1.1. +The SSL_want_client_hello_cb() function and the SSL_CLIENT_HELLO_CB return value +were added in OpenSSL 1.1.1. =head1 COPYRIGHT diff --git a/doc/man3/SSL_write.pod b/doc/man3/SSL_write.pod index 4dffd1fefc8af..3956f1def3871 100644 --- a/doc/man3/SSL_write.pod +++ b/doc/man3/SSL_write.pod @@ -106,7 +106,7 @@ You should instead call SSL_get_error() to find out if it's retryable. =head1 HISTORY -SSL_write_ex() was added in OpenSSL 1.1.1. +The SSL_write_ex() function was added in OpenSSL 1.1.1. =head1 SEE ALSO diff --git a/doc/man3/UI_create_method.pod b/doc/man3/UI_create_method.pod index aefd41dac396b..a01e1012dcf9b 100644 --- a/doc/man3/UI_create_method.pod +++ b/doc/man3/UI_create_method.pod @@ -205,9 +205,8 @@ L<UI(3)>, L<CRYPTO_get_ex_data(3)>, L<UI_STRING(3)> =head1 HISTORY -UI_method_set_data_duplicator(), UI_method_get_data_duplicator() and -UI_method_get_data_destructor() -were added in OpenSSL 1.1.1. +The UI_method_set_data_duplicator(), UI_method_get_data_duplicator() +and UI_method_get_data_destructor() functions were added in OpenSSL 1.1.1. =head1 COPYRIGHT diff --git a/doc/man3/UI_new.pod b/doc/man3/UI_new.pod index dd1b80ec635d1..3042b13f1f1a1 100644 --- a/doc/man3/UI_new.pod +++ b/doc/man3/UI_new.pod @@ -233,14 +233,13 @@ UI_process() returns 0 on success or a negative value on error. UI_ctrl() returns a mask on success or -1 on error. -UI_get_default_method(), UI_get_method(), UI_Openssl(), UI_null() and +UI_get_default_method(), UI_get_method(), UI_OpenSSL(), UI_null() and UI_set_method() return either a valid B<UI_METHOD> structure or NULL respectively. =head1 HISTORY -UI_dup_user_data() -was added in OpenSSL 1.1.1. +The UI_dup_user_data() function was added in OpenSSL 1.1.1. =head1 COPYRIGHT diff --git a/doc/man3/X509_NAME_ENTRY_get_object.pod b/doc/man3/X509_NAME_ENTRY_get_object.pod index 5de1b88b99459..74f1a96d07efa 100644 --- a/doc/man3/X509_NAME_ENTRY_get_object.pod +++ b/doc/man3/X509_NAME_ENTRY_get_object.pod @@ -51,9 +51,6 @@ X509_NAME_ENTRY_get_object() and X509_NAME_ENTRY_get_data() can be used to examine an B<X509_NAME_ENTRY> function as returned by X509_NAME_get_entry() for example. -X509_NAME_ENTRY_create_by_txt(), X509_NAME_ENTRY_create_by_NID(), -and X509_NAME_ENTRY_create_by_OBJ() create and return an - X509_NAME_ENTRY_create_by_txt(), X509_NAME_ENTRY_create_by_OBJ(), X509_NAME_ENTRY_create_by_NID() and X509_NAME_ENTRY_set_data() are seldom used in practice because B<X509_NAME_ENTRY> structures diff --git a/doc/man3/X509_STORE_CTX_new.pod b/doc/man3/X509_STORE_CTX_new.pod index 2828ed75d2a94..472db508bc4e2 100644 --- a/doc/man3/X509_STORE_CTX_new.pod +++ b/doc/man3/X509_STORE_CTX_new.pod @@ -159,8 +159,8 @@ L<X509_VERIFY_PARAM_set_flags(3)> =head1 HISTORY -X509_STORE_CTX_set0_crls() was first added to OpenSSL 1.0.0 -X509_STORE_CTX_get_num_untrusted() was first added to OpenSSL 1.1.0 +The X509_STORE_CTX_set0_crls() function was added in OpenSSL 1.0.0. +The X509_STORE_CTX_get_num_untrusted() function was added in OpenSSL 1.1.0. =head1 COPYRIGHT diff --git a/doc/man3/X509_STORE_CTX_set_verify_cb.pod b/doc/man3/X509_STORE_CTX_set_verify_cb.pod index 5688ab79a77e1..647ed2f174016 100644 --- a/doc/man3/X509_STORE_CTX_set_verify_cb.pod +++ b/doc/man3/X509_STORE_CTX_set_verify_cb.pod @@ -192,12 +192,13 @@ L<X509_STORE_CTX_get_ex_new_index(3)> =head1 HISTORY +The X509_STORE_CTX_get_get_issuer(), X509_STORE_CTX_get_check_issued(), X509_STORE_CTX_get_check_revocation(), X509_STORE_CTX_get_get_crl(), X509_STORE_CTX_get_check_crl(), X509_STORE_CTX_get_cert_crl(), X509_STORE_CTX_get_check_policy(), X509_STORE_CTX_get_lookup_certs(), X509_STORE_CTX_get_lookup_crls() -and X509_STORE_CTX_get_cleanup() were added in OpenSSL 1.1.0. +and X509_STORE_CTX_get_cleanup() functions were added in OpenSSL 1.1.0. =head1 COPYRIGHT diff --git a/doc/man3/X509_STORE_new.pod b/doc/man3/X509_STORE_new.pod index f7a5c81416b32..b3bc96e20b59f 100644 --- a/doc/man3/X509_STORE_new.pod +++ b/doc/man3/X509_STORE_new.pod @@ -44,7 +44,7 @@ L<X509_STORE_get0_param(3)> =head1 HISTORY The X509_STORE_up_ref(), X509_STORE_lock() and X509_STORE_unlock() -functions were added in OpenSSL 1.1.0 +functions were added in OpenSSL 1.1.0. =head1 COPYRIGHT diff --git a/doc/man3/X509_STORE_set_verify_cb_func.pod b/doc/man3/X509_STORE_set_verify_cb_func.pod index 12a464674191f..d16881edd83dd 100644 --- a/doc/man3/X509_STORE_set_verify_cb_func.pod +++ b/doc/man3/X509_STORE_set_verify_cb_func.pod @@ -237,8 +237,9 @@ L<CMS_verify(3)> =head1 HISTORY -X509_STORE_set_verify_cb() was added to OpenSSL 1.0.0. +The X509_STORE_set_verify_cb() function was added in OpenSSL 1.0.0. +The functions X509_STORE_set_verify_cb(), X509_STORE_get_verify_cb(), X509_STORE_set_verify(), X509_STORE_CTX_get_verify(), X509_STORE_set_get_issuer(), X509_STORE_get_get_issuer(), @@ -250,8 +251,8 @@ X509_STORE_set_cert_crl(), X509_STORE_get_cert_crl(), X509_STORE_set_check_policy(), X509_STORE_get_check_policy(), X509_STORE_set_lookup_certs(), X509_STORE_get_lookup_certs(), X509_STORE_set_lookup_crls(), X509_STORE_get_lookup_crls(), -X509_STORE_set_cleanup() and X509_STORE_get_cleanup() were added in -OpenSSL 1.1.0. +X509_STORE_set_cleanup() and X509_STORE_get_cleanup() +were added in OpenSSL 1.1.0. =head1 COPYRIGHT diff --git a/doc/man3/X509_VERIFY_PARAM_set_flags.pod b/doc/man3/X509_VERIFY_PARAM_set_flags.pod index 9b64e0a915a2e..f45467cacecce 100644 --- a/doc/man3/X509_VERIFY_PARAM_set_flags.pod +++ b/doc/man3/X509_VERIFY_PARAM_set_flags.pod @@ -368,11 +368,11 @@ L<x509(1)> =head1 HISTORY -The B<X509_V_FLAG_NO_ALT_CHAINS> flag was added in OpenSSL 1.1.0 -The flag B<X509_V_FLAG_CB_ISSUER_CHECK> was deprecated in -OpenSSL 1.1.0, and has no effect. +The B<X509_V_FLAG_NO_ALT_CHAINS> flag was added in OpenSSL 1.1.0. +The flag B<X509_V_FLAG_CB_ISSUER_CHECK> was deprecated in OpenSSL 1.1.0 +and has no effect. -X509_VERIFY_PARAM_get_hostflags() was added in OpenSSL 1.1.0i. +The X509_VERIFY_PARAM_get_hostflags() function was added in OpenSSL 1.1.0i. =head1 COPYRIGHT diff --git a/doc/man3/X509_get0_signature.pod b/doc/man3/X509_get0_signature.pod index f63c5a5b689ef..4133bc37a9afd 100644 --- a/doc/man3/X509_get0_signature.pod +++ b/doc/man3/X509_get0_signature.pod @@ -109,12 +109,14 @@ L<X509_verify_cert(3)> =head1 HISTORY -X509_get0_signature() and X509_get_signature_nid() were first added to -OpenSSL 1.0.2. +The +X509_get0_signature() and X509_get_signature_nid() functions were +added in OpenSSL 1.0.2. +The X509_REQ_get0_signature(), X509_REQ_get_signature_nid(), -X509_CRL_get0_signature() and X509_CRL_get_signature_nid() were first added -to OpenSSL 1.1.0. +X509_CRL_get0_signature() and X509_CRL_get_signature_nid() were +added in OpenSSL 1.1.0. =head1 COPYRIGHT diff --git a/doc/man3/X509_get_serialNumber.pod b/doc/man3/X509_get_serialNumber.pod index 2e81c623969e6..684adb7578b9e 100644 --- a/doc/man3/X509_get_serialNumber.pod +++ b/doc/man3/X509_get_serialNumber.pod @@ -56,8 +56,9 @@ L<X509_verify_cert(3)> =head1 HISTORY -X509_get_serialNumber() and X509_set_serialNumber() are available in -all versions of OpenSSL. X509_get0_serialNumber() was added in OpenSSL 1.1.0. +The X509_get_serialNumber() and X509_set_serialNumber() functions are +available in all versions of OpenSSL. +The X509_get0_serialNumber() function was added in OpenSSL 1.1.0. =head1 COPYRIGHT diff --git a/doc/man3/X509_get_subject_name.pod b/doc/man3/X509_get_subject_name.pod index 2107c1d0905e9..7c4a499225ec4 100644 --- a/doc/man3/X509_get_subject_name.pod +++ b/doc/man3/X509_get_subject_name.pod @@ -53,8 +53,8 @@ and X509_CRL_set_issuer_name() return 1 for success and 0 for failure. X509_REQ_get_subject_name() is a function in OpenSSL 1.1.0 and a macro in earlier versions. -X509_CRL_get_issuer() is a function in OpenSSL 1.1.0. It was first added -to OpenSSL 1.0.0 as a macro. +X509_CRL_get_issuer() is a function in OpenSSL 1.1.0. It was previously +added in OpenSSL 1.0.0 as a macro. =head1 SEE ALSO diff --git a/doc/man3/X509_sign.pod b/doc/man3/X509_sign.pod index 994fd438811a1..8794c57e8d57c 100644 --- a/doc/man3/X509_sign.pod +++ b/doc/man3/X509_sign.pod @@ -81,11 +81,11 @@ L<X509_verify_cert(3)> =head1 HISTORY -X509_sign(), X509_REQ_sign() and X509_CRL_sign() are available in all -versions of OpenSSL. +The X509_sign(), X509_REQ_sign() and X509_CRL_sign() functions are +available in all versions of OpenSSL. -X509_sign_ctx(), X509_REQ_sign_ctx() and X509_CRL_sign_ctx() were first added -to OpenSSL 1.0.1. +The X509_sign_ctx(), X509_REQ_sign_ctx() +and X509_CRL_sign_ctx() functions were added OpenSSL 1.0.1. =head1 COPYRIGHT diff --git a/doc/man3/d2i_PrivateKey.pod b/doc/man3/d2i_PrivateKey.pod index 13415d5488e8f..4e3f20f8b324b 100644 --- a/doc/man3/d2i_PrivateKey.pod +++ b/doc/man3/d2i_PrivateKey.pod @@ -50,15 +50,19 @@ If the B<*a> is not NULL when calling d2i_PrivateKey() or d2i_AutoPrivateKey() (i.e. an existing structure is being reused) and the key format is PKCS#8 then B<*a> will be freed and replaced on a successful call. +To decode a key with type B<EVP_PKEY_EC>, d2i_PublicKey() requires B<*a> to be +a non-NULL EVP_PKEY structure assigned an EC_KEY structure referencing the proper +EC_GROUP. + =head1 RETURN VALUES -d2i_PrivateKey() and d2i_AutoPrivateKey() return a valid B<EVP_KEY> structure -or B<NULL> if an error occurs. The error code can be obtained by calling -L<ERR_get_error(3)>. +The d2i_PrivateKey(), d2i_AutoPrivateKey(), d2i_PrivateKey_bio(), d2i_PrivateKey_fp(), +and d2i_PublicKey() functions return a valid B<EVP_KEY> structure or B<NULL> if an +error occurs. The error code can be obtained by calling L<ERR_get_error(3)>. -i2d_PrivateKey() returns the number of bytes successfully encoded or a -negative value if an error occurs. The error code can be obtained by calling -L<ERR_get_error(3)>. +i2d_PrivateKey() and i2d_PublicKey() return the number of bytes successfully +encoded or a negative value if an error occurs. The error code can be obtained +by calling L<ERR_get_error(3)>. =head1 SEE ALSO @@ -67,7 +71,7 @@ L<d2i_PKCS8PrivateKey_bio(3)> =head1 COPYRIGHT -Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/i2d_CMS_bio_stream.pod b/doc/man3/i2d_CMS_bio_stream.pod index ece7a4800eeed..dd2bd213f1e16 100644 --- a/doc/man3/i2d_CMS_bio_stream.pod +++ b/doc/man3/i2d_CMS_bio_stream.pod @@ -39,7 +39,7 @@ L<PEM_write_bio_CMS_stream(3)> =head1 HISTORY -i2d_CMS_bio_stream() was added to OpenSSL 1.0.0 +The i2d_CMS_bio_stream() function was added in OpenSSL 1.0.0. =head1 COPYRIGHT diff --git a/doc/man3/i2d_PKCS7_bio_stream.pod b/doc/man3/i2d_PKCS7_bio_stream.pod index b42940a83cfaf..a33aa08f2d320 100644 --- a/doc/man3/i2d_PKCS7_bio_stream.pod +++ b/doc/man3/i2d_PKCS7_bio_stream.pod @@ -39,7 +39,7 @@ L<PEM_write_bio_PKCS7_stream(3)> =head1 HISTORY -i2d_PKCS7_bio_stream() was added to OpenSSL 1.0.0 +The i2d_PKCS7_bio_stream() function was added in OpenSSL 1.0.0. =head1 COPYRIGHT |